add appconfig for mls and mcs

refpolicy/Changelog

@@ -1,4 +1,5 @@
 - Add experimental MCS support.
+- Add appconfig for MLS.
 - Add equivalents for old can_resolve(), can_ldap(), and
   can_portmap() to sysnetwork.
 - Fix base module compile issues.

refpolicy/Makefile

@@ -152,14 +152,9 @@ endif
 FC := file_contexts
 POLVER := policy.$(PV)
 
-ifneq ($(findstring targeted,$(TYPE)),)
-	APPCONF := config/appconfig-targeted
-else
-	APPCONF := config/appconfig-strict
-endif
-
 M4SUPPORT = $(wildcard $(POLDIR)/support/*.spt)
 
+APPCONF := config/appconfig-$(TYPE)
 APPDIR := $(CONTEXTPATH)
 APPFILES := $(addprefix $(APPDIR)/,default_contexts default_type initrc_context failsafe_context userhelper_context removable_context dbus_contexts customizable_types) $(CONTEXTPATH)/files/media $(INSTALLDIR)/booleans
 CONTEXTFILES += $(wildcard $(APPCONF)/*_context*) $(APPCONF)/media

refpolicy/config/appconfig-strict-mcs/dbus_contexts

@@ -0,0 +1,6 @@
+<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+  <selinux>
+  </selinux>
+</busconfig>

refpolicy/config/appconfig-strict-mcs/default_contexts

@@ -0,0 +1,12 @@
+system_r:sulogin_t:s0	sysadm_r:sysadm_t:s0
+system_r:local_login_t:s0	staff_r:staff_t:s0 user_r:user_t:s0 sysadm_r:sysadm_t:s0
+system_r:remote_login_t:s0	user_r:user_t:s0 staff_r:staff_t:s0
+system_r:sshd_t:s0		user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
+system_r:crond_t:s0	user_r:user_crond_t:s0 staff_r:staff_crond_t:s0 sysadm_r:sysadm_crond_t:s0 system_r:system_crond_t:s0 mailman_r:user_crond_t:s0
+system_r:xdm_t:s0		staff_r:staff_t:s0 user_r:user_t:s0 sysadm_r:sysadm_t:s0 
+staff_r:staff_su_t:s0	staff_r:staff_t:s0 user_r:user_t:s0 sysadm_r:sysadm_t:s0 
+sysadm_r:sysadm_su_t:s0	staff_r:staff_t:s0 user_r:user_t:s0 sysadm_r:sysadm_t:s0 
+user_r:user_su_t:s0	staff_r:staff_t:s0 user_r:user_t:s0 sysadm_r:sysadm_t:s0 
+sysadm_r:sysadm_sudo_t:s0	sysadm_r:sysadm_t:s0
+staff_r:staff_sudo_t:s0	sysadm_r:sysadm_t:s0 staff_r:staff_t:s0
+user_r:user_sudo_t:s0	sysadm_r:sysadm_t:s0 user_r:user_t:s0

refpolicy/config/appconfig-strict-mcs/default_type

@@ -0,0 +1,3 @@
+sysadm_r:sysadm_t:s0
+staff_r:staff_t:s0
+user_r:user_t:s0

refpolicy/config/appconfig-strict-mcs/failsafe_context

@@ -0,0 +1 @@
+sysadm_r:sysadm_t:s0

refpolicy/config/appconfig-strict-mcs/initrc_context

@@ -0,0 +1 @@
+system_u:system_r:initrc_t:s0

refpolicy/config/appconfig-strict-mcs/media

@@ -0,0 +1,3 @@
+cdrom system_u:object_r:removable_device_t:s0
+floppy system_u:object_r:removable_device_t:s0
+disk system_u:object_r:fixed_disk_device_t:s0

