trunk: 14 patches from dan.

2009-03-23 14:56:43 +00:00 · 2009-03-23 14:56:43 +00:00 · 8f800d48df
commit 8f800d48df
parent 244b45d225
29 changed files with 204 additions and 36 deletions
--- a/policy/modules/kernel/corenetwork.te.in
+++ b/policy/modules/kernel/corenetwork.te.in
@ -1,5 +1,5 @@
-policy_module(corenetwork, 1.11.4)
+policy_module(corenetwork, 1.11.5)
 ########################################
 #
@ -118,6 +118,7 @@ network_port(jabber_interserver, tcp,5269,s0)
 network_port(kerberos_admin, tcp,464,s0, udp,464,s0, tcp,749,s0)
 network_port(kerberos_master, tcp,4444,s0, udp,4444,s0)
 network_port(kerberos, tcp,88,s0, udp,88,s0, tcp,750,s0, udp,750,s0)
 network_port(kprop, tcp,754,s0)
 network_port(ktalkd, udp,517,s0, udp,518,s0)
 network_port(ldap, tcp,389,s0, udp,389,s0, tcp,636,s0, udp,636,s0, tcp,3268,s0)
 type lrrd_port_t, port_type; dnl network_port(lrrd_port_t) # no defined portcon
--- a/policy/modules/services/apcupsd.fc
+++ b/policy/modules/services/apcupsd.fc
@ -1,8 +1,6 @@
 /etc/rc\.d/init\.d/apcupsd	--	gen_context(system_u:object_r:apcupsd_initrc_exec_t,s0)
 ifdef(`distro_debian',`
 /sbin/apcupsd			--	gen_context(system_u:object_r:apcupsd_exec_t,s0)
 ')
 /usr/sbin/apcupsd		--	gen_context(system_u:object_r:apcupsd_exec_t,s0)
--- a/policy/modules/services/apcupsd.te
+++ b/policy/modules/services/apcupsd.te
@ -1,5 +1,5 @@
-policy_module(apcupsd, 1.5.2)
+policy_module(apcupsd, 1.5.3)
 ########################################
 #
--- a/policy/modules/services/avahi.if
+++ b/policy/modules/services/avahi.if
@ -55,6 +55,24 @@ interface(`avahi_kill',`
 	allow $1 avahi_t:process sigkill;
 ')
 ########################################
 ## <summary>
 ##	Send avahi a signull
 ## </summary>
 ## <param name="domain">
 ##	<summary>
 ##	Domain allowed access.
 ##	</summary>
 ## </param>
 #
 interface(`avahi_signull',`
 	gen_require(`
 		type avahi_t;
 	')
 	allow $1 avahi_t:process signull;
 ')
 ########################################
 ## <summary>
 ##	Send and receive messages from
--- a/policy/modules/services/avahi.te
+++ b/policy/modules/services/avahi.te
@ -1,5 +1,5 @@
-policy_module(avahi, 1.10.2)
+policy_module(avahi, 1.10.3)
 ########################################
 #
--- a/policy/modules/services/bluetooth.fc
+++ b/policy/modules/services/bluetooth.fc
@ -15,6 +15,7 @@
 /usr/bin/hidd		--	gen_context(system_u:object_r:bluetooth_exec_t,s0)
 /usr/bin/rfcomm		--	gen_context(system_u:object_r:bluetooth_exec_t,s0)
 /usr/sbin/bluetoothd	--	gen_context(system_u:object_r:bluetooth_exec_t,s0)
 /usr/sbin/hciattach	--	gen_context(system_u:object_r:bluetooth_exec_t,s0)
 /usr/sbin/hcid		--	gen_context(system_u:object_r:bluetooth_exec_t,s0)
 /usr/sbin/hid2hci	--	gen_context(system_u:object_r:bluetooth_exec_t,s0)
--- a/policy/modules/services/bluetooth.if
+++ b/policy/modules/services/bluetooth.if
@ -173,7 +173,7 @@ interface(`bluetooth_dontaudit_read_helper_state',`
 interface(`bluetooth_admin',`
 	gen_require(`
 		type bluetooth_t, bluetooth_tmp_t, bluetooth_lock_t;
-		type bluetooth_var_lib_t, bluetooth_var_run_t;
+		type bluetooth_spool_t, bluetooth_var_lib_t, bluetooth_var_run_t;
