From 11a74daa7815a008605e37250877a9b74e5e475e Mon Sep 17 00:00:00 2001
From: Miroslav Grepl <mgrepl@redhat.com>
Date: Wed, 7 Dec 2011 15:47:57 +0100
Subject: [PATCH] Add files_add_entry_var_lib_dirs() interface

---
 policy/modules/admin/usermanage.te |  2 ++
 policy/modules/kernel/files.if     | 18 ++++++++++++++++++
 2 files changed, 20 insertions(+)

diff --git a/policy/modules/admin/usermanage.te b/policy/modules/admin/usermanage.te
index 6bcfc8ce..4810d02e 100644
--- a/policy/modules/admin/usermanage.te
+++ b/policy/modules/admin/usermanage.te
@@ -472,6 +472,8 @@ domain_dontaudit_read_all_domains_state(useradd_t)
 files_search_var_lib(useradd_t)
 files_relabel_etc_files(useradd_t)
 files_read_etc_runtime_files(useradd_t)
+# needed by /var/lig/xguest
+files_add_entry_var_lib_dirs(useradd_t)
 
 fs_search_auto_mountpoints(useradd_t)
 fs_getattr_xattr_fs(useradd_t)
diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
index b682bcf3..21972994 100644
--- a/policy/modules/kernel/files.if
+++ b/policy/modules/kernel/files.if
@@ -5537,6 +5537,24 @@ interface(`files_list_var_lib',`
 	list_dirs_pattern($1, var_t, var_lib_t)
 ')
 
+##########################################
+## <summary>
+##  Add entries to /var/lib directories
+## </summary>
+## <param name="domain">
+##  <summary>
+##  Domain allowed access.
+##  </summary>
+## </param>
+#
+interface(`files_add_entry_var_lib_dirs',`
+    gen_require(`
+        type var_lib_t;
+    ')
+
+    add_entry_dirs_pattern($1, var_lib_t, var_lib_t)
+')
+
 ###########################################
 ## <summary>
 ##	Read-write /var/lib directories
-- 
2.39.2