From: domg472@gmail.com (Dominick Grift)
Date: Mon, 22 Mar 2010 20:50:03 +0100
Subject: [refpolicy] [ likewise patch 1/1] Likewise fixes.
Message-ID: <20100322195001.GA3890@localhost.localdomain>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Enclosed are some pretty insignifant modifications to likewise policy, mostly cosmetic.

Signed-off-by: Dominick Grift <domg472@gmail.com>
---
:100644 100644 057a4e4... 2521c12... M	policy/modules/services/likewise.fc
:100644 100644 771e04b... 200b58c... M	policy/modules/services/likewise.if
:100644 100644 5f2bded... fdcae6b... M	policy/modules/services/likewise.te
 policy/modules/services/likewise.fc |   98 +++++++++++++++++-----------------
 policy/modules/services/likewise.if |   11 ++--
 policy/modules/services/likewise.te |   26 +++++----
 3 files changed, 70 insertions(+), 65 deletions(-)

diff --git a/policy/modules/services/likewise.fc b/policy/modules/services/likewise.fc
index 057a4e4..2521c12 100644
--- a/policy/modules/services/likewise.fc
+++ b/policy/modules/services/likewise.fc
@@ -1,54 +1,54 @@
-/etc/likewise-open(/.*)?			gen_context(system_u:object_r:likewise_etc_t,s0)
-/etc/likewise-open/.pstore.lock		--	gen_context(system_u:object_r:likewise_pstore_lock_t,s0)
-/etc/likewise-open/likewise-krb5-ad.conf --	gen_context(system_u:object_r:likewise_krb5_ad_t,s0)
+/etc/likewise-open(/.*)?							gen_context(system_u:object_r:likewise_etc_t,s0)
+/etc/likewise-open/\.pstore\.lock				--	gen_context(system_u:object_r:likewise_pstore_lock_t,s0)
+/etc/likewise-open/likewise-krb5-ad\.conf		--	gen_context(system_u:object_r:likewise_krb5_ad_t,s0)
 
-/etc/rc\.d/init\.d/dcerpcd		--	gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
-/etc/rc\.d/init\.d/eventlogd		--	gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
-/etc/rc\.d/init\.d/lsassd		--	gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
-/etc/rc\.d/init\.d/lwiod		--	gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
-/etc/rc\.d/init\.d/lwregd		--	gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
-/etc/rc\.d/init\.d/lwsmd		--	gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
-/etc/rc\.d/init\.d/netlogond		--	gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
-/etc/rc\.d/init\.d/srvsvcd		--	gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
+/etc/rc\.d/init\.d/dcerpcd						--	gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
+/etc/rc\.d/init\.d/eventlogd					--	gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
+/etc/rc\.d/init\.d/lsassd						--	gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
+/etc/rc\.d/init\.d/lwiod						--	gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
+/etc/rc\.d/init\.d/lwregd						--	gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
+/etc/rc\.d/init\.d/lwsmd						--	gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
+/etc/rc\.d/init\.d/netlogond					--	gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
+/etc/rc\.d/init\.d/srvsvcd						--	gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
 
