add seunshare from dan.

Changelog

@@ -18,6 +18,7 @@
 	modemmanager(Dan Walsh)
 	nslcd (Dan Walsh)
 	rtkit (Dan Walsh)
+	seunshare (Dan Walsh)
 	shorewall (Dan Walsh)
 	xscreensaver (Corentin Labbe)
 

policy/modules/apps/seunshare.fc

@@ -0,0 +1 @@
+/usr/sbin/seunshare	--	gen_context(system_u:object_r:seunshare_exec_t,s0)

policy/modules/apps/seunshare.if

@@ -0,0 +1,72 @@
+## <summary>Filesystem namespacing/polyinstantiation application.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run seunshare.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+interface(`seunshare_domtrans',`
+	gen_require(`
+		type seunshare_t, seunshare_exec_t;
+	')
+
+	domtrans_pattern($1, seunshare_exec_t, seunshare_t)
+')
+
+########################################
+## <summary>
+##	Execute seunshare in the seunshare domain, and
+##	allow the specified role the seunshare domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+#
+interface(`seunshare_run',`
+	gen_require(`
+		type seunshare_t;
+	')
+
+	seunshare_domtrans($1)
+	role $2 types seunshare_t;
+')
+
+########################################
+## <summary>
+##	Role access for seunshare
+## </summary>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	User domain for the role.
+##	</summary>
+## </param>
+#
+interface(`seunshare_role',`
+	gen_require(`
+		type seunshare_t;
+	')
+
+	role $2 types seunshare_t;
+
+	seunshare_domtrans($1)
+
+	ps_process_pattern($2, seunshare_t)
+	allow $2 seunshare_t:process signal;
+')

policy/modules/apps/seunshare.te

@@ -0,0 +1,35 @@
+
+policy_module(seunshare, 1.0.0)
+
+########################################
+#
+# Declarations
+#
+
+type seunshare_t;
+type seunshare_exec_t;
+application_domain(seunshare_t, seunshare_exec_t)
+role system_r types seunshare_t;
+
+########################################
+#
+# seunshare local policy
+#
+
+allow seunshare_t self:capability setpcap;
+allow seunshare_t self:process { setexec signal getcap setcap };
+
+allow seunshare_t self:fifo_file rw_file_perms;
+allow seunshare_t self:unix_stream_socket create_stream_socket_perms;
+
+corecmd_exec_shell(seunshare_t)
+corecmd_exec_bin(seunshare_t)
+
+files_read_etc_files(seunshare_t)
+files_mounton_all_poly_members(seunshare_t)
+
+auth_use_nsswitch(seunshare_t)
+
+miscfiles_read_localization(seunshare_t)
+
+userdom_use_user_terminals(seunshare_t)