From bad206ee3b0425fdad63597a1506b5396b0f223c Mon Sep 17 00:00:00 2001
From: Jonathan Davies <jpds@protonmail.com>
Date: Tue, 27 Apr 2021 21:04:16 +0100
Subject: [PATCH] screen.if: Added interface to allow executing sock file.

Signed-off-by: Jonathan Davies <jpds@protonmail.com>
---
 policy/modules/apps/screen.if | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/policy/modules/apps/screen.if b/policy/modules/apps/screen.if
index 884e261a9..6b0826811 100644
--- a/policy/modules/apps/screen.if
+++ b/policy/modules/apps/screen.if
@@ -90,3 +90,22 @@ template(`screen_role_template',`
 		fs_nfs_domtrans($1_screen_t, $3)
 	')
 ')
+
+########################################
+## <summary>
+##      Execute the screen runtime sock file.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+interface(`screen_execute_sock_file',`
+	gen_require(`
+		type screen_tmp_t;
+		type screen_runtime_t;
+	')
+
+	allow $1 screen_runtime_t:sock_file execute;
+	allow $1 screen_tmp_t:dir search;
+')