-/usr/sbin/dcerpcd			--	gen_context(system_u:object_r:dcerpcd_exec_t,s0)
-/usr/sbin/eventlogd			--	gen_context(system_u:object_r:eventlogd_exec_t,s0)
-/usr/sbin/lsassd			--	gen_context(system_u:object_r:lsassd_exec_t,s0)
-/usr/sbin/lwiod				--	gen_context(system_u:object_r:lwiod_exec_t,s0)
-/usr/sbin/lwregd			--	gen_context(system_u:object_r:lwregd_exec_t,s0)
-/usr/sbin/lwsmd				--	gen_context(system_u:object_r:lwsmd_exec_t,s0)
-/usr/sbin/netlogond			--	gen_context(system_u:object_r:netlogond_exec_t,s0)
-/usr/sbin/srvsvcd			--	gen_context(system_u:object_r:srvsvcd_exec_t,s0)
+/usr/sbin/dcerpcd								--	gen_context(system_u:object_r:dcerpcd_exec_t,s0)
+/usr/sbin/eventlogd								--	gen_context(system_u:object_r:eventlogd_exec_t,s0)
+/usr/sbin/lsassd								--	gen_context(system_u:object_r:lsassd_exec_t,s0)
+/usr/sbin/lwiod									--	gen_context(system_u:object_r:lwiod_exec_t,s0)
+/usr/sbin/lwregd								--	gen_context(system_u:object_r:lwregd_exec_t,s0)
+/usr/sbin/lwsmd									--	gen_context(system_u:object_r:lwsmd_exec_t,s0)
+/usr/sbin/netlogond								--	gen_context(system_u:object_r:netlogond_exec_t,s0)
+/usr/sbin/srvsvcd								--	gen_context(system_u:object_r:srvsvcd_exec_t,s0)
 
