From: dominick.grift@gmail.com (Dominick Grift)
Date: Fri, 14 Sep 2012 10:56:10 +0200
Subject: [refpolicy] [PATCH] Related to RedHats' system-setup-keyboard daemon
Message-ID: <1347612970-20153-1-git-send-email-dominick.grift@gmail.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com


Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
diff --git a/policy/modules/kernel/files.fc b/policy/modules/kernel/files.fc
index c2c6e05..e424022 100644
--- a/policy/modules/kernel/files.fc
+++ b/policy/modules/kernel/files.fc
@@ -72,6 +72,8 @@
 /etc/sysconfig/iptables\.save -- gen_context(system_u:object_r:etc_runtime_t,s0)
 /etc/sysconfig/firstboot --	gen_context(system_u:object_r:etc_runtime_t,s0)
 
+/etc/(X11/)?xorg\.conf\.d/00-system-setup-keyboard\.conf	--	gen_context(system_u:object_r:etc_runtime_t,s0)
+
 ifdef(`distro_gentoo', `
 /etc/profile\.env	--	gen_context(system_u:object_r:etc_runtime_t,s0)
 /etc/csh\.env		--	gen_context(system_u:object_r:etc_runtime_t,s0)
diff --git a/policy/modules/services/xserver.fc b/policy/modules/services/xserver.fc
index be8f670..f6cfdb4 100644
--- a/policy/modules/services/xserver.fc
+++ b/policy/modules/services/xserver.fc
@@ -61,6 +61,7 @@
 /usr/(s)?bin/[xgkw]dm	--	gen_context(system_u:object_r:xdm_exec_t,s0)
 /usr/bin/gpe-dm		--	gen_context(system_u:object_r:xdm_exec_t,s0)
 /usr/bin/iceauth	--	gen_context(system_u:object_r:iceauth_exec_t,s0)
+/usr/bin/system-setup-keyboard	--	gen_context(system_u:object_r:keyboardd_exec_t,s0)
 /usr/bin/slim		--	gen_context(system_u:object_r:xdm_exec_t,s0)
 /usr/bin/Xair		--	gen_context(system_u:object_r:xserver_exec_t,s0)
 /usr/bin/xauth		--	gen_context(system_u:object_r:xauth_exec_t,s0)
diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
index 2f4ba59..b40ea98 100644
--- a/policy/modules/services/xserver.te
+++ b/policy/modules/services/xserver.te
@@ -132,6 +132,10 @@
 typealias iceauth_home_t alias { auditadm_iceauth_home_t secadm_iceauth_home_t };
 userdom_user_home_content(iceauth_home_t)
 
+type keyboardd_t;
+type keyboardd_exec_t;
+init_daemon_domain(keyboardd_t, keyboardd_exec_t)
+
 type xauth_t;
 type xauth_exec_t;
 typealias xauth_t alias { user_xauth_t staff_xauth_t sysadm_xauth_t };
@@ -244,6 +248,21 @@
 
 ########################################
 #
+# keyboardd local policy
+#
+
+allow keyboardd_t self:fifo_file rw_fifo_file_perms;
+allow keyboardd_t self:unix_stream_socket create_stream_socket_perms;
+
+files_manage_etc_runtime_files(keyboardd_t)
+files_etc_filetrans_etc_runtime(keyboardd_t, file)
+
+files_read_etc_files(keyboardd_t)
+
+miscfiles_read_localization(keyboardd_t)
+
+########################################
+#
 # Xauth local policy
 #