Add usbmuxd from Dan Walsh.

2010-03-29 13:29:18 -04:00 · 2010-03-29 13:29:18 -04:00 · ee2d2dda24
commit ee2d2dda24
parent 6d4dbd20ae
4 changed files with 86 additions and 0 deletions
--- a/1
+++ b/1
@ -7,6 +7,7 @@
 	likewise (Scott Salley)
 	pyicqt (Stefan Schulze Frielinghaus)
 	sectoolm (Miroslav Grepl)
 	usbmuxd (Dan Walsh)
 	vhostmd (Dan Walsh)
 * Tue Nov 17 2009 Chris PeBenito <selinux@tresys.com> - 2.20091117
--- a/policy/modules/services/usbmuxd.fc
+++ b/policy/modules/services/usbmuxd.fc
@ -0,0 +1,3 @@
 /usr/sbin/usbmuxd	--	gen_context(system_u:object_r:usbmuxd_exec_t,s0)
 /var/run/usbmuxd	-s 	gen_context(system_u:object_r:usbmuxd_var_run_t,s0)
--- a/policy/modules/services/usbmuxd.if
+++ b/policy/modules/services/usbmuxd.if
@ -0,0 +1,39 @@
 ## <summary>USB multiplexing daemon for communicating with Apple iPod Touch and iPhone</summary>
 ########################################
 ## <summary>
 ##	Execute a domain transition to run usbmuxd.
 ## </summary>
 ## <param name="domain">
 ## <summary>
 ##	Domain allowed to transition.
 ## </summary>
 ## </param>
 #
 interface(`usbmuxd_domtrans',`
 	gen_require(`
 		type usbmuxd_t, usbmuxd_exec_t;
 	')
 	domtrans_pattern($1, usbmuxd_exec_t, usbmuxd_t)
 ')
 #####################################
 ## <summary>
 ##	Connect to usbmuxd over a unix domain
 ##	stream socket.
 ## </summary>
 ## <param name="domain">
 ##	<summary>
 ##	Domain allowed access.
 ##	</summary>
 ## </param>
 #
 interface(`usbmuxd_stream_connect',`
 	gen_require(`
 		type usbmuxd_t, usbmuxd_var_run_t;
 	')
 	files_search_pids($1)
 	stream_connect_pattern($1, usbmuxd_var_run_t, usbmuxd_var_run_t, usbmuxd_t)
 ')
--- a/policy/modules/services/usbmuxd.te
+++ b/policy/modules/services/usbmuxd.te
@ -0,0 +1,43 @@
 policy_module(usbmuxd, 1.0.0)
 ########################################
 #
 # Declarations
 #
 type usbmuxd_t;
 type usbmuxd_exec_t;
 application_domain(usbmuxd_t, usbmuxd_exec_t)
 role system_r types usbmuxd_t;
 type usbmuxd_var_run_t;
 files_pid_file(usbmuxd_var_run_t)
 ########################################
 #
 # usbmuxd local policy
 #
 allow usbmuxd_t self:capability { kill setgid setuid };
 allow usbmuxd_t self:process { fork signal signull };
 allow usbmuxd_t self:fifo_file rw_fifo_file_perms;
 manage_dirs_pattern(usbmuxd_t, usbmuxd_var_run_t, usbmuxd_var_run_t)
 manage_files_pattern(usbmuxd_t, usbmuxd_var_run_t, usbmuxd_var_run_t)
 manage_sock_files_pattern(usbmuxd_t, usbmuxd_var_run_t, usbmuxd_var_run_t)
 files_pid_filetrans(usbmuxd_t, usbmuxd_var_run_t, { file dir sock_file })
 kernel_read_kernel_sysctls(usbmuxd_t)
 kernel_read_system_state(usbmuxd_t)
 dev_read_sysfs(usbmuxd_t)
 dev_rw_generic_usb_dev(usbmuxd_t)
 files_read_etc_files(usbmuxd_t)
 miscfiles_read_localization(usbmuxd_t)
 auth_use_nsswitch(usbmuxd_t)
 logging_send_syslog_msg(usbmuxd_t)
		`@ -0,0 +1,3 @@`
							`/usr/sbin/usbmuxd -- gen_context(system_u:object_r:usbmuxd_exec_t,s0)`

							`/var/run/usbmuxd -s gen_context(system_u:object_r:usbmuxd_var_run_t,s0)`