From ab3145dd2ed01722cd4165a5a85cb6f69d148748 Mon Sep 17 00:00:00 2001
From: Miroslav Grepl
Date: Jul 31 2009 07:14:12 +0000
Subject: - Allow lircd read/write input event devices
---
diff --git a/policy-20080710.patch b/policy-20080710.patch
index fa31505..9013b0f 100644
--- a/policy-20080710.patch
+++ b/policy-20080710.patch
@@ -18687,8 +18687,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lirc
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lircd.te serefpolicy-3.5.13/policy/modules/services/lircd.te
--- nsaserefpolicy/policy/modules/services/lircd.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.5.13/policy/modules/services/lircd.te 2009-04-17 10:05:39.000000000 +0200
-@@ -0,0 +1,69 @@
++++ serefpolicy-3.5.13/policy/modules/services/lircd.te 2009-07-30 17:15:19.000000000 +0200
+@@ -0,0 +1,70 @@
+policy_module(lircd,1.0.0)
+
+########################################
@@ -18737,6 +18737,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lirc
+dev_filetrans(lircd_t, lircd_sock_t, sock_file )
+
+dev_filetrans_lirc(lircd_t)
++dev_rw_input_dev(lircd_t)
+dev_rw_lirc(lircd_t)
+
+dev_read_generic_usb_dev(lircd_t)
@@ -33829,7 +33830,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.
allow iscsid_t iscsi_tmp_t:dir manage_dir_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.5.13/policy/modules/system/libraries.fc
--- nsaserefpolicy/policy/modules/system/libraries.fc 2008-10-17 14:49:13.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/system/libraries.fc 2009-06-29 15:07:26.000000000 +0200
++++ serefpolicy-3.5.13/policy/modules/system/libraries.fc 2009-07-30 17:12:05.000000000 +0200
@@ -60,12 +60,15 @@
#
# /opt
@@ -33874,7 +33875,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
/opt/f-secure/fspms/libexec/librapi\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/opt/ibm/java.*/jre/.+\.jar -- gen_context(system_u:object_r:lib_t,s0)
/opt/ibm/java.*/jre/.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -115,24 +120,35 @@
+@@ -115,24 +120,36 @@
/usr/(.*/)?nvidia/.+\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -33898,7 +33899,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
/usr/lib(64)?/fglrx/libGL\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/libGLU\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/libjs\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
- /usr/lib(64)?/libx264\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+-/usr/lib(64)?/libx264\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
++/usr/lib(64)?/libx264\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
++/usr/lib(64)?/libnnz11.so(\.[^/]*)* gen_context(system_u:object_r:textrel_shlib_t,s0)
+/usr/lib(64)?/sse2/libx264\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?(/.*)?/libnvidia.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?(/.*)?/nvidia_drv.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -33910,7 +33913,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
/usr/lib(64)?/xulrunner-[^/]*/libgtkembedmoz\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/xulrunner-[^/]*/libxul\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -168,7 +184,8 @@
+@@ -168,7 +185,8 @@
# Fedora Core packages: gstreamer-plugins, compat-libstdc++, Glide3, libdv
# HelixPlayer, SDL, xorg-x11, xorg-x11-libs, Hermes, valgrind, openoffice.org-libs, httpd - php
/usr/lib(64)?/gstreamer-.*/[^/]*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -33920,7 +33923,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
/usr/lib/firefox-[^/]*/plugins/nppdf.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib/libFLAC\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -180,6 +197,7 @@
+@@ -180,6 +198,7 @@
/usr/lib/VBoxVMM\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib64/mozilla/plugins/libvlcplugin\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -33928,7 +33931,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
/usr/lib(64)?/libstdc\+\+\.so\.2\.7\.2\.8 -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/libg\+\+\.so\.2\.7\.2\.8 -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/libglide3\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -187,12 +205,14 @@
