From 9ed55bda90a1e813bfdc62fe0615bfcf1cc005f5 Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@fedoraproject.org>
Date: Fri, 30 May 2008 20:27:06 +0000
Subject: [PATCH] - Merge Upstream

---
 policy-20080509.patch | 49 +++++++++++++++++++++++--------------------
 sources               |  2 +-
 2 files changed, 27 insertions(+), 24 deletions(-)

diff --git a/policy-20080509.patch b/policy-20080509.patch
index 817e8335..cd5588f7 100644
--- a/policy-20080509.patch
+++ b/policy-20080509.patch
@@ -26444,7 +26444,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.4.1/policy/modules/services/xserver.te
 --- nsaserefpolicy/policy/modules/services/xserver.te	2008-05-19 10:26:37.000000000 -0400
-+++ serefpolicy-3.4.1/policy/modules/services/xserver.te	2008-05-30 16:11:13.428347000 -0400
++++ serefpolicy-3.4.1/policy/modules/services/xserver.te	2008-05-30 16:26:02.967410000 -0400
 @@ -8,6 +8,14 @@
  
  ## <desc>
@@ -26496,13 +26496,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  type xdm_tmp_t;
  files_tmp_file(xdm_tmp_t)
  typealias xdm_tmp_t alias ice_tmp_t;
-@@ -122,6 +143,24 @@
+@@ -122,6 +143,27 @@
  type xserver_log_t;
  logging_log_file(xserver_log_t)
  
 +type fonts_cache_home_t, fonts_cache_type;
 +userdom_user_home_content(user,fonts_cache_home_t)
 +
++type fonts_home_t, fonts_type;
++userdom_user_home_content(user,fonts_home_t)
++
 +type fonts_config_home_t, fonts_config_type;
 +userdom_user_home_content(user,fonts_config_home_t)
 +
@@ -26521,7 +26524,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  xserver_common_domain_template(xdm)
  xserver_common_x_domain_template(xdm,xdm,xdm_t)
  init_system_domain(xdm_xserver_t,xserver_exec_t)
-@@ -142,6 +181,7 @@
+@@ -142,6 +184,7 @@
  
  allow xdm_t self:capability { setgid setuid sys_resource kill sys_tty_config mknod chown dac_override dac_read_search fowner fsetid ipc_owner sys_nice sys_rawio net_bind_service };
  allow xdm_t self:process { setexec setpgid getsched setsched setrlimit signal_perms setkeycreate };
@@ -26529,7 +26532,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  allow xdm_t self:fifo_file rw_fifo_file_perms;
  allow xdm_t self:shm create_shm_perms;
  allow xdm_t self:sem create_sem_perms;
-@@ -154,6 +194,8 @@
+@@ -154,6 +197,8 @@
  allow xdm_t self:key { search link write };
  
  allow xdm_t xconsole_device_t:fifo_file { getattr setattr };
@@ -26538,7 +26541,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  
  # Allow gdm to run gdm-binary
  can_exec(xdm_t, xdm_exec_t)
-@@ -169,6 +211,8 @@
+@@ -169,6 +214,8 @@
  manage_files_pattern(xdm_t,xdm_tmp_t,xdm_tmp_t)
  manage_sock_files_pattern(xdm_t,xdm_tmp_t,xdm_tmp_t)
  files_tmp_filetrans(xdm_t, xdm_tmp_t, { file dir sock_file })
@@ -26547,7 +26550,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  
  manage_dirs_pattern(xdm_t,xdm_tmpfs_t,xdm_tmpfs_t)
  manage_files_pattern(xdm_t,xdm_tmpfs_t,xdm_tmpfs_t)
-@@ -176,15 +220,24 @@
+@@ -176,15 +223,24 @@
  manage_fifo_files_pattern(xdm_t,xdm_tmpfs_t,xdm_tmpfs_t)
  manage_sock_files_pattern(xdm_t,xdm_tmpfs_t,xdm_tmpfs_t)
  fs_tmpfs_filetrans(xdm_t,xdm_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
@@ -26574,7 +26577,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  
  allow xdm_t xdm_xserver_t:process signal;
  allow xdm_t xdm_xserver_t:unix_stream_socket connectto;
-@@ -198,6 +251,7 @@
+@@ -198,6 +254,7 @@
  allow xdm_t xdm_xserver_t:process { noatsecure siginh rlimitinh signal sigkill };
  
