On 1/19/19 11:19 AM, Sugar, David wrote:
Signed-off-by: Dave Sugar <dsugar@xxxxxxxxxx>
---
policy/modules/services/clamav.if | 26 ++++++++++++++++++++++++++
1 file changed, 26 insertions(+)
diff --git a/policy/modules/services/clamav.if b/policy/modules/services/clamav.if
index 7b6df49e..3639d769 100644
--- a/policy/modules/services/clamav.if
+++ b/policy/modules/services/clamav.if
@@ -19,6 +19,32 @@ interface(`clamav_domtrans',`
domtrans_pattern($1, clamd_exec_t, clamd_t)
')
+########################################
+## <summary>
+## Execute clamd programs in the clamd
+## domain and allow the specified role
+## the clamd domain.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed to transition.
+## </summary>
+## </param>
+## <param name="role">
+## <summary>
+## Role allowed access.
+## </summary>
+## </param>
+#
+interface(`clamav_run',`
+ gen_require(`
+ type clamd_t;
+ ')
+
+ clamav_domtrans($1)
+ role $2 types clamd_t;
+')
+
########################################
## <summary>
## Connect to clamd using a unix
Merged.
--
Chris PeBenito