+@@ -187,12 +206,14 @@
/usr/lib(64)?/libdv\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/helix/plugins/[^/]*\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/helix/codecs/[^/]*\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -33943,7 +33946,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
/usr/lib(64)?/libHermes\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/valgrind/hp2ps -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/valgrind/stage2 -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -208,6 +228,9 @@
+@@ -208,6 +229,9 @@
/usr/lib(64)?/.*/program/libsoffice\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/(.*/)?pcsc/drivers(/.*)?/lib(cm2020|cm4000|SCR24x)\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -33953,7 +33956,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
# Fedora Extras packages: ladspa, imlib2, ocaml
/usr/lib(64)?/ladspa/analogue_osc_1416\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/ladspa/bandpass_a_iir_1893\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -233,7 +256,7 @@
+@@ -233,7 +257,7 @@
/usr/lib(64)?/php/modules/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
# Livna.org packages: xmms-mp3, ffmpeg, xvidcore, xine-lib, gsm, lame
@@ -33962,7 +33965,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
/usr/lib(64)?/codecs/drv[1-9c]\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/libpostproc\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/libavformat.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -246,13 +269,16 @@
+@@ -246,13 +270,16 @@
# Flash plugin, Macromedia
HOME_DIR/\.mozilla(/.*)?/plugins/libflashplayer\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -33981,7 +33984,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
# Jai, Sun Microsystems (Jpackage SPRM)
/usr/lib(64)?/libmlib_jai\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/libdivxdecore\.so\.0 -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -263,10 +289,14 @@
+@@ -263,10 +290,14 @@
/usr/lib(64)?/python2.4/site-packages/M2Crypto/__m2crypto\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
# vmware
@@ -33996,7 +33999,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
# Java, Sun Microsystems (JPackage SRPM)
/usr/(.*/)?jre.*/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/local/(.*/)?jre.*/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -283,6 +313,7 @@
+@@ -283,6 +314,7 @@
/usr/(local/)?matlab.*/bin/glnx86/libmwlapack\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/(local/)?matlab.*/bin/glnx86/(libmw(lapack|mathutil|services)|lapack|libmkl)\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/(local/)?matlab.*/sys/os/glnx86/libtermcap\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -34004,7 +34007,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
/usr/(.*/)?intellinux/SPPlugins/ADMPlugin\.apl -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -291,6 +322,8 @@
+@@ -291,6 +323,8 @@
/usr/lib/acroread/(.*/)?lib/[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib/acroread/.+\.api -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib/acroread/(.*/)?ADMPlugin\.apl -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -34013,7 +34016,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
') dnl end distro_redhat
#
-@@ -307,6 +340,36 @@
+@@ -307,6 +341,36 @@
/var/lib/samba/bin/.+\.so(\.[^/]*)* -l gen_context(system_u:object_r:lib_t,s0)
')
@@ -36220,8 +36223,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet
xen_append_log(ifconfig_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.fc serefpolicy-3.5.13/policy/modules/system/udev.fc
--- nsaserefpolicy/policy/modules/system/udev.fc 2008-10-17 14:49:13.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/system/udev.fc 2009-02-10 15:07:15.000000000 +0100
-@@ -13,8 +13,11 @@
++++ serefpolicy-3.5.13/policy/modules/system/udev.fc 2009-07-30 17:22:23.000000000 +0200
+@@ -7,14 +7,18 @@
+ /etc/dev\.d/.+ -- gen_context(system_u:object_r:udev_helper_exec_t,s0)
+
+ /etc/hotplug\.d/default/udev.* -- gen_context(system_u:object_r:udev_helper_exec_t,s0)
++/etc/udev/rules\.d(/.*)? gen_context(system_u:object_r:udev_var_run_t,s0)
+
