Add directory read permissions for ro marked dirs

diff --git a/cod4/cod4.te b/cod4/cod4.te
index 389e4bc..43ff1c5 100644 (file)
--- a/cod4/cod4.te
+++ b/cod4/cod4.te
@@ -1,4 +1,4 @@
-policy_module(cod4, 0.1.30)
+policy_module(cod4, 0.1.31)
 
 # File context for the executable process
 type cod4_t;
@@ -17,6 +17,7 @@ corenet_udp_bind_generic_port(cod4_t)
 corenet_udp_bind_generic_node(cod4_t)
 
 read_files_pattern(cod4_t, cod4_ro_t, cod4_ro_t)
+list_dirs_pattern(cod4_t, cod4_ro_t, cod4_ro_t)
 
 manage_files_pattern(cod4_t, cod4_rw_t, cod4_rw_t)
 manage_dirs_pattern(cod4_t, cod4_rw_t, cod4_rw_t)

diff --git a/q3a/q3a.te b/q3a/q3a.te
index ef9da68..d0c204d 100644 (file)
--- a/q3a/q3a.te
+++ b/q3a/q3a.te
@@ -1,4 +1,4 @@
-policy_module(q3a, 0.1.23)
+policy_module(q3a, 0.1.24)
 
 # File context for the executable process
 type q3a_t;
@@ -19,6 +19,7 @@ corenet_udp_bind_generic_port(q3a_t)
 corenet_udp_bind_generic_node(q3a_t)
 
 read_files_pattern(q3a_t, q3a_ro_t, q3a_ro_t)
+list_dirs_pattern(q3a_t, q3a_ro_t, q3a_ro_t)
 
 allow q3a_t q3a_ro_t:dir list_dir_perms;
 allow q3a_t q3a_ro_t:file read_file_perms;

diff --git a/quake2/quake2.te b/quake2/quake2.te
index 8e980e5..2e2eb6e 100644 (file)
--- a/quake2/quake2.te
+++ b/quake2/quake2.te
@@ -1,4 +1,4 @@
-policy_module(quake2, 0.1.9)
+policy_module(quake2, 0.1.10)
 
 # File context for the executable process
 type quake2_t;
@@ -19,6 +19,7 @@ corenet_udp_bind_generic_port(quake2_t)
 corenet_udp_bind_generic_node(quake2_t)
 
 read_files_pattern(quake2_t, quake2_ro_t, quake2_ro_t)
+list_dirs_pattern(quake2_t, quake2_ro_t, quake2_ro_t)
 
 manage_files_pattern(quake2_t, quake2_rw_t, quake2_rw_t)
 manage_dirs_pattern(quake2_t, quake2_rw_t, quake2_rw_t)

diff --git a/tesseract/tesseract.te b/tesseract/tesseract.te
index ee16447..4539c19 100644 (file)
--- a/tesseract/tesseract.te
+++ b/tesseract/tesseract.te
@@ -1,4 +1,4 @@
-policy_module(tesseract, 0.1.3)
+policy_module(tesseract, 0.1.4)
 
 # File context for the executable process
 type tesseract_t;
@@ -17,5 +17,6 @@ corenet_udp_bind_generic_port(tesseract_t)
 corenet_udp_bind_generic_node(tesseract_t)
 
 read_files_pattern(tesseract_t, tesseract_ro_t, tesseract_ro_t)
+list_dirs_pattern(tesseract_t, tesseract_ro_t, tesseract_ro_t)
 
 sysnet_dns_name_resolve(tesseract_t)

diff --git a/tf2/tf2.te b/tf2/tf2.te
index fd3f755..5f89c83 100644 (file)
--- a/tf2/tf2.te
+++ b/tf2/tf2.te
@@ -1,4 +1,4 @@
-policy_module(tf2, 0.1.22)
+policy_module(tf2, 0.1.23)
 
 require {
     type default_t;
@@ -30,6 +30,7 @@ corenet_tcp_bind_generic_port(tf2_t)
 corenet_tcp_bind_generic_node(tf2_t)
 
 read_files_pattern(tf2_t, tf2_ro_t, tf2_ro_t)
+list_dirs_pattern(tf2_t, tf2_ro_t, tf2_ro_t)
 
 manage_files_pattern(tf2_t, tf2_rw_t, tf2_rw_t)
 manage_dirs_pattern(tf2_t, tf2_rw_t, tf2_rw_t)

diff --git a/ts3/ts3.te b/ts3/ts3.te
index 95dd7a3..3688ad6 100644 (file)
--- a/ts3/ts3.te
+++ b/ts3/ts3.te
@@ -1,4 +1,4 @@
-policy_module(ts3, 0.1.22)
+policy_module(ts3, 0.1.23)
 
 # File context for the executable process
 type ts3_t;
@@ -22,6 +22,7 @@ corenet_tcp_bind_generic_node(ts3_t)
 allow ts3_t self:tcp_socket { create_stream_socket_perms connected_stream_socket_perms };
 
 read_files_pattern(ts3_t, ts3_ro_t, ts3_ro_t)
+list_dirs_pattern(ts3_t, ts3_ro_t, ts3_ro_t)
 
 manage_files_pattern(ts3_t, ts3_rw_t, ts3_rw_t)
 manage_dirs_pattern(ts3_t, ts3_rw_t, ts3_rw_t)

diff --git a/ut2004/ut2004.te b/ut2004/ut2004.te
index 981c20a..ccc10da 100644 (file)
--- a/ut2004/ut2004.te
+++ b/ut2004/ut2004.te
@@ -1,4 +1,4 @@
-policy_module(ut2004, 0.1.2)
+policy_module(ut2004, 0.1.3)
 
 require {
     type interwise_port_t;
@@ -21,6 +21,7 @@ corenet_udp_bind_generic_port(ut2004_t)
 corenet_udp_bind_generic_node(ut2004_t)
 
 read_files_pattern(ut2004_t, ut2004_ro_t, ut2004_ro_t)
+list_dirs_pattern(ut2004_t, ut2004_ro_t, ut2004_ro_t)
 
 manage_files_pattern(ut2004_t, ut2004_rw_t, ut2004_rw_t)
 manage_dirs_pattern(ut2004_t, ut2004_rw_t, ut2004_rw_t)