From 062e17af8a1981e9b76dee7b908f56257d26cc04 Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Wed, 9 Nov 2005 16:43:37 +0000
Subject: [PATCH] add avahi

---
 targeted/domains/program/avahi.te       | 29 +++++++++++++++++++++++++
 targeted/file_contexts/program/avahi.fc |  4 ++++
 2 files changed, 33 insertions(+)
 create mode 100644 targeted/domains/program/avahi.te
 create mode 100644 targeted/file_contexts/program/avahi.fc

diff --git a/targeted/domains/program/avahi.te b/targeted/domains/program/avahi.te
new file mode 100644
index 00000000..0d021b05
--- /dev/null
+++ b/targeted/domains/program/avahi.te
@@ -0,0 +1,29 @@
+#DESC avahi - mDNS/DNS-SD daemon implementing Apple’s ZeroConf architecture
+#
+# Author:  Dan Walsh <dwalsh@redhat.com>
+#
+
+daemon_domain(avahi, `, privsysmod')
+r_dir_file(avahi_t, proc_net_t)
+can_network_server(avahi_t)
+can_ypbind(avahi_t)
+allow avahi_t self:unix_stream_socket { connectto create_stream_socket_perms };
+allow avahi_t self:unix_dgram_socket  create_socket_perms;
+allow avahi_t self:capability { dac_override setgid chown kill setuid };
+allow avahi_t urandom_device_t:chr_file r_file_perms;
+allow avahi_t howl_port_t:{ udp_socket tcp_socket } name_bind;
+allow avahi_t self:fifo_file { read write };
+allow avahi_t self:netlink_route_socket r_netlink_socket_perms;
+allow avahi_t self:process setrlimit;
+allow avahi_t etc_t:file { getattr read };
+allow avahi_t initrc_t:process { signal signull };
+allow avahi_t system_dbusd_t:dbus { acquire_svc send_msg };
+allow avahi_t avahi_var_run_t:dir setattr;
+allow avahi_t avahi_var_run_t:sock_file create_file_perms;
+
+ifdef(`dbusd.te', `
+dbusd_client(system, avahi)
+allow avahi_t unconfined_t:dbus send_msg;
+allow unconfined_t avahi_t:dbus send_msg;
+')
+
diff --git a/targeted/file_contexts/program/avahi.fc b/targeted/file_contexts/program/avahi.fc
new file mode 100644
index 00000000..fa6e00e0
--- /dev/null
+++ b/targeted/file_contexts/program/avahi.fc
@@ -0,0 +1,4 @@
+#DESC avahi - mDNS/DNS-SD daemon implementing Apple’s ZeroConf architecture
+/usr/sbin/avahi-daemon		--	system_u:object_r:avahi_exec_t:s0
+/usr/sbin/avahi-dnsconfd 	--	system_u:object_r:avahi_exec_t:s0
+/var/run/avahi-daemon(/.*)? 		system_u:object_r:avahi_var_run_t:s0