+ /etc/udev/scripts/.+ -- gen_context(system_u:object_r:udev_helper_exec_t,s0)
+
/sbin/start_udev -- gen_context(system_u:object_r:udev_exec_t,s0)
/sbin/udev -- gen_context(system_u:object_r:udev_exec_t,s0)
/sbin/udevd -- gen_context(system_u:object_r:udev_exec_t,s0)
@@ -36291,8 +36301,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.i
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-3.5.13/policy/modules/system/udev.te
--- nsaserefpolicy/policy/modules/system/udev.te 2008-10-17 14:49:13.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/system/udev.te 2009-02-10 15:07:15.000000000 +0100
-@@ -83,6 +83,7 @@
++++ serefpolicy-3.5.13/policy/modules/system/udev.te 2009-07-30 17:22:08.000000000 +0200
+@@ -70,6 +70,7 @@
+
+ manage_dirs_pattern(udev_t,udev_var_run_t,udev_var_run_t)
+ manage_files_pattern(udev_t,udev_var_run_t,udev_var_run_t)
++manage_lnk_files_pattern(udev_t, udev_var_run_t, udev_var_run_t)
+ files_pid_filetrans(udev_t,udev_var_run_t,{ dir file })
+
+ kernel_read_system_state(udev_t)
+@@ -83,6 +84,7 @@
kernel_rw_unix_dgram_sockets(udev_t)
kernel_dgram_send(udev_t)
kernel_signal(udev_t)
@@ -36300,7 +36318,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.t
#https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235182
kernel_rw_net_sysctls(udev_t)
-@@ -142,6 +143,7 @@
+@@ -142,6 +144,7 @@
logging_search_logs(udev_t)
logging_send_syslog_msg(udev_t)
@@ -36308,7 +36326,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.t
miscfiles_read_localization(udev_t)
-@@ -189,6 +191,7 @@
+@@ -189,6 +192,7 @@
optional_policy(`
alsa_domtrans(udev_t)
@@ -36316,7 +36334,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.t
alsa_read_rw_config(udev_t)
')
-@@ -197,6 +200,10 @@
+@@ -197,6 +201,10 @@
')
optional_policy(`
@@ -36327,7 +36345,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.t
consoletype_exec(udev_t)
')
-@@ -233,6 +240,10 @@
+@@ -233,6 +241,10 @@
')
optional_policy(`
@@ -36338,7 +36356,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.t
kernel_write_xen_state(udev_t)
kernel_read_xen_state(udev_t)
xen_manage_log(udev_t)
-@@ -240,5 +251,9 @@
+@@ -240,5 +252,9 @@
')
optional_policy(`
@@ -37132,7 +37150,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
+/root(/.*)? gen_context(system_u:object_r:admin_home_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.5.13/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2008-10-17 14:49:13.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/system/userdomain.if 2009-07-20 14:40:31.000000000 +0200
++++ serefpolicy-3.5.13/policy/modules/system/userdomain.if 2009-07-31 08:38:31.000000000 +0200
@@ -28,10 +28,14 @@
class context contains;
')
@@ -38467,7 +38485,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -1841,11 +1841,11 @@
+@@ -1841,11 +1841,12 @@
#
template(`userdom_search_user_home_dirs',`
gen_require(`
@@ -38478,10 +38496,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
files_search_home($2)
- allow $2 $1_home_dir_t:dir search_dir_perms;
+ allow $2 user_home_dir_t:dir search_dir_perms;
++ allow $2 user_home_dir_t:lnk_file read_lnk_file_perms;
')
########################################
-@@ -1875,11 +1875,11 @@
+@@ -1875,11 +1876,11 @@
#
template(`userdom_list_user_home_dirs',`
gen_require(`
@@ -38495,7 +38514,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -1923,12 +1923,12 @@
+@@ -1923,12 +1924,12 @@
#
template(`userdom_user_home_domtrans',`
gen_require(`
@@ -38511,7 +38530,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -1958,10 +1958,11 @@
+@@ -1958,10 +1959,11 @@
#
template(`userdom_dontaudit_list_user_home_dirs',`
gen_require(`
@@ -38525,7 +38544,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -1993,11 +1994,72 @@
+@@ -1993,11 +1995,72 @@
#
template(`userdom_manage_user_home_content_dirs',`
gen_require(`
@@ -38600,7 +38619,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2029,10 +2091,10 @@
+@@ -2029,10 +2092,10 @@
#
template(`userdom_dontaudit_setattr_user_home_content_files',`
gen_require(`
@@ -38613,7 +38632,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2062,11 +2124,11 @@
+@@ -2062,11 +2125,11 @@
#
template(`userdom_read_user_home_content_files',`
gen_require(`
@@ -38627,7 +38646,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2096,11 +2158,11 @@
