From 68e615ec5a11b6d65c8fe9a85cf83855167cf801 Mon Sep 17 00:00:00 2001
From: Jeremy Solt <jsolt@tresys.com>
Date: Mon, 28 Jun 2010 11:52:55 -0400
Subject: [PATCH] system-config-samba dbus service policy from Dan Walsh

---
 policy/modules/apps/sambagui.fc |  1 +
 policy/modules/apps/sambagui.if |  2 ++
 policy/modules/apps/sambagui.te | 57 +++++++++++++++++++++++++++++++++
 3 files changed, 60 insertions(+)
 create mode 100644 policy/modules/apps/sambagui.fc
 create mode 100644 policy/modules/apps/sambagui.if
 create mode 100644 policy/modules/apps/sambagui.te

diff --git a/policy/modules/apps/sambagui.fc b/policy/modules/apps/sambagui.fc
new file mode 100644
index 00000000..c13d607c
--- /dev/null
+++ b/policy/modules/apps/sambagui.fc
@@ -0,0 +1 @@
+/usr/share/system-config-samba/system-config-samba-mechanism.py		--	gen_context(system_u:object_r:sambagui_exec_t,s0)
diff --git a/policy/modules/apps/sambagui.if b/policy/modules/apps/sambagui.if
new file mode 100644
index 00000000..b31ed107
--- /dev/null
+++ b/policy/modules/apps/sambagui.if
@@ -0,0 +1,2 @@
+## <summary>system-config-samba dbus service policy</summary>
+
diff --git a/policy/modules/apps/sambagui.te b/policy/modules/apps/sambagui.te
new file mode 100644
index 00000000..9ec14787
--- /dev/null
+++ b/policy/modules/apps/sambagui.te
@@ -0,0 +1,57 @@
+policy_module(sambagui, 1.0.0)
+
+########################################
+#
+# Declarations
+#
+
+type sambagui_t;
+type sambagui_exec_t;
+dbus_system_domain(sambagui_t, sambagui_exec_t)
+
+########################################
+#
+# system-config-samba local policy
+#
+
+allow sambagui_t self:capability dac_override;
+allow sambagui_t self:fifo_file rw_fifo_file_perms;
+allow sambagui_t self:unix_dgram_socket create_socket_perms;
+
+# read meminfo
+kernel_read_system_state(sambagui_t)
+
+# execut apps of system-config-samba
+corecmd_exec_shell(sambagui_t)
+corecmd_exec_bin(sambagui_t)
+
+dev_dontaudit_read_urand(sambagui_t)
+
+files_read_etc_files(sambagui_t)
+files_search_var_lib(sambagui_t)
+files_search_usr(sambagui_t)
+
+auth_use_nsswitch(sambagui_t)
+
+logging_send_syslog_msg(sambagui_t)
+
+miscfiles_read_localization(sambagui_t)
+
+nscd_dontaudit_search_pid(sambagui_t)
+
+# handling with samba conf files
+samba_append_log(sambagui_t)
+samba_manage_config(sambagui_t)
+samba_manage_var_files(sambagui_t)
+samba_read_secrets(sambagui_t)
+samba_initrc_domtrans(sambagui_t)
+samba_domtrans_smbd(sambagui_t)
+samba_domtrans_nmbd(sambagui_t)
+
+optional_policy(`
+	consoletype_exec(sambagui_t)
+')
+
+optional_policy(`
+	policykit_dbus_chat(sambagui_t)
+')