 		type bluetooth_conf_t, bluetooth_conf_rw_t;
 		type bluetooth_initrc_exec_t;
 	')
@ -196,6 +196,9 @@ interface(`bluetooth_admin',`
 	admin_pattern($1, bluetooth_conf_t)
 	admin_pattern($1, bluetooth_conf_rw_t)
 	files_list_spool($1)
 	admin_pattern($1, bluetooth_spool_t)
 	files_list_var_lib($1)
 	admin_pattern($1, bluetooth_var_lib_t)
--- a/policy/modules/services/bluetooth.te
+++ b/policy/modules/services/bluetooth.te
@ -1,5 +1,5 @@
-policy_module(bluetooth, 3.1.2)
+policy_module(bluetooth, 3.1.3)
 ########################################
 #
@ -93,6 +93,7 @@ files_pid_filetrans(bluetooth_t, bluetooth_var_run_t, { file sock_file })
 kernel_read_kernel_sysctls(bluetooth_t)
 kernel_read_system_state(bluetooth_t)
 kernel_read_network_state(bluetooth_t)
 corenet_all_recvfrom_unlabeled(bluetooth_t)
 corenet_all_recvfrom_netlabel(bluetooth_t)
@ -147,10 +148,10 @@ optional_policy(`
 	optional_policy(`
 		cups_dbus_chat(bluetooth_t)
 	')
 ')
-optional_policy(`
+	optional_policy(`
-	nis_use_ypbind(bluetooth_t)
+		hal_dbus_chat(bluetooth_t)
 	')
 ')
 optional_policy(`
--- a/policy/modules/services/cvs.if
+++ b/policy/modules/services/cvs.if
@ -15,7 +15,9 @@ interface(`cvs_read_data',`
 		type cvs_data_t;
 	')
-	allow $1 cvs_data_t:file { getattr read };
+	list_dirs_pattern($1, cvs_data_t, cvs_data_t)
 	read_files_pattern($1, cvs_data_t, cvs_data_t)
 	read_lnk_files_pattern($1, cvs_data_t, cvs_data_t)
 ')
 ########################################
--- a/policy/modules/services/cvs.te
+++ b/policy/modules/services/cvs.te
@ -1,5 +1,5 @@
-policy_module(cvs, 1.7.2)
+policy_module(cvs, 1.7.3)
 ########################################
 #
--- a/policy/modules/services/dnsmasq.fc
+++ b/policy/modules/services/dnsmasq.fc
@ -4,4 +4,6 @@
 /var/lib/misc/dnsmasq\.leases	--	gen_context(system_u:object_r:dnsmasq_lease_t,s0)
 /var/lib/dnsmasq(/.*)?			gen_context(system_u:object_r:dnsmasq_lease_t,s0)
 /var/run/dnsmasq\.pid		--	gen_context(system_u:object_r:dnsmasq_var_run_t,s0)
 /var/run/libvirt/network(/.*)?		gen_context(system_u:object_r:dnsmasq_var_run_t,s0)
--- a/policy/modules/services/dnsmasq.if
+++ b/policy/modules/services/dnsmasq.if
@ -39,6 +39,25 @@ interface(`dnsmasq_signal',`
 	allow $1 dnsmasq_t:process signal;
 ')
 ########################################
 ## <summary>
 ##	Send dnsmasq a signull
 ## </summary>
 ## <param name="domain">
 ##	<summary>
 ##	Domain allowed access.
 ##	</summary>
 ## </param>
 #
 #
 interface(`dnsmasq_signull',`
 	gen_require(`
 		type dnsmasq_t;
 	')
 	allow $1 dnsmasq_t:process signull;
 ')
 ########################################
 ## <summary>
 ##	Send dnsmasq a kill signal.
@ -58,6 +77,44 @@ interface(`dnsmasq_kill',`
 	allow $1 dnsmasq_t:process sigkill;
 ')
 ########################################
 ## <summary>
 ##	Delete dnsmasq pid files
 ## </summary>
 ## <param name="domain">
 ##	<summary>
 ##	Domain allowed access.
 ##	</summary>
 ## </param>
 #
 #
 interface(`dnsmasq_delete_pid_files',`
 	gen_require(`
 		type dnsmasq_var_run_t;
 	')
 	delete_files_pattern($1, dnsmasq_var_run_t, dnsmasq_var_run_t)
 ')