  allow xdm_t xdm_xserver_t:shm rw_shm_perms;
@@ -26582,7 +26585,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  
  # connect to xdm xserver over stream socket
  stream_connect_pattern(xdm_t,xdm_xserver_tmp_t,xdm_xserver_tmp_t,xdm_xserver_t)
-@@ -229,6 +283,7 @@
+@@ -229,6 +286,7 @@
  corenet_udp_sendrecv_all_ports(xdm_t)
  corenet_tcp_bind_all_nodes(xdm_t)
  corenet_udp_bind_all_nodes(xdm_t)
@@ -26590,7 +26593,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  corenet_tcp_connect_all_ports(xdm_t)
  corenet_sendrecv_all_client_packets(xdm_t)
  # xdm tries to bind to biff_port_t
-@@ -241,6 +296,7 @@
+@@ -241,6 +299,7 @@
  dev_getattr_mouse_dev(xdm_t)
  dev_setattr_mouse_dev(xdm_t)
  dev_rw_apm_bios(xdm_t)
@@ -26598,7 +26601,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  dev_setattr_apm_bios_dev(xdm_t)
  dev_rw_dri(xdm_t)
  dev_rw_agp(xdm_t)
-@@ -253,14 +309,15 @@
+@@ -253,14 +312,15 @@
  dev_setattr_video_dev(xdm_t)
  dev_getattr_scanner_dev(xdm_t)
  dev_setattr_scanner_dev(xdm_t)
@@ -26616,7 +26619,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  
  files_read_etc_files(xdm_t)
  files_read_var_files(xdm_t)
-@@ -271,9 +328,13 @@
+@@ -271,9 +331,13 @@
  files_read_usr_files(xdm_t)
  # Poweroff wants to create the /poweroff file when run from xdm
  files_create_boot_flag(xdm_t)
@@ -26630,7 +26633,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  
  storage_dontaudit_read_fixed_disk(xdm_t)
  storage_dontaudit_write_fixed_disk(xdm_t)
-@@ -282,6 +343,7 @@
+@@ -282,6 +346,7 @@
  storage_dontaudit_raw_write_removable_device(xdm_t)
  storage_dontaudit_setattr_removable_dev(xdm_t)
  storage_dontaudit_rw_scsi_generic(xdm_t)
@@ -26638,7 +26641,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  
  term_setattr_console(xdm_t)
  term_use_unallocated_ttys(xdm_t)
-@@ -290,6 +352,7 @@
+@@ -290,6 +355,7 @@
  auth_domtrans_pam_console(xdm_t)
  auth_manage_pam_pid(xdm_t)
  auth_manage_pam_console_data(xdm_t)
@@ -26646,7 +26649,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  auth_rw_faillog(xdm_t)
  auth_write_login_records(xdm_t)
  
-@@ -301,21 +364,25 @@
+@@ -301,21 +367,25 @@
  libs_exec_lib_files(xdm_t)
  
  logging_read_generic_logs(xdm_t)
@@ -26677,7 +26680,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  
  xserver_rw_session_template(xdm,xdm_t,xdm_tmpfs_t)
  xserver_unconfined(xdm_t)
-@@ -348,10 +415,12 @@
+@@ -348,10 +418,12 @@
  
  optional_policy(`
  	alsa_domtrans(xdm_t)
@@ -26690,7 +26693,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  ')
  
  optional_policy(`
-@@ -359,6 +428,19 @@
+@@ -359,6 +431,19 @@
  ')
  
  optional_policy(`
@@ -26710,7 +26713,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  	# Talk to the console mouse server.
  	gpm_stream_connect(xdm_t)
  	gpm_setattr_gpmctl(xdm_t)
-@@ -369,6 +451,10 @@
+@@ -369,6 +454,10 @@
  ')
  
  optional_policy(`
@@ -26721,7 +26724,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  	loadkeys_exec(xdm_t)
  ')
  
-@@ -382,16 +468,25 @@
+@@ -382,16 +471,25 @@
  ')
  
  optional_policy(`
@@ -26748,7 +26751,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  
  	ifndef(`distro_redhat',`
  		allow xdm_t self:process { execheap execmem };
-@@ -427,7 +522,7 @@
+@@ -427,7 +525,7 @@
  allow xdm_xserver_t xdm_var_lib_t:file { getattr read };
  dontaudit xdm_xserver_t xdm_var_lib_t:dir search;
  
@@ -26757,7 +26760,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  
  # Label pid and temporary files with derived types.
  manage_files_pattern(xdm_xserver_t,xdm_tmp_t,xdm_tmp_t)
-@@ -439,6 +534,15 @@
+@@ -439,6 +537,15 @@
  can_exec(xdm_xserver_t, xkb_var_lib_t)
  files_search_var_lib(xdm_xserver_t)
  
@@ -26773,7 +26776,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  # VNC v4 module in X server
  corenet_tcp_bind_vnc_port(xdm_xserver_t)
  
-@@ -450,10 +554,19 @@
+@@ -450,10 +557,19 @@
  # xdm_xserver_t may no longer have any reason
  # to read ROLE_home_t - examine this in more detail
  # (xauth?)
@@ -26794,7 +26797,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  tunable_policy(`use_nfs_home_dirs',`
  	fs_manage_nfs_dirs(xdm_xserver_t)
  	fs_manage_nfs_files(xdm_xserver_t)
-@@ -467,6 +580,22 @@
+@@ -467,6 +583,22 @@
  ')
  
  optional_policy(`
@@ -26817,7 +26820,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  	resmgr_stream_connect(xdm_t)
  ')
  
-@@ -476,16 +605,32 @@
+@@ -476,16 +608,32 @@
  ')
  
  optional_policy(`
diff --git a/sources b/sources
index 085fe0cb..b609d013 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-b0174321ec3ee349bedfa8d4422b6bf2  serefpolicy-3.4.1.tgz
+5a1211d6182c84aa9da2fc92324e8b21  serefpolicy-3.4.1.tgz