From 2360ff9f3f2a928826aabab70f10bb8cc51127a1 Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@fedoraproject.org>
Date: Jul 15 2009 19:12:04 +0000
Subject: - Update to upstream


---

diff --git a/.cvsignore b/.cvsignore
index 7399076..1123577 100644
--- a/.cvsignore
+++ b/.cvsignore
@@ -177,3 +177,4 @@ serefpolicy-3.6.19.tgz
 serefpolicy-3.6.20.tgz
 serefpolicy-3.6.21.tgz
 setroubleshoot-2.2.11.tar.gz
+serefpolicy-3.6.22.tgz
diff --git a/exclude b/exclude
index 21b7aed..c4a4165 100644
--- a/exclude
+++ b/exclude
@@ -23,5 +23,6 @@ base.fc
 fc_sort
 CVS
 CVSROOT
+.git
 .svn
 svn
diff --git a/nsadiff b/nsadiff
index 95dcad2..24d319b 100755
--- a/nsadiff
+++ b/nsadiff
@@ -1 +1 @@
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy serefpolicy-3.6.21 > /tmp/diff
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy serefpolicy-3.6.22 > /tmp/diff
diff --git a/policy-F12.patch b/policy-F12.patch
index 83ac616..7f4adc3 100644
--- a/policy-F12.patch
+++ b/policy-F12.patch
@@ -5617,8 +5617,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wm.te serefpolicy-3.6.22/policy/modules/apps/wm.te
 --- nsaserefpolicy/policy/modules/apps/wm.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.22/policy/modules/apps/wm.te	2009-07-15 14:06:36.000000000 -0400
-@@ -0,0 +1,13 @@
++++ serefpolicy-3.6.22/policy/modules/apps/wm.te	2009-07-15 15:11:12.000000000 -0400
+@@ -0,0 +1,9 @@
 +policy_module(wm,0.0.4)
 +
 +########################################
@@ -5628,10 +5628,6 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +type wm_exec_t;
 +corecmd_executable_file(wm_exec_t)
-+
-+type wm_t;
-+domain_type(wm_t)
-+domain_entry_file(wm_t, wm_exec_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-3.6.22/policy/modules/kernel/corecommands.fc
 --- nsaserefpolicy/policy/modules/kernel/corecommands.fc	2009-07-14 14:19:57.000000000 -0400
 +++ serefpolicy-3.6.22/policy/modules/kernel/corecommands.fc	2009-07-15 14:06:36.000000000 -0400
@@ -6798,7 +6794,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-3.6.22/policy/modules/kernel/kernel.if
 --- nsaserefpolicy/policy/modules/kernel/kernel.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.22/policy/modules/kernel/kernel.if	2009-07-15 14:06:36.000000000 -0400
++++ serefpolicy-3.6.22/policy/modules/kernel/kernel.if	2009-07-15 14:51:40.000000000 -0400
 @@ -1807,7 +1807,7 @@
  	')
  
@@ -13924,7 +13920,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /usr/libexec/hald-addon-macbookpro-backlight --	gen_context(system_u:object_r:hald_mac_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.if serefpolicy-3.6.22/policy/modules/services/hal.if
 --- nsaserefpolicy/policy/modules/services/hal.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.22/policy/modules/services/hal.if	2009-07-15 14:06:36.000000000 -0400
++++ serefpolicy-3.6.22/policy/modules/services/hal.if	2009-07-15 14:55:28.000000000 -0400
 @@ -20,6 +20,24 @@
  
  ########################################
@@ -14052,7 +14048,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.6.22/policy/modules/services/hal.te
 --- nsaserefpolicy/policy/modules/services/hal.te	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.22/policy/modules/services/hal.te	2009-07-15 14:06:36.000000000 -0400
++++ serefpolicy-3.6.22/policy/modules/services/hal.te	2009-07-15 14:59:38.000000000 -0400
 @@ -49,6 +49,15 @@
  type hald_var_lib_t;
  files_type(hald_var_lib_t)
@@ -14069,7 +14065,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ########################################
  #
  # Local policy
-@@ -141,13 +150,20 @@
+@@ -94,6 +103,7 @@
+ kernel_rw_irq_sysctls(hald_t)
+ kernel_rw_vm_sysctls(hald_t)
+ kernel_write_proc_files(hald_t)
++kernel_search_network_sysctl(hald_t)
+ kernel_setsched(hald_t)
+ 
+ auth_read_pam_console_data(hald_t)
+@@ -141,13 +151,20 @@
  # hal is now execing pm-suspend
  files_create_boot_flag(hald_t)
  files_getattr_all_dirs(hald_t)
@@ -14090,7 +14094,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  files_getattr_all_mountpoints(hald_t)
  
  mls_file_read_all_levels(hald_t)
-@@ -195,6 +211,7 @@
+@@ -195,6 +212,7 @@
  seutil_read_file_contexts(hald_t)
  
  sysnet_read_config(hald_t)
@@ -14098,7 +14102,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  userdom_dontaudit_use_unpriv_user_fds(hald_t)
  userdom_dontaudit_search_user_home_dirs(hald_t)
-@@ -277,6 +294,18 @@
+@@ -277,6 +295,18 @@
  ')
  
  optional_policy(`
@@ -14117,7 +14121,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	rpc_search_nfs_state_data(hald_t)
  ')
  
