add apt and dpkg from erich schubert

2006-03-08 18:43:05 +00:00 · 2006-03-08 18:43:05 +00:00 · 0c54fcf890
parent 56df236b00
commit 0c54fcf890
17 changed files with 960 additions and 11 deletions
--- a/refpolicy/Changelog
+++ b/refpolicy/Changelog
@ -1,6 +1,8 @@
 - Added modules:
 	amavis (Erich Schubert)
+	apt (Erich Schubert)
 	clamav (Erich Schubert)
+	dpkg (Erich Schubert)
 	tor (Erich Schubert)

 * Tue Mar 07 2006 Chris PeBenito <selinux@tresys.com> - 20060307
--- a/refpolicy/policy/modules/admin/apt.fc
+++ b/refpolicy/policy/modules/admin/apt.fc
@ -0,0 +1,13 @@
+/usr/bin/apt-get		--	gen_context(system_u:object_r:apt_exec_t,s0)
+# apt-shell is redhat specific
+/usr/bin/apt-shell		--	gen_context(system_u:object_r:apt_exec_t,s0)
+# other package managers
+/usr/bin/aptitude		--	gen_context(system_u:object_r:apt_exec_t,s0)
+/usr/sbin/synaptic		--	gen_context(system_u:object_r:apt_exec_t,s0)
+
+# package cache repository
+/var/cache/apt(/.*)?			gen_context(system_u:object_r:apt_var_cache_t,s0)
+
+# package list repository
+/var/lib/apt(/.*)?			gen_context(system_u:object_r:apt_var_lib_t,s0)
+/var/lib/aptitude(/.*)?		gen_context(system_u:object_r:apt_var_lib_t,s0)
--- a/refpolicy/policy/modules/admin/apt.if
+++ b/refpolicy/policy/modules/admin/apt.if
@ -0,0 +1,178 @@
+## <summary>APT advanced package toll.</summary>
+
+########################################
+## <summary>
+##	Execute apt programs in the apt domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The type of the process performing this action.
+##	</summary>
+## </param>
+#
+interface(`apt_domtrans',`
+	gen_require(`
+		type apt_t, apt_exec_t;
+	')
+
+	files_search_usr($1)
+	corecmd_search_bin($1)
+	domain_auto_trans($1,apt_exec_t,apt_t)
+
+	# allow basic communication
+	allow $1 apt_t:fd use;
+	allow apt_t $1:fd use;
+	allow apt_t $1:fifo_file rw_file_perms;
+	allow apt_t $1:process sigchld;
+')
+
+########################################
+## <summary>
+##	Execute apt programs in the apt domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The type of the process performing this action.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	The role to allow the apt domain.
+##	</summary>
+## </param>
+## <param name="terminal">
+##	<summary>
+##	The type of the terminal allow the apt domain to use.
+##	</summary>
+## </param>
+#
+interface(`apt_run',`
+	gen_require(`
+		type apt_t;
+	')
+
+	apt_domtrans($1)
+	role $2 types apt_t;
+	allow apt_t $3:chr_file rw_term_perms;
+	# TODO: likely have to add dpkg_run here.
+')
+
+########################################
+## <summary>
+##	Inherit and use file descriptors from apt.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The type of the process performing this action.
+##	</summary>
+## </param>
+#
+interface(`apt_use_fds',`
+	gen_require(`
+		type apt_t;
+	')
+
+	allow $1 apt_t:fd use;
+	# TODO: enforce dpkg_use_fd?
+')
+
+########################################
+## <summary>
+##	Read from an unnamed apt pipe.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The type of the process performing this action.
+##	</summary>
+## </param>
+#
+interface(`apt_read_pipes',`
+	gen_require(`
+		type apt_t;
+	')
+
+	allow $1 apt_t:fifo_file r_file_perms;
+	# TODO: enforce dpkg_read_pipes?
+')
+
+########################################
+## <summary>
+##	Read and write an unnamed apt pipe.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The type of the process performing this action.
+##	</summary>
+## </param>
+#
+interface(`apt_rw_pipes',`
+	gen_require(`
+		type apt_t;
+	')
+
+	allow $1 apt_t:fifo_file rw_file_perms;
+	# TODO: enforce dpkg_rw_pipes?
+')
+
+########################################
+## <summary>
+##	Read the apt package database.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The type of the process performing this action.
+##	</summary>
+## </param>
+#
+interface(`apt_read_db',`
+	gen_require(`
+		type apt_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	allow $1 apt_var_lib_t:dir r_dir_perms;
+	allow $1 apt_var_lib_t:file { getattr read };
+	allow $1 apt_var_lib_t:lnk_file r_file_perms;
+')
+
+########################################
+## <summary>
+##	Create, read, write, and delete the apt package database.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The type of the process performing this action.
