From 882a0a6c295e867b232a100778ce5788f68d8344 Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@fedoraproject.org>
Date: Oct 02 2007 04:16:19 +0000
Subject: - Allow smbcontrol to work on terminal windows


---

diff --git a/policy-20070501.patch b/policy-20070501.patch
index 70162a2..b9bcced 100644
--- a/policy-20070501.patch
+++ b/policy-20070501.patch
@@ -6841,7 +6841,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-2.6.4/policy/modules/services/networkmanager.te
 --- nsaserefpolicy/policy/modules/services/networkmanager.te	2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/networkmanager.te	2007-08-13 06:58:07.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/networkmanager.te	2007-10-01 16:09:26.000000000 -0400
 @@ -20,7 +20,7 @@
  
  # networkmanager will ptrace itself if gdb is installed
@@ -6860,7 +6860,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
  corenet_non_ipsec_sendrecv(NetworkManager_t)
  corenet_tcp_sendrecv_all_if(NetworkManager_t)
  corenet_udp_sendrecv_all_if(NetworkManager_t)
-@@ -161,6 +163,11 @@
+@@ -145,6 +147,9 @@
+ 	dbus_system_bus_client_template(NetworkManager,NetworkManager_t)
+ 	dbus_connect_system_bus(NetworkManager_t)
+ 	dbus_send_system_bus(NetworkManager_t)
++	optional_policy(`
++		rpm_dbus_chat(NetworkManager_t)
++	')
+ ')
+ 
+ optional_policy(`
+@@ -161,6 +166,11 @@
  ')
  
  optional_policy(`
@@ -6872,7 +6882,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
  	ppp_domtrans(NetworkManager_t)
  	ppp_read_pid_files(NetworkManager_t)
  	ppp_signal(NetworkManager_t)
-@@ -178,3 +185,4 @@
+@@ -178,3 +188,4 @@
  	vpn_domtrans(NetworkManager_t)
  	vpn_signal(NetworkManager_t)
  ')
@@ -6904,8 +6914,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.
  	corenet_tcp_connect_portmap_port($1)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.te serefpolicy-2.6.4/policy/modules/services/nis.te
 --- nsaserefpolicy/policy/modules/services/nis.te	2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/nis.te	2007-08-07 09:42:35.000000000 -0400
-@@ -120,6 +120,13 @@
++++ serefpolicy-2.6.4/policy/modules/services/nis.te	2007-10-01 16:16:04.000000000 -0400
+@@ -120,6 +120,16 @@
  ')
  
  optional_policy(`
@@ -6913,13 +6923,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.
 +	dbus_connect_system_bus(ypbind_t)
 +	dbus_send_system_bus(ypbind_t)
 +	init_dbus_chat_script(ypbind_t)
++	optional_policy(`
++		networkmanager_dbus_chat(ypbind_t)
++	')
 +')
 +
 +optional_policy(`
  	seutil_sigchld_newrole(ypbind_t)
  ')
  
-@@ -132,6 +139,7 @@
+@@ -132,6 +142,7 @@
  # yppasswdd local policy
  #
  
@@ -6927,7 +6940,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.
  dontaudit yppasswdd_t self:capability sys_tty_config;
  allow yppasswdd_t self:fifo_file rw_fifo_file_perms;
  allow yppasswdd_t self:process { setfscreate signal_perms };
-@@ -161,8 +169,8 @@
+@@ -161,8 +172,8 @@
  corenet_udp_sendrecv_all_ports(yppasswdd_t)
  corenet_tcp_bind_all_nodes(yppasswdd_t)
  corenet_udp_bind_all_nodes(yppasswdd_t)
@@ -6938,7 +6951,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.
  corenet_dontaudit_tcp_bind_all_reserved_ports(yppasswdd_t)
  corenet_dontaudit_udp_bind_all_reserved_ports(yppasswdd_t)
  corenet_sendrecv_generic_server_packets(yppasswdd_t)
-@@ -258,6 +266,8 @@
+@@ -258,6 +269,8 @@
  corenet_udp_bind_all_nodes(ypserv_t)
  corenet_tcp_bind_reserved_port(ypserv_t)
  corenet_udp_bind_reserved_port(ypserv_t)
@@ -6947,7 +6960,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.
  corenet_dontaudit_tcp_bind_all_reserved_ports(ypserv_t)
  corenet_dontaudit_udp_bind_all_reserved_ports(ypserv_t)
  corenet_sendrecv_generic_server_packets(ypserv_t)
-@@ -332,6 +342,8 @@
+@@ -332,6 +345,8 @@
  corenet_udp_bind_all_nodes(ypxfr_t)
  corenet_tcp_bind_reserved_port(ypxfr_t)
  corenet_udp_bind_reserved_port(ypxfr_t)
@@ -8833,7 +8846,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-2.6.4/policy/modules/services/samba.te
 --- nsaserefpolicy/policy/modules/services/samba.te	2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/samba.te	2007-09-25 17:10:56.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/samba.te	2007-10-01 16:01:17.000000000 -0400
 @@ -16,6 +16,14 @@
  
