trunk: add missing ubac module.

policy/modules/kernel/ubac.fc

@@ -0,0 +1 @@
+# no UBAC file contexts

policy/modules/kernel/ubac.if

@@ -0,0 +1,184 @@
+## <summary>User-based access control policy</summary>
+## <required val="true">
+##	Contains attributes used in UBAC policy.
+## </required>
+
+########################################
+## <summary>
+##	Constrain by user-based access control.
+## </summary>
+## <param name="type">
+##	<summary>
+##	Type to be constrained by UBAC.
+##	</summary>
+## </param>
+#
+interface(`ubac_constrained',`
+	gen_require(`
+		attribute ubac_constrained_type;
+	')
+
+	typeattribute $1 ubac_constrained_type;
+')
+
+########################################
+## <summary>
+##	Exempt user-based access control for files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to be exempted.
+##	</summary>
+## </param>
+#
+interface(`ubac_file_exempt',`
+	gen_require(`
+		attribute ubacfile;
+	')
+
+	typeattribute $1 ubacfile;
+')
+
+########################################
+## <summary>
+##	Exempt user-based access control for processes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to be exempted.
+##	</summary>
+## </param>
+#
+interface(`ubac_process_exempt',`
+	gen_require(`
+		attribute ubacproc;
+	')
+
+	typeattribute $1 ubacproc;
+')
+
+########################################
+## <summary>
+##	Exempt user-based access control for file descriptors.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to be exempted.
+##	</summary>
+## </param>
+#
+interface(`ubac_fd_exempt',`
+	gen_require(`
+		attribute ubacfd;
+	')
+
+	typeattribute $1 ubacfd;
+')
+
+########################################
+## <summary>
+##	Exempt user-based access control for sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to be exempted.
+##	</summary>
+## </param>
+#
+interface(`ubac_socket_exempt',`
+	gen_require(`
+		attribute ubacsock;
+	')
+
+	typeattribute $1 ubacsock;
+')
+
+########################################
+## <summary>
+##	Exempt user-based access control for SysV IPC.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to be exempted.
+##	</summary>
+## </param>
+#
+interface(`ubac_sysvipc_exempt',`
+	gen_require(`
+		attribute ubacipc;
+	')
+
+	typeattribute $1 ubacipc;
+')
+
+########################################
+## <summary>
+##	Exempt user-based access control for X Windows.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to be exempted.
+##	</summary>
+## </param>
+#
+interface(`ubac_xwin_exempt',`
+	gen_require(`
+		attribute ubacxwin;
+	')
+
+	typeattribute $1 ubacxwin;
+')
+
+########################################
+## <summary>
+##	Exempt user-based access control for dbus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to be exempted.
+##	</summary>
+## </param>
+#
+interface(`ubac_dbus_exempt',`
+	gen_require(`
+		attribute ubacdbus;
+	')
+
+	typeattribute $1 ubacdbus;
+')
+
+########################################
+## <summary>
+##	Exempt user-based access control for keys.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to be exempted.
+##	</summary>
+## </param>
+#
+interface(`ubac_key_exempt',`
+	gen_require(`
+		attribute ubackey;
+	')
+
+	typeattribute $1 ubackey;
+')
+
+########################################
+## <summary>
+##	Exempt user-based access control for databases.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to be exempted.
+##	</summary>
+## </param>
+#
+interface(`ubac_db_exempt',`
+	gen_require(`
+		attribute ubacdb;
+	')
+
+	typeattribute $1 ubacdb;
+')

policy/modules/kernel/ubac.te

@@ -0,0 +1,20 @@
+
+policy_module(ubac, 1.0.0)
+
+########################################
+#
+# Declarations
+#
+
+attribute ubac_constrained_type;
+
+attribute ubacfile;
+attribute ubacproc;
+attribute ubacsock;
+attribute ubacfd;
+attribute ubacipc;
+attribute ubacxwin;
+attribute ubacdbus;
+attribute ubackey;
+attribute ubacdb;
+