selinux-policy/backport-Add-domain_unix_read_all_semaphores-interface.patch

From 0fda5d6c5ee12b642ab0f6b6503807a4731d17f4 Mon Sep 17 00:00:00 2001
From: Zdenek Pytela <zpytela@redhat.com>
Date: Fri, 11 Nov 2022 15:11:18 +0100
Subject: [PATCH] Add domain_unix_read_all_semaphores() interface

---
 policy/modules/kernel/domain.if | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/policy/modules/kernel/domain.if b/policy/modules/kernel/domain.if
index 0e843721ba..2fa4393292 100644
--- a/policy/modules/kernel/domain.if
+++ b/policy/modules/kernel/domain.if
@@ -568,6 +568,25 @@ interface(`domain_kill_all_domains',`
 	allow $1 self:capability kill;
 ')
 
+########################################
+## <summary>
+##	Allow unix_read all domains semaphores
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`domain_unix_read_all_semaphores',`
+	gen_require(`
+		attribute domain;
+	')
+
+	allow $1 domain:sem unix_read;
+')
+
 ########################################
 ## <summary>
 ##	Destroy all domains semaphores