refpolicy/config/appconfig-strict-mcs/removable_context

@@ -0,0 +1 @@
+system_u:object_r:removable_t:s0

refpolicy/config/appconfig-strict-mcs/root_default_contexts

@@ -0,0 +1,9 @@
+system_r:local_login_t:s0  sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
+system_r:crond_t:s0	sysadm_r:sysadm_crond_t:s0 staff_r:staff_crond_t:s0 user_r:user_crond_t:s0
+staff_r:staff_su_t:s0	sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
+sysadm_r:sysadm_su_t:s0	sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
+user_r:user_su_t:s0	sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
+#
+# Uncomment if you want to automatically login as sysadm_r
+#
+#system_r:sshd_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0

refpolicy/config/appconfig-strict-mcs/userhelper_context

@@ -0,0 +1 @@
+system_u:sysadm_r:sysadm_t:s0

refpolicy/config/appconfig-strict-mls/dbus_contexts

@@ -0,0 +1,6 @@
+<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+  <selinux>
+  </selinux>
+</busconfig>

refpolicy/config/appconfig-strict-mls/default_contexts

@@ -0,0 +1,12 @@
+system_r:sulogin_t:s0	sysadm_r:sysadm_t:s0
+system_r:local_login_t:s0	staff_r:staff_t:s0 user_r:user_t:s0 sysadm_r:sysadm_t:s0
+system_r:remote_login_t:s0	user_r:user_t:s0 staff_r:staff_t:s0
+system_r:sshd_t:s0		user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
+system_r:crond_t:s0	user_r:user_crond_t:s0 staff_r:staff_crond_t:s0 sysadm_r:sysadm_crond_t:s0 system_r:system_crond_t:s0 mailman_r:user_crond_t:s0
+system_r:xdm_t:s0		staff_r:staff_t:s0 user_r:user_t:s0 sysadm_r:sysadm_t:s0 
+staff_r:staff_su_t:s0	staff_r:staff_t:s0 user_r:user_t:s0 sysadm_r:sysadm_t:s0 
+sysadm_r:sysadm_su_t:s0	staff_r:staff_t:s0 user_r:user_t:s0 sysadm_r:sysadm_t:s0 
+user_r:user_su_t:s0	staff_r:staff_t:s0 user_r:user_t:s0 sysadm_r:sysadm_t:s0 
+sysadm_r:sysadm_sudo_t:s0	sysadm_r:sysadm_t:s0
+staff_r:staff_sudo_t:s0	sysadm_r:sysadm_t:s0 staff_r:staff_t:s0
+user_r:user_sudo_t:s0	sysadm_r:sysadm_t:s0 user_r:user_t:s0

refpolicy/config/appconfig-strict-mls/default_type

@@ -0,0 +1,3 @@
+sysadm_r:sysadm_t:s0
+staff_r:staff_t:s0
+user_r:user_t:s0

refpolicy/config/appconfig-strict-mls/failsafe_context

@@ -0,0 +1 @@
+sysadm_r:sysadm_t:s0

refpolicy/config/appconfig-strict-mls/initrc_context

@@ -0,0 +1 @@
+system_u:system_r:initrc_t:s0

refpolicy/config/appconfig-strict-mls/media

@@ -0,0 +1,3 @@
+cdrom system_u:object_r:removable_device_t:s0
+floppy system_u:object_r:removable_device_t:s0
+disk system_u:object_r:fixed_disk_device_t:s0

refpolicy/config/appconfig-strict-mls/removable_context

@@ -0,0 +1 @@
+system_u:object_r:removable_t:s0

refpolicy/config/appconfig-strict-mls/root_default_contexts

@@ -0,0 +1,9 @@
+system_r:local_login_t:s0  sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
+system_r:crond_t:s0	sysadm_r:sysadm_crond_t:s0 staff_r:staff_crond_t:s0 user_r:user_crond_t:s0
+staff_r:staff_su_t:s0	sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
+sysadm_r:sysadm_su_t:s0	sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
+user_r:user_su_t:s0	sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
+#
+# Uncomment if you want to automatically login as sysadm_r
+#
+#system_r:sshd_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0

