From aa83007d5a15a314e4df2102cf225a446e43462e Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Tue, 1 Sep 2009 08:32:37 -0400
Subject: [PATCH] add hddtemp from dan.

---
 Changelog                               |  2 ++
 policy/modules/kernel/corenetwork.te.in |  3 +-
 policy/modules/services/hddtemp.fc      |  3 ++
 policy/modules/services/hddtemp.if      | 38 +++++++++++++++++++++++++
 policy/modules/services/hddtemp.te      | 38 +++++++++++++++++++++++++
 5 files changed, 83 insertions(+), 1 deletion(-)
 create mode 100644 policy/modules/services/hddtemp.fc
 create mode 100644 policy/modules/services/hddtemp.if
 create mode 100644 policy/modules/services/hddtemp.te

diff --git a/Changelog b/Changelog
index babf18ee..61bb77ce 100644
--- a/Changelog
+++ b/Changelog
@@ -8,6 +8,8 @@
 - Fix infrastructure to expand macros in initrc_context when installing.
 - Handle unix_chkpwd usage by useradd and groupadd.
 - Add missing compatibility aliases for xdm_xserver*_t types.
+- Added modules:
+	hddtemp (Dan Walsh)
 
 * Thu Jul 30 2009 Chris PeBenito <selinux@tresys.com> - 2.20090730
 - Gentoo fixes for init scripts and system startup.
diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in
index 9d100fe0..c62a95ea 100644
--- a/policy/modules/kernel/corenetwork.te.in
+++ b/policy/modules/kernel/corenetwork.te.in
@@ -1,5 +1,5 @@
 
-policy_module(corenetwork, 1.12.0)
+policy_module(corenetwork, 1.12.1)
 
 ########################################
 #
@@ -102,6 +102,7 @@ network_port(gatekeeper, udp,1718,s0, udp,1719,s0, tcp,1721,s0, tcp,7000,s0)
 network_port(giftd, tcp,1213,s0)
 network_port(gopher, tcp,70,s0, udp,70,s0)
 network_port(gpsd, tcp,2947,s0)
+network_port(hddtemp, tcp,7634,s0)
 network_port(howl, tcp,5335,s0, udp,5353,s0)
 network_port(hplip, tcp,1782,s0, tcp,2207,s0, tcp,2208,s0, tcp, 8290,s0, tcp,50000,s0, tcp,50002,s0, tcp,8292,s0, tcp,9100,s0, tcp,9101,s0, tcp,9102,s0, tcp,9220,s0, tcp,9221,s0, tcp,9222,s0, tcp,9280,s0, tcp,9281,s0, tcp,9282,s0, tcp,9290,s0, tcp,9291,s0, tcp,9292,s0)
 network_port(http, tcp,80,s0, tcp,443,s0, tcp,488,s0, tcp,8008,s0, tcp,8009,s0, tcp,8443,s0) #8443 is mod_nss default port
diff --git a/policy/modules/services/hddtemp.fc b/policy/modules/services/hddtemp.fc
new file mode 100644
index 00000000..67ea7b63
--- /dev/null
+++ b/policy/modules/services/hddtemp.fc
@@ -0,0 +1,3 @@
+/etc/rc\.d/init\.d/hddtemp	--	gen_context(system_u:object_r:hddtemp_initrc_exec_t,s0)
+
+/usr/sbin/hddtemp		--	gen_context(system_u:object_r:hddtemp_exec_t,s0)
diff --git a/policy/modules/services/hddtemp.if b/policy/modules/services/hddtemp.if
new file mode 100644
index 00000000..af251344
--- /dev/null
+++ b/policy/modules/services/hddtemp.if
@@ -0,0 +1,38 @@
+## <summary>hddtemp hard disk temperature tool running as a daemon</summary>
+
+#######################################
+## <summary>
+##	Execute hddtemp in the hddtemp domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`hddtemp_domtrans',`
+	gen_require(`
+		type hddtemp_t, hddtemp_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, hddtemp_exec_t, hddtemp_t)
+')
+
+######################################
+## <summary>
+##	Execute hddtemp 
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`hddtemp_exec',`
+	gen_require(`
+		type hddtemp_exec_t;
+	')
+
+	can_exec($1, hddtemp_exec_t)
+')
diff --git a/policy/modules/services/hddtemp.te b/policy/modules/services/hddtemp.te
new file mode 100644
index 00000000..e883ca38
--- /dev/null
+++ b/policy/modules/services/hddtemp.te
@@ -0,0 +1,38 @@
+
+policy_module(hddtemp, 1.0.0)
+
+########################################
+#
+# Declarations
+#
+
+type hddtemp_t;
+type hddtemp_exec_t;
+init_daemon_domain(hddtemp_t, hddtemp_exec_t)
+
+type hddtemp_initrc_exec_t;
+init_script_file(hddtemp_initrc_exec_t)
+
+########################################
+#
+# hddtemp local policy
+#
+
+allow hddtemp_t self:capability sys_rawio;
+dontaudit hddtemp_t self:capability sys_admin;
+allow hddtemp_t self:netlink_route_socket r_netlink_socket_perms;
+allow hddtemp_t self:tcp_socket create_stream_socket_perms;
+allow hddtemp_t self:udp_socket create_socket_perms;
+
+corenet_tcp_bind_all_nodes(hddtemp_t)
+corenet_tcp_bind_hddtemp_port(hddtemp_t)
+
+# read hddtemp db file
+files_read_usr_files(hddtemp_t)
+
+storage_raw_read_fixed_disk(hddtemp_t)
+
+logging_send_syslog_msg(hddtemp_t)
+
+miscfiles_read_localization(hddtemp_t)
+