Signed-off-by: Dave Sugar <dsugar@xxxxxxxxxx> --- policy/modules/services/clamav.if | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/policy/modules/services/clamav.if b/policy/modules/services/clamav.if index 7b6df49e..3639d769 100644 --- a/policy/modules/services/clamav.if +++ b/policy/modules/services/clamav.if @@ -19,6 +19,32 @@ interface(`clamav_domtrans',` domtrans_pattern($1, clamd_exec_t, clamd_t) ') +######################################## +## <summary> +## Execute clamd programs in the clamd +## domain and allow the specified role +## the clamd domain. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed to transition. +## </summary> +## </param> +## <param name="role"> +## <summary> +## Role allowed access. +## </summary> +## </param> +# +interface(`clamav_run',` + gen_require(` + type clamd_t; + ') + + clamav_domtrans($1) + role $2 types clamd_t; +') + ######################################## ## <summary> ## Connect to clamd using a unix -- 2.20.1