refpolicy/config/appconfig-strict-mls/userhelper_context

@@ -0,0 +1 @@
+system_u:sysadm_r:sysadm_t:s0

refpolicy/config/appconfig-targeted-mcs/dbus_contexts

@@ -0,0 +1,6 @@
+<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+  <selinux>
+  </selinux>
+</busconfig>

refpolicy/config/appconfig-targeted-mcs/default_contexts

@@ -0,0 +1,6 @@
+system_r:unconfined_t:s0	system_r:unconfined_t:s0
+system_r:initrc_t:s0	system_r:unconfined_t:s0
+system_r:local_login_t:s0 system_r:unconfined_t:s0
+system_r:remote_login_t:s0 system_r:unconfined_t:s0
+system_r:rshd_t:s0		system_r:unconfined_t:s0
+system_r:crond_t:s0	system_r:unconfined_t:s0

refpolicy/config/appconfig-targeted-mcs/default_type

@@ -0,0 +1 @@
+system_r:unconfined_t:s0

refpolicy/config/appconfig-targeted-mcs/failsafe_context

@@ -0,0 +1 @@
+system_r:unconfined_t:s0

refpolicy/config/appconfig-targeted-mcs/initrc_context

@@ -0,0 +1 @@
+user_u:system_r:unconfined_t:s0

refpolicy/config/appconfig-targeted-mcs/media

@@ -0,0 +1,3 @@
+cdrom system_u:object_r:removable_device_t:s0
+floppy system_u:object_r:removable_device_t:s0
+disk system_u:object_r:fixed_disk_device_t:s0

refpolicy/config/appconfig-targeted-mcs/removable_context

@@ -0,0 +1 @@
+system_u:object_r:removable_t:s0

refpolicy/config/appconfig-targeted-mcs/root_default_contexts

@@ -0,0 +1,2 @@
+system_r:unconfined_t:s0	system_r:unconfined_t:s0
+system_r:initrc_t:s0	system_r:unconfined_t:s0

refpolicy/config/appconfig-targeted-mcs/userhelper_context

@@ -0,0 +1 @@
+system_u:system_r:unconfined_t:s0	

refpolicy/config/appconfig-targeted-mls/dbus_contexts

@@ -0,0 +1,6 @@
+<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+  <selinux>
+  </selinux>
+</busconfig>

refpolicy/config/appconfig-targeted-mls/default_contexts

@@ -0,0 +1,6 @@
+system_r:unconfined_t:s0	system_r:unconfined_t:s0
+system_r:initrc_t:s0	system_r:unconfined_t:s0
+system_r:local_login_t:s0 system_r:unconfined_t:s0
+system_r:remote_login_t:s0 system_r:unconfined_t:s0
+system_r:rshd_t:s0		system_r:unconfined_t:s0
+system_r:crond_t:s0	system_r:unconfined_t:s0

refpolicy/config/appconfig-targeted-mls/default_type

@@ -0,0 +1 @@
+system_r:unconfined_t:s0

refpolicy/config/appconfig-targeted-mls/failsafe_context

@@ -0,0 +1 @@
+system_r:unconfined_t:s0

refpolicy/config/appconfig-targeted-mls/initrc_context

@@ -0,0 +1 @@
+user_u:system_r:unconfined_t:s0

refpolicy/config/appconfig-targeted-mls/media

@@ -0,0 +1,3 @@
+cdrom system_u:object_r:removable_device_t:s0
+floppy system_u:object_r:removable_device_t:s0
+disk system_u:object_r:fixed_disk_device_t:s0

refpolicy/config/appconfig-targeted-mls/removable_context

@@ -0,0 +1 @@
+system_u:object_r:removable_t:s0

refpolicy/config/appconfig-targeted-mls/root_default_contexts

@@ -0,0 +1,2 @@
+system_r:unconfined_t:s0	system_r:unconfined_t:s0
+system_r:initrc_t:s0	system_r:unconfined_t:s0

refpolicy/config/appconfig-targeted-mls/userhelper_context

@@ -0,0 +1 @@
+system_u:system_r:unconfined_t:s0