+##	</summary>
+## </param>
+#
+interface(`apt_manage_db',`
+	gen_require(`
+		type apt_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	allow $1 apt_var_lib_t:dir rw_dir_perms;
+	allow $1 apt_var_lib_t:file { getattr create read write append unlink };
+	allow $1 apt_var_lib_t:lnk_file { getattr read write unlink };
+')
+
+########################################
+## <summary>
+##	Do not audit attempts to create, read, 
+##	write, and delete the apt package database.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+interface(`apt_dontaudit_manage_db',`
+	gen_require(`
+		type apt_var_lib_t;
+	')
+
+	dontaudit $1 apt_var_lib_t:dir rw_dir_perms;
+	dontaudit $1 apt_var_lib_t:file create_file_perms;
+	dontaudit $1 apt_var_lib_t:lnk_file create_lnk_perms;
+')
--- a/refpolicy/policy/modules/admin/apt.te
+++ b/refpolicy/policy/modules/admin/apt.te
@ -0,0 +1,136 @@
+
+policy_module(apt,1.0.0)
+
+########################################
+#
+# Declarations
+#
+
+type apt_t;
+type apt_exec_t;
+init_system_domain(apt_t,apt_exec_t)
+domain_system_change_exemption(apt_t)
+domain_getattr_all_domains(apt_t)
+role system_r types apt_t;
+
+type apt_tmp_t;
+files_tmp_file(apt_tmp_t)
+
+type apt_tmpfs_t;
+files_tmpfs_file(apt_tmpfs_t)
+
+# status files
+type apt_var_lib_t alias var_lib_apt_t;
+files_type(apt_var_lib_t)
+
+# package cache
+type apt_var_cache_t alias var_cache_apt_t;
+files_type(apt_var_cache_t)
+
+########################################
+#
+# apt Local policy
+#
+
+allow apt_t self:capability { chown dac_override fowner fsetid };
+allow apt_t self:process { signal setpgid fork };
+allow apt_t self:fd use;
+allow apt_t self:fifo_file rw_file_perms;
+allow apt_t self:unix_dgram_socket create_socket_perms;
+allow apt_t self:unix_stream_socket rw_stream_socket_perms;
+allow apt_t self:unix_dgram_socket sendto;
+allow apt_t self:unix_stream_socket connectto;
+allow apt_t self:udp_socket { connect create_socket_perms };
+allow apt_t self:tcp_socket create_stream_socket_perms;
+allow apt_t self:shm create_shm_perms;
+allow apt_t self:sem create_sem_perms;
+allow apt_t self:msgq create_msgq_perms;
+allow apt_t self:msg { send receive };
+
+# Access /var/cache/apt files
+allow apt_t apt_var_cache_t:file create_file_perms;
+allow apt_t apt_var_cache_t:dir rw_dir_perms;
+files_var_filetrans(apt_t,apt_var_cache_t,dir)
+
+allow apt_t apt_tmp_t:dir create_dir_perms;
+allow apt_t apt_tmp_t:file create_file_perms;
+files_tmp_filetrans(apt_t, apt_tmp_t, { file dir })
+
+allow apt_t apt_tmpfs_t:dir create_dir_perms;
+allow apt_t apt_tmpfs_t:file create_file_perms;
+allow apt_t apt_tmpfs_t:lnk_file create_file_perms;
+allow apt_t apt_tmpfs_t:sock_file create_file_perms;
+allow apt_t apt_tmpfs_t:fifo_file create_file_perms;
+fs_tmpfs_filetrans(apt_t,apt_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
+
+# Access /var/lib/apt files
+allow apt_t apt_var_lib_t:file create_file_perms;
+allow apt_t apt_var_lib_t:dir rw_dir_perms;
+files_var_lib_filetrans(apt_t,apt_var_lib_t,dir)
+
+kernel_read_system_state(apt_t)
+kernel_read_kernel_sysctls(apt_t)
+
+# to launch dpkg-preconfigure
+corecmd_exec_bin(apt_t)
+corecmd_exec_shell(apt_t)
+corecmd_exec_sbin(apt_t)
+
+corenet_tcp_sendrecv_all_if(apt_t)
+corenet_udp_sendrecv_all_if(apt_t)
+corenet_tcp_sendrecv_all_nodes(apt_t)
+corenet_udp_sendrecv_all_nodes(apt_t)
+corenet_tcp_sendrecv_all_ports(apt_t)
+corenet_udp_sendrecv_all_ports(apt_t)
+corenet_non_ipsec_sendrecv(apt_t)
+# TODO: reall allow all these?
+corenet_tcp_bind_all_nodes(apt_t)
+corenet_udp_bind_all_nodes(apt_t)
+corenet_tcp_connect_all_ports(apt_t)
+
+dev_read_urand(apt_t)
+
+files_exec_usr_files(apt_t)
+files_read_etc_files(apt_t)
+files_read_etc_runtime_files(apt_t)
+
+term_list_ptys(apt_t)
+term_use_all_terms(apt_t)
+
+libs_use_ld_so(apt_t)
+libs_use_shared_libs(apt_t)
+libs_exec_ld_so(apt_t)
+libs_exec_lib_files(apt_t)
+
+logging_send_syslog_msg(apt_t)
+
+miscfiles_read_localization(apt_t)
+
+seutil_use_newrole_fds(apt_t)
+
+sysnet_read_config(apt_t)
+
+ifdef(`targeted_policy',`
+	unconfined_domain(apt_t)
+')
+
+# with boolean, for cron-apt and such?
+#optional_policy(`cron',`
+#	cron_system_entry(apt_t,apt_exec_t)
+#')
+
+optional_policy(`dpkg',`
+	# dpkg interaction
+	dpkg_read_db(apt_t)
