Add usbmuxd from Dan Walsh.

diff --git a/Changelog b/Changelog
index cd7cf83671e4f8677a17bfcd4dd8a14d69861c53..390ea1199acdce93eb16ba08b90d6e734ac322fc 100644 (file)
--- a/Changelog
+++ b/Changelog
@@ -7,6 +7,7 @@
        likewise (Scott Salley)
        pyicqt (Stefan Schulze Frielinghaus)
        sectoolm (Miroslav Grepl)
+       usbmuxd (Dan Walsh)
        vhostmd (Dan Walsh)
 
 * Tue Nov 17 2009 Chris PeBenito <selinux@tresys.com> - 2.20091117

diff --git a/policy/modules/services/usbmuxd.fc b/policy/modules/services/usbmuxd.fc
new file mode 100644 (file)
index 0000000..fa54aee
--- /dev/null
+++ b/policy/modules/services/usbmuxd.fc
@@ -0,0 +1,3 @@
+/usr/sbin/usbmuxd      --      gen_context(system_u:object_r:usbmuxd_exec_t,s0)
+
+/var/run/usbmuxd       -s      gen_context(system_u:object_r:usbmuxd_var_run_t,s0)

diff --git a/policy/modules/services/usbmuxd.if b/policy/modules/services/usbmuxd.if
new file mode 100644 (file)
index 0000000..5015043
--- /dev/null
+++ b/policy/modules/services/usbmuxd.if
@@ -0,0 +1,39 @@
+## <summary>USB multiplexing daemon for communicating with Apple iPod Touch and iPhone</summary>
+
+########################################
+## <summary>
+##     Execute a domain transition to run usbmuxd.
+## </summary>
+## <param name="domain">
+## <summary>
+##     Domain allowed to transition.
+## </summary>
+## </param>
+#
+interface(`usbmuxd_domtrans',`
+       gen_require(`
+               type usbmuxd_t, usbmuxd_exec_t;
+       ')
+
+       domtrans_pattern($1, usbmuxd_exec_t, usbmuxd_t)
+')
+
+#####################################
+## <summary>
+##     Connect to usbmuxd over a unix domain
+##     stream socket.
+## </summary>
+## <param name="domain">
+##     <summary>
+##     Domain allowed access.
+##     </summary>
+## </param>
+#
+interface(`usbmuxd_stream_connect',`
+       gen_require(`
+               type usbmuxd_t, usbmuxd_var_run_t;
+       ')
+
+       files_search_pids($1)
+       stream_connect_pattern($1, usbmuxd_var_run_t, usbmuxd_var_run_t, usbmuxd_t)
+')

diff --git a/policy/modules/services/usbmuxd.te b/policy/modules/services/usbmuxd.te
new file mode 100644 (file)
index 0000000..38dda09
--- /dev/null
+++ b/policy/modules/services/usbmuxd.te
@@ -0,0 +1,43 @@
+
+policy_module(usbmuxd, 1.0.0)
+
+########################################
+#
+# Declarations
+#
+
+type usbmuxd_t;
+type usbmuxd_exec_t;
+application_domain(usbmuxd_t, usbmuxd_exec_t)
+role system_r types usbmuxd_t;
+
+type usbmuxd_var_run_t;
+files_pid_file(usbmuxd_var_run_t)
+
+########################################
+#
+# usbmuxd local policy
+#
+
+allow usbmuxd_t self:capability { kill setgid setuid };
+allow usbmuxd_t self:process { fork signal signull };
+allow usbmuxd_t self:fifo_file rw_fifo_file_perms;
+
+manage_dirs_pattern(usbmuxd_t, usbmuxd_var_run_t, usbmuxd_var_run_t)
+manage_files_pattern(usbmuxd_t, usbmuxd_var_run_t, usbmuxd_var_run_t)
+manage_sock_files_pattern(usbmuxd_t, usbmuxd_var_run_t, usbmuxd_var_run_t)
+files_pid_filetrans(usbmuxd_t, usbmuxd_var_run_t, { file dir sock_file })
+
+kernel_read_kernel_sysctls(usbmuxd_t)
+kernel_read_system_state(usbmuxd_t)
+
+dev_read_sysfs(usbmuxd_t)
+dev_rw_generic_usb_dev(usbmuxd_t)
+
+files_read_etc_files(usbmuxd_t)
+
+miscfiles_read_localization(usbmuxd_t)
+
+auth_use_nsswitch(usbmuxd_t)
+
+logging_send_syslog_msg(usbmuxd_t)