From 5db3c3f65ba591348ce5b872a70c66289ed0c0ad Mon Sep 17 00:00:00 2001
From: Johannes Segitz <jsegitz@suse.de>
Date: Fri, 9 May 2025 08:20:00 +0200
Subject: [PATCH] Introduce tabrmd_rw_unix_stream_sockets SELinux interface

ATM there's only tabrmd_create_unix_stream_sockets, but some domains
only need to use the socket, not create it.

Signed-off-by: Johannes Segitz <jsegitz@suse.de>
---
 selinux/tabrmd.if | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/selinux/tabrmd.if b/selinux/tabrmd.if
index 61ed3e18..c8792ec3 100644
--- a/selinux/tabrmd.if
+++ b/selinux/tabrmd.if
@@ -18,6 +18,24 @@ interface(`tabrmd_create_unix_stream_sockets',`
         allow $1 tabrmd_t:unix_stream_socket create_stream_socket_perms;
 ')
 
+########################################
+## <summary>
+##      Use a unix stream socket
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+interface(`tabrmd_rw_unix_stream_sockets',`
+        gen_require(`
+                type tabrmd_t;
+        ')
+
+        allow $1 tabrmd_t:unix_stream_socket rw_socket_perms;
+')
+
 ########################################
 ## <summary>
 ##      Send messages to and from