From a92ee5012636c565061214d30177e0cd51f5c4dd Mon Sep 17 00:00:00 2001
From: Dominick Grift <domg472@gmail.com>
Date: Thu, 22 Oct 2009 16:23:43 +0200
Subject: [PATCH] Implement screen-locking feature.

Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
---
 policy/modules/apps/screen.if | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/policy/modules/apps/screen.if b/policy/modules/apps/screen.if
index ac70bc089..9e2f20970 100644
--- a/policy/modules/apps/screen.if
+++ b/policy/modules/apps/screen.if
@@ -44,6 +44,7 @@ template(`screen_role_template',`
 	#
 
 	allow $1_screen_t self:capability { setuid setgid fsetid };
+	allow $1_screen_t self:fifo_file rw_fifo_file_perms;
 	allow $1_screen_t self:process signal_perms;
 	allow $1_screen_t self:tcp_socket create_stream_socket_perms;
 	allow $1_screen_t self:udp_socket create_socket_perms;
@@ -117,6 +118,7 @@ template(`screen_role_template',`
 	fs_search_auto_mountpoints($1_screen_t)
 	fs_getattr_xattr_fs($1_screen_t)
 
+	auth_domtrans_chk_passwd($1_screen_t)
 	auth_use_nsswitch($1_screen_t)
 	auth_dontaudit_read_shadow($1_screen_t)
 	auth_dontaudit_exec_utempter($1_screen_t)