[selinux-policy: 870/3172] more transition work

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 20:20:16 UTC 2010 

commit 08c22f4d173a09f923e0bda43591a05260e63106
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Thu Oct 27 15:16:42 2005 +0000

    more transition work

 refpolicy/policy/modules/services/bluetooth.if |   46 ++++++++++++++++++++++++
 refpolicy/policy/modules/services/bluetooth.te |    5 ---
 refpolicy/policy/modules/system/unconfined.te  |   14 +++++++
 refpolicy/policy/modules/system/userdomain.te  |    4 ++
 4 files changed, 64 insertions(+), 5 deletions(-)
---
diff --git a/refpolicy/policy/modules/services/bluetooth.if b/refpolicy/policy/modules/services/bluetooth.if
index 0965ddb..51e5e0b 100644
--- a/refpolicy/policy/modules/services/bluetooth.if
+++ b/refpolicy/policy/modules/services/bluetooth.if
@@ -2,6 +2,52 @@
 
 ########################################
 ## <summary>
+##	Execute bluetooth_helper in the bluetooth_helper domain.
+## </summary>
+## <param name="domain">
+##	The type of the process performing this action.
+## </param>
+#
+interface(`bluetooth_domtrans_helper',`
+	gen_require(`
+		type bluetooth_helper_t, bluetooth_helper_exec_t;
+	')
+
+	domain_auto_trans($1,bluetooth_helper_exec_t,bluetooth_helper_t)
+
+	allow $1 bluetooth_helper_t:fd use;
+	allow bluetooth_helper_t $1:fd use;
+	allow bluetooth_helper_t $1:fifo_file rw_file_perms;
+	allow bluetooth_helper_t $1:process sigchld;
+')
+
+########################################
+## <summary>
+##	Execute bluetooth_helper in the bluetooth_helper domain, and
+##	allow the specified role the bluetooth_helper domain.
+## </summary>
+## <param name="domain">
+##	The type of the process performing this action.
+## </param>
+## <param name="role">
+##	The role to be allowed the bluetooth_helper domain.
+## </param>
+## <param name="terminal">
+##	The type of the terminal allow the bluetooth_helper domain to use.
+## </param>
+#
+interface(`bluetooth_run_helper',`
+	gen_require(`
+		type bluetooth_helper_t;
+	')
+
+	bluetooth_helper_domtrans($1)
+	role $2 types bluetooth_helper_t;
+	allow bluetooth_helper_t $3:chr_file rw_term_perms;
+')
+
+########################################
+## <summary>
 ##	Read bluetooth helper files.
 ## </summary>
 ## <param name="domain">
diff --git a/refpolicy/policy/modules/services/bluetooth.te b/refpolicy/policy/modules/services/bluetooth.te
index af421ec..c0fd36f 100644
--- a/refpolicy/policy/modules/services/bluetooth.te
+++ b/refpolicy/policy/modules/services/bluetooth.te
@@ -211,11 +211,6 @@ optional_policy(`nscd.te',`
 ')
 
 ifdef(`TODO',`
-
-# a "run" interface needs to be
-# added, and have sysadm_t use it
-# in a optional_policy block.
-
 allow bluetooth_helper_t tmp_t:dir search;
 
 allow bluetooth_helper_t home_dir_type:dir search;
diff --git a/refpolicy/policy/modules/system/unconfined.te b/refpolicy/policy/modules/system/unconfined.te
index b7815ee..2affdb7 100644
--- a/refpolicy/policy/modules/system/unconfined.te
+++ b/refpolicy/policy/modules/system/unconfined.te
@@ -46,6 +46,14 @@ ifdef(`targeted_policy',`
 		amanda_domtrans_recover(unconfined_t)
 	')
 
+	optional_policy(`bind.te',`
+		bind_domtrans_ndc(unconfined_t)
+	')
+
+	optional_policy(`bluetooth.te',`
+		bluetooth_domtrans_helper(unconfined_t)
+	')
+
 	optional_policy(`dmidecode.te',`
 		dmidecode_domtrans(unconfined_t)
 	')
@@ -64,6 +72,12 @@ ifdef(`targeted_policy',`
 		modutils_domtrans_update_mods(unconfined_t)
 	')
 
+	optional_policy(`netutils.te',`
+		netutils_domtrans(unconfined_t)
+		netutils_domtrans_ping(unconfined_t)
+		netutils_domtrans_traceroute(unconfined_t)
+	')
+
 	optional_policy(`portmap.te',`
 		portmap_domtrans_helper(unconfined_t)
 	')
diff --git a/refpolicy/policy/modules/system/userdomain.te b/refpolicy/policy/modules/system/userdomain.te
index a8ac48a..a108cbd 100644
--- a/refpolicy/policy/modules/system/userdomain.te
+++ b/refpolicy/policy/modules/system/userdomain.te
@@ -154,6 +154,10 @@ ifdef(`targeted_policy',`
 		bind_run_ndc(sysadm_t,sysadm_r,admin_terminal)
 	')
 
+	optional_policy(`bluetooth.te',`
+		bluetooth_run_helper(sysadm_t,sysadm_r,admin_terminal)
+	')
+
 	optional_policy(`clock.te',`
 		clock_run(sysadm_t,sysadm_r,admin_terminal)
 	')

More information about the scm-commits mailing list