+	dpkg_domtrans(apt_t)
+	dpkg_lock_db(apt_t)
+')
+
+optional_policy(`nis',`
+	nis_use_ypbind(apt_t)
+')
+
+optional_policy(`rpm',`
+	rpm_read_db(apt_t)
+	rpm_domtrans(apt_t)
+')
--- a/refpolicy/policy/modules/admin/dpkg.fc
+++ b/refpolicy/policy/modules/admin/dpkg.fc
@ -0,0 +1,12 @@
+# Debian package manager
+/usr/bin/debsums		--	gen_context(system_u:object_r:dpkg_exec_t,s0)
+/usr/bin/dpkg			--	gen_context(system_u:object_r:dpkg_exec_t,s0)
+# not sure if dselect should be in apt instead?
+/usr/bin/dselect		--	gen_context(system_u:object_r:dpkg_exec_t,s0)
+
+/var/lib/dpkg(/.*)?			gen_context(system_u:object_r:dpkg_var_lib_t,s0)
+# lockfile is treated specially, since used by apt, too
+/var/lib/dpkg/(meth)?lock	--	gen_context(system_u:object_r:dpkg_lock_t,s0)
+
+/usr/sbin/dpkg-preconfigure	--	gen_context(system_u:object_r:dpkg_exec_t,s0)
+/usr/sbin/dpkg-reconfigure	--	gen_context(system_u:object_r:dpkg_exec_t,s0)
--- a/refpolicy/policy/modules/admin/dpkg.if
+++ b/refpolicy/policy/modules/admin/dpkg.if
@ -0,0 +1,240 @@
+## <summary>Policy for the Debian package manager.</summary>
+# TODO: need debconf policy
+# TODO: need install-menu policy
+
+########################################
+## <summary>
+##	Execute dpkg programs in the dpkg domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The type of the process performing this action.
+##	</summary>
+## </param>
+#
+interface(`dpkg_domtrans',`
+	gen_require(`
+		type dpkg_t, dpkg_exec_t;
+	')
+
+	files_search_usr($1)
+	corecmd_search_bin($1)
+	domain_auto_trans($1,dpkg_exec_t,dpkg_t)
+
+	# allow basic communication
+	allow $1 dpkg_t:fd use;
+	allow dpkg_t $1:fd use;
+	allow dpkg_t $1:fifo_file rw_file_perms;
+	allow dpkg_t $1:process sigchld;
+')
+
+########################################
+## <summary>
+##	Execute dpkg_script programs in the dpkg_script domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`dpkg_domtrans_script',`
+	gen_require(`
+		type dpkg_script_t;
+	')
+
+	# transition to dpkg script:
+	corecmd_shell_domtrans($1,dpkg_script_t)
+
+	allow $1 dpkg_script_t:fd use;
+	allow dpkg_script_t $1:fd use;
+	allow dpkg_script_t $1:fifo_file rw_file_perms;
+	allow dpkg_script_t $1:process sigchld;
+')
+
+########################################
+## <summary>
+##	Execute dpkg programs in the dpkg domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The type of the process performing this action.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	The role to allow the dpkg domain.
+##	</summary>
+## </param>
+## <param name="terminal">
+##	<summary>
+##	The type of the terminal allow the dpkg domain to use.
+##	</summary>
+## </param>
+#
+interface(`dpkg_run',`
+	gen_require(`
+		type dpkg_t, dpkg_script_t;
+	')
+
+	dpkg_domtrans($1)
+	role $2 types dpkg_t;
+	role $2 types dpkg_script_t;
+	seutil_run_loadpolicy(dpkg_script_t,$2,$3)
+	allow dpkg_t $3:chr_file rw_term_perms;
+')
+
+########################################
+## <summary>
+##	Inherit and use file descriptors from dpkg.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The type of the process performing this action.
+##	</summary>
+## </param>
+#
+interface(`dpkg_use_fds',`
+	gen_require(`
+		type dpkg_t;
+	')
+
+	allow $1 dpkg_t:fd use;
+')
+
+########################################
+## <summary>
+##	Read from an unnamed dpkg pipe.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The type of the process performing this action.
+##	</summary>
+## </param>
+#
+interface(`dpkg_read_pipes',`
+	gen_require(`
+		type dpkg_t;
+	')
+
+	allow $1 dpkg_t:fifo_file r_file_perms;
+')
+
+########################################
+## <summary>
+##	Read and write an unnamed dpkg pipe.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The type of the process performing this action.
+##	</summary>
+## </param>
+#
+interface(`dpkg_rw_pipes',`
+	gen_require(`
+		type dpkg_t;
+	')
+
+	allow $1 dpkg_t:fifo_file rw_file_perms;
+')
+
+########################################
+## <summary>
+##	Inherit and use file descriptors from dpkg scripts.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The type of the process performing this action.
+##	</summary>
+## </param>
+#
+interface(`dpkg_use_script_fds',`
+	gen_require(`
+		type dpkg_script_t;
+	')
+
+	allow $1 dpkg_script_t:fd use;
+')
+
