From 5ef740e54bacfb4d99d89be967dde55d376ecfd3 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com>
Date: Sep 13 2010 18:47:02 +0000
Subject: Fix gnome_setattr_config_home

Allow exec of sandbox_file_type by calling apps
Fix typos

---

diff --git a/policy/modules/apps/gnome.if b/policy/modules/apps/gnome.if
index db1a0d0..d3b8cc8 100644
--- a/policy/modules/apps/gnome.if
+++ b/policy/modules/apps/gnome.if
@@ -258,25 +258,6 @@ template(`gnome_read_config',`
 
 ########################################
 ## <summary>
-##	Set attributes of Gnome config dirs.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`gnome_setattr_config_dirs',`
-	gen_require(`
-		type gnome_home_t;
-	')
-
-	setattr_dirs_pattern($1, gnome_home_t, gnome_home_t)
-	files_search_home($1)
-')
-
-########################################
-## <summary>
 ##	Create objects in a Gnome gconf home directory
 ##	with an automatic type transition to
 ##	a specified private type.
@@ -508,6 +489,25 @@ template(`gnome_list_home_config',`
 
 ########################################
 ## <summary>
+##	Set attributes of gnome homedir content (.config)
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+template(`gnome_setattr_home_config',`
+	gen_require(`
+		type config_home_t;
+	')
+
+	setattr_dirs_pattern($1, config_home_t, config_home_t)
+	userdom_search_user_home_dirs($1)
+')
+
+########################################
+## <summary>
 ##	read gnome homedir content (.config)
 ## </summary>
 ## <param name="domain">
diff --git a/policy/modules/apps/mozilla.te b/policy/modules/apps/mozilla.te
index 3018e86..7c260fa 100644
--- a/policy/modules/apps/mozilla.te
+++ b/policy/modules/apps/mozilla.te
@@ -358,7 +358,7 @@ optional_policy(`
 
 optional_policy(`
 	gnome_manage_home_config(mozilla_plugin_t)
-	gnome_setattr_config_dirs(mozilla_plugin_t)
+	gnome_setattr_home_config(mozilla_plugin_t)
 ')
 
 optional_policy(`
diff --git a/policy/modules/apps/pulseaudio.if b/policy/modules/apps/pulseaudio.if
index 3b0d3be..15fef11 100644
--- a/policy/modules/apps/pulseaudio.if
+++ b/policy/modules/apps/pulseaudio.if
@@ -219,6 +219,7 @@ interface(`pulseaudio_read_home_files',`
 
 	userdom_search_user_home_dirs($1)
 	read_files_pattern($1, pulseaudio_home_t, pulseaudio_home_t)
+	read_lnk_files_pattern($1, pulseaudio_home_t, pulseaudio_home_t)
 ')
 
 ########################################
@@ -237,6 +238,7 @@ interface(`pulseaudio_rw_home_files',`
 	')
 
 	rw_files_pattern($1, pulseaudio_home_t, pulseaudio_home_t)
+	read_lnk_files_pattern($1, pulseaudio_home_t, pulseaudio_home_t)
 	userdom_search_user_home_dirs($1)
 ')
 
diff --git a/policy/modules/apps/sandbox.if b/policy/modules/apps/sandbox.if
index c20d303..5dd356f 100644
--- a/policy/modules/apps/sandbox.if
+++ b/policy/modules/apps/sandbox.if
@@ -54,6 +54,7 @@ interface(`sandbox_transition',`
 	allow $1 sandbox_tmpfs_type:file manage_file_perms;
 	dontaudit $1 sandbox_tmpfs_type:file manage_file_perms;
 
+	can_exec($1, sandbox_file_type)
 	manage_files_pattern($1, sandbox_file_type, sandbox_file_type);
 	manage_dirs_pattern($1, sandbox_file_type, sandbox_file_type);
 	manage_sock_files_pattern($1, sandbox_file_type, sandbox_file_type);
diff --git a/policy/modules/apps/telepathy.te b/policy/modules/apps/telepathy.te
index 779a54b..aa34be4 100644
--- a/policy/modules/apps/telepathy.te
+++ b/policy/modules/apps/telepathy.te
@@ -70,8 +70,6 @@ dev_read_urand(telepathy_msn_t)
 files_read_etc_files(telepathy_msn_t)
 files_read_usr_files(telepathy_msn_t)
 
-kernel_read_system_state(telepathy_msn_t)
-
 auth_use_nsswitch(telepathy_msn_t)
 
 libs_exec_ldconfig(telepathy_msn_t)
@@ -263,8 +261,6 @@ dev_read_urand(telepathy_sunshine_t)
 files_read_etc_files(telepathy_sunshine_t)
 files_read_usr_files(telepathy_sunshine_t)
 
-kernel_read_system_state(telepathy_sunshine_t)
-
 optional_policy(`
         xserver_read_xdm_pid(telepathy_sunshine_t)
         xserver_stream_connect(telepathy_sunshine_t)
@@ -290,6 +286,8 @@ corenet_tcp_sendrecv_generic_if(telepathy_domain)
 corenet_tcp_sendrecv_generic_node(telepathy_domain)
 corenet_udp_bind_generic_node(telepathy_domain)
 
+kernel_read_system_state(telepathy_domain)
+
 fs_search_auto_mountpoints(telepathy_domain)
 
 miscfiles_read_localization(telepathy_domain)
diff --git a/policy/modules/services/kerberos.te b/policy/modules/services/kerberos.te
index ca4bea5..225e33f 100644
--- a/policy/modules/services/kerberos.te
+++ b/policy/modules/services/kerberos.te
@@ -252,7 +252,7 @@ selinux_validate_context(krb5kdc_t)
 
 logging_send_syslog_msg(krb5kdc_t)
 
-miscfiles_read_geniric_certs(krb5kdc_t)
+miscfiles_read_generic_certs(krb5kdc_t)
 miscfiles_read_localization(krb5kdc_t)
 
 seutil_read_file_contexts(krb5kdc_t)
diff --git a/policy/modules/services/passenger.fc b/policy/modules/services/passenger.fc
index e75adfa..8d00972 100644
--- a/policy/modules/services/passenger.fc
+++ b/policy/modules/services/passenger.fc
@@ -3,4 +3,4 @@
 
 /var/lib/passenger(/.*)?           gen_context(system_u:object_r:passenger_var_lib_t,s0)
 
-/var/run/passenger(/.*)?           gen_context(system_u:object_r:passenger_state_t,s0)
+/var/run/passenger(/.*)?           gen_context(system_u:object_r:passenger_var_run_t,s0)