diff options
author | Hans Ulrich Niedermann <hun@n-dimensional.de> | 2009-07-11 22:26:53 +0200 |
---|---|---|
committer | Hans Ulrich Niedermann <hun@n-dimensional.de> | 2009-07-11 22:26:53 +0200 |
commit | 7f32eaf2d20da25cc8041bd210816e80e431f528 (patch) | |
tree | 01f2a828ab44b816bb81693a9bc4b8aa5d351d24 | |
parent | 73ec09583d98a0bf48354dd2a588a1dba506d612 (diff) | |
download | gps-devices-package-7f32eaf2d20da25cc8041bd210816e80e431f528.tar.gz gps-devices-package-7f32eaf2d20da25cc8041bd210816e80e431f528.tar.xz gps-devices-package-7f32eaf2d20da25cc8041bd210816e80e431f528.zip |
New approach: Permissions for user process
-rw-r--r-- | README | 8 | ||||
-rw-r--r-- | gps-devices-policy.fdi (renamed from gpsd-devices-policy.fdi) | 0 | ||||
-rw-r--r-- | gps-devices.spec | 74 | ||||
-rw-r--r-- | gps_device.fc | 1 | ||||
-rw-r--r-- | gps_device.if | 85 | ||||
-rw-r--r-- | gps_device.te.in | 10 | ||||
-rw-r--r-- | gpsd-devices.spec | 99 | ||||
-rw-r--r-- | gpsd_devices.fc | 6 | ||||
-rw-r--r-- | gpsd_devices.if | 1 | ||||
-rw-r--r-- | gpsd_devices.te.in | 70 |
10 files changed, 82 insertions, 272 deletions
@@ -2,6 +2,14 @@ Give access to GPS devices more or less automatically. Basic idea: + 1. Add HAL database of GPS devices + 2. Set up permissions so that user's processes can access those devices. + (unconfined_t user :-) + 3. ??? + 4. Profit! + +Basic idea (discarded due to garmin-gps.ko bitrot): + 1. Run gpsd as a system service as "nobody.gps" and gpsd_t. 2. Communicate with this gpsd a) via /var/run/gpsd.sock for adding/removing devices diff --git a/gpsd-devices-policy.fdi b/gps-devices-policy.fdi index f84b0b4..f84b0b4 100644 --- a/gpsd-devices-policy.fdi +++ b/gps-devices-policy.fdi diff --git a/gps-devices.spec b/gps-devices.spec new file mode 100644 index 0000000..66b3881 --- /dev/null +++ b/gps-devices.spec @@ -0,0 +1,74 @@ +Name: gps-devices +Version: 0.1.0 +Release: 0%{?dist} +Summary: GPS Devices for navigation + +Group: System Environment/Daemons +License: GPLv2+ +URL: http://none/ +Source0: gps-devices-information.fdi +Source1: gps-devices-policy.fdi +Source30: README +BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) + +BuildArch: noarch + +Requires: hal +Requires(pre): shadow-utils + + +%description +Automatic setup and use of GPS devices (Global Positioning System) +for navigational purposes. + + +%prep +%setup -c -T +cp %{SOURCE30} . + + +%build + + +%install +rm -rf "%{buildroot}" + +install -d -m 0755 "%{buildroot}/usr/share/hal/fdi/information/20thirdparty" +install -m 0644 %{SOURCE0} "%{buildroot}/usr/share/hal/fdi/information/20thirdparty/10-gps-devices.fdi" + +install -d -m 0755 "%{buildroot}/usr/share/hal/fdi/policy/20thirdparty" +install -m 0644 %{SOURCE1} "%{buildroot}/usr/share/hal/fdi/policy/20thirdparty/10-gps-devices.fdi" + + +%pre +getent group gps >/dev/null || groupadd -r gps +exit 0 + + +%post +service haldaemon restart +exit 0 + + +%preun +exit 0 + + +%postun +service haldaemon restart +exit 0 + + +%clean +rm -rf "%{buildroot}" + + +%files +%defattr(-,root,root,-) +%doc README +%{_datadir}/hal/fdi/information/20thirdparty/10-gps-devices.fdi +%{_datadir}/hal/fdi/policy/20thirdparty/10-gps-devices.fdi + + +%changelog + diff --git a/gps_device.fc b/gps_device.fc deleted file mode 100644 index cfe57b6..0000000 --- a/gps_device.fc +++ /dev/null @@ -1 +0,0 @@ -/usr/share/gpsd/dummy-device -s gen_context(system_u:object_r:gps_device_t,s0) diff --git a/gps_device.if b/gps_device.if deleted file mode 100644 index 71e904a..0000000 --- a/gps_device.if +++ /dev/null @@ -1,85 +0,0 @@ -## <summary>GPS device file type</summary> -## <desc> -## <p> -## This module just defines gps_device_t, -## by copying the definition of usb_device_t -# from the reference policy. -## </p> -## </desc> -# - - -######################################## -## <summary> -## Getattr generic the GPS devices. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -# -interface(`gps_device_getattr_gps_dev',` - gen_require(` - type gps_device_t; - ') - - getattr_chr_files_pattern($1, device_t, gps_device_t) -') - -######################################## -## <summary> -## Setattr generic the GPS devices. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -# -interface(`gps_device_setattr_gps_dev',` - gen_require(` - type gps_device_t; - ') - - setattr_chr_files_pattern($1, device_t, gps_device_t) -') - -######################################## -## <summary> -## Read generic the GPS devices. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -# -interface(`gps_device_read_gps_dev',` - gen_require(` - type gps_device_t; - ') - - read_chr_files_pattern($1, device_t, gps_device_t) -') - -######################################## -## <summary> -## Read and write generic the GPS devices. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -# -interface(`gps_device_rw_gps_dev',` - gen_require(` - type device_t; - type gps_device_t; - ') - - rw_chr_files_pattern($1, device_t, gps_device_t) -') - - diff --git a/gps_device.te.in b/gps_device.te.in deleted file mode 100644 index 1a9483d..0000000 --- a/gps_device.te.in +++ /dev/null @@ -1,10 +0,0 @@ -policy_module(gps_device,@VERSION@) - -######################################## -# -# Declarations -# -type gps_device_t; -dev_node(gps_device_t) - - diff --git a/gpsd-devices.spec b/gpsd-devices.spec deleted file mode 100644 index 8c8bfb7..0000000 --- a/gpsd-devices.spec +++ /dev/null @@ -1,99 +0,0 @@ -Name: gpsd-devices -Version: 0.0.14 -Release: 0%{?dist} -Summary: GPS Devices for navigation - -Group: System Environment/Daemons -License: GPLv2+ -URL: http://none/ -Source0: gps-devices-information.fdi -Source1: gpsd-devices-policy.fdi -Source11: gps_device.fc -Source12: gps_device.if -Source13: gps_device.te.in -Source21: gpsd_devices.fc -Source22: gpsd_devices.if -Source23: gpsd_devices.te.in -Source30: README -BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) - -BuildArch: noarch - -BuildRequires: selinux-policy -Requires: hal -Requires: gpsd >= 2.39-3.0.1 -Requires(pre): shadow-utils - - -%description -Automatic setup and use of GPS devices (Global Positioning System) -for navigational purposes. - -Set up gpsd such that it is run as a system service. USB devices will -be added to and removed from gpsd automatically. - - -%prep -%setup -c -T -cp %{SOURCE11} %{SOURCE12} . -sed 's|[@]VERSION@|%{version}|' %{SOURCE13} > gps_device.te -cp %{SOURCE21} %{SOURCE22} . -sed 's|[@]VERSION@|%{version}|' %{SOURCE23} > gpsd_devices.te -cp %{SOURCE30} . - - -%build -make -f /usr/share/selinux/devel/Makefile - - -%install -rm -rf "%{buildroot}" - -install -d -m 0755 "%{buildroot}/usr/share/hal/fdi/information/20thirdparty" -install -m 0644 %{SOURCE0} "%{buildroot}/usr/share/hal/fdi/information/20thirdparty/10-gps-devices.fdi" - -install -d -m 0755 "%{buildroot}/usr/share/hal/fdi/policy/20thirdparty" -install -m 0644 %{SOURCE1} "%{buildroot}/usr/share/hal/fdi/policy/20thirdparty/10-gps-devices.fdi" - -# FIXME: HACK! -install -d -m 0755 "%{buildroot}/usr/share/selinux/targeted" -install -m 0644 gps_device.pp gpsd_devices.pp "%{buildroot}/usr/share/selinux/targeted/" - -install -d -m 0755 "%{buildroot}%{_datadir}/gpsd" -mkfifo "%{buildroot}%{_datadir}/gpsd/dummy-device" -chmod 0644 "%{buildroot}%{_datadir}/gpsd/dummy-device" - - -%pre -getent group gps >/dev/null || groupadd -r gps -exit 0 - - -%post -semodule -u "%{_datadir}/selinux/targeted/gps_device.pp" "%{_datadir}/selinux/targeted/gpsd_devices.pp" || semodule -i "%{_datadir}/selinux/targeted/gps_device.pp" "%{_datadir}/selinux/targeted/gpsd_devices.pp" -restorecon -v %{_datadir}/gpsd/dummy-device -service haldaemon restart -exit 0 - - -%preun -semodule -r gpsd-devices gps-device -exit 0 - - -%clean -rm -rf "%{buildroot}" - - -%files -%defattr(-,root,root,-) -%doc README -%{_datadir}/hal/fdi/information/20thirdparty/10-gps-devices.fdi -%{_datadir}/hal/fdi/policy/20thirdparty/10-gps-devices.fdi -%{_datadir}/selinux/targeted/gps_device.pp -%{_datadir}/selinux/targeted/gpsd_devices.pp -%attr(0644,root,gps) %{_datadir}/gpsd/dummy-device - - -%changelog - diff --git a/gpsd_devices.fc b/gpsd_devices.fc deleted file mode 100644 index e5071f1..0000000 --- a/gpsd_devices.fc +++ /dev/null @@ -1,6 +0,0 @@ -/etc/rc\.d/init\.d/gpsd -- gen_context(system_u:object_r:gpsd_initrc_exec_t,s0) - -/usr/sbin/gpsd -- gen_context(system_u:object_r:gpsd_exec_t,s0) - -/var/run/gpsd\.pid -- gen_context(system_u:object_r:gpsd_var_run_t,s0) -/var/run/gpsd\.sock -s gen_context(system_u:object_r:gpsd_var_run_t,s0) diff --git a/gpsd_devices.if b/gpsd_devices.if deleted file mode 100644 index a24defd..0000000 --- a/gpsd_devices.if +++ /dev/null @@ -1 +0,0 @@ -## <summary>gpsd monitor daemon (use gpsd.if stuff)</summary> diff --git a/gpsd_devices.te.in b/gpsd_devices.te.in deleted file mode 100644 index 900b2be..0000000 --- a/gpsd_devices.te.in +++ /dev/null @@ -1,70 +0,0 @@ -policy_module(gpsd_devices,@VERSION@) - -######################################## -# -# Declarations -# - -type gpsd_t; -type gpsd_exec_t; -application_domain(gpsd_t, gpsd_exec_t) -init_daemon_domain(gpsd_t, gpsd_exec_t) - -type gpsd_initrc_exec_t; -init_script_file(gpsd_initrc_exec_t) - -type gpsd_tmpfs_t; -files_tmpfs_file(gpsd_tmpfs_t) - -type gpsd_var_run_t; -files_pid_file(gpsd_var_run_t) - -######################################## -# -# gpsd local policy -# - -allow gpsd_t self:capability { setuid sys_nice setgid fowner }; -allow gpsd_t self:process setsched; -allow gpsd_t self:shm create_shm_perms; -allow gpsd_t self:unix_dgram_socket { create_socket_perms sendto }; -allow gpsd_t self:tcp_socket create_stream_socket_perms; - -manage_dirs_pattern(gpsd_t, gpsd_tmpfs_t, gpsd_tmpfs_t) -manage_files_pattern(gpsd_t, gpsd_tmpfs_t, gpsd_tmpfs_t) -fs_tmpfs_filetrans(gpsd_t, gpsd_tmpfs_t, { dir file }) - -manage_files_pattern(gpsd_t, gpsd_var_run_t, gpsd_var_run_t) -manage_sock_files_pattern(gpsd_t, gpsd_var_run_t, gpsd_var_run_t) -files_pid_filetrans(gpsd_t, gpsd_var_run_t, { file sock_file }) - -corenet_all_recvfrom_unlabeled(gpsd_t) -corenet_all_recvfrom_netlabel(gpsd_t) -corenet_tcp_sendrecv_generic_if(gpsd_t) -corenet_tcp_sendrecv_generic_node(gpsd_t) -corenet_tcp_sendrecv_all_ports(gpsd_t) -corenet_tcp_bind_all_nodes(gpsd_t) -corenet_tcp_bind_gpsd_port(gpsd_t) - -term_use_unallocated_ttys(gpsd_t) -term_setattr_unallocated_ttys(gpsd_t) - -auth_use_nsswitch(gpsd_t) - -logging_send_syslog_msg(gpsd_t) - -miscfiles_read_localization(gpsd_t) - -optional_policy(` - ntpd_rw_shm(gpsd_t) - ntpd_rw_tmpfs_files(gpsd_t) -') - -optional_policy(` - dbus_system_bus_client(gpsd_t) -') - -gps_device_getattr_gps_dev(gpsd_t) -gps_device_setattr_gps_dev(gpsd_t) -gps_device_read_gps_dev(gpsd_t) -gps_device_rw_gps_dev(gpsd_t) |