diff --git a/Changelog b/Changelog index 5818f9e..9e2ca70 100644 --- a/Changelog +++ b/Changelog @@ -1,6 +1,7 @@ - X object manager revisions from Eamon Walsh. - Added modules: dbadm (KaiGai Kohei) + pyicqt (Stefan Schulze Frielinghaus) * Tue Nov 17 2009 Chris PeBenito - 2.20091117 - Add separate x_pointer and x_keyboard classes inheriting from x_device. diff --git a/policy/modules/services/pyicqt.fc b/policy/modules/services/pyicqt.fc new file mode 100644 index 0000000..491fe8f --- /dev/null +++ b/policy/modules/services/pyicqt.fc @@ -0,0 +1,7 @@ +/etc/pyicq-t(/.*)? gen_context(system_u:object_r:pyicqt_conf_t,s0) + +/usr/share/pyicq-t/PyICQt\.py -- gen_context(system_u:object_r:pyicqt_exec_t,s0) + +/var/run/pyicq-t(/.*)? gen_context(system_u:object_r:pyicqt_var_run_t,s0) + +/var/spool/pyicq-t(/.*)? gen_context(system_u:object_r:pyicqt_spool_t,s0) diff --git a/policy/modules/services/pyicqt.if b/policy/modules/services/pyicqt.if new file mode 100644 index 0000000..9604b6a --- /dev/null +++ b/policy/modules/services/pyicqt.if @@ -0,0 +1 @@ +## PyICQt is an ICQ transport for XMPP server. diff --git a/policy/modules/services/pyicqt.te b/policy/modules/services/pyicqt.te new file mode 100644 index 0000000..c158e07 --- /dev/null +++ b/policy/modules/services/pyicqt.te @@ -0,0 +1,60 @@ + +policy_module(pyicqt, 1.0.0) + +######################################## +# +# Declarations +# + +type pyicqt_t; +type pyicqt_exec_t; +init_daemon_domain(pyicqt_t, pyicqt_exec_t) + +type pyicqt_conf_t; +files_config_file(pyicqt_conf_t) + +type pyicqt_spool_t; +files_type(pyicqt_spool_t) + +type pyicqt_var_run_t; +files_pid_file(pyicqt_var_run_t) + +######################################## +# +# PyICQt policy +# + +allow pyicqt_t self:fifo_file rw_fifo_file_perms; +allow pyicqt_t self:tcp_socket create_socket_perms; +allow pyicqt_t self:udp_socket create_socket_perms; + +read_files_pattern(pyicqt_t, pyicqt_conf_t, pyicqt_conf_t) + +manage_dirs_pattern(pyicqt_t, pyicqt_spool_t, pyicqt_spool_t) +manage_files_pattern(pyicqt_t, pyicqt_spool_t, pyicqt_spool_t) +files_spool_filetrans(pyicqt_t, pyicqt_spool_t, { dir file }) + +manage_files_pattern(pyicqt_t, pyicqt_var_run_t, pyicqt_var_run_t) +files_pid_filetrans(pyicqt_t, pyicqt_var_run_t, file) + +kernel_read_system_state(pyicqt_t) + +corecmd_exec_bin(pyicqt_t) + +corenet_all_recvfrom_unlabeled(pyicqt_t) +corenet_all_recvfrom_netlabel(pyicqt_t) +corenet_tcp_sendrecv_generic_if(pyicqt_t) +corenet_tcp_sendrecv_generic_node(pyicqt_t) +corenet_tcp_connect_generic_port(pyicqt_t) +corenet_sendrecv_generic_client_packets(pyicqt_t) + +dev_read_urand(pyicqt_t) + +files_read_etc_files(pyicqt_t) +files_read_usr_files(pyicqt_t) + +libs_read_lib_files(pyicqt_t) + +miscfiles_read_localization(pyicqt_t) + +sysnet_read_config(pyicqt_t)