second part of dans patch Tue, 11 Apr 2006 09:25:24 -0400

refpolicy/policy/modules/apps/ada.fc

@@ -0,0 +1,9 @@
+#
+# /usr
+#
+ifdef(`targeted_policy',`
+/usr/bin/gnatbind	--	gen_context(system_u:object_r:ada_exec_t,s0)
+/usr/bin/gnatls		--	gen_context(system_u:object_r:ada_exec_t,s0)
+/usr/bin/gnatmake	--	gen_context(system_u:object_r:ada_exec_t,s0)
+/usr/libexec/gcc(/.*)?/gnat1 -- gen_context(system_u:object_r:ada_exec_t,s0)
+')

refpolicy/policy/modules/apps/ada.if

@@ -0,0 +1,29 @@
+## <summary>GNAT Ada95 compiler</summary>
+
+########################################
+## <summary>
+##	Execute the ada program in the ada domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`ada_domtrans',`
+	ifdef(`targeted_policy',`
+		gen_require(`
+			type ada_t, ada_exec_t;
+		')
+
+		corecmd_search_bin($1)
+		domain_auto_trans($1, ada_exec_t, ada_t)
+
+		allow $1 ada_t:fd use;
+		allow ada_t $1:fd use;
+		allow ada_t $1:fifo_file rw_file_perms;
+		allow ada_t $1:process sigchld;
+	',`
+		errprint(`Warning: $0($1) has no effect in strict policy.'__endline__)
+	')
+')

refpolicy/policy/modules/apps/ada.te

@@ -0,0 +1,23 @@
+
+policy_module(ada,1.0.0)
+
+########################################
+#
+# Declarations
+#
+
+type ada_t;
+type ada_exec_t;
+domain_type(ada_t)
+domain_entry_file(ada_t,ada_exec_t)
+
+########################################
+#
+# Local policy
+#
+
+ifdef(`targeted_policy',`
+	allow ada_t self:process { execstack execmem };
+	unconfined_domain_noaudit(ada_t)
+	role system_r types ada_t;
+')

refpolicy/policy/modules/apps/mono.te

@@ -1,5 +1,5 @@
 
-policy_module(mono,1.1.0)
+policy_module(mono,1.1.1)
 
 ########################################
 #
@@ -21,4 +21,12 @@ ifdef(`targeted_policy',`
 	allow mono_t self:process { execheap execmem };
 	unconfined_domain_noaudit(mono_t)
 	role system_r types mono_t;
+
+	optional_policy(`
+		avahi_dbus_chat(mono_t)
+	')
+
+	optional_policy(`
+		hal_dbus_chat(mono_t)
+	')
 ')

refpolicy/policy/modules/kernel/devices.if

@@ -2530,6 +2530,25 @@ interface(`dev_list_usbfs',`
 	allow $1 usbfs_t:file getattr;
 ')
 
+########################################
+## <summary>
+##	Set the attributes of usbfs filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`dev_setattr_usbfs_files',`
+	gen_require(`
+		type usbfs_t;
+	')
+
+	allow $1 usbfs_t:dir r_dir_perms;
+	allow $1 usbfs_t:file setattr;
+')
+
 ########################################
 ## <summary>
 ##	Read USB hardware information using

refpolicy/policy/modules/kernel/devices.te

@@ -1,5 +1,5 @@
 
-policy_module(devices,1.1.9)
+policy_module(devices,1.1.10)
 
 ########################################
 #

refpolicy/policy/modules/services/hal.te

@@ -1,5 +1,5 @@
 
-policy_module(hal,1.3.3)
+policy_module(hal,1.3.4)
 
 ########################################
 #
@@ -80,6 +80,8 @@ dev_read_lvm_control(hald_t)
 dev_getattr_all_chr_files(hald_t)
 dev_manage_generic_chr_files(hald_t)
 dev_rw_generic_usb_dev(hald_t)
+dev_setattr_generic_usb_dev(hald_t)
+dev_setattr_usbfs_files(hald_t)
 
 # hal is now execing pm-suspend
 dev_rw_sysfs(hald_t)

refpolicy/policy/modules/system/unconfined.te

@@ -1,5 +1,5 @@
 
-policy_module(unconfined,1.3.4)
+policy_module(unconfined,1.3.5)
 
 ########################################
 #
@@ -41,9 +41,9 @@ ifdef(`targeted_policy',`
 	userdom_unconfined(unconfined_t)
 	userdom_priveleged_home_dir_manager(unconfined_t)
 
-#	optional_policy(`
-#		ada_domtrans(unconfined_t)
-#	')
+	optional_policy(`
+		ada_domtrans(unconfined_t)
+	')
 
 	optional_policy(`
 		amanda_domtrans_recover(unconfined_t)