 ########################################
 ## <summary>
 ##	Read dnsmasq pid files
 ## </summary>
 ## <param name="domain">
 ##	<summary>
 ##	Domain allowed access.
 ##	</summary>
 ## </param>
 #
 #
 interface(`dnsmasq_read_pid_files',`
 	gen_require(`
 		type dnsmasq_var_run_t;
 	')
 	read_files_pattern($1, dnsmasq_var_run_t, dnsmasq_var_run_t)
 ')
 ########################################
 ## <summary>
 ##	All of the rules required to administrate 
--- a/policy/modules/services/dnsmasq.te
+++ b/policy/modules/services/dnsmasq.te
@ -1,5 +1,5 @@
-policy_module(dnsmasq, 1.7.1)
+policy_module(dnsmasq, 1.7.2)
 ########################################
 #
@ -69,23 +69,20 @@ domain_use_interactive_fds(dnsmasq_t)
 # allow access to dnsmasq.conf
 files_read_etc_files(dnsmasq_t)
 files_read_etc_runtime_files(dnsmasq_t)
 fs_getattr_all_fs(dnsmasq_t)
 fs_search_auto_mountpoints(dnsmasq_t)
 auth_use_nsswitch(dnsmasq_t)
 logging_send_syslog_msg(dnsmasq_t)
 miscfiles_read_localization(dnsmasq_t)
 sysnet_read_config(dnsmasq_t)
 userdom_dontaudit_use_unpriv_user_fds(dnsmasq_t)
 userdom_dontaudit_search_user_home_dirs(dnsmasq_t)
 optional_policy(`
 	nis_use_ypbind(dnsmasq_t)
 ')
 optional_policy(`
 	seutil_sigchld_newrole(dnsmasq_t)
 ')
@ -96,4 +93,5 @@ optional_policy(`
 optional_policy(`
 	virt_manage_lib_files(dnsmasq_t)
 	virt_read_pid_files(dnsmasq_t)
 ')
--- a/policy/modules/services/kerberos.fc
+++ b/policy/modules/services/kerberos.fc
@ -19,6 +19,7 @@
 /var/kerberos/krb5kdc(/.*)?		gen_context(system_u:object_r:krb5kdc_conf_t,s0)
 /var/kerberos/krb5kdc/from_master.*	gen_context(system_u:object_r:krb5kdc_lock_t,s0)
 /var/kerberos/krb5kdc/kadm5\.keytab --	gen_context(system_u:object_r:krb5_keytab_t,s0)
 /var/kerberos/krb5kdc/principal.*	gen_context(system_u:object_r:krb5kdc_principal_t,s0)
 /var/kerberos/krb5kdc/principal\.ok	gen_context(system_u:object_r:krb5kdc_lock_t,s0)
--- a/policy/modules/services/kerberos.te
+++ b/policy/modules/services/kerberos.te
@ -1,5 +1,5 @@
-policy_module(kerberos, 1.9.2)
+policy_module(kerberos, 1.9.3)
 ########################################
 #
@ -290,6 +290,7 @@ corenet_tcp_sendrecv_generic_if(kpropd_t)
 corenet_tcp_sendrecv_generic_node(kpropd_t)
 corenet_tcp_sendrecv_all_ports(kpropd_t)
 corenet_tcp_bind_generic_node(kpropd_t)
 corenet_tcp_bind_kprop_port(kpropd_t)
 dev_read_urand(kpropd_t)
--- a/policy/modules/services/openvpn.fc
+++ b/policy/modules/services/openvpn.fc
@ -2,6 +2,7 @@
 # /etc
 #
 /etc/openvpn(/.*)?		gen_context(system_u:object_r:openvpn_etc_t,s0)
 /etc/openvpn/ipp.txt	--	gen_context(system_u:object_r:openvpn_etc_rw_t,s0)
 /etc/rc\.d/init\.d/openvpn --	gen_context(system_u:object_r:openvpn_initrc_exec_t,s0)
 #
--- a/policy/modules/services/openvpn.if
+++ b/policy/modules/services/openvpn.if
@ -44,6 +44,24 @@ interface(`openvpn_run',`
 	role $2 types openvpn_t;
 ')
 ########################################
 ## <summary>
 ##	Send OPENVPN clients the kill signal.
 ## </summary>
 ## <param name="domain">
 ##	<summary>
 ##	Domain allowed access.
 ##	</summary>
 ## </param>
 #
 interface(`openvpn_kill',`
 	gen_require(`
 		type openvpn_t;
 	')
 	allow $1 openvpn_t:process sigkill;
 ')