+########################################
+## <summary>
+##	Read the dpkg package database.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The type of the process performing this action.
+##	</summary>
+## </param>
+#
+interface(`dpkg_read_db',`
+	gen_require(`
+		type dpkg_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	allow $1 dpkg_var_lib_t:dir r_dir_perms;
+	allow $1 dpkg_var_lib_t:file { getattr read };
+	allow $1 dpkg_var_lib_t:lnk_file r_file_perms;
+')
+
+########################################
+## <summary>
+##	Create, read, write, and delete the dpkg package database.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The type of the process performing this action.
+##	</summary>
+## </param>
+#
+interface(`dpkg_manage_db',`
+	gen_require(`
+		type dpkg_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	allow $1 dpkg_var_lib_t:dir rw_dir_perms;
+	allow $1 dpkg_var_lib_t:file manage_file_perms;
+	allow $1 dpkg_var_lib_t:lnk_file { getattr read write unlink };
+')
+
+########################################
+## <summary>
+##	Do not audit attempts to create, read, 
+##	write, and delete the dpkg package database.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+interface(`dpkg_dontaudit_manage_db',`
+	gen_require(`
+		type dpkg_var_lib_t;
+	')
+
+	dontaudit $1 dpkg_var_lib_t:dir rw_dir_perms;
+	dontaudit $1 dpkg_var_lib_t:file manage_file_perms;
+	dontaudit $1 dpkg_var_lib_t:lnk_file create_lnk_perms;
+')
+
+########################################
+## <summary>
+##	Lock the dpkg package database.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The type of the process performing this action.
+##	</summary>
+## </param>
+#
+interface(`dpkg_lock_db',`
+	gen_require(`
+		type dpkg_lock_t;
+	')
+
+	files_search_var_lib($1)
+	allow $1 dpkg_var_lib_t:dir r_dir_perms;
+	allow $1 dpkg_lock_t:file { getattr create read write append unlink lock };
+')
--- a/refpolicy/policy/modules/admin/dpkg.te
+++ b/refpolicy/policy/modules/admin/dpkg.te
@ -0,0 +1,348 @@
+
+policy_module(dpkg,1.0.0)
+
+########################################
+#
+# Declarations
+#
+
+type dpkg_t;
+type dpkg_exec_t;
+# dpkg can start/stop services
+init_system_domain(dpkg_t,dpkg_exec_t)
+# dpkg can change file labels, roles, IO
+domain_obj_id_change_exemption(dpkg_t)
+domain_role_change_exemption(dpkg_t)
+domain_system_change_exemption(dpkg_t)
+domain_interactive_fd(dpkg_t)
+role system_r types dpkg_t;
+
+# lockfile
+type dpkg_lock_t;
+files_type(dpkg_lock_t)
+
+type dpkg_tmp_t;
+files_tmp_file(dpkg_tmp_t)
+
+type dpkg_tmpfs_t;
+files_tmpfs_file(dpkg_tmpfs_t)
+
+# status files
+type dpkg_var_lib_t alias var_lib_dpkg_t;
+files_type(dpkg_var_lib_t)
+
+# package scripts
+type dpkg_script_t;
+domain_type(dpkg_script_t)
+domain_entry_file(dpkg_t, dpkg_var_lib_t)
+corecmd_shell_entry_type(dpkg_script_t)
+domain_obj_id_change_exemption(dpkg_script_t)
+domain_system_change_exemption(dpkg_script_t)
+domain_interactive_fd(dpkg_script_t)
+role system_r types dpkg_script_t;
+
+type dpkg_script_tmp_t;
+files_tmp_file(dpkg_script_tmp_t)
+
+type dpkg_script_tmpfs_t;
+files_tmpfs_file(dpkg_script_tmpfs_t)
+
+########################################
+#
+# dpkg Local policy
+#
+
+allow dpkg_t self:capability { chown dac_override fowner fsetid setgid setuid kill sys_tty_config sys_nice sys_resource mknod linux_immutable };
+allow dpkg_t self:process { setpgid fork getsched setfscreate };
+allow dpkg_t self:fd use;
+allow dpkg_t self:fifo_file rw_file_perms;
+allow dpkg_t self:unix_dgram_socket create_socket_perms;
+allow dpkg_t self:unix_stream_socket rw_stream_socket_perms;
+allow dpkg_t self:unix_dgram_socket sendto;
+allow dpkg_t self:unix_stream_socket connectto;
+allow dpkg_t self:udp_socket { connect create_socket_perms };
+allow dpkg_t self:tcp_socket create_stream_socket_perms;
+allow dpkg_t self:shm create_shm_perms;
+allow dpkg_t self:sem create_sem_perms;
+allow dpkg_t self:msgq create_msgq_perms;
+allow dpkg_t self:msg { send receive };
+
+allow dpkg_t dpkg_lock_t:file manage_file_perms;
+
+allow dpkg_t dpkg_tmp_t:dir manage_dir_perms;
+allow dpkg_t dpkg_tmp_t:file manage_file_perms;
+files_tmp_filetrans(dpkg_t, dpkg_tmp_t, { file dir })
+
+allow dpkg_t dpkg_tmpfs_t:dir manage_dir_perms;
+allow dpkg_t dpkg_tmpfs_t:file manage_file_perms;