-/var/lib/likewise-open(/.*)?			gen_context(system_u:object_r:likewise_var_lib_t,s0)
-/var/lib/likewise-open/\.lsassd		-s	gen_context(system_u:object_r:lsassd_var_socket_t,s0)
-/var/lib/likewise-open/\.lwiod		-s	gen_context(system_u:object_r:lwiod_var_socket_t,s0)
-/var/lib/likewise-open/\.regsd		-s	gen_context(system_u:object_r:lwregd_var_socket_t,s0)
-/var/lib/likewise-open/\.lwsm		-s	gen_context(system_u:object_r:lwsmd_var_socket_t,s0)
-/var/lib/likewise-open/\.netlogond	-s	gen_context(system_u:object_r:netlogond_var_socket_t,s0)
-/var/lib/likewise-open/\.ntlmd		-s	gen_context(system_u:object_r:lsassd_var_socket_t,s0)
-/var/lib/likewise-open/krb5-affinity.conf --	gen_context(system_u:object_r:netlogond_var_lib_t, s0)
-/var/lib/likewise-open/krb5ccr_lsass	--	gen_context(system_u:object_r:lsassd_var_lib_t, s0)
-/var/lib/likewise-open/LWNetsd\.err	--	gen_context(system_u:object_r:netlogond_var_lib_t,s0)
-/var/lib/likewise-open/lsasd\.err	--	gen_context(system_u:object_r:lsassd_var_lib_t,s0)
-/var/lib/likewise-open/regsd\.err	--	gen_context(system_u:object_r:lwregd_var_lib_t,s0)
-/var/lib/likewise-open/db		-d	gen_context(system_u:object_r:likewise_var_lib_t,s0)
-/var/lib/likewise-open/db/lwi_events.db	--	gen_context(system_u:object_r:eventlogd_var_lib_t,s0)
-/var/lib/likewise-open/db/sam\.db	--	gen_context(system_u:object_r:lsassd_var_lib_t,s0)
-/var/lib/likewise-open/db/lsass-adcache\.db --	gen_context(system_u:object_r:lsassd_var_lib_t,s0)
-/var/lib/likewise-open/db/lsass-adstate\.filedb -- gen_context(system_u:object_r:lsassd_var_lib_t,s0)
-/var/lib/likewise-open/db/registry\.db	--	gen_context(system_u:object_r:lwregd_var_lib_t,s0)
-/var/lib/likewise-open/rpc		-d	gen_context(system_u:object_r:likewise_var_lib_t,s0)
-/var/lib/likewise-open/rpc/epmapper	-s	gen_context(system_u:object_r:dcerpcd_var_socket_t, s0)
-/var/lib/likewise-open/rpc/lsass	-s	gen_context(system_u:object_r:lsassd_var_socket_t, s0)
-/var/lib/likewise-open/rpc/socket 	-s	gen_context(system_u:object_r:eventlogd_var_socket_t, s0)
-/var/lib/likewise-open/run		-d	gen_context(system_u:object_r:likewise_var_lib_t,s0)
-/var/lib/likewise-open/run/rpcdep.dat	--	gen_context(system_u:object_r:dcerpcd_var_lib_t, s0)
+/var/lib/likewise-open(/.*)?						gen_context(system_u:object_r:likewise_var_lib_t,s0)
+/var/lib/likewise-open/\.lsassd					-s	gen_context(system_u:object_r:lsassd_var_socket_t,s0)
+/var/lib/likewise-open/\.lwiod					-s	gen_context(system_u:object_r:lwiod_var_socket_t,s0)
+/var/lib/likewise-open/\.regsd					-s	gen_context(system_u:object_r:lwregd_var_socket_t,s0)
+/var/lib/likewise-open/\.lwsm					-s	gen_context(system_u:object_r:lwsmd_var_socket_t,s0)
+/var/lib/likewise-open/\.netlogond				-s	gen_context(system_u:object_r:netlogond_var_socket_t,s0)
+/var/lib/likewise-open/\.ntlmd					-s	gen_context(system_u:object_r:lsassd_var_socket_t,s0)
+/var/lib/likewise-open/krb5-affinity\.conf		--	gen_context(system_u:object_r:netlogond_var_lib_t,s0)
+/var/lib/likewise-open/krb5ccr_lsass			--	gen_context(system_u:object_r:lsassd_var_lib_t,s0)
+/var/lib/likewise-open/LWNetsd\.err				--	gen_context(system_u:object_r:netlogond_var_lib_t,s0)
+/var/lib/likewise-open/lsasd\.err				--	gen_context(system_u:object_r:lsassd_var_lib_t,s0)
+/var/lib/likewise-open/regsd\.err				--	gen_context(system_u:object_r:lwregd_var_lib_t,s0)
+/var/lib/likewise-open/db						-d	gen_context(system_u:object_r:likewise_var_lib_t,s0)
+/var/lib/likewise-open/db/lwi_events\.db		--	gen_context(system_u:object_r:eventlogd_var_lib_t,s0)
+/var/lib/likewise-open/db/sam\.db				--	gen_context(system_u:object_r:lsassd_var_lib_t,s0)
+/var/lib/likewise-open/db/lsass-adcache\.db		--	gen_context(system_u:object_r:lsassd_var_lib_t,s0)
+/var/lib/likewise-open/db/lsass-adstate\.filedb --	gen_context(system_u:object_r:lsassd_var_lib_t,s0)
+/var/lib/likewise-open/db/registry\.db			--	gen_context(system_u:object_r:lwregd_var_lib_t,s0)
+/var/lib/likewise-open/rpc						-d	gen_context(system_u:object_r:likewise_var_lib_t,s0)
+/var/lib/likewise-open/rpc/epmapper				-s	gen_context(system_u:object_r:dcerpcd_var_socket_t,s0)
+/var/lib/likewise-open/rpc/lsass				-s	gen_context(system_u:object_r:lsassd_var_socket_t,s0)
+/var/lib/likewise-open/rpc/socket				-s	gen_context(system_u:object_r:eventlogd_var_socket_t,s0)
+/var/lib/likewise-open/run						-d	gen_context(system_u:object_r:likewise_var_lib_t,s0)
+/var/lib/likewise-open/run/rpcdep\.dat			--	gen_context(system_u:object_r:dcerpcd_var_lib_t,s0)
 
