From 21fd3a28934e30008192b9c6a1035113d29566a8 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com>
Date: Mon, 18 Jul 2011 10:50:41 -0400
Subject: [PATCH] Add initial policy for abrt_dump_oops_t

---
 policy/modules/admin/prelink.te |  2 ++
 policy/modules/services/abrt.fc |  2 +-
 policy/modules/services/abrt.te | 31 +++++++++++++++++++++++++++++++
 3 files changed, 34 insertions(+), 1 deletion(-)

diff --git a/policy/modules/admin/prelink.te b/policy/modules/admin/prelink.te
index e12af8e5..5ede07b7 100644
--- a/policy/modules/admin/prelink.te
+++ b/policy/modules/admin/prelink.te
@@ -106,6 +106,8 @@ userdom_use_inherited_user_terminals(prelink_t)
 userdom_manage_user_home_content(prelink_t)
 userdom_execmod_user_home_files(prelink_t)
 
+systemd_read_unit_files(prelink_t)
+
 term_use_all_inherited_terms(prelink_t)
 
 optional_policy(`
diff --git a/policy/modules/services/abrt.fc b/policy/modules/services/abrt.fc
index f7a7a967..b3631d6b 100644
--- a/policy/modules/services/abrt.fc
+++ b/policy/modules/services/abrt.fc
@@ -1,7 +1,7 @@
 /etc/abrt(/.*)?				gen_context(system_u:object_r:abrt_etc_t,s0)
 /etc/rc\.d/init\.d/abrt		--	gen_context(system_u:object_r:abrt_initrc_exec_t,s0)
 
-/usr/bin/abrt-dump-oops 	--	gen_context(system_u:object_r:abrt_helper_exec_t,s0)
+/usr/bin/abrt-dump-oops 	--	gen_context(system_u:object_r:abrt_dump_oops_exec_t,s0)
 /usr/bin/abrt-pyhook-helper 	--	gen_context(system_u:object_r:abrt_helper_exec_t,s0)
 
 /usr/sbin/abrtd			--	gen_context(system_u:object_r:abrt_exec_t,s0)
diff --git a/policy/modules/services/abrt.te b/policy/modules/services/abrt.te
index baad5e70..ada6faa8 100644
--- a/policy/modules/services/abrt.te
+++ b/policy/modules/services/abrt.te
@@ -40,6 +40,12 @@ files_type(abrt_var_cache_t)
 type abrt_var_run_t;
 files_pid_file(abrt_var_run_t)
 
+type abrt_dump_oops_t;
+type abrt_dump_oops_exec_t;
+init_system_domain(abrt_dump_oops_t, abrt_dump_oops_exec_t)
+
+permissive abrt_dump_oops_t;
+
 # type needed to allow all domains
 # to handle /var/cache/abrt
 type abrt_helper_t;
@@ -384,3 +390,28 @@ sysnet_dns_name_resolve(abrt_retrace_worker_t)
 optional_policy(`
 	mock_domtrans(abrt_retrace_worker_t)
 ')
+
+########################################
+#
+# abrt_dump_oops local policy
+#
+
+allow abrt_dump_oops_t self:fifo_file rw_fifo_file_perms;
+allow abrt_dump_oops_t self:unix_stream_socket create_stream_socket_perms;
+
+files_search_spool(abrt_dump_oops_t)
+manage_dirs_pattern(abrt_dump_oops_t, abrt_var_cache_t, abrt_var_cache_t)
+manage_files_pattern(abrt_dump_oops_t, abrt_var_cache_t, abrt_var_cache_t)
+manage_lnk_files_pattern(abrt_dump_oops_t, abrt_var_cache_t, abrt_var_cache_t)
+files_var_filetrans(abrt_dump_oops_t, abrt_var_cache_t, { file dir })
+
+read_files_pattern(abrt_dump_oops_t, abrt_var_run_t, abrt_var_run_t)
+read_lnk_files_pattern(abrt_dump_oops_t, abrt_var_run_t, abrt_var_run_t)
+
+domain_use_interactive_fds(abrt_dump_oops_t)
+
+files_read_etc_files(abrt_dump_oops_t)
+
+logging_send_syslog_msg(abrt_dump_oops_t)
+
+miscfiles_read_localization(abrt_dump_oops_t)
-- 
2.47.2