+allow dpkg_t dpkg_tmpfs_t:lnk_file manage_file_perms;
+allow dpkg_t dpkg_tmpfs_t:sock_file manage_file_perms;
+allow dpkg_t dpkg_tmpfs_t:fifo_file manage_file_perms;
+fs_tmpfs_filetrans(dpkg_t,dpkg_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
+
+# Access /var/lib/dpkg files
+allow dpkg_t dpkg_var_lib_t:file manage_file_perms;
+allow dpkg_t dpkg_var_lib_t:dir rw_dir_perms;
+files_var_lib_filetrans(dpkg_t,dpkg_var_lib_t,dir)
+
+kernel_read_system_state(dpkg_t)
+kernel_read_kernel_sysctls(dpkg_t)
+
+corecmd_exec_bin(dpkg_t)
+corecmd_exec_sbin(dpkg_t)
+
+# TODO: do we really need all networking?
+corenet_tcp_sendrecv_all_if(dpkg_t)
+corenet_raw_sendrecv_all_if(dpkg_t)
+corenet_udp_sendrecv_all_if(dpkg_t)
+corenet_tcp_sendrecv_all_nodes(dpkg_t)
+corenet_raw_sendrecv_all_nodes(dpkg_t)
+corenet_udp_sendrecv_all_nodes(dpkg_t)
+corenet_tcp_sendrecv_all_ports(dpkg_t)
+corenet_udp_sendrecv_all_ports(dpkg_t)
+corenet_non_ipsec_sendrecv(dpkg_t)
+corenet_tcp_bind_all_nodes(dpkg_t)
+corenet_udp_bind_all_nodes(dpkg_t)
+corenet_tcp_connect_all_ports(dpkg_t)
+
+dev_list_sysfs(dpkg_t)
+dev_list_usbfs(dpkg_t)
+dev_read_urand(dpkg_t)
+#devices_manage_all_device_types(dpkg_t)
+
+domain_exec_all_entry_files(dpkg_t)
+domain_read_all_domains_state(dpkg_t)
+domain_getattr_all_domains(dpkg_t)
+domain_dontaudit_ptrace_all_domains(dpkg_t)
+domain_use_interactive_fds(dpkg_t)
+domain_dontaudit_getattr_all_pipes(dpkg_t)
+domain_dontaudit_getattr_all_tcp_sockets(dpkg_t)
+domain_dontaudit_getattr_all_udp_sockets(dpkg_t)
+domain_dontaudit_getattr_all_packet_sockets(dpkg_t)
+domain_dontaudit_getattr_all_raw_sockets(dpkg_t)
+domain_dontaudit_getattr_all_stream_sockets(dpkg_t)
+domain_dontaudit_getattr_all_dgram_sockets(dpkg_t)
+
+fs_manage_nfs_dirs(dpkg_t)
+fs_manage_nfs_files(dpkg_t)
+fs_manage_nfs_symlinks(dpkg_t)
+fs_getattr_all_fs(dpkg_t)
+fs_search_auto_mountpoints(dpkg_t)
+
+mls_file_read_up(dpkg_t)
+mls_file_write_down(dpkg_t)
+mls_file_upgrade(dpkg_t)
+
+selinux_get_fs_mount(dpkg_t)
+selinux_validate_context(dpkg_t)
+selinux_compute_access_vector(dpkg_t)
+selinux_compute_create_context(dpkg_t)
+selinux_compute_relabel_context(dpkg_t)
+selinux_compute_user_contexts(dpkg_t)
+
+storage_raw_write_fixed_disk(dpkg_t)
+# for installing kernel packages
+storage_raw_read_fixed_disk(dpkg_t)
+
+term_list_ptys(dpkg_t)
+
+auth_relabel_all_files_except_shadow(dpkg_t)
+auth_manage_all_files_except_shadow(dpkg_t)
+auth_dontaudit_read_shadow(dpkg_t)
+
+files_exec_etc_files(dpkg_t)
+
+init_domtrans_script(dpkg_t)
+
+libs_use_ld_so(dpkg_t)
+libs_use_shared_libs(dpkg_t)
+libs_exec_ld_so(dpkg_t)
+libs_exec_lib_files(dpkg_t)
+libs_domtrans_ldconfig(dpkg_t)
+
+logging_send_syslog_msg(dpkg_t)
+
+# allow compiling and loading new policy
+seutil_manage_src_policy(dpkg_t)
+seutil_manage_bin_policy(dpkg_t)
+
+sysnet_read_config(dpkg_t)
+
+userdom_use_unpriv_users_fds(dpkg_t)
+
+# transition to dpkg script:
+dpkg_domtrans_script(dpkg_t)
+# since the scripts aren't labeled correctly yet...
+allow dpkg_t dpkg_var_lib_t:file execute;
+
+ifdef(`targeted_policy',`
+	unconfined_domain(dpkg_t)
+')
+
+# TODO: allow?
+#optional_policy(`cron',`
+#	cron_system_entry(dpkg_t,dpkg_exec_t)
+#')
+
+optional_policy(`mount',`
+	mount_send_nfs_client_request(dpkg_t)
+')
+
+optional_policy(`nis',`
+	nis_use_ypbind(dpkg_t)
+')
+
+# TODO: the following was copied from dpkg_script_t, and could probably
+# be removed again when dpkg_script_t is actually used...
+domain_signal_all_domains(dpkg_t)
+domain_signull_all_domains(dpkg_t)
+files_read_etc_runtime_files(dpkg_t)
+files_exec_usr_files(dpkg_t)
+miscfiles_read_localization(dpkg_t)
+modutils_domtrans_depmod(dpkg_t)
+modutils_domtrans_insmod(dpkg_t)
+seutil_domtrans_loadpolicy(dpkg_t)
+seutil_domtrans_restorecon(dpkg_t)
+userdom_use_all_users_fds(dpkg_t)
+optional_policy(`mta',`
+	mta_send_mail(dpkg_t)
+')
+optional_policy(`usermanage',`
+	usermanage_domtrans_groupadd(dpkg_t)
+	usermanage_domtrans_useradd(dpkg_t)
+')
+
+########################################
+#
+# dpkg-script Local policy
+#
+# TODO: actually use dpkg_script_t
+
+allow dpkg_script_t self:capability { chown dac_override dac_read_search fowner fsetid setgid setuid ipc_lock sys_chroot sys_nice mknod kill };
+allow dpkg_script_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
