add fprintd module from dan.

2009-07-29 10:28:31 -04:00 · 2009-07-29 10:28:31 -04:00 · 20c3ccee1a
parent 677c4c2fea
commit 20c3ccee1a
4 changed files with 99 additions and 0 deletions
--- a/1
+++ b/1
@ -23,6 +23,7 @@
 	certmaster (Dan Walsh)
 	cpufreqselector (Dan Walsh)
 	devicekit (Dan Walsh)
 	fprintd (Dan Walsh)
 	git (Dan Walsh)
 	gpsd (Miroslav Grepl)
 	guest (Dan Walsh)
--- a/policy/modules/services/fprintd.fc
+++ b/policy/modules/services/fprintd.fc
@ -0,0 +1,2 @@
 /usr/libexec/fprintd	--	gen_context(system_u:object_r:fprintd_exec_t,s0)
 /var/lib/fprint(/.*)?		gen_context(system_u:object_r:fprintd_var_lib_t,s0)
--- a/policy/modules/services/fprintd.if
+++ b/policy/modules/services/fprintd.if
@ -0,0 +1,41 @@
 ## <summary>DBus fingerprint reader service</summary>
 ########################################
 ## <summary>
 ##	Execute a domain transition to run fprintd.
 ## </summary>
 ## <param name="domain">
 ## <summary>
 ##	Domain allowed to transition.
 ## </summary>
 ## </param>
 #
 interface(`fprintd_domtrans',`
 	gen_require(`
 		type fprintd_t, fprintd_exec_t;
 	')
 	domtrans_pattern($1, fprintd_exec_t, fprintd_t)
 ')
 ########################################
 ## <summary>
 ##	Send and receive messages from
 ##	fprintd over dbus.
 ## </summary>
 ## <param name="domain">
 ##	<summary>
 ##	Domain allowed access.
 ##	</summary>
 ## </param>
 #
 interface(`fprintd_dbus_chat',`
 	gen_require(`
 		type fprintd_t;
 		class dbus send_msg;
 	')
 	allow $1 fprintd_t:dbus send_msg;
 	allow fprintd_t $1:dbus send_msg;
 ')
--- a/policy/modules/services/fprintd.te
+++ b/policy/modules/services/fprintd.te
@ -0,0 +1,55 @@
 policy_module(fprintd, 1.0.0)
 ########################################
 #
 # Declarations
 #
 type fprintd_t;
 type fprintd_exec_t;
 dbus_system_domain(fprintd_t, fprintd_exec_t)
 type fprintd_var_lib_t;
 files_type(fprintd_var_lib_t)
 ########################################
 #
 # Local policy
 #
 allow fprintd_t self:capability sys_ptrace;
 allow fprintd_t self:fifo_file rw_fifo_file_perms;
 allow fprintd_t self:process { getsched signal };
 manage_dirs_pattern(fprintd_t, fprintd_var_lib_t, fprintd_var_lib_t)
 manage_files_pattern(fprintd_t, fprintd_var_lib_t, fprintd_var_lib_t)
 files_var_lib_filetrans(fprintd_t, fprintd_var_lib_t, { dir file })
 kernel_read_system_state(fprintd_t)
 corecmd_search_bin(fprintd_t)
 dev_list_usbfs(fprintd_t)
 dev_rw_generic_usb_dev(fprintd_t)
 dev_read_sysfs(fprintd_t)
 files_read_etc_files(fprintd_t)
 files_read_usr_files(fprintd_t)
 auth_use_nsswitch(fprintd_t)
 miscfiles_read_localization(fprintd_t)
 userdom_use_user_ptys(fprintd_t)
 userdom_read_all_users_state(fprintd_t)
 optional_policy(`
 	consolekit_dbus_chat(fprintd_t)
 ')
 optional_policy(`
 	policykit_read_reload(fprintd_t)
 	policykit_read_lib(fprintd_t)
 	policykit_domtrans_auth(fprintd_t)
 ')
		`@ -0,0 +1,2 @@`
							`/usr/libexec/fprintd -- gen_context(system_u:object_r:fprintd_exec_t,s0)`
							`/var/lib/fprint(/.*)? gen_context(system_u:object_r:fprintd_var_lib_t,s0)`