trunk: 4 patches from dan.

policy/modules/apps/games.if

@@ -30,3 +30,22 @@ interface(`games_role',`
 	ps_process_pattern($2, games_t)
 	allow $2 games_t:process signal_perms;
 ')
+
+########################################
+## <summary>
+##	Allow the specified domain to read/write
+##	games data.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`games_rw_data',`
+	gen_require(`
+		type games_data_t;
+	')
+
+	rw_files_pattern($1, games_data_t, games_data_t)
+')

policy/modules/apps/games.te

@@ -1,5 +1,5 @@
 
-policy_module(games, 2.0.1)
+policy_module(games, 2.0.2)
 
 ########################################
 #

policy/modules/apps/loadkeys.te

@@ -1,5 +1,5 @@
 
-policy_module(loadkeys, 1.5.0)
+policy_module(loadkeys, 1.5.1)
 
 ########################################
 #
@@ -40,6 +40,7 @@ locallogin_use_fds(loadkeys_t)
 miscfiles_read_localization(loadkeys_t)
 
 userdom_use_user_ttys(loadkeys_t)
+userdom_list_user_home_dirs(loadkeys_t)
 
 optional_policy(`
 	nscd_dontaudit_search_pid(loadkeys_t)

policy/modules/apps/mplayer.fc

@@ -8,6 +8,7 @@
 #
 /usr/bin/mplayer	--	gen_context(system_u:object_r:mplayer_exec_t,s0)
 /usr/bin/mencoder	--	gen_context(system_u:object_r:mencoder_exec_t,s0)
+/usr/bin/vlc		--	gen_context(system_u:object_r:mplayer_exec_t,s0)
 /usr/bin/xine		--	gen_context(system_u:object_r:mplayer_exec_t,s0)
 
 HOME_DIR/\.mplayer(/.*)?        gen_context(system_u:object_r:mplayer_home_t,s0)

policy/modules/apps/mplayer.if

@@ -65,6 +65,25 @@ interface(`mplayer_domtrans',`
 	domtrans_pattern($1, mplayer_exec_t, mplayer_t)
 ')
 
+########################################
+## <summary>
+##      Execute mplayer in the caller domain.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+#
+interface(`mplayer_exec',`
+	gen_require(`
+		type mplayer_exec_t;
+	')
+
+	can_exec($1, mplayer_exec_t)
+')
+
 ########################################
 ## <summary>
 ##	Read mplayer per user homedir

policy/modules/apps/mplayer.te

@@ -1,5 +1,5 @@
 
-policy_module(mplayer, 2.0.0)
+policy_module(mplayer, 2.0.1)
 
 ########################################
 #

policy/modules/apps/slocate.te

@@ -1,5 +1,5 @@
 
-policy_module(slocate, 1.8.0)
+policy_module(slocate, 1.8.1)
 
 #################################
 #
@@ -22,7 +22,7 @@ files_type(locate_var_lib_t)
 #
 
 allow locate_t self:capability { chown dac_read_search dac_override fowner fsetid };
-allow locate_t self:process { execmem execheap execstack };
+allow locate_t self:process { execmem execheap execstack signal };
 allow locate_t self:fifo_file rw_fifo_file_perms;
 allow locate_t self:unix_stream_socket create_socket_perms;
 
@@ -46,6 +46,8 @@ files_read_etc_files(locate_t)
 
 fs_getattr_all_fs(locate_t)
 fs_getattr_all_files(locate_t)
+fs_getattr_all_pipes(locate_t)
+fs_getattr_all_symlinks(locate_t)
 fs_list_all(locate_t)
 fs_list_inotifyfs(locate_t)