+allow dpkg_script_t self:fd use;
+allow dpkg_script_t self:fifo_file rw_file_perms;
+allow dpkg_script_t self:unix_dgram_socket create_socket_perms;
+allow dpkg_script_t self:unix_stream_socket rw_stream_socket_perms;
+allow dpkg_script_t self:unix_dgram_socket sendto;
+allow dpkg_script_t self:unix_stream_socket connectto;
+allow dpkg_script_t self:shm create_shm_perms;
+allow dpkg_script_t self:sem create_sem_perms;
+allow dpkg_script_t self:msgq create_msgq_perms;
+allow dpkg_script_t self:msg { send receive };
+
+allow dpkg_script_t dpkg_tmp_t:file r_file_perms;
+
+allow dpkg_script_t dpkg_script_tmp_t:dir { manage_dir_perms mounton };
+allow dpkg_script_t dpkg_script_tmp_t:file manage_file_perms;
+files_tmp_filetrans(dpkg_script_t, dpkg_script_tmp_t, { file dir })
+
+allow dpkg_script_t dpkg_script_tmpfs_t:dir manage_dir_perms;
+allow dpkg_script_t dpkg_script_tmpfs_t:file manage_file_perms;
+allow dpkg_script_t dpkg_script_tmpfs_t:lnk_file create_lnk_perms;
+allow dpkg_script_t dpkg_script_tmpfs_t:sock_file manage_file_perms;
+allow dpkg_script_t dpkg_script_tmpfs_t:fifo_file manage_file_perms;
+fs_tmpfs_filetrans(dpkg_script_t,dpkg_script_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
+
+kernel_read_kernel_sysctls(dpkg_script_t)
+kernel_read_system_state(dpkg_script_t)
+
+corecmd_exec_bin(dpkg_script_t)
+corecmd_exec_sbin(dpkg_script_t)
+
+dev_list_sysfs(dpkg_script_t)
+# ideally we would not need this
+dev_manage_generic_blk_files(dpkg_script_t)
+dev_manage_generic_chr_files(dpkg_script_t)
+dev_manage_all_blk_files(dpkg_script_t)
+dev_manage_all_chr_files(dpkg_script_t)
+
+domain_read_all_domains_state(dpkg_script_t)
+domain_getattr_all_domains(dpkg_script_t)
+domain_dontaudit_ptrace_all_domains(dpkg_script_t)
+domain_use_interactive_fds(dpkg_script_t)
+domain_exec_all_entry_files(dpkg_script_t)
+domain_signal_all_domains(dpkg_script_t)
+domain_signull_all_domains(dpkg_script_t)
+
+files_exec_etc_files(dpkg_script_t)
+files_read_etc_runtime_files(dpkg_script_t)
+files_exec_usr_files(dpkg_script_t)
+
+fs_manage_nfs_files(dpkg_script_t)
+fs_getattr_nfs(dpkg_script_t)
+# why is this not using mount?
+fs_getattr_xattr_fs(dpkg_script_t)
+fs_mount_xattr_fs(dpkg_script_t)
+fs_unmount_xattr_fs(dpkg_script_t)
+fs_search_auto_mountpoints(dpkg_script_t)
+
+mls_file_read_up(dpkg_script_t)
+mls_file_write_down(dpkg_script_t)
+
+selinux_get_fs_mount(dpkg_script_t)
+selinux_validate_context(dpkg_script_t)
+selinux_compute_access_vector(dpkg_script_t)
+selinux_compute_create_context(dpkg_script_t)
+selinux_compute_relabel_context(dpkg_script_t)
+selinux_compute_user_contexts(dpkg_script_t)
+
+storage_raw_read_fixed_disk(dpkg_script_t)
+storage_raw_write_fixed_disk(dpkg_script_t)
+
+term_getattr_unallocated_ttys(dpkg_script_t)
+term_list_ptys(dpkg_script_t)
+term_use_all_terms(dpkg_script_t)
+
+auth_dontaudit_getattr_shadow(dpkg_script_t)
+# ideally we would not need this
+auth_manage_all_files_except_shadow(dpkg_script_t)
+
+init_domtrans_script(dpkg_script_t)
+
+libs_use_ld_so(dpkg_script_t)
+libs_use_shared_libs(dpkg_script_t)
+libs_exec_ld_so(dpkg_script_t)
+libs_exec_lib_files(dpkg_script_t)
+libs_domtrans_ldconfig(dpkg_script_t)
+
+logging_send_syslog_msg(dpkg_script_t)
+
+miscfiles_read_localization(dpkg_script_t)
+
+modutils_domtrans_depmod(dpkg_script_t)
+modutils_domtrans_insmod(dpkg_script_t)
+
+seutil_domtrans_loadpolicy(dpkg_script_t)
+seutil_domtrans_restorecon(dpkg_script_t)
+
+userdom_use_all_users_fds(dpkg_script_t)
+
+ifdef(`distro_redhat',`
+	unconfined_domain(dpkg_script_t)
+')
+
+ifdef(`targeted_policy',`
+	unconfined_domain(dpkg_script_t)
+',`
+	optional_policy(`bootloader',`
+		bootloader_domtrans(dpkg_script_t)
+	')
+')
+
+tunable_policy(`allow_execmem',`
+	allow dpkg_script_t self:process execmem;
+')
+
+optional_policy(`mta',`
+	mta_send_mail(dpkg_script_t)
+')
+
+optional_policy(`nis',`
+	nis_use_ypbind(dpkg_script_t)
+')
+
+optional_policy(`usermanage',`
+	usermanage_domtrans_groupadd(dpkg_script_t)
+	usermanage_domtrans_useradd(dpkg_script_t)
+')
--- a/refpolicy/policy/modules/admin/rpm.fc
+++ b/refpolicy/policy/modules/admin/rpm.fc
@ -2,9 +2,6 @@
 /bin/rpm 			--	gen_context(system_u:object_r:rpm_exec_t,s0)
 /usr/bin/smart 			--	gen_context(system_u:object_r:rpm_exec_t,s0)

