trunk: minor amanda update from dan

policy/modules/admin/amanda.te

@@ -1,5 +1,5 @@
 
-policy_module(amanda,1.5.1)
+policy_module(amanda,1.5.2)
 
 #######################################
 #
@@ -70,7 +70,7 @@ optional_policy(`
 
 allow amanda_t self:capability { chown dac_override setuid kill };
 allow amanda_t self:process { setpgid signal };
-allow amanda_t self:fifo_file { getattr read write ioctl lock };
+allow amanda_t self:fifo_file rw_fifo_file_perms;
 allow amanda_t self:unix_stream_socket create_stream_socket_perms;
 allow amanda_t self:unix_dgram_socket create_socket_perms;
 allow amanda_t self:tcp_socket create_stream_socket_perms;
@@ -85,18 +85,22 @@ allow amanda_t amanda_config_t:file { getattr read };
 
 # access to amandas data structure
 allow amanda_t amanda_data_t:dir { read search write };
-allow amanda_t amanda_data_t:file { read write };
+allow amanda_t amanda_data_t:file manage_file_perms;
 
 # access to amanda_dumpdates_t
 allow amanda_t amanda_dumpdates_t:file { getattr lock read write };
 
 can_exec(amanda_t,amanda_exec_t)
+can_exec(amanda_t,amanda_inetd_exec_t)
 
 # access to amanda_gnutarlists_t (/var/lib/amanda/gnutar-lists)
 allow amanda_t amanda_gnutarlists_t:dir rw_dir_perms;
 allow amanda_t amanda_gnutarlists_t:file manage_file_perms;
 allow amanda_t amanda_gnutarlists_t:lnk_file manage_file_perms;
 
+manage_dirs_pattern(amanda_t,amanda_var_lib_t,amanda_var_lib_t)
+manage_files_pattern(amanda_t,amanda_var_lib_t,amanda_var_lib_t)
+
 manage_files_pattern(amanda_t,amanda_log_t,amanda_log_t)
 manage_dirs_pattern(amanda_t,amanda_log_t,amanda_log_t)
 logging_log_filetrans(amanda_t,amanda_log_t,{ file dir })