From eb833919cee91e90da4d10a10f03e9bd2b0a1a04 Mon Sep 17 00:00:00 2001
From: Dominick Grift <dominick.grift@gmail.com>
Date: Oct 29 2012 09:48:56 +0000
Subject: Changes to the tcpd policy module


Module clean up

Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
---

diff --git a/tcpd.fc b/tcpd.fc
index 393345c..034ec7f 100644
--- a/tcpd.fc
+++ b/tcpd.fc
@@ -1,2 +1 @@
-
 /usr/sbin/tcpd	--	gen_context(system_u:object_r:tcpd_exec_t,s0)
diff --git a/tcpd.if b/tcpd.if
index 2075ebb..9eb34fd 100644
--- a/tcpd.if
+++ b/tcpd.if
@@ -1,4 +1,4 @@
-## <summary>Policy for TCP daemon.</summary>
+## <summary>TCP daemon.</summary>
 
 ########################################
 ## <summary>
@@ -15,6 +15,7 @@ interface(`tcpd_domtrans',`
 		type tcpd_t, tcpd_exec_t;
 	')
 
+	corecmd_search_bin($1)
 	domtrans_pattern($1, tcpd_exec_t, tcpd_t)
 ')
 
diff --git a/tcpd.te b/tcpd.te
index 7038b55..f388db3 100644
--- a/tcpd.te
+++ b/tcpd.te
@@ -1,13 +1,13 @@
-policy_module(tcpd, 1.4.0)
+policy_module(tcpd, 1.4.1)
 
 ########################################
 #
 # Declarations
 #
+
 type tcpd_t;
 type tcpd_exec_t;
 inetd_tcp_service_domain(tcpd_t, tcpd_exec_t)
-role system_r types tcpd_t;
 
 type tcpd_tmp_t;
 files_tmp_file(tcpd_tmp_t)
@@ -16,6 +16,7 @@ files_tmp_file(tcpd_tmp_t)
 #
 # Local policy
 #
+
 allow tcpd_t self:tcp_socket create_stream_socket_perms;
 
 manage_dirs_pattern(tcpd_t, tcpd_tmp_t, tcpd_tmp_t)
@@ -30,11 +31,9 @@ corenet_tcp_sendrecv_all_ports(tcpd_t)
 
 fs_getattr_xattr_fs(tcpd_t)
 
-# Run other daemons in the inetd child domain.
 corecmd_search_bin(tcpd_t)
 
 files_read_etc_files(tcpd_t)
-# no good reason for files_dontaudit_search_var, probably nscd
 files_dontaudit_search_var(tcpd_t)
 
 logging_send_syslog_msg(tcpd_t)