[selinux-policy: 700/3172] add anaconda

[Daniel J Walsh]

commit 9edc289521912ba11c856b511b7fc76c677190a5
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Fri Sep 23 22:15:04 2005 +0000

    add anaconda

 refpolicy/Changelog                          |    1 +
 refpolicy/policy/modules/admin/anaconda.fc   |    5 ++
 refpolicy/policy/modules/admin/anaconda.if   |    1 +
 refpolicy/policy/modules/admin/anaconda.te   |   59 ++++++++++++++++++++++++++
 refpolicy/policy/modules/admin/usermanage.if |   24 ++++++++++
 5 files changed, 90 insertions(+), 0 deletions(-)
---
diff --git a/refpolicy/Changelog b/refpolicy/Changelog
index 26d9393..a4b8ec9 100644
--- a/refpolicy/Changelog
+++ b/refpolicy/Changelog
@@ -1,5 +1,6 @@
 - Fix errors uncovered by sediff.
 - Added policies:
+	anaconda
 	kudzu
 	radvd
 
diff --git a/refpolicy/policy/modules/admin/anaconda.fc b/refpolicy/policy/modules/admin/anaconda.fc
new file mode 100644
index 0000000..3afd63b
--- /dev/null
+++ b/refpolicy/policy/modules/admin/anaconda.fc
@@ -0,0 +1,5 @@
+#
+# Currently anaconda does not have any file context since it is
+# started during install.  This is a placeholder to satisfy
+# the policy Makefile dependencies.
+#
diff --git a/refpolicy/policy/modules/admin/anaconda.if b/refpolicy/policy/modules/admin/anaconda.if
new file mode 100644
index 0000000..18491c8
--- /dev/null
+++ b/refpolicy/policy/modules/admin/anaconda.if
@@ -0,0 +1 @@
+## <summary>Policy for the Anaconda installer.</summary>
diff --git a/refpolicy/policy/modules/admin/anaconda.te b/refpolicy/policy/modules/admin/anaconda.te
new file mode 100644
index 0000000..107b339
--- /dev/null
+++ b/refpolicy/policy/modules/admin/anaconda.te
@@ -0,0 +1,59 @@
+
+policy_module(anaconda,1.0)
+
+########################################
+#
+# Declarations
+#
+
+type anaconda_t;
+domain_type(anaconda_t)
+domain_obj_id_change_exempt(anaconda_t)
+role system_r types anaconda_t;
+
+########################################
+#
+# Local policy
+#
+
+# Run other rc scripts in the anaconda_t domain.
+init_domtrans_script(anaconda_t)
+
+libs_domtrans_ldconfig(anaconda_t)
+
+logging_send_syslog_msg(anaconda_t)
+
+modutils_domtrans_insmod(anaconda_t)
+
+unconfined_domain_template(anaconda_t)
+
+ifdef(`distro_redhat',`
+	bootloader_create_runtime_file(anaconda_t)
+')
+
+optional_policy(`dmesg.te',`
+	dmesg_domtrans(anaconda_t)
+')
+
+optional_policy(`rpm.te',`
+	rpm_domtrans(anaconda_t)
+')
+
+optional_policy(`udev.te',`
+	udev_domtrans(anaconda_t)
+')
+
+optional_policy(`usermanage.te',`
+	usermanage_domtrans_admin_passwd(anaconda_t)
+')
+
+ifdef(`TODO',`
+optional_policy(`su.te',`
+	role system_r types sysadm_su_t;
+	domain_auto_trans(anaconda_t, su_exec_t, sysadm_su_t)
+')
+optional_policy(`ssh.te',`
+	role system_r types sysadm_ssh_agent_t;
+	domain_auto_trans(anaconda_t, ssh_agent_exec_t, sysadm_ssh_agent_t)
+')
+')
diff --git a/refpolicy/policy/modules/admin/usermanage.if b/refpolicy/policy/modules/admin/usermanage.if
index e832948..14fb0c1 100644
--- a/refpolicy/policy/modules/admin/usermanage.if
+++ b/refpolicy/policy/modules/admin/usermanage.if
@@ -158,6 +158,30 @@ interface(`usermanage_run_passwd',`
 
 ########################################
 ## <summary>
+##	Execute password admin functions in
+##	the admin passwd domain.
+## </summary>
+## <param name="domain">
+##	Domain allowed access.
+## </param>
+#
+interface(`usermanage_domtrans_admin_passwd',`
+	gen_require(`
+		type sysadm_passwd_t, admin_passwd_exec_t;
+	')
+
+	files_search_usr($1)
+	corecmd_search_bin($1)
+	domain_auto_trans($1,admin_passwd_exec_t,sysadm_passwd_t)
+
+	allow $1 sysadm_passwd_t:fd use;
+	allow sysadm_passwd_t $1:fd use;
+	allow sysadm_passwd_t $1:fifo_file rw_file_perms;
+	allow sysadm_passwd_t $1:process sigchld;
+')
+
+########################################
+## <summary>
 ##	Execute useradd in the useradd domain.
 ## </summary>
 ## <param name="domain">