From d1c6ab73f37fba5b57654b50718608828b62fa5c Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@fedoraproject.org>
Date: Thu, 31 Dec 2009 14:18:29 +0000
Subject: [PATCH] - Lots of fixes found in F12, fixes from Tom London

---
 policy-F13.patch | 45 ++++++++++++++++++++++++---------------------
 1 file changed, 24 insertions(+), 21 deletions(-)

diff --git a/policy-F13.patch b/policy-F13.patch
index 8193fc65..b807b9f9 100644
--- a/policy-F13.patch
+++ b/policy-F13.patch
@@ -20618,12 +20618,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.te serefpolicy-3.7.5/policy/modules/services/prelude.te
 --- nsaserefpolicy/policy/modules/services/prelude.te	2009-12-18 11:38:25.000000000 -0500
-+++ serefpolicy-3.7.5/policy/modules/services/prelude.te	2009-12-30 08:34:35.000000000 -0500
++++ serefpolicy-3.7.5/policy/modules/services/prelude.te	2009-12-31 08:17:44.000000000 -0500
 @@ -90,6 +90,7 @@
  corenet_tcp_bind_prelude_port(prelude_t)
  corenet_tcp_connect_prelude_port(prelude_t)
  corenet_tcp_connect_postgresql_port(prelude_t)
-+corenet_tcp_connect_mysql_port(prelude_t)
++corenet_tcp_connect_mysqld_port(prelude_t)
  
  dev_read_rand(prelude_t)
  dev_read_urand(prelude_t)
@@ -29244,7 +29244,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/kdump.
 +permissive kdump_t;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.7.5/policy/modules/system/libraries.fc
 --- nsaserefpolicy/policy/modules/system/libraries.fc	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.5/policy/modules/system/libraries.fc	2009-12-29 20:06:09.000000000 -0500
++++ serefpolicy-3.7.5/policy/modules/system/libraries.fc	2009-12-31 08:59:50.000000000 -0500
 @@ -60,12 +60,15 @@
  #
  # /opt
@@ -29460,7 +29460,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
  ') dnl end distro_redhat
  
  #
-@@ -307,10 +316,125 @@
+@@ -307,10 +316,127 @@
  
  /var/mailman/pythonlib(/.*)?/.+\.so(\..*)? --	gen_context(system_u:object_r:lib_t,s0)
  
@@ -29586,6 +29586,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
 +/opt/AutoScan/usr/lib/libvte\.so.*			     --	gen_context(system_u:object_r:textrel_shlib_t,s0)
 +
 +/usr/bin/bsnes		     --	gen_context(system_u:object_r:textrel_shlib_t,s0)
++
++/usr/lib/firefox/plugins/libractrl\.so	     --	gen_context(system_u:object_r:textrel_shlib_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.if serefpolicy-3.7.5/policy/modules/system/libraries.if
 --- nsaserefpolicy/policy/modules/system/libraries.if	2009-07-14 14:19:57.000000000 -0400
 +++ serefpolicy-3.7.5/policy/modules/system/libraries.if	2009-12-21 13:07:09.000000000 -0500
@@ -32559,7 +32561,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
 +HOME_DIR/\.gvfs(/.*)?	<<none>>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.7.5/policy/modules/system/userdomain.if
 --- nsaserefpolicy/policy/modules/system/userdomain.if	2009-08-31 13:30:04.000000000 -0400
-+++ serefpolicy-3.7.5/policy/modules/system/userdomain.if	2009-12-21 13:07:09.000000000 -0500
++++ serefpolicy-3.7.5/policy/modules/system/userdomain.if	2009-12-31 08:43:59.000000000 -0500
 @@ -30,8 +30,9 @@
  	')
  
