2 files changed, 21 insertions, 1 deletions

diff --git a/base/selinux/src/pki.if b/base/selinux/src/pki.if
index 8399c4e9b..423546d1f 100644
--- a/base/selinux/src/pki.if
+++ b/base/selinux/src/pki.if
@@ -20,6 +20,24 @@ interface(`pki_rw_tomcat_cert',`
 
 ########################################
 ## <summary>
+##      Allow read and write pki cert files.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+interface(`pki_search_tomcat_etc_rw',`
+        gen_require(`
+                type pki_tomcat_etc_rw_t;
+        ')
+
+        search_dirs_pattern($1, pki_tomcat_etc_rw_t, pki_tomcat_etc_rw_t)
+')
+
+########################################
+## <summary>
 ##	Create a set of derived types for apache
 ##	web content.
 ## </summary>
diff --git a/base/selinux/src/pki.te b/base/selinux/src/pki.te
index c8900bc7f..411974b25 100644
--- a/base/selinux/src/pki.te
+++ b/base/selinux/src/pki.te
@@ -1,4 +1,4 @@
-policy_module(pki,10.0.11)
+policy_module(pki,10.0.12)
 
 type pki_log_t;
 files_type(pki_log_t)
@@ -83,6 +83,7 @@ logging_send_audit_msgs(pki_tomcat_t)
 logging_send_syslog_msg(pki_tomcat_t)
 
 miscfiles_read_hwdata(pki_tomcat_t)
+miscfiles_read_localization(pki_tomcat_t)
 files_manage_generic_tmp_files(pki_tomcat_t)
 userdom_manage_user_tmp_dirs(pki_tomcat_t)
 userdom_manage_user_tmp_files(pki_tomcat_t)
@@ -119,6 +120,7 @@ allow setfiles_t pki_log_t:file write;
 
 # allow certmonger to read certdb files
 pki_rw_tomcat_cert(certmonger_t)
+pki_search_tomcat_etc_rw(certmonger_t)
 
 ##########################
 #  TPS policy