From 92268c5912dcc13b5dc96e200ce76c5569a2f590 Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Jan 18 2006 22:33:36 +0000
Subject: move certwatch to admin, its not a daemon


---

diff --git a/refpolicy/policy/modules/admin/certwatch.fc b/refpolicy/policy/modules/admin/certwatch.fc
new file mode 100644
index 0000000..b8a3414
--- /dev/null
+++ b/refpolicy/policy/modules/admin/certwatch.fc
@@ -0,0 +1 @@
+/usr/bin/certwatch	-- gen_context(system_u:object_r:certwatch_exec_t,s0)
diff --git a/refpolicy/policy/modules/admin/certwatch.if b/refpolicy/policy/modules/admin/certwatch.if
new file mode 100644
index 0000000..bebb19e
--- /dev/null
+++ b/refpolicy/policy/modules/admin/certwatch.if
@@ -0,0 +1,51 @@
+## <summary>Digital Certificate Tracking</summary>
+
+########################################
+## <summary>
+##	Domain transition to certwatch.
+## </summary>
+## <param name="domain">
+##	Domain allowed access.
+## </param>
+#
+interface(`certwatch_domtrans',`
+	gen_require(`
+		type certwatch_exec_t, certwatch_t;
+	')
+
+	files_search_usr($1)
+	corecmd_search_sbin($1)
+	domain_auto_trans($1,certwatch_exec_t,certwatch_t)
+
+	allow $1 certwatch_t:fd use;
+	allow certwatch_t $1:fd use;
+	allow certwatch_t $1:fifo_file rw_file_perms;
+	allow certwatch_t $1:process sigchld;
+')
+
+########################################
+## <summary>
+##	Execute certwatch in the certwatch domain, and
+##	allow the specified role the certwatch domain,
+##	and use the caller's terminal. Has a sigchld
+##	backchannel.
+## </summary>
+## <param name="domain">
+##	The type of the process performing this action.
+## </param>
+## <param name="role">
+##	The role to be allowed the certwatch domain.
+## </param>
+## <param name="terminal">
+##	The type of the terminal allow the certwatch domain to use.
+## </param>
+#
+interface(`certwatach_run',`
+	gen_require(`
+		type certwatch_t;
+	')
+
+	certwatch_domtrans($1)
+	role $2 types certwatch_t;
+	allow certwatch_t $3:chr_file rw_term_perms;
+')
diff --git a/refpolicy/policy/modules/admin/certwatch.te b/refpolicy/policy/modules/admin/certwatch.te
new file mode 100644
index 0000000..8087765
--- /dev/null
+++ b/refpolicy/policy/modules/admin/certwatch.te
@@ -0,0 +1,34 @@
+
+policy_module(certwatch,1.0)
+
+########################################
+#
+# Declarations
+#
+
+type certwatch_t;
+type certwatch_exec_t;
+domain_type(certwatch_t)
+domain_entry_file(certwatch_t,certwatch_exec_t)
+role system_r types certwatch_t;
+
+########################################
+#
+# Local policy
+#
+
+files_read_etc_files(certwatch_t)
+
+libs_use_ld_so(certwatch_t)
+libs_use_shared_libs(certwatch_t)
+
+logging_send_syslog_msg(certwatch_t)
+
+miscfiles_read_certs(certwatch_t)
+miscfiles_read_localization(certwatch_t)
+
+apache_exec_modules(certwatch_t)
+
+optional_policy(`cron',`
+	cron_system_entry(certwatch_t,certwatch_exec_t)
+')
diff --git a/refpolicy/policy/modules/services/certwatch.fc b/refpolicy/policy/modules/services/certwatch.fc
deleted file mode 100644
index b8a3414..0000000
--- a/refpolicy/policy/modules/services/certwatch.fc
+++ /dev/null
@@ -1 +0,0 @@
-/usr/bin/certwatch	-- gen_context(system_u:object_r:certwatch_exec_t,s0)
diff --git a/refpolicy/policy/modules/services/certwatch.if b/refpolicy/policy/modules/services/certwatch.if
deleted file mode 100644
index bebb19e..0000000
--- a/refpolicy/policy/modules/services/certwatch.if
+++ /dev/null
@@ -1,51 +0,0 @@
-## <summary>Digital Certificate Tracking</summary>
-
-########################################
-## <summary>
-##	Domain transition to certwatch.
-## </summary>
-## <param name="domain">
-##	Domain allowed access.
-## </param>
-#
-interface(`certwatch_domtrans',`
-	gen_require(`
-		type certwatch_exec_t, certwatch_t;
-	')
-
-	files_search_usr($1)
-	corecmd_search_sbin($1)
-	domain_auto_trans($1,certwatch_exec_t,certwatch_t)
-
-	allow $1 certwatch_t:fd use;
-	allow certwatch_t $1:fd use;
-	allow certwatch_t $1:fifo_file rw_file_perms;
-	allow certwatch_t $1:process sigchld;
-')
-
-########################################
-## <summary>
-##	Execute certwatch in the certwatch domain, and
-##	allow the specified role the certwatch domain,
-##	and use the caller's terminal. Has a sigchld
-##	backchannel.
-## </summary>
-## <param name="domain">
-##	The type of the process performing this action.
-## </param>
-## <param name="role">
-##	The role to be allowed the certwatch domain.
-## </param>
-## <param name="terminal">
-##	The type of the terminal allow the certwatch domain to use.
-## </param>
-#
-interface(`certwatach_run',`
-	gen_require(`
-		type certwatch_t;
-	')
-
-	certwatch_domtrans($1)
-	role $2 types certwatch_t;
-	allow certwatch_t $3:chr_file rw_term_perms;
-')
diff --git a/refpolicy/policy/modules/services/certwatch.te b/refpolicy/policy/modules/services/certwatch.te
deleted file mode 100644
index 8087765..0000000
--- a/refpolicy/policy/modules/services/certwatch.te
+++ /dev/null
@@ -1,34 +0,0 @@
-
-policy_module(certwatch,1.0)
-
-########################################
-#
-# Declarations
-#
-
-type certwatch_t;
-type certwatch_exec_t;
-domain_type(certwatch_t)
-domain_entry_file(certwatch_t,certwatch_exec_t)
-role system_r types certwatch_t;
-
-########################################
-#
-# Local policy
-#
-
-files_read_etc_files(certwatch_t)
-
-libs_use_ld_so(certwatch_t)
-libs_use_shared_libs(certwatch_t)
-
-logging_send_syslog_msg(certwatch_t)
-
-miscfiles_read_certs(certwatch_t)
-miscfiles_read_localization(certwatch_t)
-
-apache_exec_modules(certwatch_t)
-
-optional_policy(`cron',`
-	cron_system_entry(certwatch_t,certwatch_exec_t)
-')