+@@ -2096,11 +2159,11 @@
#
template(`userdom_dontaudit_read_user_home_content_files',`
gen_require(`
@@ -38642,7 +38661,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2130,10 +2192,14 @@
+@@ -2130,10 +2193,14 @@
#
template(`userdom_dontaudit_write_user_home_content_files',`
gen_require(`
@@ -38659,7 +38678,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2163,11 +2229,11 @@
+@@ -2163,11 +2230,11 @@
#
template(`userdom_read_user_home_content_symlinks',`
gen_require(`
@@ -38673,7 +38692,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2197,11 +2263,11 @@
+@@ -2197,11 +2264,11 @@
#
template(`userdom_exec_user_home_content_files',`
gen_require(`
@@ -38687,7 +38706,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2231,10 +2297,37 @@
+@@ -2231,10 +2298,37 @@
#
template(`userdom_dontaudit_exec_user_home_content_files',`
gen_require(`
@@ -38727,7 +38746,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2266,12 +2359,12 @@
+@@ -2266,12 +2360,12 @@
#
template(`userdom_manage_user_home_content_files',`
gen_require(`
@@ -38743,7 +38762,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2303,10 +2396,10 @@
+@@ -2303,10 +2397,10 @@
#
template(`userdom_dontaudit_manage_user_home_content_dirs',`
gen_require(`
@@ -38756,7 +38775,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2338,12 +2431,12 @@
+@@ -2338,12 +2432,12 @@
#
template(`userdom_manage_user_home_content_symlinks',`
gen_require(`
@@ -38772,7 +38791,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2375,12 +2468,12 @@
+@@ -2375,12 +2469,12 @@
#
template(`userdom_manage_user_home_content_pipes',`
gen_require(`
@@ -38788,7 +38807,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2412,12 +2505,12 @@
+@@ -2412,12 +2506,12 @@
#
template(`userdom_manage_user_home_content_sockets',`
gen_require(`
@@ -38804,7 +38823,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2462,11 +2555,11 @@
+@@ -2462,11 +2556,11 @@
#
template(`userdom_user_home_dir_filetrans',`
gen_require(`
@@ -38818,7 +38837,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2511,11 +2604,11 @@
+@@ -2511,11 +2605,11 @@
#
template(`userdom_user_home_content_filetrans',`
gen_require(`
@@ -38832,7 +38851,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2555,11 +2648,11 @@
+@@ -2555,11 +2649,11 @@
#
template(`userdom_user_home_dir_filetrans_user_home_content',`
gen_require(`
@@ -38846,7 +38865,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2589,11 +2682,11 @@
+@@ -2589,11 +2683,11 @@
#
template(`userdom_write_user_tmp_sockets',`
gen_require(`
@@ -38860,7 +38879,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2623,11 +2716,11 @@
+@@ -2623,11 +2717,11 @@
#
template(`userdom_list_user_tmp',`
gen_require(`
@@ -38874,7 +38893,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2659,10 +2752,10 @@
+@@ -2659,10 +2753,10 @@
#
template(`userdom_dontaudit_list_user_tmp',`
gen_require(`
@@ -38887,7 +38906,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2694,10 +2787,10 @@
+@@ -2694,10 +2788,10 @@
#
template(`userdom_dontaudit_manage_user_tmp_dirs',`
gen_require(`
@@ -38900,7 +38919,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2727,12 +2820,12 @@
+@@ -2727,12 +2821,12 @@
#
template(`userdom_read_user_tmp_files',`
gen_require(`
@@ -38916,7 +38935,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2764,10 +2857,10 @@
+@@ -2764,10 +2858,10 @@
#
template(`userdom_dontaudit_read_user_tmp_files',`
gen_require(`
@@ -38929,7 +38948,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2799,10 +2892,10 @@
+@@ -2799,10 +2893,10 @@
#
template(`userdom_dontaudit_append_user_tmp_files',`
gen_require(`
@@ -38942,7 +38961,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2832,12 +2925,12 @@
+@@ -2832,12 +2926,12 @@
#
template(`userdom_rw_user_tmp_files',`
gen_require(`
@@ -38958,7 +38977,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2869,10 +2962,10 @@
+@@ -2869,10 +2963,10 @@
#
template(`userdom_dontaudit_manage_user_tmp_files',`
gen_require(`
@@ -38971,7 +38990,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2904,12 +2997,12 @@
+@@ -2904,12 +2998,12 @@
#
template(`userdom_read_user_tmp_symlinks',`
gen_require(`
