trunk: networkmanager/ppp patch from dan.

policy/modules/services/networkmanager.if

@@ -97,3 +97,40 @@ interface(`networkmanager_dbus_chat',`
 	allow $1 NetworkManager_t:dbus send_msg;
 	allow NetworkManager_t $1:dbus send_msg;
 ')
+
+########################################
+## <summary>
+##	Send a generic signal to NetworkManager
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`networkmanager_signal',`
+	gen_require(`
+		type NetworkManager_t;
+	')
+
+	allow $1 NetworkManager_t:process signal;
+')
+
+########################################
+## <summary>
+##	Read NetworkManager PID files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`networkmanager_read_pid_files',`
+	gen_require(`
+		type NetworkManager_var_run_t;
+	')
+
+	files_search_pids($1)
+	allow $1 NetworkManager_var_run_t:file read_file_perms;
+')

policy/modules/services/networkmanager.te

@@ -1,5 +1,5 @@
 
-policy_module(networkmanager, 1.10.0)
+policy_module(networkmanager, 1.10.1)
 
 ########################################
 #
@@ -10,6 +10,12 @@ type NetworkManager_t;
 type NetworkManager_exec_t;
 init_daemon_domain(NetworkManager_t, NetworkManager_exec_t)
 
+type NetworkManager_log_t;
+logging_log_file(NetworkManager_log_t)
+
+type NetworkManager_script_exec_t;
+init_script_file(NetworkManager_script_exec_t)
+
 type NetworkManager_var_run_t;
 files_pid_file(NetworkManager_var_run_t)
 

policy/modules/services/ppp.fc

@@ -1,6 +1,8 @@
 #
 # /etc
 #
+/etc/rc.d/init.d/ppp		--	gen_context(system_u:object_r:pppd_script_exec_t,s0)
+
 /etc/ppp			-d	gen_context(system_u:object_r:pppd_etc_t,s0)
 /etc/ppp(/.*)?			--	gen_context(system_u:object_r:pppd_etc_rw_t,s0)
 /etc/ppp/peers(/.*)?			gen_context(system_u:object_r:pppd_etc_rw_t,s0)

policy/modules/services/ppp.if

@@ -74,6 +74,24 @@ interface(`ppp_signal',`
 	allow $1 pppd_t:process signal;
 ')
 
+########################################
+## <summary>
+##	Send a generic signull to PPP.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`ppp_signull',`
+	gen_require(`
+		type pppd_t;
+	')
+
+	allow $1 pppd_t:process signull;
+')
+
 ########################################
 ## <summary>
 ##	 Execute domain in the ppp domain.

policy/modules/services/ppp.te

@@ -1,5 +1,5 @@
 
-policy_module(ppp, 1.8.0)
+policy_module(ppp, 1.8.1)
 
 ########################################
 #
@@ -71,7 +71,7 @@ files_pid_file(pptp_var_run_t)
 # PPPD Local policy
 #
 
-allow pppd_t self:capability { net_admin setuid setgid fsetid fowner net_raw dac_override };
+allow pppd_t self:capability { kill net_admin setuid setgid fsetid fowner net_raw dac_override };
 dontaudit pppd_t self:capability sys_tty_config;
 allow pppd_t self:process signal;
 allow pppd_t self:fifo_file rw_fifo_file_perms;
@@ -116,7 +116,7 @@ allow pppd_t pppd_secret_t:file read_file_perms;
 
 kernel_read_kernel_sysctls(pppd_t)
 kernel_read_system_state(pppd_t)
-kernel_read_net_sysctls(pppd_t)
+kernel_rw_net_sysctls(pppd_t)
 kernel_read_network_state(pppd_t)
 kernel_load_module(pppd_t)
 
@@ -199,6 +199,10 @@ optional_policy(`
 	mta_send_mail(pppd_t)
 ')
 
+optional_policy(`
+	networkmanager_signal(pppd_t)
+')
+
 optional_policy(`
 	postfix_domtrans_master(pppd_t)
 ')