add gnomeclock from dan.

Changelog

@@ -11,6 +11,7 @@
 - Added modules:
 	abrt (Dan Walsh)
 	gitosis (Miroslav Grepl)
+	gnomeclock (Dan Walsh)
 	hddtemp (Dan Walsh)
 	kdump (Dan Walsh)
 	modemmanager(Dan Walsh)

policy/modules/services/gnomeclock.fc

@@ -0,0 +1,2 @@
+/usr/libexec/gnome-clock-applet-mechanism	--	gen_context(system_u:object_r:gnomeclock_exec_t,s0)
+

policy/modules/services/gnomeclock.if

@@ -0,0 +1,65 @@
+## <summary>Gnome clock handler for setting the time.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run gnomeclock.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+interface(`gnomeclock_domtrans',`
+	gen_require(`
+		type gnomeclock_t, gnomeclock_exec_t;
+	')
+
+	domtrans_pattern($1, gnomeclock_exec_t, gnomeclock_t)
+')
+
+########################################
+## <summary>
+##	Execute gnomeclock in the gnomeclock domain, and
+##	allow the specified role the gnomeclock domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	The role to be allowed the gnomeclock domain.
+##	</summary>
+## </param>
+#
+interface(`gnomeclock_run',`
+	gen_require(`
+		type gnomeclock_t;
+	')
+
+	gnomeclock_domtrans($1)
+	role $2 types gnomeclock_t;
+')
+
+########################################
+## <summary>
+##	Send and receive messages from
+##	gnomeclock over dbus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`gnomeclock_dbus_chat',`
+	gen_require(`
+		type gnomeclock_t;
+		class dbus send_msg;
+	')
+
+	allow $1 gnomeclock_t:dbus send_msg;
+	allow gnomeclock_t $1:dbus send_msg;
+')

policy/modules/services/gnomeclock.te

@@ -0,0 +1,47 @@
+
+policy_module(gnomeclock, 1.0.0)
+
+########################################
+#
+# Declarations
+#
+
+type gnomeclock_t;
+type gnomeclock_exec_t;
+dbus_system_domain(gnomeclock_t, gnomeclock_exec_t)
+
+########################################
+#
+# gnomeclock local policy
+#
+
+allow gnomeclock_t self:capability { sys_nice sys_time sys_ptrace };
+allow gnomeclock_t self:process { getattr getsched };
+allow gnomeclock_t self:fifo_file rw_fifo_file_perms;
+allow gnomeclock_t self:unix_stream_socket create_stream_socket_perms;
+
+corecmd_exec_bin(gnomeclock_t)
+
+files_read_etc_files(gnomeclock_t)
+files_read_usr_files(gnomeclock_t)
+
+auth_use_nsswitch(gnomeclock_t)
+
+clock_domtrans(gnomeclock_t)
+
+miscfiles_read_localization(gnomeclock_t)
+miscfiles_manage_localization(gnomeclock_t)
+miscfiles_etc_filetrans_localization(gnomeclock_t)
+
+userdom_read_all_users_state(gnomeclock_t)
+
+optional_policy(`
+	consolekit_dbus_chat(gnomeclock_t)
+')
+
+optional_policy(`
+	policykit_dbus_chat(gnomeclock_t)
+	policykit_domtrans_auth(gnomeclock_t)
+	policykit_read_lib(gnomeclock_t)
+	policykit_read_reload(gnomeclock_t)
+')