@@ -33916,7 +33918,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	read_files_pattern($1, { user_home_dir_t user_home_t }, user_home_t)
  	files_search_home($1)
  ')
-@@ -1686,11 +1875,11 @@
+@@ -1686,11 +1875,12 @@
  #
  interface(`userdom_dontaudit_read_user_home_content_files',`
  	gen_require(`
@@ -33928,10 +33930,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
 -	dontaudit $1 user_home_t:file read_file_perms;
 +	dontaudit $1 user_home_type:dir list_dir_perms;
 +	dontaudit $1 user_home_type:file read_file_perms;
++	dontaudit $1 user_home_t:lnk_file read_lnk_file_perms;
  ')
  
  ########################################
-@@ -1797,19 +1986,32 @@
+@@ -1797,19 +1987,32 @@
  #
  interface(`userdom_exec_user_home_content_files',`
  	gen_require(`
@@ -33971,7 +33974,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -1844,6 +2046,7 @@
+@@ -1844,6 +2047,7 @@
  interface(`userdom_manage_user_home_content_files',`
  	gen_require(`
  		type user_home_dir_t, user_home_t;
@@ -33979,7 +33982,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	')
  
  	manage_files_pattern($1, user_home_t, user_home_t)
-@@ -2196,6 +2399,25 @@
+@@ -2196,6 +2400,25 @@
  
  ########################################
  ## <summary>
@@ -34005,7 +34008,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ##	Do not audit attempts to manage users
  ##	temporary files.
  ## </summary>
-@@ -2276,7 +2498,7 @@
+@@ -2276,7 +2499,7 @@
  ########################################
  ## <summary>
  ##	Create, read, write, and delete user
@@ -34014,7 +34017,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ## </summary>
  ## <param name="domain">
  ##	<summary>
-@@ -2284,19 +2506,19 @@
+@@ -2284,19 +2507,19 @@
  ##	</summary>
  ## </param>
  #
@@ -34037,7 +34040,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ## </summary>
  ## <param name="domain">
  ##	<summary>
-@@ -2304,19 +2526,19 @@
+@@ -2304,19 +2527,19 @@
  ##	</summary>
  ## </param>
  #
@@ -34060,7 +34063,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ## </summary>
  ## <param name="domain">
  ##	<summary>
-@@ -2324,12 +2546,52 @@
+@@ -2324,12 +2547,52 @@
  ##	</summary>
  ## </param>
  #
@@ -34115,7 +34118,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	files_search_tmp($1)
  ')
  
-@@ -2391,7 +2653,7 @@
+@@ -2391,7 +2654,7 @@
  
  ########################################
  ## <summary>
@@ -34124,7 +34127,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ## </summary>
  ## <param name="domain">
  ##	<summary>
-@@ -2399,19 +2661,21 @@
+@@ -2399,19 +2662,21 @@
  ##	</summary>
  ## </param>
  #
@@ -34150,7 +34153,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ## </summary>
  ## <param name="domain">
  ##	<summary>
-@@ -2419,15 +2683,14 @@
+@@ -2419,15 +2684,14 @@
  ##	</summary>
  ## </param>
  #
@@ -34170,7 +34173,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2749,7 +3012,7 @@
+@@ -2749,7 +3013,7 @@
  
  	domain_entry_file_spec_domtrans($1, unpriv_userdomain)
  	allow unpriv_userdomain $1:fd use;
@@ -34179,7 +34182,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	allow unpriv_userdomain $1:process sigchld;
  ')
  
-@@ -2765,11 +3028,33 @@
+@@ -2765,11 +3029,33 @@
  #
  interface(`userdom_search_user_home_content',`
  	gen_require(`
@@ -34215,7 +34218,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2897,7 +3182,43 @@
+@@ -2897,7 +3183,43 @@
  		type user_tmp_t;
  	')
  
@@ -34260,7 +34263,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -2934,6 +3255,7 @@
+@@ -2934,6 +3256,7 @@
  	')
  
  	read_files_pattern($1, userdomain, userdomain)
@@ -34268,7 +34271,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  	kernel_search_proc($1)
  ')
  
-@@ -3064,3 +3386,656 @@
+@@ -3064,3 +3387,656 @@
  
  	allow $1 userdomain:dbus send_msg;
  ')