From 850fefc62642c78ece1a3c917c3cc3d1d9e6a0ce Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Tue, 25 Aug 2020 20:43:14 +0200
Subject: [PATCH] postfixpolicyd: split multi-class rule
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The rule uses the permission manage_file_perms on the classes file and
sock_file.  This won't result in a change in the actual policy
generated, but if the definitions of macros are changed going forward,
the mismatches could cause issues.

Found by SELint

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 policy/modules/services/postfixpolicyd.te | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/policy/modules/services/postfixpolicyd.te b/policy/modules/services/postfixpolicyd.te
index ed40bd5de..4dff9fcab 100644
--- a/policy/modules/services/postfixpolicyd.te
+++ b/policy/modules/services/postfixpolicyd.te
@@ -37,7 +37,8 @@ allow postfix_policyd_t postfix_policyd_conf_t:lnk_file read_lnk_file_perms;
 manage_files_pattern(postfix_policyd_t, postfix_policyd_runtime_t, postfix_policyd_runtime_t)
 files_runtime_filetrans(postfix_policyd_t, postfix_policyd_runtime_t, file)
 
-allow postfix_policyd_t postfix_policyd_tmp_t:{ file sock_file } manage_file_perms;
+allow postfix_policyd_t postfix_policyd_tmp_t:file manage_file_perms;
+allow postfix_policyd_t postfix_policyd_tmp_t:sock_file manage_sock_file_perms;
 files_tmp_filetrans(postfix_policyd_t, postfix_policyd_tmp_t, { file sock_file })
 
 kernel_search_network_sysctl(postfix_policyd_t)