Merge pull request #124 from pebenito/watch

Add watch access vectors.

INSTALL

@@ -1,3 +1,6 @@
+Reference Policy has the following runtime requirements:
+	* Linux kernel >= 2.6.34
+
 Reference Policy has the following build requirements:
 	* SELinux userspace 2.8
 	* Python >= 3.4

policy/flask/access_vectors

@@ -28,6 +28,14 @@ common file
 	swapon
 	quotaon
 	mounton
+	open
+	audit_access
+	execmod
+	watch
+	watch_mount
+	watch_sb
+	watch_with_perm
+	watch_reads
 }
 
 
@@ -198,6 +206,7 @@ class filesystem
 	associate
 	quotamod
 	quotaget
+	watch
 }
 
 class dir
@@ -208,9 +217,6 @@ inherits file
 	reparent
 	search
 	rmdir
-	open
-	audit_access
-	execmod
 }
 
 class file
@@ -218,52 +224,26 @@ inherits file
 {
 	execute_no_trans
 	entrypoint
-	execmod
-	open
-	audit_access
 }
 
 class lnk_file
 inherits file
-{
-	open
-	audit_access
-	execmod
-}
 
 class chr_file
 inherits file
 {
 	execute_no_trans
 	entrypoint
-	execmod
-	open
-	audit_access
 }
 
 class blk_file
 inherits file
-{
-	open
-	audit_access
-	execmod
-}
 
 class sock_file
 inherits file
-{
-	open
-	audit_access
-	execmod
-}
 
 class fifo_file
 inherits file
-{
-	open
-	audit_access
-	execmod
-}
 
 class fd
 {