[selinux-policy: 2044/3172] trunk: add missing ubac module.

[Daniel J Walsh]

commit 0003940ff28812c444e5d1f8f7bc6ac81b6570fc
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Wed Nov 5 16:11:27 2008 +0000

    trunk: add missing ubac module.

 policy/modules/kernel/ubac.fc |    1 +
 policy/modules/kernel/ubac.if |  184 +++++++++++++++++++++++++++++++++++++++++
 policy/modules/kernel/ubac.te |   20 +++++
 3 files changed, 205 insertions(+), 0 deletions(-)
---
diff --git a/policy/modules/kernel/ubac.fc b/policy/modules/kernel/ubac.fc
new file mode 100644
index 0000000..778366f
--- /dev/null
+++ b/policy/modules/kernel/ubac.fc
@@ -0,0 +1 @@
+# no UBAC file contexts
diff --git a/policy/modules/kernel/ubac.if b/policy/modules/kernel/ubac.if
new file mode 100644
index 0000000..7477750
--- /dev/null
+++ b/policy/modules/kernel/ubac.if
@@ -0,0 +1,184 @@
+## <summary>User-based access control policy</summary>
+## <required val="true">
+##	Contains attributes used in UBAC policy.
+## </required>
+
+########################################
+## <summary>
+##	Constrain by user-based access control.
+## </summary>
+## <param name="type">
+##	<summary>
+##	Type to be constrained by UBAC.
+##	</summary>
+## </param>
+#
+interface(`ubac_constrained',`
+	gen_require(`
+		attribute ubac_constrained_type;
+	')
+
+	typeattribute $1 ubac_constrained_type;
+')
+
+########################################
+## <summary>
+##	Exempt user-based access control for files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to be exempted.
+##	</summary>
+## </param>
+#
+interface(`ubac_file_exempt',`
+	gen_require(`
+		attribute ubacfile;
+	')
+
+	typeattribute $1 ubacfile;
+')
+
+########################################
+## <summary>
+##	Exempt user-based access control for processes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to be exempted.
+##	</summary>
+## </param>
+#
+interface(`ubac_process_exempt',`
+	gen_require(`
+		attribute ubacproc;
+	')
+
+	typeattribute $1 ubacproc;
+')
+
+########################################
+## <summary>
+##	Exempt user-based access control for file descriptors.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to be exempted.
+##	</summary>
+## </param>
+#
+interface(`ubac_fd_exempt',`
+	gen_require(`
+		attribute ubacfd;
+	')
+
+	typeattribute $1 ubacfd;
+')
+
+########################################
+## <summary>
+##	Exempt user-based access control for sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to be exempted.
+##	</summary>
+## </param>
+#
+interface(`ubac_socket_exempt',`
+	gen_require(`
+		attribute ubacsock;
+	')
+
+	typeattribute $1 ubacsock;
+')
+
+########################################
+## <summary>
+##	Exempt user-based access control for SysV IPC.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to be exempted.
+##	</summary>
+## </param>
+#
+interface(`ubac_sysvipc_exempt',`
+	gen_require(`
+		attribute ubacipc;
+	')
+
+	typeattribute $1 ubacipc;
+')
+
+########################################
+## <summary>
+##	Exempt user-based access control for X Windows.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to be exempted.
+##	</summary>
+## </param>
+#
+interface(`ubac_xwin_exempt',`
+	gen_require(`
+		attribute ubacxwin;
+	')
+
+	typeattribute $1 ubacxwin;
+')
+
+########################################
+## <summary>
+##	Exempt user-based access control for dbus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to be exempted.
+##	</summary>
+## </param>
+#
+interface(`ubac_dbus_exempt',`
+	gen_require(`
+		attribute ubacdbus;
+	')
+
+	typeattribute $1 ubacdbus;
+')
+
+########################################
+## <summary>
+##	Exempt user-based access control for keys.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to be exempted.
+##	</summary>
+## </param>
+#
+interface(`ubac_key_exempt',`
+	gen_require(`
+		attribute ubackey;
+	')
+
+	typeattribute $1 ubackey;
+')
+
+########################################
+## <summary>
+##	Exempt user-based access control for databases.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to be exempted.
+##	</summary>
+## </param>
+#
+interface(`ubac_db_exempt',`
+	gen_require(`
+		attribute ubacdb;
+	')
+
+	typeattribute $1 ubacdb;
+')
diff --git a/policy/modules/kernel/ubac.te b/policy/modules/kernel/ubac.te
new file mode 100644
index 0000000..c1f106d
--- /dev/null
+++ b/policy/modules/kernel/ubac.te
@@ -0,0 +1,20 @@
+
+policy_module(ubac, 1.0.0)
+
+########################################
+#
+# Declarations
+#
+
+attribute ubac_constrained_type;
+
+attribute ubacfile;
+attribute ubacproc;
+attribute ubacsock;
+attribute ubacfd;
+attribute ubacipc;
+attribute ubacxwin;
+attribute ubacdbus;
+attribute ubackey;
+attribute ubacdb;
+