 ########################################
 ## <summary>
 ##	Send generic signals to OPENVPN clients.
@ -62,6 +80,24 @@ interface(`openvpn_signal',`
 	allow $1 openvpn_t:process signal;
 ')
 ########################################
 ## <summary>
 ##	Send signulls to OPENVPN clients.
 ## </summary>
 ## <param name="domain">
 ##	<summary>
 ##	Domain allowed access.
 ##	</summary>
 ## </param>
 #
 interface(`openvpn_signull',`
 	gen_require(`
 		type openvpn_t;
 	')
 	allow $1 openvpn_t:process signull;
 ')
 ########################################
 ## <summary>
 ##	Allow the specified domain to read
--- a/policy/modules/services/openvpn.te
+++ b/policy/modules/services/openvpn.te
@ -1,5 +1,5 @@
-policy_module(openvpn, 1.7.2)
+policy_module(openvpn, 1.7.3)
 ########################################
 #
@ -22,6 +22,9 @@ init_daemon_domain(openvpn_t, openvpn_exec_t)
 type openvpn_etc_t;
 files_config_file(openvpn_etc_t)
 type openvpn_etc_rw_t;
 files_config_file(openvpn_etc_rw_t)
 type openvpn_initrc_exec_t;
 init_script_file(openvpn_initrc_exec_t)
@ -40,6 +43,7 @@ files_pid_file(openvpn_var_run_t)
 allow openvpn_t self:capability { dac_read_search dac_override net_bind_service net_admin setgid setuid sys_chroot sys_tty_config };
 allow openvpn_t self:process { signal getsched };
 allow openvpn_t self:fifo_file rw_fifo_file_perms;
 allow openvpn_t self:unix_dgram_socket { create_socket_perms sendto };
 allow openvpn_t self:unix_stream_socket { create_stream_socket_perms connectto };
@ -47,11 +51,13 @@ allow openvpn_t self:udp_socket create_socket_perms;
 allow openvpn_t self:tcp_socket server_stream_socket_perms;
 allow openvpn_t self:netlink_route_socket rw_netlink_socket_perms;
 allow openvpn_t openvpn_etc_t:dir list_dir_perms;
 can_exec(openvpn_t, openvpn_etc_t)
 read_files_pattern(openvpn_t, openvpn_etc_t, openvpn_etc_t)
 read_lnk_files_pattern(openvpn_t, openvpn_etc_t, openvpn_etc_t)
 manage_files_pattern(openvpn_t, openvpn_etc_t, openvpn_etc_rw_t)
 filetrans_pattern(openvpn_t, openvpn_etc_t, openvpn_etc_rw_t, file)
 allow openvpn_t openvpn_var_log_t:file manage_file_perms;
 logging_log_filetrans(openvpn_t, openvpn_var_log_t, file)
@ -99,6 +105,8 @@ miscfiles_read_certs(openvpn_t)
 sysnet_dns_name_resolve(openvpn_t)
 sysnet_exec_ifconfig(openvpn_t)
 sysnet_write_config(openvpn_t)
 sysnet_etc_filetrans_config(openvpn_t)
 userdom_use_user_terminals(openvpn_t)
--- a/policy/modules/services/pcscd.fc
+++ b/policy/modules/services/pcscd.fc
@ -1,5 +1,6 @@
 /var/run/pcscd\.comm	-s	gen_context(system_u:object_r:pcscd_var_run_t,s0)
 /var/run/pcscd\.pid	--	gen_context(system_u:object_r:pcscd_var_run_t,s0)
 /var/run/pcscd\.pub	--	gen_context(system_u:object_r:pcscd_var_run_t,s0)
 /var/run/pcscd\.events(/.*)?	gen_context(system_u:object_r:pcscd_var_run_t,s0)
 /usr/sbin/pcscd		--	gen_context(system_u:object_r:pcscd_exec_t,s0)
--- a/policy/modules/services/pcscd.te
+++ b/policy/modules/services/pcscd.te
@ -1,5 +1,5 @@
-policy_module(pcscd, 1.4.2)
+policy_module(pcscd, 1.4.3)
 ########################################
 #
@ -27,9 +27,10 @@ allow pcscd_t self:unix_stream_socket create_stream_socket_perms;
