From 426f7c45c2bd33045cbf69863fe5567f86f1dd35 Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@fedoraproject.org>
Date: Nov 01 2007 17:27:01 +0000
Subject: - Add policy.xml to devel

- Dontaudit tmpreaper getattr on lost_found dir
- Additional bluetooth file context
- Allow dhcpc to transition to networkmanager

---

diff --git a/policy-20070703.patch b/policy-20070703.patch
index 757b51e..e6fd65d 100644
--- a/policy-20070703.patch
+++ b/policy-20070703.patch
@@ -2095,8 +2095,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if s
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreaper.te serefpolicy-3.0.8/policy/modules/admin/tmpreaper.te
 --- nsaserefpolicy/policy/modules/admin/tmpreaper.te	2007-10-22 13:21:42.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/admin/tmpreaper.te	2007-10-29 23:59:29.000000000 -0400
-@@ -43,5 +43,10 @@
++++ serefpolicy-3.0.8/policy/modules/admin/tmpreaper.te	2007-11-01 11:49:52.000000000 -0400
+@@ -28,6 +28,7 @@
+ files_purge_tmp(tmpreaper_t)
+ # why does it need setattr?
+ files_setattr_all_tmp_dirs(tmpreaper_t)
++files_dontaudit_getattr_lost_found_dirs(tmpreaper_t)
+ 
+ mls_file_read_all_levels(tmpreaper_t)
+ mls_file_write_all_levels(tmpreaper_t)
+@@ -43,5 +44,10 @@
  cron_system_entry(tmpreaper_t,tmpreaper_exec_t)
  
  optional_policy(`
@@ -4773,12 +4781,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/selinu
  neverallow ~{ selinux_unconfined_type can_setsecparam } security_t:security setsecparam;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storage.fc serefpolicy-3.0.8/policy/modules/kernel/storage.fc
 --- nsaserefpolicy/policy/modules/kernel/storage.fc	2007-10-22 13:21:41.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/kernel/storage.fc	2007-10-29 23:59:29.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/kernel/storage.fc	2007-11-01 11:47:11.000000000 -0400
 @@ -31,6 +31,7 @@
  /dev/pcd[0-3]		-b	gen_context(system_u:object_r:removable_device_t,s0)
  /dev/pd[a-d][^/]*	-b	gen_context(system_u:object_r:removable_device_t,s0)
  /dev/pg[0-3]		-c	gen_context(system_u:object_r:removable_device_t,s0)
-+/dev/ps3d.*   		-b 	gen_context(system_u:object_r:fixed_disk_device_t:s0)
++/dev/ps3d.*   		-b 	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
  /dev/ram.*		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
  /dev/rawctl		-c	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
  /dev/rd.*		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
@@ -6216,6 +6224,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bitl
 +	# normally started from inetd using tcpwrappers, so use those entry points
 +	tcpd_wrapped_domain(bitlbee_t, bitlbee_exec_t)
 +')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.fc serefpolicy-3.0.8/policy/modules/services/bluetooth.fc
+--- nsaserefpolicy/policy/modules/services/bluetooth.fc	2007-10-22 13:21:39.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/bluetooth.fc	2007-11-01 11:53:30.000000000 -0400
+@@ -22,3 +22,4 @@
+ #
+ /var/lib/bluetooth(/.*)?	gen_context(system_u:object_r:bluetooth_var_lib_t,s0)
+ /var/run/sdp		-s	gen_context(system_u:object_r:bluetooth_var_run_t,s0)
++/var/run/bluetoothd_address	gen_context(system_u:object_r:bluetooth_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.te serefpolicy-3.0.8/policy/modules/services/bluetooth.te
 --- nsaserefpolicy/policy/modules/services/bluetooth.te	2007-10-22 13:21:39.000000000 -0400
 +++ serefpolicy-3.0.8/policy/modules/services/bluetooth.te	2007-10-29 23:59:29.000000000 -0400
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 0b91670..17adab4 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.0.8
-Release: 43%{?dist}
+Release: 44%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -70,6 +70,7 @@ SELinux Policy development package
 %{_usr}/share/selinux/devel/Makefile
 %{_usr}/share/selinux/devel/policygentool
 %{_usr}/share/selinux/devel/example.*
+%{_usr}/share/selinux/devel/policy.*
 %attr(755,root,root) %{_usr}/share/selinux/devel/policyhelp
 
 %post devel
@@ -215,6 +216,7 @@ mv %{buildroot}%{_usr}/share/selinux/targeted/include %{buildroot}%{_usr}/share/
 install -m 755 $RPM_SOURCE_DIR/policygentool %{buildroot}%{_usr}/share/selinux/devel/
 install -m 644 $RPM_SOURCE_DIR/Makefile.devel %{buildroot}%{_usr}/share/selinux/devel/Makefile
 install -m 644 doc/example.* %{buildroot}%{_usr}/share/selinux/devel/
+install -m 644 doc/policy.* %{buildroot}%{_usr}/share/selinux/devel/
 echo  "htmlview file:///usr/share/doc/selinux-policy-%{version}/html/index.html"> %{buildroot}%{_usr}/share/selinux/devel/policyhelp
 chmod +x %{buildroot}%{_usr}/share/selinux/devel/policyhelp
 
@@ -373,6 +375,12 @@ exit 0
 %endif
 
 %changelog
+* Thu Nov 1 2007 Dan Walsh <dwalsh@redhat.com> 3.0.8-44
+- Add policy.xml to devel
+- Dontaudit tmpreaper getattr on lost_found dir
+- Additional bluetooth file context
+- Allow dhcpc to transition to networkmanager
+
 * Tue Oct 30 2007 Dan Walsh <dwalsh@redhat.com> 3.0.8-43
 - Add type definition for /dev/kvm