-/usr/bin/apt-get 		--	gen_context(system_u:object_r:rpm_exec_t,s0)
-/usr/bin/apt-shell   	 	-- 	gen_context(system_u:object_r:rpm_exec_t,s0)
-/usr/bin/synaptic		--    	gen_context(system_u:object_r:rpm_exec_t,s0)
 /usr/bin/yum 			--	gen_context(system_u:object_r:rpm_exec_t,s0)

 /usr/lib(64)?/rpm/rpmd		-- 	gen_context(system_u:object_r:bin_t,s0)
--- a/refpolicy/policy/modules/admin/rpm.te
+++ b/refpolicy/policy/modules/admin/rpm.te
@ -1,5 +1,5 @@

-policy_module(rpm,1.3.0)
+policy_module(rpm,1.3.1)

 ########################################
 #
--- a/refpolicy/policy/modules/admin/usermanage.te
+++ b/refpolicy/policy/modules/admin/usermanage.te
@ -1,5 +1,5 @@

-policy_module(usermanage,1.3.0)
+policy_module(usermanage,1.3.1)

 ########################################
 #
@ -248,6 +248,11 @@ userdom_use_unpriv_users_fds(groupadd_t)
 # for when /root is the cwd
 userdom_dontaudit_search_sysadm_home_dirs(groupadd_t)

+optional_policy(`dpkg',`
+	dpkg_use_fds(groupadd_t)
+	dpkg_rw_pipes(groupadd_t)
+')
+
 optional_policy(`nis',`
 	nis_use_ypbind(groupadd_t)
 ')
@ -511,6 +516,11 @@ userdom_generic_user_home_dir_filetrans_generic_user_home_content(useradd_t,notd

 mta_manage_spool(useradd_t)

+optional_policy(`dpkg',`
+	dpkg_use_fds(useradd_t)
+	dpkg_rw_pipes(useradd_t)
+')
+
 optional_policy(`nis',`
 	nis_use_ypbind(useradd_t)
 ')
--- a/refpolicy/policy/modules/kernel/corecommands.fc
+++ b/refpolicy/policy/modules/kernel/corecommands.fc
@ -103,9 +103,11 @@ ifdef(`distro_gentoo',`
 /usr/lib/jvm/java.*/bin -d		gen_context(system_u:object_r:bin_t,s0)
 /usr/lib/jvm/java.*/bin/.*		gen_context(system_u:object_r:bin_t,s0)

