From 333494fd5929df71bb8c6cddf5b4e34180fcd6b9 Mon Sep 17 00:00:00 2001
From: Paul Moore <paul.moore@hp.com>
Date: Fri, 28 Aug 2009 17:13:06 -0400
Subject: [PATCH] refpol: Add the "tun_socket" object class flask definitions

Add the new "tun_socket" class to the flask definitions.  The "tun_socket"
object class is used by the new TUN driver hooks which allow policy to control
access to TUN/TAP devices.

Signed-off-by: Paul Moore <paul.moore@hp.com>
---
 policy/flask/access_vectors   | 2 ++
 policy/flask/security_classes | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/policy/flask/access_vectors b/policy/flask/access_vectors
index ef4c063f1..6292db554 100644
--- a/policy/flask/access_vectors
+++ b/policy/flask/access_vectors
@@ -251,6 +251,8 @@ inherits socket
 class unix_dgram_socket
 inherits socket
 
+class tun_socket
+inherits socket
 
 #
 # Define the access vector interpretation for process-related objects
diff --git a/policy/flask/security_classes b/policy/flask/security_classes
index 9e1bf1a35..2bd1bf6db 100644
--- a/policy/flask/security_classes
+++ b/policy/flask/security_classes
@@ -119,4 +119,6 @@ class x_application_data	# userspace
 # kernel services that need to override task security, e.g. cachefiles
 class kernel_service 
 
+class tun_socket
+
 # FLASK