@@ -38987,7 +39006,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2941,11 +3034,11 @@
+@@ -2941,11 +3035,11 @@
#
template(`userdom_manage_user_tmp_dirs',`
gen_require(`
@@ -39001,7 +39020,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2977,11 +3070,11 @@
+@@ -2977,11 +3071,11 @@
#
template(`userdom_manage_user_tmp_files',`
gen_require(`
@@ -39015,7 +39034,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -3013,11 +3106,11 @@
+@@ -3013,11 +3107,11 @@
#
template(`userdom_manage_user_tmp_symlinks',`
gen_require(`
@@ -39029,7 +39048,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -3049,11 +3142,11 @@
+@@ -3049,11 +3143,11 @@
#
template(`userdom_manage_user_tmp_pipes',`
gen_require(`
@@ -39043,7 +39062,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -3085,11 +3178,11 @@
+@@ -3085,11 +3179,11 @@
#
template(`userdom_manage_user_tmp_sockets',`
gen_require(`
@@ -39057,7 +39076,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -3134,10 +3227,10 @@
+@@ -3134,10 +3228,10 @@
#
template(`userdom_user_tmp_filetrans',`
gen_require(`
@@ -39070,7 +39089,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
files_search_tmp($2)
')
-@@ -3178,19 +3271,19 @@
+@@ -3178,19 +3272,19 @@
#
template(`userdom_tmp_filetrans_user_tmp',`
gen_require(`
@@ -39094,7 +39113,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
##
##
## This is a templated interface, and should only
-@@ -3211,13 +3304,13 @@
+@@ -3211,13 +3305,13 @@
#
template(`userdom_rw_user_tmpfs_files',`
gen_require(`
@@ -39112,7 +39131,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -4616,11 +4709,11 @@
+@@ -4616,11 +4710,11 @@
#
interface(`userdom_search_all_users_home_dirs',`
gen_require(`
@@ -39126,7 +39145,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -4640,6 +4733,14 @@
+@@ -4640,6 +4734,14 @@
files_list_home($1)
allow $1 home_dir_type:dir list_dir_perms;
@@ -39141,7 +39160,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -4677,6 +4778,8 @@
+@@ -4677,6 +4779,8 @@
')
dontaudit $1 { home_dir_type home_type }:dir search_dir_perms;
@@ -39150,7 +39169,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -4721,6 +4824,25 @@
+@@ -4721,6 +4825,25 @@
########################################
##
@@ -39176,7 +39195,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
## Create, read, write, and delete all files
## in all users home directories.
##
-@@ -4946,7 +5068,7 @@
+@@ -4946,7 +5069,7 @@
########################################
##
@@ -39185,7 +39204,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
##
##
##
-@@ -5318,7 +5440,7 @@
+@@ -5318,7 +5441,7 @@
########################################
##
@@ -39194,7 +39213,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
##
##
##
-@@ -5326,18 +5448,17 @@
+@@ -5326,18 +5449,17 @@
##
##
#
@@ -39217,7 +39236,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
##
##
##
-@@ -5345,17 +5466,54 @@
+@@ -5345,17 +5467,54 @@
##
##
#
@@ -39276,7 +39295,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
##
##
##
-@@ -5368,7 +5526,7 @@
+@@ -5368,7 +5527,7 @@
attribute userdomain;
')
@@ -39285,7 +39304,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
kernel_search_proc($1)
')
-@@ -5447,6 +5605,24 @@
+@@ -5447,6 +5606,24 @@
########################################
##
@@ -39310,7 +39329,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
## Send a SIGCHLD signal to all user domains.
##
##
-@@ -5483,6 +5659,42 @@
+@@ -5483,6 +5660,42 @@
########################################
##
@@ -39353,7 +39372,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
## Send a dbus message to all user domains.
##
##
-@@ -5513,3 +5725,661 @@
+@@ -5513,3 +5726,661 @@
interface(`userdom_unconfined',`
refpolicywarn(`$0($*) has been deprecated.')
')
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 43249ec..25f4cdd 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -20,7 +20,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.5.13
-Release: 67%{?dist}
+Release: 68%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -462,6 +462,9 @@ exit 0
%endif
%changelog
+* Fri Jul 31 2009 Miroslav Grepl 3.5.13-68
+- Allow lircd read/write input event devices
+
* Mon Jul 20 2009 Miroslav Grepl 3.5.13-67
- Allow setroubleshootd to read all symlinks