  ## <desc>
@@ -9156,14 +9169,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
 +allow swat_t nmbd_port_t:udp_socket name_bind;
 +allow swat_t nmbd_t:process { signal signull };
 +allow swat_t nmbd_var_run_t:file { lock read unlink };
-+
+ 
+-rw_files_pattern(swat_t,samba_etc_t,samba_etc_t)
 +init_read_utmp(swat_t)
 +init_dontaudit_write_utmp(swat_t)
 +
 +manage_dirs_pattern(swat_t,samba_log_t,samba_log_t)
 +create_files_pattern(swat_t,samba_log_t,samba_log_t)
- 
--rw_files_pattern(swat_t,samba_etc_t,samba_etc_t)
++
 +manage_files_pattern(swat_t,samba_etc_t,samba_etc_t)
 +
 +manage_files_pattern(swat_t,samba_var_t,samba_var_t)
@@ -9308,7 +9321,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  allow winbind_helper_t samba_var_t:dir search;
  
  stream_connect_pattern(winbind_helper_t,winbind_var_run_t,winbind_var_run_t,winbind_t)
-@@ -763,4 +838,64 @@
+@@ -763,4 +838,66 @@
  optional_policy(`
  	squid_read_log(winbind_helper_t)
  	squid_append_log(winbind_helper_t)
@@ -9353,6 +9366,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
 +
 +miscfiles_read_localization(smbcontrol_t)
 +
++domain_use_interactive_fds(smbcontrol_t)
++
 +files_search_var_lib(smbcontrol_t)
 +samba_read_config(smbcontrol_t)
 +samba_rw_var_files(smbcontrol_t)
@@ -10210,7 +10225,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-2.6.4/policy/modules/system/authlogin.if
 --- nsaserefpolicy/policy/modules/system/authlogin.if	2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/authlogin.if	2007-09-24 17:17:32.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/authlogin.if	2007-10-01 16:38:06.000000000 -0400
 @@ -27,11 +27,9 @@
  	domain_type($1_chkpwd_t)
  	domain_entry_file($1_chkpwd_t,chkpwd_exec_t)
@@ -10284,7 +10299,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  
  	domain_type($1)
  	domain_subj_id_change_exemption($1)
-@@ -187,6 +183,11 @@
+@@ -187,9 +183,18 @@
  	domain_obj_id_change_exemption($1)
  	role system_r types $1;
  
@@ -10296,7 +10311,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  	# for SSP/ProPolice
  	dev_read_urand($1)
  
-@@ -207,13 +208,16 @@
++	# for fingerprint readers
++	dev_rw_input_dev($1)
++	dev_rw_generic_usb_dev($1)
++
+ 	files_read_etc_files($1)
+ 
+ 	selinux_get_fs_mount($1)
+@@ -207,13 +212,16 @@
  	mls_fd_share_all_levels($1)
  
  	auth_domtrans_chk_passwd($1)
@@ -10314,7 +10336,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  	init_rw_utmp($1)
  
  	logging_send_syslog_msg($1)
-@@ -221,6 +225,7 @@
+@@ -221,6 +229,7 @@
  	seutil_read_config($1)
  	seutil_read_default_contexts($1)
  
@@ -10322,7 +10344,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  	tunable_policy(`allow_polyinstantiation',`
  		files_polyinstantiate_all($1)
  	')
-@@ -320,10 +325,6 @@
+@@ -320,10 +329,6 @@
  		type system_chkpwd_t, chkpwd_exec_t, shadow_t;
  	')
  
@@ -10333,7 +10355,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  	corecmd_search_bin($1)
  	domtrans_pattern($1,chkpwd_exec_t,system_chkpwd_t)
  
-@@ -332,6 +333,8 @@
+@@ -332,6 +337,8 @@
  	dev_read_rand($1)
  	dev_read_urand($1)
  
@@ -10342,7 +10364,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  	miscfiles_read_certs($1)
  
  	sysnet_dns_name_resolve($1)
-@@ -357,6 +360,37 @@
+@@ -357,6 +364,37 @@
  
  ########################################
  ## <summary>
@@ -10380,7 +10402,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  ##	Get the attributes of the shadow passwords file.
  ## </summary>
  ## <param name="domain">
-@@ -1357,6 +1391,8 @@
+@@ -1357,6 +1395,8 @@
  
  	optional_policy(`
  		samba_stream_connect_winbind($1)
@@ -10389,7 +10411,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  	')
  ')
  
-@@ -1391,3 +1427,114 @@
+@@ -1391,3 +1431,114 @@
  	typeattribute $1 can_write_shadow_passwords;
  	typeattribute $1 can_relabelto_shadow_passwords;
  ')
@@ -12840,7 +12862,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-2.6.4/policy/modules/system/unconfined.te
 --- nsaserefpolicy/policy/modules/system/unconfined.te	2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/unconfined.te	2007-09-24 17:20:49.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/unconfined.te	2007-10-01 16:12:39.000000000 -0400
 @@ -6,6 +6,15 @@
  # Declarations
  #
@@ -12918,7 +12940,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
  ')
  
  ########################################
-@@ -200,10 +215,18 @@
+@@ -200,10 +215,22 @@
  #
  
  ifdef(`targeted_policy',`
@@ -12930,6 +12952,10 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
  	unconfined_domain_noaudit(unconfined_execmem_t)
  
  	optional_policy(`
++		avahi_dbus_chat(unconfined_execmem_t)
++	')
++
++	optional_policy(`
 +		hal_dbus_chat(unconfined_execmem_t)
 +	')
 +
diff --git a/selinux-policy.spec b/selinux-policy.spec
index b46417d..40cc08e 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 2.6.4
-Release: 45%{?dist}
+Release: 46%{?dist}
 License: GPL
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -361,6 +361,9 @@ semodule -b base.pp -r bootloader -r clock -r dpkg -r fstools -r hotplug -r init
 %endif
 
 %changelog
+* Mon Oct 1 2007 Dan Walsh <dwalsh@redhat.com> 2.6.4-46
+- Allow smbcontrol to work on terminal windows
+
 * Mon Sep 24 2007 Dan Walsh <dwalsh@redhat.com> 2.6.4-45
 - Allow nsswitch apps to read samba_var_t
 - Changes to allow setroubleshoot to run