-@@ -298,7 +327,11 @@
+@@ -298,7 +328,11 @@
  ')
  
  optional_policy(`
@@ -14130,7 +14134,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  ########################################
-@@ -306,7 +339,7 @@
+@@ -306,7 +340,7 @@
  # Hal acl local policy
  #
  
@@ -14139,7 +14143,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  allow hald_acl_t self:process { getattr signal };
  allow hald_acl_t self:fifo_file rw_fifo_file_perms;
  
-@@ -321,6 +354,7 @@
+@@ -321,6 +355,7 @@
  manage_dirs_pattern(hald_acl_t, hald_var_run_t, hald_var_run_t)
  manage_files_pattern(hald_acl_t, hald_var_run_t, hald_var_run_t)
  files_pid_filetrans(hald_acl_t, hald_var_run_t, { dir file })
@@ -14147,7 +14151,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  corecmd_exec_bin(hald_acl_t)
  
-@@ -339,6 +373,8 @@
+@@ -339,6 +374,8 @@
  
  storage_getattr_removable_dev(hald_acl_t)
  storage_setattr_removable_dev(hald_acl_t)
@@ -14156,7 +14160,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  auth_use_nsswitch(hald_acl_t)
  
-@@ -346,12 +382,19 @@
+@@ -346,12 +383,19 @@
  
  miscfiles_read_localization(hald_acl_t)
  
@@ -14177,7 +14181,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  domtrans_pattern(hald_t, hald_mac_exec_t, hald_mac_t)
  allow hald_t hald_mac_t:process signal;
-@@ -374,6 +417,8 @@
+@@ -374,6 +418,8 @@
  
  auth_use_nsswitch(hald_mac_t)
  
@@ -14186,7 +14190,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  miscfiles_read_localization(hald_mac_t)
  
  ########################################
-@@ -415,6 +460,55 @@
+@@ -415,6 +461,62 @@
  
  dev_rw_input_dev(hald_keymap_t)
  
@@ -14203,6 +14207,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +#
 +# Local hald dccm policy
 +#
++allow hald_dccm_t self:fifo_file rw_fifo_file_perms;
 +allow hald_dccm_t self:capability { net_bind_service };
 +allow hald_dccm_t self:process getsched;
 +allow hald_dccm_t self:tcp_socket create_stream_socket_perms;
@@ -14213,6 +14218,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +allow hald_t hald_dccm_t:process signal;
 +allow hald_dccm_t hald_t:unix_stream_socket connectto;
 +
++hal_rw_dgram_sockets(hald_dccm_t)
++
 +corenet_all_recvfrom_unlabeled(hald_dccm_t)
 +corenet_all_recvfrom_netlabel(hald_dccm_t)
 +corenet_tcp_sendrecv_generic_if(hald_dccm_t)
@@ -14241,6 +14248,10 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +miscfiles_read_localization(hald_dccm_t)
 +
++optional_policy(`
++	dbus_system_bus_client(hald_dccm_t)
++')
++
 +permissive hald_dccm_t;
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.fc serefpolicy-3.6.22/policy/modules/services/kerberos.fc
 --- nsaserefpolicy/policy/modules/services/kerberos.fc	2009-07-14 14:19:57.000000000 -0400
@@ -27138,7 +27149,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-3.6.22/policy/modules/system/sysnetwork.te
 --- nsaserefpolicy/policy/modules/system/sysnetwork.te	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.22/policy/modules/system/sysnetwork.te	2009-07-15 14:06:36.000000000 -0400
++++ serefpolicy-3.6.22/policy/modules/system/sysnetwork.te	2009-07-15 14:56:56.000000000 -0400
 @@ -20,6 +20,9 @@
  init_daemon_domain(dhcpc_t, dhcpc_exec_t)
  role system_r types dhcpc_t;
@@ -27186,7 +27197,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  files_etc_filetrans(dhcpc_t, net_conf_t, file)
  
  # create temp files
-@@ -115,8 +121,9 @@
+@@ -115,11 +121,13 @@
  corecmd_exec_bin(dhcpc_t)
  corecmd_exec_shell(dhcpc_t)
  
