From 0f982dada26fe04fb62da8be024785f62828155f Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Tue, 24 Nov 2009 11:08:22 -0500
Subject: [PATCH] ISCSI patch from Dan Walsh.

---
 policy/modules/system/iscsi.if | 39 ++++++++++++++++++++++++++++++++++
 policy/modules/system/iscsi.te |  7 +++---
 2 files changed, 43 insertions(+), 3 deletions(-)

diff --git a/policy/modules/system/iscsi.if b/policy/modules/system/iscsi.if
index 6f0b2063d..88e3b32c3 100644
--- a/policy/modules/system/iscsi.if
+++ b/policy/modules/system/iscsi.if
@@ -17,3 +17,42 @@ interface(`iscsid_domtrans',`
 
 	domtrans_pattern($1, iscsid_exec_t, iscsid_t)
 ')
+
+########################################
+## <summary>
+##	Connect to ISCSI using a unix domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The type of the process performing this action.
+##	</summary>
+## </param>
+#
+interface(`iscsi_stream_connect',`
+	gen_require(`
+		type iscsid_t, iscsi_var_lib_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, iscsi_var_lib_t, iscsi_var_lib_t, iscsid_t)
+')
+
+########################################
+## <summary>
+##	Read iscsi lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`iscsi_read_lib_files',`
+	gen_require(`
+		type iscsi_var_lib_t;
+	')
+
+	read_files_pattern($1, iscsi_var_lib_t, iscsi_var_lib_t)
+	allow $1 iscsi_var_lib_t:dir list_dir_perms;
+	files_search_var_lib($1)
+')
diff --git a/policy/modules/system/iscsi.te b/policy/modules/system/iscsi.te
index c5109dff3..e53aa29d9 100644
--- a/policy/modules/system/iscsi.te
+++ b/policy/modules/system/iscsi.te
@@ -1,5 +1,5 @@
 
-policy_module(iscsi, 1.6.0)
+policy_module(iscsi, 1.6.1)
 
 ########################################
 #
@@ -55,6 +55,7 @@ manage_files_pattern(iscsid_t, iscsi_var_run_t, iscsi_var_run_t)
 files_pid_filetrans(iscsid_t, iscsi_var_run_t, file)
 
 kernel_read_system_state(iscsid_t)
+kernel_search_debugfs(iscsid_t)
 
 corenet_all_recvfrom_unlabeled(iscsid_t)
 corenet_all_recvfrom_netlabel(iscsid_t)
@@ -73,6 +74,6 @@ files_read_etc_files(iscsid_t)
 
 logging_send_syslog_msg(iscsid_t)
 
-miscfiles_read_localization(iscsid_t)
+auth_use_nsswitch(iscsid_t)
 
-sysnet_dns_name_resolve(iscsid_t)
+miscfiles_read_localization(iscsid_t)