 allow pcscd_t self:unix_dgram_socket create_socket_perms;
 allow pcscd_t self:tcp_socket create_stream_socket_perms;
 manage_dirs_pattern(pcscd_t, pcscd_var_run_t, pcscd_var_run_t)
 manage_files_pattern(pcscd_t, pcscd_var_run_t, pcscd_var_run_t)
 manage_sock_files_pattern(pcscd_t, pcscd_var_run_t, pcscd_var_run_t)
-files_pid_filetrans(pcscd_t, pcscd_var_run_t, { file sock_file })
+files_pid_filetrans(pcscd_t, pcscd_var_run_t, { file sock_file dir })
 corenet_all_recvfrom_unlabeled(pcscd_t)
 corenet_all_recvfrom_netlabel(pcscd_t)
@ -56,6 +57,14 @@ miscfiles_read_localization(pcscd_t)
 sysnet_dns_name_resolve(pcscd_t)
 optional_policy(`
 	dbus_system_bus_client(pcscd_t)
 	optional_policy(`
 		hal_dbus_chat(pcscd_t)
 	')
 ')
 optional_policy(`
 	openct_stream_connect(pcscd_t)
 	openct_read_pid_files(pcscd_t)
--- a/policy/modules/services/radvd.te
+++ b/policy/modules/services/radvd.te
@ -1,5 +1,5 @@
-policy_module(radvd, 1.10.2)
+policy_module(radvd, 1.10.3)
 ########################################
 #
@ -22,7 +22,7 @@ files_config_file(radvd_etc_t)
 #
 # Local policy
 #
-allow radvd_t self:capability { setgid setuid net_raw };
+allow radvd_t self:capability { setgid setuid net_raw net_admin };
 dontaudit radvd_t self:capability sys_tty_config;
 allow radvd_t self:process signal_perms;
 allow radvd_t self:unix_dgram_socket create_socket_perms;
--- a/policy/modules/services/rlogin.te
+++ b/policy/modules/services/rlogin.te
@ -1,5 +1,5 @@
-policy_module(rlogin, 1.8.2)
+policy_module(rlogin, 1.8.3)
 ########################################
 #
@ -90,9 +90,21 @@ userdom_read_user_home_content_files(rlogind_t)
 remotelogin_domtrans(rlogind_t)
 remotelogin_signal(rlogind_t)
 tunable_policy(`use_nfs_home_dirs',`
 	fs_list_nfs(rlogind_t)
 	fs_read_nfs_files(rlogind_t)
 	fs_read_nfs_symlinks(rlogind_t)
 ')
 tunable_policy(`use_samba_home_dirs',`
 	fs_list_cifs(rlogind_t)
 	fs_read_cifs_files(rlogind_t)
 	fs_read_cifs_symlinks(rlogind_t)
 ')
 optional_policy(`
-	kerberos_use(rlogind_t)
+	kerberos_keytab_template(rlogind, rlogind_t)
-	kerberos_read_keytab(rlogind_t)
+	kerberos_manage_host_rcache(rlogind_t)
 ')
 optional_policy(`
--- a/policy/modules/services/rsync.te
+++ b/policy/modules/services/rsync.te
@ -1,5 +1,5 @@
-policy_module(rsync, 1.8.2)
+policy_module(rsync, 1.8.3)
 ########################################
 #
@ -119,5 +119,9 @@ optional_policy(`
 tunable_policy(`rsync_export_all_ro',`
 	fs_read_noxattr_fs_files(rsync_t) 
 	auth_read_all_dirs_except_shadow(rsync_t)
 	auth_read_all_files_except_shadow(rsync_t)
 	auth_read_all_symlinks_except_shadow(rsync_t)
 	auth_tunable_read_shadow(rsync_t)
 ')
 auth_can_read_shadow_passwords(rsync_t)
--- a/policy/modules/services/stunnel.fc
+++ b/policy/modules/services/stunnel.fc
@ -1,6 +1,7 @@
 /etc/stunnel(/.*)?          	gen_context(system_u:object_r:stunnel_etc_t,s0)
 /usr/bin/stunnel	--	gen_context(system_u:object_r:stunnel_exec_t,s0)
 /usr/sbin/stunnel	--	gen_context(system_u:object_r:stunnel_exec_t,s0)
 /var/run/stunnel(/.*)?		gen_context(system_u:object_r:stunnel_var_run_t,s0)
