[selinux-policy: 2385/3172] Add pyicqt from Stefan Schulze Frielinghaus.

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 22:31:44 UTC 2010 

commit 4ebfec730371aade53419aa01b327758b50ed04b
Author: Chris PeBenito <pebenito at gentoo.org>
Date:   Mon Feb 8 10:58:16 2010 -0500

    Add pyicqt from Stefan Schulze Frielinghaus.

 Changelog                         |    1 +
 policy/modules/services/pyicqt.fc |    7 ++++
 policy/modules/services/pyicqt.if |    1 +
 policy/modules/services/pyicqt.te |   60 +++++++++++++++++++++++++++++++++++++
 4 files changed, 69 insertions(+), 0 deletions(-)
---
diff --git a/Changelog b/Changelog
index 5818f9e..9e2ca70 100644
--- a/Changelog
+++ b/Changelog
@@ -1,6 +1,7 @@
 - X object manager revisions from Eamon Walsh.
 - Added modules:
 	dbadm (KaiGai Kohei)
+	pyicqt (Stefan Schulze Frielinghaus)
 
 * Tue Nov 17 2009 Chris PeBenito <selinux at tresys.com> - 2.20091117
 - Add separate x_pointer and x_keyboard classes inheriting from x_device. 
diff --git a/policy/modules/services/pyicqt.fc b/policy/modules/services/pyicqt.fc
new file mode 100644
index 0000000..491fe8f
--- /dev/null
+++ b/policy/modules/services/pyicqt.fc
@@ -0,0 +1,7 @@
+/etc/pyicq-t(/.*)?			gen_context(system_u:object_r:pyicqt_conf_t,s0)
+
+/usr/share/pyicq-t/PyICQt\.py	--	gen_context(system_u:object_r:pyicqt_exec_t,s0)
+
+/var/run/pyicq-t(/.*)?			gen_context(system_u:object_r:pyicqt_var_run_t,s0)
+
+/var/spool/pyicq-t(/.*)?		gen_context(system_u:object_r:pyicqt_spool_t,s0)
diff --git a/policy/modules/services/pyicqt.if b/policy/modules/services/pyicqt.if
new file mode 100644
index 0000000..9604b6a
--- /dev/null
+++ b/policy/modules/services/pyicqt.if
@@ -0,0 +1 @@
+## <summary>PyICQt is an ICQ transport for XMPP server.</summary>
diff --git a/policy/modules/services/pyicqt.te b/policy/modules/services/pyicqt.te
new file mode 100644
index 0000000..c158e07
--- /dev/null
+++ b/policy/modules/services/pyicqt.te
@@ -0,0 +1,60 @@
+
+policy_module(pyicqt, 1.0.0)
+
+########################################
+#
+# Declarations
+#
+
+type pyicqt_t;
+type pyicqt_exec_t;
+init_daemon_domain(pyicqt_t, pyicqt_exec_t)
+
+type pyicqt_conf_t;
+files_config_file(pyicqt_conf_t)
+
+type pyicqt_spool_t;
+files_type(pyicqt_spool_t)
+
+type pyicqt_var_run_t;
+files_pid_file(pyicqt_var_run_t)
+
+########################################
+#
+# PyICQt policy
+#
+
+allow pyicqt_t self:fifo_file rw_fifo_file_perms;
+allow pyicqt_t self:tcp_socket create_socket_perms;
+allow pyicqt_t self:udp_socket create_socket_perms;
+
+read_files_pattern(pyicqt_t, pyicqt_conf_t, pyicqt_conf_t)
+
+manage_dirs_pattern(pyicqt_t, pyicqt_spool_t, pyicqt_spool_t)
+manage_files_pattern(pyicqt_t, pyicqt_spool_t, pyicqt_spool_t)
+files_spool_filetrans(pyicqt_t, pyicqt_spool_t, { dir file })
+
+manage_files_pattern(pyicqt_t, pyicqt_var_run_t, pyicqt_var_run_t)
+files_pid_filetrans(pyicqt_t, pyicqt_var_run_t, file)
+
+kernel_read_system_state(pyicqt_t)
+
+corecmd_exec_bin(pyicqt_t)
+
+corenet_all_recvfrom_unlabeled(pyicqt_t)
+corenet_all_recvfrom_netlabel(pyicqt_t)
+corenet_tcp_sendrecv_generic_if(pyicqt_t)
+corenet_tcp_sendrecv_generic_node(pyicqt_t)
+corenet_tcp_connect_generic_port(pyicqt_t)
+corenet_sendrecv_generic_client_packets(pyicqt_t)
+
+dev_read_urand(pyicqt_t)
+
+files_read_etc_files(pyicqt_t)
+files_read_usr_files(pyicqt_t)
+
+libs_read_lib_files(pyicqt_t)
+
+miscfiles_read_localization(pyicqt_t)
+
+sysnet_read_config(pyicqt_t)

More information about the scm-commits mailing list