diff --git a/policy/modules/kernel/corecommands.if b/policy/modules/kernel/corecommands.if
index 24e7c4fd4..b21c0498d 100644
--- a/policy/modules/kernel/corecommands.if
+++ b/policy/modules/kernel/corecommands.if
@@ -110,6 +110,7 @@ interface(`corecmd_shell_entry_type',`
########################################
##
## Search the contents of bin directories.
+## Also allow to read a possible /bin->/usr/bin symlink.
##
##
##
@@ -122,7 +123,8 @@ interface(`corecmd_search_bin',`
type bin_t;
')
- search_dirs_pattern($1, bin_t, bin_t)
+ read_lnk_files_pattern($1, bin_t, bin_t)
+ files_search_usr($1)
')
########################################
@@ -158,6 +160,7 @@ interface(`corecmd_list_bin',`
type bin_t;
')
+ corecmd_search_bin($1)
list_dirs_pattern($1, bin_t, bin_t)
')
@@ -194,6 +197,7 @@ interface(`corecmd_getattr_bin_files',`
type bin_t;
')
+ corecmd_search_bin($1)
getattr_files_pattern($1, bin_t, bin_t)
')
@@ -250,6 +254,7 @@ interface(`corecmd_read_bin_files',`
type bin_t;
')
+ corecmd_search_bin($1)
read_files_pattern($1, bin_t, bin_t)
')
@@ -282,11 +287,13 @@ interface(`corecmd_dontaudit_write_bin_files',`
##
#
interface(`corecmd_read_bin_symlinks',`
+ refpolicywarn(`$0() has been deprecated, please use corecmd_search_bin() instead.')
+
gen_require(`
type bin_t;
')
- read_lnk_files_pattern($1, bin_t, bin_t)
+ corecmd_search_bin($1)
')
########################################
@@ -304,6 +311,7 @@ interface(`corecmd_read_bin_pipes',`
type bin_t;
')
+ corecmd_search_bin($1)
read_fifo_files_pattern($1, bin_t, bin_t)
')
@@ -322,6 +330,7 @@ interface(`corecmd_read_bin_sockets',`
type bin_t;
')
+ corecmd_search_bin($1)
read_sock_files_pattern($1, bin_t, bin_t)
')
@@ -361,8 +370,7 @@ interface(`corecmd_exec_bin',`
type bin_t;
')
- read_lnk_files_pattern($1, bin_t, bin_t)
- list_dirs_pattern($1, bin_t, bin_t)
+ corecmd_list_bin($1)
can_exec($1, bin_t)
')
@@ -381,6 +389,7 @@ interface(`corecmd_manage_bin_files',`
type bin_t;
')
+ corecmd_search_bin($1)
manage_files_pattern($1, bin_t, bin_t)
')
@@ -399,6 +408,7 @@ interface(`corecmd_relabel_bin_files',`
type bin_t;
')
+ corecmd_search_bin($1)
relabel_files_pattern($1, bin_t, bin_t)
')
@@ -417,6 +427,7 @@ interface(`corecmd_mmap_bin_files',`
type bin_t;
')
+ corecmd_search_bin($1)
mmap_files_pattern($1, bin_t, bin_t)
')
@@ -461,7 +472,7 @@ interface(`corecmd_bin_spec_domtrans',`
type bin_t;
')
- read_lnk_files_pattern($1, bin_t, bin_t)
+ corecmd_search_bin($1)
domain_transition_pattern($1, bin_t, $2)
')
@@ -820,8 +831,7 @@ interface(`corecmd_check_exec_shell',`
type bin_t, shell_exec_t;
')
- list_dirs_pattern($1, bin_t, bin_t)
- read_lnk_files_pattern($1, bin_t, bin_t)
+ corecmd_list_bin($1)
allow $1 shell_exec_t:file execute;
')
@@ -858,8 +868,7 @@ interface(`corecmd_exec_shell',`
type bin_t, shell_exec_t;
')
- list_dirs_pattern($1, bin_t, bin_t)
- read_lnk_files_pattern($1, bin_t, bin_t)
+ corecmd_list_bin($1)
can_exec($1, shell_exec_t)
')
@@ -912,8 +921,7 @@ interface(`corecmd_shell_spec_domtrans',`
type bin_t, shell_exec_t;
')
- list_dirs_pattern($1, bin_t, bin_t)
- read_lnk_files_pattern($1, bin_t, bin_t)
+ corecmd_list_bin($1)
domain_transition_pattern($1, shell_exec_t, $2)
')
@@ -966,7 +974,7 @@ interface(`corecmd_exec_chroot',`
type chroot_exec_t;
')
- read_lnk_files_pattern($1, bin_t, bin_t)
+ corecmd_search_bin($1)
can_exec($1, chroot_exec_t)
allow $1 self:capability sys_chroot;
')
@@ -988,7 +996,7 @@ interface(`corecmd_getattr_all_executables',`
type bin_t;
')
- allow $1 bin_t:dir list_dir_perms;
+ corecmd_list_bin($1)
getattr_files_pattern($1, bin_t, exec_type)
')
@@ -1008,6 +1016,7 @@ interface(`corecmd_read_all_executables',`
attribute exec_type;
')
+ corecmd_search_bin($1)
read_files_pattern($1, exec_type, exec_type)
')
@@ -1028,8 +1037,8 @@ interface(`corecmd_exec_all_executables',`
type bin_t;
')
+ corecmd_list_bin($1)
can_exec($1, exec_type)
- list_dirs_pattern($1, bin_t, bin_t)
read_lnk_files_pattern($1, bin_t, exec_type)
')
@@ -1068,6 +1077,7 @@ interface(`corecmd_manage_all_executables',`
type bin_t;
')
+ corecmd_search_bin($1)
manage_files_pattern($1, bin_t, exec_type)
manage_lnk_files_pattern($1, bin_t, bin_t)
')
@@ -1089,6 +1099,7 @@ interface(`corecmd_relabel_all_executables',`
type bin_t;
')
+ corecmd_search_bin($1)
relabel_files_pattern($1, bin_t, exec_type)
')
@@ -1108,5 +1119,6 @@ interface(`corecmd_mmap_all_executables',`
type bin_t;
')
+ corecmd_search_bin($1)
mmap_files_pattern($1, bin_t, exec_type)
')