--- a/policy/modules/services/stunnel.te
+++ b/policy/modules/services/stunnel.te
@ -1,5 +1,5 @@
-policy_module(stunnel, 1.8.2)
+policy_module(stunnel, 1.8.3)
 ########################################
 #
@ -54,6 +54,8 @@ kernel_read_kernel_sysctls(stunnel_t)
 kernel_read_system_state(stunnel_t)
 kernel_read_network_state(stunnel_t)
 corecmd_exec_bin(stunnel_t)
 corenet_all_recvfrom_unlabeled(stunnel_t)
 corenet_all_recvfrom_netlabel(stunnel_t)
 corenet_tcp_sendrecv_generic_if(stunnel_t)
@ -105,6 +107,7 @@ ifdef(`distro_gentoo', `
 	dev_read_urand(stunnel_t)
 	files_read_etc_files(stunnel_t)
 	files_read_etc_runtime_files(stunnel_t)
 	files_search_home(stunnel_t)
 	optional_policy(`
--- a/policy/modules/services/sysstat.fc
+++ b/policy/modules/services/sysstat.fc
@ -1,6 +1,6 @@
 /usr/lib(64)?/atsar/atsa.*	--	gen_context(system_u:object_r:sysstat_exec_t,s0)
-/usr/lib(64)?/sa/sadc		--	gen_context(system_u:object_r:sysstat_exec_t,s0)
+/usr/lib(64)?/sa/sa.*		--	gen_context(system_u:object_r:sysstat_exec_t,s0)
 /usr/lib(64)?/sysstat/sa.*	--	gen_context(system_u:object_r:sysstat_exec_t,s0)
 /var/log/atsar(/.*)?			gen_context(system_u:object_r:sysstat_log_t,s0)
--- a/policy/modules/services/sysstat.te
+++ b/policy/modules/services/sysstat.te
@ -1,5 +1,5 @@
-policy_module(sysstat, 1.4.0)
+policy_module(sysstat, 1.4.1)
 ########################################
 #
@ -19,13 +19,14 @@ logging_log_file(sysstat_log_t)
 # Local policy
 #
-allow sysstat_t self:capability sys_resource;
+allow sysstat_t self:capability { sys_resource sys_tty_config };
 dontaudit sysstat_t self:capability sys_admin;
 allow sysstat_t self:fifo_file rw_fifo_file_perms;
 can_exec(sysstat_t, sysstat_exec_t)
 manage_files_pattern(sysstat_t, sysstat_log_t, sysstat_log_t)
 read_lnk_files_pattern(sysstat_t, sysstat_log_t, sysstat_log_t)
 logging_log_filetrans(sysstat_t, sysstat_log_t, { file dir })
 # get info from /proc
--- a/policy/modules/services/uucp.fc
+++ b/policy/modules/services/uucp.fc
@ -6,4 +6,6 @@
 /var/spool/uucp(/.*)?		gen_context(system_u:object_r:uucpd_spool_t,s0)
 /var/spool/uucppublic(/.*)?	gen_context(system_u:object_r:uucpd_spool_t,s0)
 /var/lock/uucp(/.*)?		gen_context(system_u:object_r:uucpd_lock_t,s0)
 /var/log/uucp(/.*)?		gen_context(system_u:object_r:uucpd_log_t,s0)
--- a/policy/modules/services/uucp.te
+++ b/policy/modules/services/uucp.te
@ -1,5 +1,5 @@
-policy_module(uucp, 1.9.2)
+policy_module(uucp, 1.9.3)
 ########################################
 #
@ -10,6 +10,9 @@ type uucpd_exec_t;
 inetd_tcp_service_domain(uucpd_t, uucpd_exec_t)
 role system_r types uucpd_t;
 type uucpd_lock_t;
 files_lock_file(uucpd_lock_t)
 type uucpd_tmp_t;
 files_tmp_file(uucpd_tmp_t)
@ -58,6 +61,10 @@ manage_lnk_files_pattern(uucpd_t, uucpd_rw_t, uucpd_rw_t)
 uucp_manage_spool(uucpd_t)
 manage_dirs_pattern(uucpd_t, uucpd_lock_t, uucpd_lock_t)
 manage_files_pattern(uucpd_t, uucpd_lock_t, uucpd_lock_t)
 files_search_locks(uucpd_t)
 manage_dirs_pattern(uucpd_t, uucpd_tmp_t, uucpd_tmp_t)
 manage_files_pattern(uucpd_t, uucpd_tmp_t, uucpd_tmp_t)
 files_tmp_filetrans(uucpd_t, uucpd_tmp_t, { file dir })