diff options
author | Hans Ulrich Niedermann <hun@n-dimensional.de> | 2009-07-11 16:03:44 +0200 |
---|---|---|
committer | Hans Ulrich Niedermann <hun@n-dimensional.de> | 2009-07-11 16:03:44 +0200 |
commit | fd14cee0e66e0b2b6cc1189d7ec7726a454f4d9d (patch) | |
tree | 81945bc4c398d68d0eadcd09f5abefb52ccb9dc6 | |
download | gps-devices-package-fd14cee0e66e0b2b6cc1189d7ec7726a454f4d9d.tar.gz gps-devices-package-fd14cee0e66e0b2b6cc1189d7ec7726a454f4d9d.tar.xz gps-devices-package-fd14cee0e66e0b2b6cc1189d7ec7726a454f4d9d.zip |
Initial commit
-rw-r--r-- | .gitmodules | 3 | ||||
l--------- | GNUmakefile | 1 | ||||
-rw-r--r-- | README | 15 | ||||
m--------- | git-rpm | 0 | ||||
-rw-r--r-- | gpsd-devices.fc | 6 | ||||
-rw-r--r-- | gpsd-devices.if | 54 | ||||
-rw-r--r-- | gpsd-devices.spec | 65 | ||||
-rw-r--r-- | gpsd-devices.te | 28 |
8 files changed, 172 insertions, 0 deletions
diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..0ccfef1 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "git-rpm"] + path = git-rpm + url = git://fedorapeople.org/~ndim/git-rpm.git diff --git a/GNUmakefile b/GNUmakefile new file mode 120000 index 0000000..9acf7e6 --- /dev/null +++ b/GNUmakefile @@ -0,0 +1 @@ +git-rpm/GNUmakefile
\ No newline at end of file @@ -0,0 +1,15 @@ +Give access to GPS devices more or less automatically. + +Basic idea: + + 1. Run gpsd as a system service as "nobody.gps" and gpsd_t. + 2. Communicate with this gpsd + a) via /var/run/gpsd.sock for adding/removing devices + b) via TCP port 2947 for getting position fixes + 3. Add database of GPS devices to HAL + 4. Add policy and scripts to HAL + 5. Give each GPS device file a "chcon gps_device_t", + and group read/write permissions for group "gps" + via scripts called by HAL. + + diff --git a/git-rpm b/git-rpm new file mode 160000 +Subproject a70c3714c371745087f65732bb9130dc36e6076 diff --git a/gpsd-devices.fc b/gpsd-devices.fc new file mode 100644 index 0000000..9cf7c4c --- /dev/null +++ b/gpsd-devices.fc @@ -0,0 +1,6 @@ +# myapp executable will have: +# label: system_u:object_r:myapp_exec_t +# MLS sensitivity: s0 +# MCS categories: <none> + +/usr/sbin/myapp -- gen_context(system_u:object_r:myapp_exec_t,s0) diff --git a/gpsd-devices.if b/gpsd-devices.if new file mode 100644 index 0000000..54d42ae --- /dev/null +++ b/gpsd-devices.if @@ -0,0 +1,54 @@ +## <summary>Myapp example policy</summary> +## <desc> +## <p> +## More descriptive text about myapp. The desc +## tag can also use p, ul, and ol +## html tags for formatting. +## </p> +## <p> +## This policy supports the following myapp features: +## <ul> +## <li>Feature A</li> +## <li>Feature B</li> +## <li>Feature C</li> +## </ul> +## </p> +## </desc> +# + +######################################## +## <summary> +## Execute a domain transition to run myapp. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed to transition. +## </summary> +## </param> +# +interface(`myapp_domtrans',` + gen_require(` + type myapp_t, myapp_exec_t; + ') + + domtrans_pattern($1,myapp_exec_t,myapp_t) +') + +######################################## +## <summary> +## Read myapp log files. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed to read the log files. +## </summary> +## </param> +# +interface(`myapp_read_log',` + gen_require(` + type myapp_log_t; + ') + + logging_search_logs($1) + allow $1 myapp_log_t:file read_file_perms; +') diff --git a/gpsd-devices.spec b/gpsd-devices.spec new file mode 100644 index 0000000..29bd980 --- /dev/null +++ b/gpsd-devices.spec @@ -0,0 +1,65 @@ +Name: gps-devices +Version: 0.0.0 +Release: 1%{?dist} +Summary: GPS Devices for navigation + +Group: What/Ever +License: Something +URL: http://none/ +Source0: gps-devices-information.fdi +Source1: gps-devices-policy.fdi +#Source2: +BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) + +BuildRequires: selinux-policy +Requires: hal +Requires: gpsd >= 2.39-3.0.1 +Requires(pre): shadow-utils + + +%description +Automatic setup and use of GPS devices (Global Positioning System) +for navigational purposes. + +Set up gpsd such that it is run as a system service. USB devices will +be added to and removed from gpsd automatically. + + +%prep + + +%build +make -f /usr/share/selinux/devel/Makefile + + +%install +rm -rf "$RPM_BUILD_ROOT" +make install DESTDIR="$RPM_BUILD_ROOT" + + +%pre +getent group gps >/dev/null || groupadd -r gps +exit 0 + + +%post +mkfifo "%{_datadir}/gpsd/dummy-device" +chown root.gps "%{_datadir}/gpsd/dummy-device" +chmod 0644 "%{_datadir}/gpsd/dummy-device" + + +%preun +rm -f "%{_datadir}/gpsd/dummy-device" + + +%clean +rm -rf "%{buildroot}" + + +%files +%defattr(-,root,root,-) +%doc README + + +%changelog + diff --git a/gpsd-devices.te b/gpsd-devices.te new file mode 100644 index 0000000..8238355 --- /dev/null +++ b/gpsd-devices.te @@ -0,0 +1,28 @@ + +policy_module(myapp,1.0.0) + +######################################## +# +# Declarations +# + +type myapp_t; +type myapp_exec_t; +domain_type(myapp_t) +domain_entry_file(myapp_t, myapp_exec_t) + +type myapp_log_t; +logging_log_file(myapp_log_t) + +type myapp_tmp_t; +files_tmp_file(myapp_tmp_t) + +######################################## +# +# Myapp local policy +# + +allow myapp_t myapp_log_t:file { read_file_perms append_file_perms }; + +allow myapp_t myapp_tmp_t:file manage_file_perms; +files_tmp_filetrans(myapp_t,myapp_tmp_t,file) |