[refpolicy patch] add frozen-bubble-server module.

Dominick Grift <domg472@xxxxxxxxx> · Wed, 23 Jul 2008 11:49:15 +0200

This patch aims to add frozen-bubble-server.

Index: /home/domg472/Workspace/refpolicy_trunk/policy/modules/kernel/corenetwork.te.in
===================================================================

--- /home/domg472/Workspace/refpolicy_trunk/policy/modules/kernel/corenetwork.te.in	(revision 2758)
+++ /home/domg472/Workspace/refpolicy_trunk/policy/modules/kernel/corenetwork.te.in	(working copy)
@@ -90,6 +90,7 @@
 network_port(dict, tcp,2628,s0)
 network_port(distccd, tcp,3632,s0)
 network_port(dns, udp,53,s0, tcp,53,s0)
+network_port(fb_server, tcp,1511,s0, udp,1511,s0)
 network_port(fingerd, tcp,79,s0)
 network_port(ftp_data, tcp,20,s0)
 network_port(ftp, tcp,21,s0)

Index: /home/domg472/Workspace/refpolicy_trunk/policy/modules/services/frozen_bubble_server.if
===================================================================
--- /home/domg472/Workspace/refpolicy_trunk/policy/modules/services/frozen_bubble_server.if	(revision 0)
+++ /home/domg472/Workspace/refpolicy_trunk/policy/modules/services/frozen_bubble_server.if	(revision 0)
@@ -0,0 +1,7 @@
+## <summary>SELinux policy for Frozen Bubble server</summary>
+## <desc>
+##	<p>
+##		Applies SELinux security to the Frozen Bubble server
+##	</p>
+## </desc>
+
Index: /home/domg472/Workspace/refpolicy_trunk/policy/modules/services/frozen_bubble_server.te
===================================================================
--- /home/domg472/Workspace/refpolicy_trunk/policy/modules/services/frozen_bubble_server.te	(revision 0)
+++ /home/domg472/Workspace/refpolicy_trunk/policy/modules/services/frozen_bubble_server.te	(revision 0)
@@ -0,0 +1,52 @@
+
+policy_module(frozen_bubble_server, 1.0.0) 
+
+########################################
+#
+# fb-server private declarations
+#
+
+type fb_server_t;
+type fb_server_exec_t;
+init_daemon_domain(fb_server_t, fb_server_exec_t)
+
+type fb_server_etc_t;
+files_config_file(fb_server_etc_t)
+
+# Why does refpolicy not use init_script_type.
+ifdef(`distro_redhat', `
+type fb_server_script_exec_t;
+init_script_type(fb_server_script_exec_t)
+')
+
+########################################
+#
+# fb-server private policy
+#
+
+allow fb_server_t self:tcp_socket { bind connect write read accept
create setopt listen };
+allow fb_server_t self:udp_socket { bind create getattr read write
connect};
+allow fb_server_t self:unix_dgram_socket { write create connect };
+
+read_files_pattern(fb_server_t, fb_server_etc_t, fb_server_etc_t)
+
+corenet_tcp_bind_fb_server_port(fb_server_t)
+corenet_udp_bind_fb_server_port(fb_server_t)
+corenet_all_recvfrom_netlabel(fb_server_t)
+corenet_all_recvfrom_unlabeled(fb_server_t)
+corenet_tcp_sendrecv_all_if(fb_server_t)
+corenet_tcp_sendrecv_all_nodes(fb_server_t)
+corenet_tcp_bind_all_nodes(fb_server_t)
+corenet_udp_bind_all_nodes(fb_server_t)
+corenet_tcp_connect_http_port(fb_server_t)
+
+files_read_etc_files(fb_server_t)
+
+libs_use_ld_so(fb_server_t)
+libs_use_shared_libs(fb_server_t)
+
+logging_send_syslog_msg(fb_server_t)
+
+miscfiles_read_localization(fb_server_t)
+
+sysnet_read_config(fb_server_t)
Index: /home/domg472/Workspace/refpolicy_trunk/policy/modules/services/frozen_bubble_server.fc
===================================================================
--- /home/domg472/Workspace/refpolicy_trunk/policy/modules/services/frozen_bubble_server.fc	(revision 0)
+++ /home/domg472/Workspace/refpolicy_trunk/policy/modules/services/frozen_bubble_server.fc	(revision 0)
@@ -0,0 +1,9 @@
+
+/etc/fb-server\.conf		--
gen_context(system_u:object_r:fb_server_etc_t,s0)
+
+ifdef(`distro_redhat', `
+/etc/rc\.d/init\.d/fb-server		--
gen_context(system_u:object_r:fb_server_script_exec_t,s0)
+')
+
+/usr/bin/fb-server		--
gen_context(system_u:object_r:fb_server_exec_t,s0)
+
-- 
Dominick Grift <domg472@xxxxxxxxx>

Attachment:
signature.asc

Description: This is a digitally signed message part




