[selinux-policy: 634/3172] add ktalk

[Daniel J Walsh]

commit d17b4d2323d753e256c24ec07244f5914aecbb08
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Thu Sep 8 13:42:13 2005 +0000

    add ktalk

 refpolicy/Changelog                        |    3 +
 refpolicy/policy/modules/services/ktalk.fc |    2 +
 refpolicy/policy/modules/services/ktalk.if |    1 +
 refpolicy/policy/modules/services/ktalk.te |   78 ++++++++++++++++++++++++++++
 4 files changed, 84 insertions(+), 0 deletions(-)
---
diff --git a/refpolicy/Changelog b/refpolicy/Changelog
index 662da58..1918e94 100644
--- a/refpolicy/Changelog
+++ b/refpolicy/Changelog
@@ -1,3 +1,6 @@
+- Added policies:
+	ktalk
+
 * Wed Sep 07 2005 Chris PeBenito <selinux at tresys.com> - 20050907
 - Fix errors uncovered by sediff.
 - Doc tool will explicitly say a module does not have interfaces
diff --git a/refpolicy/policy/modules/services/ktalk.fc b/refpolicy/policy/modules/services/ktalk.fc
new file mode 100644
index 0000000..bbd72e4
--- /dev/null
+++ b/refpolicy/policy/modules/services/ktalk.fc
@@ -0,0 +1,2 @@
+
+/usr/bin/ktalkd		--	context_template(system_u:object_r:ktalkd_exec_t,s0)
diff --git a/refpolicy/policy/modules/services/ktalk.if b/refpolicy/policy/modules/services/ktalk.if
new file mode 100644
index 0000000..5ba36db
--- /dev/null
+++ b/refpolicy/policy/modules/services/ktalk.if
@@ -0,0 +1 @@
+## <summary>KDE Talk daemon</summary>
diff --git a/refpolicy/policy/modules/services/ktalk.te b/refpolicy/policy/modules/services/ktalk.te
new file mode 100644
index 0000000..48af1d1
--- /dev/null
+++ b/refpolicy/policy/modules/services/ktalk.te
@@ -0,0 +1,78 @@
+
+policy_module(ktalk,1.0)
+
+########################################
+#
+# Declarations
+#
+
+type ktalkd_t;
+type ktalkd_exec_t;
+inetd_udp_service_domain(ktalkd_t,ktalkd_exec_t)
+role system_r types ktalkd_t;
+
+type ktalkd_tmp_t;
+files_tmp_file(ktalkd_tmp_t)
+
+type ktalkd_var_run_t;
+files_pid_file(ktalkd_var_run_t)
+
+########################################
+#
+# Local policy
+#
+
+allow ktalkd_t self:process signal_perms;
+allow ktalkd_t self:fifo_file rw_file_perms;
+allow ktalkd_t self:tcp_socket connected_stream_socket_perms;
+# for identd
+# cjp: this should probably only be inetd_child rules?
+allow ktalkd_t self:netlink_tcpdiag_socket r_netlink_socket_perms;
+allow ktalkd_t self:capability { setuid setgid };
+allow ktalkd_t self:dir search;
+allow ktalkd_t self:{ lnk_file file } { getattr read };
+files_search_home(ktalkd_t)
+optional_policy(`kerberos.te',`
+	kerberos_use(ktalkd_t)
+')
+#end for identd
+
+allow ktalkd_t ktalkd_tmp_t:dir create_dir_perms;
+allow ktalkd_t ktalkd_tmp_t:file create_file_perms;
+files_create_tmp_files(ktalkd_t, ktalkd_tmp_t, { file dir })
+
+allow ktalkd_t ktalkd_var_run_t:file create_file_perms;
+files_create_pid(ktalkd_t,ktalkd_var_run_t)
+
+kernel_read_kernel_sysctl(ktalkd_t)
+kernel_read_system_state(ktalkd_t)
+kernel_read_network_state(ktalkd_t)
+
+corenet_tcp_sendrecv_all_if(ktalkd_t)
+corenet_raw_sendrecv_all_if(ktalkd_t)
+corenet_tcp_sendrecv_all_nodes(ktalkd_t)
+corenet_raw_sendrecv_all_nodes(ktalkd_t)
+corenet_tcp_bind_all_nodes(ktalkd_t)
+corenet_tcp_sendrecv_all_ports(ktalkd_t)
+
+dev_read_urand(ktalkd_t)
+
+fs_getattr_xattr_fs(ktalkd_t)
+
+files_read_etc_files(ktalkd_t)
+
+libs_use_ld_so(ktalkd_t)
+libs_use_shared_libs(ktalkd_t)
+logging_send_syslog_msg(ktalkd_t)
+
+miscfiles_read_localization(ktalkd_t)
+
+sysnet_read_config(ktalkd_t)
+
+optional_policy(`nis.te',`
+	nis_use_ypbind(ktalkd_t)
+')
+
+optional_policy(`nscd.te',`
+	nscd_use_socket(ktalkd_t)
+')