+/usr/lib(64)?/apt/methods.+	--	gen_context(system_u:object_r:bin_t,s0)
 /usr/lib(64)?/cups/cgi-bin/.*	--	gen_context(system_u:object_r:bin_t,s0)
 /usr/lib(64)?/cups/filter/.*	--	gen_context(system_u:object_r:bin_t,s0)
 /usr/lib(64)?/cyrus-imapd/.*	--	gen_context(system_u:object_r:bin_t,s0)
+/usr/lib(64)?/dpkg/.+		--	gen_context(system_u:object_r:bin_t,s0)
 /usr/lib(64)?/sftp-server	--	gen_context(system_u:object_r:bin_t,s0)
 /usr/lib(64)?/emacsen-common/.*		gen_context(system_u:object_r:bin_t,s0)
 /usr/lib(64)?/ipsec/.*		--	gen_context(system_u:object_r:sbin_t,s0)
@ -133,6 +135,7 @@ ifdef(`distro_gentoo',`

 /usr/sbin/sesh			--	gen_context(system_u:object_r:shell_exec_t,s0)

+/usr/share/debconf/.+		--	gen_context(system_u:object_r:bin_t,s0)
 /usr/share/gnucash/finance-quote-check -- gen_context(system_u:object_r:bin_t,s0)
 /usr/share/gnucash/finance-quote-helper -- gen_context(system_u:object_r:bin_t,s0)
 /usr/share/hal/scripts(/.*)?		gen_context(system_u:object_r:bin_t,s0)
--- a/refpolicy/policy/modules/kernel/corecommands.te
+++ b/refpolicy/policy/modules/kernel/corecommands.te
@ -1,5 +1,5 @@

-policy_module(corecommands,1.3.0)
+policy_module(corecommands,1.3.1)

 ########################################
 #
--- a/refpolicy/policy/modules/kernel/corenetwork.te.in
+++ b/refpolicy/policy/modules/kernel/corenetwork.te.in
@ -121,6 +121,7 @@ network_port(swat, tcp,901,s0)
 network_port(syslogd, udp,514,s0)
 network_port(telnetd, tcp,23,s0)
 network_port(tftp, udp,69,s0)
+network_port(tor, tcp,9001,s0, tcp,9030,s0, tcp,9050,s0)
 network_port(transproxy, tcp,8081,s0)
 type utcpserver_port_t, port_type; dnl network_port(utcpserver) # no defined portcon
 network_port(uucpd, tcp,540,s0)
--- a/refpolicy/policy/modules/services/apache.if
+++ b/refpolicy/policy/modules/services/apache.if
@ -800,6 +800,7 @@ interface(`apache_read_sys_content',`

 	allow $1 httpd_sys_content_t:dir r_dir_perms;
 	allow $1 httpd_sys_content_t:file { getattr read };
+	allow $1 httpd_sys_content_t:lnk_file { getattr read };
 ')

 ########################################
--- a/refpolicy/policy/modules/services/apache.te
+++ b/refpolicy/policy/modules/services/apache.te
@ -1,5 +1,5 @@

-policy_module(apache,1.3.0)
+policy_module(apache,1.3.1)

 #
 # NOTES: 
@ -187,6 +187,7 @@ allow httpd_t httpd_suexec_exec_t:file { getattr read };

 allow httpd_t httpd_sys_content_t:dir r_dir_perms;
 allow httpd_t httpd_sys_content_t:file r_file_perms;
+allow httpd_t httpd_sys_content_t:lnk_file r_file_perms;

 allow httpd_t httpd_tmp_t:dir create_dir_perms;
 allow httpd_t httpd_tmp_t:file create_file_perms;
--- a/refpolicy/policy/modules/services/tor.te
+++ b/refpolicy/policy/modules/services/tor.te
@ -1,5 +1,5 @@

-policy_module(tor,1.0.0)
+policy_module(tor,1.0.1)

 ########################################
 #
@ -71,8 +71,7 @@ corenet_non_ipsec_sendrecv(tor_t)
 corenet_tcp_connect_all_ports(tor_t)
 # ... especially including port 80 and other privileged ports
 corenet_tcp_connect_all_reserved_ports(tor_t)
-# TOR may bind to a non-privileged port
-corenet_tcp_bind_all_ports(tor_t)
+corenet_tcp_bind_tor_port(tor_t)
 corenet_tcp_bind_all_nodes(tor_t)

 # tor uses crypto and needs random
--- a/refpolicy/policy/modules/system/userdomain.te
+++ b/refpolicy/policy/modules/system/userdomain.te
@ -1,5 +1,5 @@

-policy_module(userdomain,1.3.1)
+policy_module(userdomain,1.3.2)

 gen_require(`
 	role sysadm_r, staff_r, user_r;
@ -204,6 +204,10 @@ ifdef(`targeted_policy',`
 		apm_domtrans_client(sysadm_t)
 	')

+	optional_policy(`apt',`
+		apt_run(sysadm_t,sysadm_r,admin_terminal)
+	')
+
 	optional_policy(`bootloader',`
 		bootloader_run(sysadm_t,sysadm_r,admin_terminal)
 	')
@ -248,6 +252,10 @@ ifdef(`targeted_policy',`
 		dmidecode_run(sysadm_t,sysadm_r,admin_terminal)
 	')

+	optional_policy(`dpkg',`
+		dpkg_run(sysadm_t,sysadm_r,admin_terminal)
+	')
+
 	optional_policy(`firstboot',`
 		firstboot_run(sysadm_t,sysadm_r,sysadm_tty_device_t)
 	')