@@ -27197,7 +27208,11 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  files_read_etc_files(dhcpc_t)
  files_read_etc_runtime_files(dhcpc_t)
-@@ -183,25 +190,23 @@
++files_read_usr_files(dhcpc_t)
+ files_search_home(dhcpc_t)
+ files_search_var_lib(dhcpc_t)
+ files_dontaudit_search_locks(dhcpc_t)
+@@ -183,25 +191,23 @@
  ')
  
  optional_policy(`
@@ -27231,7 +27246,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  optional_policy(`
-@@ -212,6 +217,7 @@
+@@ -212,6 +218,7 @@
  optional_policy(`
  	seutil_sigchld_newrole(dhcpc_t)
  	seutil_dontaudit_search_config(dhcpc_t)
@@ -27239,7 +27254,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  optional_policy(`
-@@ -223,6 +229,10 @@
+@@ -223,6 +230,10 @@
  ')
  
  optional_policy(`
@@ -27250,7 +27265,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	kernel_read_xen_state(dhcpc_t)
  	kernel_write_xen_state(dhcpc_t)
  	xen_append_log(dhcpc_t)
-@@ -236,7 +246,6 @@
+@@ -236,7 +247,6 @@
  
  allow ifconfig_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execheap execstack };
  allow ifconfig_t self:capability { net_raw net_admin sys_tty_config };
@@ -27258,7 +27273,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  allow ifconfig_t self:fd use;
  allow ifconfig_t self:fifo_file rw_fifo_file_perms;
-@@ -250,6 +259,7 @@
+@@ -250,6 +260,7 @@
  allow ifconfig_t self:sem create_sem_perms;
  allow ifconfig_t self:msgq create_msgq_perms;
  allow ifconfig_t self:msg { send receive };
@@ -27266,7 +27281,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  # Create UDP sockets, necessary when called from dhcpc
  allow ifconfig_t self:udp_socket create_socket_perms;
-@@ -259,13 +269,20 @@
+@@ -259,13 +270,20 @@
  allow ifconfig_t self:netlink_route_socket create_netlink_socket_perms;
  allow ifconfig_t self:netlink_xfrm_socket { create_netlink_socket_perms nlmsg_read };
  allow ifconfig_t self:tcp_socket { create ioctl };
@@ -27287,7 +27302,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  corenet_rw_tun_tap_dev(ifconfig_t)
  
-@@ -276,8 +293,13 @@
+@@ -276,8 +294,13 @@
  fs_getattr_xattr_fs(ifconfig_t)
  fs_search_auto_mountpoints(ifconfig_t)
  
@@ -27301,7 +27316,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  domain_use_interactive_fds(ifconfig_t)
  
-@@ -296,6 +318,8 @@
+@@ -296,6 +319,8 @@
  
  seutil_use_runinit_fds(ifconfig_t)
  
@@ -27310,7 +27325,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  userdom_use_user_terminals(ifconfig_t)
  userdom_use_all_users_fds(ifconfig_t)
  
-@@ -332,6 +356,14 @@
+@@ -332,8 +357,22 @@
  ')
  
  optional_policy(`
@@ -27325,6 +27340,14 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	kernel_read_xen_state(ifconfig_t)
  	kernel_write_xen_state(ifconfig_t)
  	xen_append_log(ifconfig_t)
+ 	xen_dontaudit_rw_unix_stream_sockets(ifconfig_t)
+ ')
++
++optional_policy(`
++	hal_rw_dgram_sockets(dhcpc_t)
++	hal_dontaudit_rw_pipes(ifconfig_t)
++')
++
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.fc serefpolicy-3.6.22/policy/modules/system/udev.fc
 --- nsaserefpolicy/policy/modules/system/udev.fc	2009-07-14 14:19:57.000000000 -0400
 +++ serefpolicy-3.6.22/policy/modules/system/udev.fc	2009-07-15 14:06:36.000000000 -0400
diff --git a/selinux-policy.spec b/selinux-policy.spec
index cd84301..43c1402 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,8 +19,8 @@
 %define CHECKPOLICYVER 2.0.16-3
 Summary: SELinux policy configuration
 Name: selinux-policy
-Version: 3.6.21
-Release: 3%{?dist}
+Version: 3.6.22
+Release: 1%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -475,6 +475,12 @@ exit 0
 %endif
 
 %changelog
+* Tue Jul 14 2009 Dan Walsh <dwalsh@redhat.com> 3.6.22-1
+- Update to upstream
+
+* Fri Jul 10 2009 Dan Walsh <dwalsh@redhat.com> 3.6.21-4
+- Allow clamscan read amavis spool files
+
 * Wed Jul 8 2009 Dan Walsh <dwalsh@redhat.com> 3.6.21-3
 - Fixes for xguest
 
diff --git a/sources b/sources
index f9f40ea..f11d370 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-25f48f8897109e205e666999c7cb64a1  serefpolicy-3.6.21.tgz
+cd43ce2443ce5e627dee964df3df65a5  serefpolicy-3.6.22.tgz