From 91c290b8299ffa35381a3718e49349da4e4ddbe4 Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Thu, 9 Jan 2014 13:34:46 -0500
Subject: [PATCH] Allow access to unlabeled socket and fifo files.

Just use notdevfile_class_set to pick up all non-device file classes.

Change-Id: Ib3604537ccfc25da67823f0f2b5d70b84edfaadf
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 domain.te | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/domain.te b/domain.te
index f5d4baed8..103d690b0 100644
--- a/domain.te
+++ b/domain.te
@@ -129,9 +129,8 @@ allow domain security_file:file getattr;
 # capability, it's essentially useless. This is needed to allow an app with
 # relabelto to relabel unlabeled files.
 #
-allow domain unlabeled:file { create_file_perms relabelfrom };
+allow domain unlabeled:notdevfile_class_set { create_file_perms relabelfrom };
 allow domain unlabeled:dir { create_dir_perms relabelfrom };
-allow domain unlabeled:lnk_file { create_file_perms };
 neverallow { domain -relabeltodomain } *:dir_file_class_set relabelto;
 
 ###
-- 
GitLab