From 939a4287b3f082e1b27cc4fece4e50a34455e3e6 Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Tue, 7 Aug 2007 17:06:32 +0000
Subject: [PATCH] trunk: 3 patches from dan

---
 policy/modules/kernel/corecommands.fc |  7 ++++++-
 policy/modules/kernel/corecommands.te |  2 +-
 policy/modules/kernel/kernel.if       | 18 ++++++++++++++++++
 policy/modules/kernel/kernel.te       |  2 +-
 policy/modules/kernel/storage.fc      |  1 +
 policy/modules/kernel/storage.if      |  2 ++
 policy/modules/kernel/storage.te      |  2 +-
 7 files changed, 30 insertions(+), 4 deletions(-)

diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc
index 108106a5..43955630 100644
--- a/policy/modules/kernel/corecommands.fc
+++ b/policy/modules/kernel/corecommands.fc
@@ -130,8 +130,11 @@ ifdef(`distro_gentoo',`
 /usr/lib(64)?/[^/]*firefox[^/]*/firefox -- gen_context(system_u:object_r:bin_t,s0)
 /usr/lib(64)?/apt/methods.+	--	gen_context(system_u:object_r:bin_t,s0)
 /usr/lib(64)?/courier(/.*)?		gen_context(system_u:object_r:bin_t,s0)
+/usr/lib(64)?/cups/backend(/.*)? 	gen_context(system_u:object_r:bin_t,s0)
 /usr/lib(64)?/cups/cgi-bin/.*	--	gen_context(system_u:object_r:bin_t,s0)
-/usr/lib(64)?/cups/filter/.*	--	gen_context(system_u:object_r:bin_t,s0)
+/usr/lib(64)?/cups/daemon(/.*)? 	gen_context(system_u:object_r:bin_t,s0)
+/usr/lib(64)?/cups/filter(/.*)?		gen_context(system_u:object_r:bin_t,s0)
+
 /usr/lib(64)?/cyrus-imapd/.*	--	gen_context(system_u:object_r:bin_t,s0)
 /usr/lib(64)?/dpkg/.+		--	gen_context(system_u:object_r:bin_t,s0)
 /usr/lib(64)?/emacsen-common/.*		gen_context(system_u:object_r:bin_t,s0)
@@ -164,6 +167,7 @@ ifdef(`distro_gentoo',`
 /usr/libexec/openssh/sftp-server --	gen_context(system_u:object_r:bin_t,s0)
 
 /usr/local/lib(64)?/ipsec/.*	-- 	gen_context(system_u:object_r:bin_t,s0)
+/usr/local/Brother/lpd(/.*)?		gen_context(system_u:object_r:bin_t,s0)
 
 /usr/sbin/sesh			--	gen_context(system_u:object_r:shell_exec_t,s0)
 
@@ -221,6 +225,7 @@ ifdef(`distro_redhat', `
 /usr/share/system-config-network/neat-control\.py -- gen_context(system_u:object_r:bin_t,s0)
 /usr/share/system-config-nfs/nfs-export\.py -- gen_context(system_u:object_r:bin_t,s0)
 /usr/share/system-config-nfs/system-config-nfs\.py -- gen_context(system_u:object_r:bin_t,s0)
+/usr/share/system-config-printer/applet\.py -- gen_context(system_u:object_r:bin_t,s0)
 /usr/share/system-config-rootpassword/system-config-rootpassword -- gen_context(system_u:object_r:bin_t,s0)
 /usr/share/system-config-samba/system-config-samba\.py -- gen_context(system_u:object_r:bin_t,s0)
 /usr/share/system-config-securitylevel/system-config-securitylevel\.py -- gen_context(system_u:object_r:bin_t,s0)
diff --git a/policy/modules/kernel/corecommands.te b/policy/modules/kernel/corecommands.te
index 6f812d16..46d6da52 100644
--- a/policy/modules/kernel/corecommands.te
+++ b/policy/modules/kernel/corecommands.te
@@ -1,5 +1,5 @@
 
-policy_module(corecommands,1.7.0)
+policy_module(corecommands,1.7.1)
 
 ########################################
 #
diff --git a/policy/modules/kernel/kernel.if b/policy/modules/kernel/kernel.if
index 2b96253c..bb31b3dc 100644
--- a/policy/modules/kernel/kernel.if
+++ b/policy/modules/kernel/kernel.if
@@ -106,6 +106,24 @@ interface(`kernel_setpgid',`
 	allow $1 kernel_t:process setpgid;
 ')
 
+########################################
+## <summary>
+##	Set the priority of kernel threads.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`kernel_setsched',`
+	gen_require(`
+		type kernel_t;
+	')
+
+	allow $1 kernel_t:process setsched;
+')
+
 ########################################
 ## <summary>
 ##	Send a SIGCHLD signal to kernel threads.
diff --git a/policy/modules/kernel/kernel.te b/policy/modules/kernel/kernel.te
index 3e52215e..5312cf07 100644
--- a/policy/modules/kernel/kernel.te
+++ b/policy/modules/kernel/kernel.te
@@ -1,5 +1,5 @@
 
-policy_module(kernel,1.7.0)
+policy_module(kernel,1.7.1)
 
 ########################################
 #
diff --git a/policy/modules/kernel/storage.fc b/policy/modules/kernel/storage.fc
index 8e0d100b..d4143572 100644
--- a/policy/modules/kernel/storage.fc
+++ b/policy/modules/kernel/storage.fc
@@ -23,6 +23,7 @@
 /dev/loop.*		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
 /dev/lvm		-c	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
 /dev/mcdx?		-b	gen_context(system_u:object_r:removable_device_t,s0)
+/dev/megadev.*		-c	gen_context(system_u:object_r:removable_device_t,s0)
 /dev/mmcblk.*		-b	gen_context(system_u:object_r:removable_device_t,s0)
 /dev/nb[^/]+		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
 /dev/optcd		-b	gen_context(system_u:object_r:removable_device_t,s0)
diff --git a/policy/modules/kernel/storage.if b/policy/modules/kernel/storage.if
index 8781fe6f..b8721b2e 100644
--- a/policy/modules/kernel/storage.if
+++ b/policy/modules/kernel/storage.if
@@ -100,6 +100,7 @@ interface(`storage_raw_read_fixed_disk',`
 
 	dev_list_all_dev_nodes($1)
 	allow $1 fixed_disk_device_t:blk_file read_blk_file_perms;
+	allow $1 fixed_disk_device_t:chr_file read_chr_file_perms;
 	typeattribute $1 fixed_disk_raw_read;
 ')
 
@@ -144,6 +145,7 @@ interface(`storage_raw_write_fixed_disk',`
 
 	dev_list_all_dev_nodes($1)
 	allow $1 fixed_disk_device_t:blk_file write_blk_file_perms;
+	allow $1 fixed_disk_device_t:chr_file write_chr_file_perms;
 	typeattribute $1 fixed_disk_raw_write;
 ')
 
diff --git a/policy/modules/kernel/storage.te b/policy/modules/kernel/storage.te
index 99e77325..b9a916bb 100644
--- a/policy/modules/kernel/storage.te
+++ b/policy/modules/kernel/storage.te
@@ -1,5 +1,5 @@
 
-policy_module(storage,1.3.0)
+policy_module(storage,1.3.1)
 
 ########################################
 #