From cff5e0026c29552b885ad83992c2cceb99d34cba Mon Sep 17 00:00:00 2001
From: Alexander Miroshnichenko <alexminder@gmail.com>
Date: Wed, 23 Jan 2019 17:58:54 +0300
Subject: [PATCH] Add new interface fs_rmw_hugetlbfs_files.

Add new interface fs_rmw_hugetlbfs_files and grant it to postgresql_t.
---
 policy/modules/kernel/filesystem.if   | 19 +++++++++++++++++++
 policy/modules/services/postgresql.te |  2 +-
 2 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/policy/modules/kernel/filesystem.if b/policy/modules/kernel/filesystem.if
index 41f196199..a5328a63f 100644
--- a/policy/modules/kernel/filesystem.if
+++ b/policy/modules/kernel/filesystem.if
@@ -2340,6 +2340,25 @@ interface(`fs_rw_hugetlbfs_files',`
 	rw_files_pattern($1, hugetlbfs_t, hugetlbfs_t)
 ')
 
+########################################
+## <summary>
+##      Read, map and write hugetlbfs files.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+interface(`fs_rmw_hugetlbfs_files',`
+        gen_require(`
+                type hugetlbfs_t;
+        ')
+
+        fs_rw_hugetlbfs_files($1)
+	allow $1 hugetlbfs_t:file map;
+')
+
 ########################################
 ## <summary>
 ##	Allow the type to associate to hugetlbfs filesystems.
diff --git a/policy/modules/services/postgresql.te b/policy/modules/services/postgresql.te
index f118d9d0c..7d56e01a8 100644
--- a/policy/modules/services/postgresql.te
+++ b/policy/modules/services/postgresql.te
@@ -330,7 +330,7 @@ dev_read_urand(postgresql_t)
 
 fs_getattr_all_fs(postgresql_t)
 fs_search_auto_mountpoints(postgresql_t)
-fs_rw_hugetlbfs_files(postgresql_t)
+fs_rmw_hugetlbfs_files(postgresql_t)
 
 selinux_get_enforce_mode(postgresql_t)
 selinux_validate_context(postgresql_t)