-/var/run/eventlogd.pid			--	gen_context(system_u:object_r:eventlogd_var_run_t,s0)
-/var/run/lsassd.pid			--	gen_context(system_u:object_r:lsassd_var_run_t,s0)
-/var/run/lwiod.pid			--	gen_context(system_u:object_r:lwiod_var_run_t,s0)
-/var/run/lwregd.pid			--	gen_context(system_u:object_r:lwregd_var_run_t,s0)
-/var/run/netlogond.pid			--	gen_context(system_u:object_r:netlogond_var_run_t,s0)
-/var/run/srvsvcd.pid			--	gen_context(system_u:object_r:srvsvcd_var_run_t,s0)
+/var/run/eventlogd\.pid							--	gen_context(system_u:object_r:eventlogd_var_run_t,s0)
+/var/run/lsassd\.pid							--	gen_context(system_u:object_r:lsassd_var_run_t,s0)
+/var/run/lwiod\.pid								--	gen_context(system_u:object_r:lwiod_var_run_t,s0)
+/var/run/lwregd\.pid							--	gen_context(system_u:object_r:lwregd_var_run_t,s0)
+/var/run/netlogond\.pid							--	gen_context(system_u:object_r:netlogond_var_run_t,s0)
+/var/run/srvsvcd\.pid							--	gen_context(system_u:object_r:srvsvcd_var_run_t,s0)
 
diff --git a/policy/modules/services/likewise.if b/policy/modules/services/likewise.if
index 771e04b..200b58c 100644
--- a/policy/modules/services/likewise.if
+++ b/policy/modules/services/likewise.if
@@ -1,9 +1,10 @@
 ## <summary>Likewise Active Directory support for UNIX.</summary>
 ## <desc>
 ##	<p>
-##	Likewise Open is a free, open source application that joins Linux, Unix,
-##	and Mac machines to Microsoft Active Directory to securely authenticate
-##	users with their domain credentials.
+##	Likewise Open is a free, open source application that
+##	joins Linux, Unix, and Mac machines to Microsoft Active
+##	Directory to securely authenticate users with their
+##	domain credentials.
 ##	</p>
 ## </desc>
 
@@ -24,7 +25,6 @@
 ## </param>
 #
 template(`likewise_domain_template',`
-
 	gen_require(`
 		attribute likewise_domains;
 		type likewise_var_lib_t;
@@ -87,7 +87,8 @@ template(`likewise_domain_template',`
 
 ########################################
 ## <summary>
-##	Connect to lsassd.
+##	Connect to lsassd on a unix stream
+##	socket.
 ## </summary>
 ## <param name="domain">
 ##	<summary>
diff --git a/policy/modules/services/likewise.te b/policy/modules/services/likewise.te
index 5f2bded..fdcae6b 100644
--- a/policy/modules/services/likewise.te
+++ b/policy/modules/services/likewise.te
@@ -44,13 +44,14 @@ likewise_domain_template(srvsvcd)
 
 #################################
 #
-# Likewise dcerpcd personal policy
+# Likewise dcerpcd policy
 #
 
 stream_connect_pattern(dcerpcd_t, likewise_var_lib_t, lwregd_var_socket_t, lwregd_t)
 
 corenet_all_recvfrom_netlabel(dcerpcd_t)
 corenet_all_recvfrom_unlabeled(dcerpcd_t)
+corenet_sendrecv_epmap_server_packets(dcerpcd_t)
 corenet_sendrecv_generic_client_packets(dcerpcd_t)
 corenet_sendrecv_generic_server_packets(dcerpcd_t)
 corenet_tcp_sendrecv_generic_if(dcerpcd_t)
@@ -61,6 +62,7 @@ corenet_tcp_bind_epmap_port(dcerpcd_t)
 corenet_tcp_connect_generic_port(dcerpcd_t)
 corenet_udp_bind_generic_node(dcerpcd_t)
 corenet_udp_bind_epmap_port(dcerpcd_t)
+corenet_udp_sendrecv_epmap_port(dcerpcd_t)
 corenet_udp_sendrecv_generic_if(dcerpcd_t)
 corenet_udp_sendrecv_generic_node(dcerpcd_t)
 corenet_udp_sendrecv_generic_port(dcerpcd_t)
@@ -87,7 +89,7 @@ corenet_udp_sendrecv_generic_port(eventlogd_t)
 
