screen.if: Added interface to allow executing sock file.

Signed-off-by: Jonathan Davies <jpds@protonmail.com>

policy/modules/apps/screen.if

@@ -90,3 +90,22 @@ template(`screen_role_template',`
 		fs_nfs_domtrans($1_screen_t, $3)
 	')
 ')
+
+########################################
+## <summary>
+##      Execute the screen runtime sock file.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+interface(`screen_execute_sock_file',`
+	gen_require(`
+		type screen_tmp_t;
+		type screen_runtime_t;
+	')
+
+	allow $1 screen_runtime_t:sock_file execute;
+	allow $1 screen_tmp_t:dir search;
+')