 #################################
 #
-# Likewise Authentication service local policy
+# Likewise Authentication service policy
 #
 
 allow lsassd_t self:capability { fowner chown fsetid dac_override sys_time };
@@ -118,6 +120,7 @@ corecmd_exec_shell(lsassd_t)
 
 corenet_all_recvfrom_netlabel(lsassd_t)
 corenet_all_recvfrom_unlabeled(lsassd_t)
+corenet_sendrecv_epmap_client_packets(lsassd_t)
 corenet_tcp_sendrecv_generic_if(lsassd_t)
 corenet_tcp_sendrecv_generic_node(lsassd_t)
 corenet_tcp_sendrecv_generic_port(lsassd_t)
@@ -153,7 +156,7 @@ optional_policy(`
 
 #################################
 #
-# Likewise I/O service local policy
+# Likewise I/O service policy
 #
 
 allow lwiod_t self:capability { fowner chown fsetid dac_override };
@@ -169,12 +172,13 @@ corenet_all_recvfrom_netlabel(lwiod_t)
 corenet_all_recvfrom_unlabeled(lwiod_t)
 corenet_sendrecv_smbd_server_packets(lwiod_t)
 corenet_sendrecv_smbd_client_packets(lwiod_t)
-corenet_tcp_sendrecv_generic_if(lwiod_t)
-corenet_tcp_sendrecv_generic_node(lwiod_t)
-corenet_tcp_sendrecv_generic_port(lwiod_t)
 corenet_tcp_bind_generic_node(lwiod_t)
 corenet_tcp_bind_smbd_port(lwiod_t)
 corenet_tcp_connect_smbd_port(lwiod_t)
+corenet_tcp_sendrecv_generic_if(lwiod_t)
+corenet_tcp_sendrecv_generic_node(lwiod_t)
+corenet_tcp_sendrecv_generic_port(lwiod_t)
+corenet_tcp_sendrecv_smbd_port(lwiod_t)
 
 sysnet_read_config(lwiod_t)
 
@@ -185,7 +189,7 @@ optional_policy(`
 
 #################################
 #
-# Likewise Service Manager service local policy
+# Likewise Service Manager service policy
 #
 
 allow lwsmd_t likewise_domains:process signal;
@@ -203,10 +207,10 @@ stream_connect_pattern(lwsmd_t, likewise_var_lib_t, lwregd_var_socket_t, lwregd_
 
 #################################
 #
-# Likewise DC location service local policy
+# Likewise DC location service policy
 #
 
-allow netlogond_t self:capability {dac_override};
+allow netlogond_t self:capability dac_override;
 
 manage_files_pattern(netlogond_t, likewise_etc_t, likewise_etc_t)
 
@@ -217,7 +221,7 @@ sysnet_use_ldap(netlogond_t)
 
 #################################
 #
-# Likewise Srv service local policy
+# Likewise Srv service policy
 #
 
 allow srvsvcd_t likewise_etc_t:dir search_dir_perms;
@@ -229,10 +233,10 @@ stream_connect_pattern(srvsvcd_t, likewise_var_lib_t, lwregd_var_socket_t, lwreg
 corenet_all_recvfrom_netlabel(srvsvcd_t)
 corenet_all_recvfrom_unlabeled(srvsvcd_t)
 corenet_sendrecv_generic_server_packets(srvsvcd_t)
+corenet_tcp_bind_generic_node(srvsvcd_t)
 corenet_tcp_sendrecv_generic_if(srvsvcd_t)
 corenet_tcp_sendrecv_generic_node(srvsvcd_t)
 corenet_tcp_sendrecv_generic_port(srvsvcd_t)
-corenet_tcp_bind_generic_node(srvsvcd_t)
 
 optional_policy(`
 	kerberos_use(srvsvcd_t)
-- 
1.7.0.1

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20100322/15c955fb/attachment.bin