New approach: Permissions for user process

10 files changed, 82 insertions, 272 deletions

diff --git a/README b/README
index 17bc4ea..94a24cb 100644
--- a/README
+++ b/README
@@ -2,6 +2,14 @@ Give access to GPS devices more or less automatically.
 
 Basic idea:
 
+  1. Add HAL database of GPS devices
+  2. Set up permissions so that user's processes can access those devices.
+     (unconfined_t user :-)
+  3. ???
+  4. Profit!
+
+Basic idea (discarded due to garmin-gps.ko bitrot):
+
   1. Run gpsd as a system service as "nobody.gps" and gpsd_t.
   2. Communicate with this gpsd
       a) via /var/run/gpsd.sock for adding/removing devices
diff --git a/gpsd-devices-policy.fdi b/gps-devices-policy.fdi
index f84b0b4..f84b0b4 100644
--- a/gpsd-devices-policy.fdi
+++ b/gps-devices-policy.fdi
diff --git a/gps-devices.spec b/gps-devices.spec
new file mode 100644
index 0000000..66b3881
--- /dev/null
+++ b/gps-devices.spec
@@ -0,0 +1,74 @@
+Name:		gps-devices
+Version:	0.1.0
+Release:	0%{?dist}
+Summary:	GPS Devices for navigation
+
+Group:		System Environment/Daemons
+License:	GPLv2+
+URL:		http://none/
+Source0:	gps-devices-information.fdi
+Source1:	gps-devices-policy.fdi
+Source30:	README
+BuildRoot:	%(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
+
+BuildArch:	noarch
+
+Requires:	hal
+Requires(pre):	shadow-utils
+
+
+%description
+Automatic setup and use of GPS devices (Global Positioning System)
+for navigational purposes.
+
+
+%prep
+%setup -c -T
+cp %{SOURCE30} .
+
+
+%build
+
+
+%install
+rm -rf "%{buildroot}"
+
+install -d -m 0755 "%{buildroot}/usr/share/hal/fdi/information/20thirdparty"
+install    -m 0644 %{SOURCE0} "%{buildroot}/usr/share/hal/fdi/information/20thirdparty/10-gps-devices.fdi"
+
+install -d -m 0755 "%{buildroot}/usr/share/hal/fdi/policy/20thirdparty"
+install    -m 0644 %{SOURCE1} "%{buildroot}/usr/share/hal/fdi/policy/20thirdparty/10-gps-devices.fdi"
+
+
+%pre
+getent group gps >/dev/null || groupadd -r gps
+exit 0
+
+
+%post
+service haldaemon restart
+exit 0
+
+
+%preun
+exit 0
+
+
+%postun
+service haldaemon restart
+exit 0
+
+
+%clean
+rm -rf "%{buildroot}"
+
+
+%files
+%defattr(-,root,root,-)
+%doc README
+%{_datadir}/hal/fdi/information/20thirdparty/10-gps-devices.fdi
+%{_datadir}/hal/fdi/policy/20thirdparty/10-gps-devices.fdi
+
+
+%changelog
+
diff --git a/gps_device.fc b/gps_device.fc
deleted file mode 100644
index cfe57b6..0000000
--- a/gps_device.fc
+++ /dev/null
@@ -1 +0,0 @@
-/usr/share/gpsd/dummy-device              -s      gen_context(system_u:object_r:gps_device_t,s0)
diff --git a/gps_device.if b/gps_device.if
deleted file mode 100644
index 71e904a..0000000
--- a/gps_device.if
+++ /dev/null
@@ -1,85 +0,0 @@
-## <summary>GPS device file type</summary>
-## <desc>
-##	<p>
-##		This module just defines gps_device_t,
-##              by copying the definition of usb_device_t
-#               from the reference policy.
-##	</p>
-## </desc>
-#
-
-
-########################################
-## <summary>
-##	Getattr generic the GPS devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`gps_device_getattr_gps_dev',`
-	gen_require(`
-		type gps_device_t;
-	')
-
-	getattr_chr_files_pattern($1, device_t, gps_device_t)
-')
-
-########################################
-## <summary>
-##	Setattr generic the GPS devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`gps_device_setattr_gps_dev',`
-	gen_require(`
-		type gps_device_t;
-	')
-
-	setattr_chr_files_pattern($1, device_t, gps_device_t)
-')
-
-########################################
-## <summary>
-##	Read generic the GPS devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`gps_device_read_gps_dev',`
-	gen_require(`
-		type gps_device_t;
-	')
-
-	read_chr_files_pattern($1, device_t, gps_device_t)
-')
-
-########################################
-## <summary>
-##	Read and write generic the GPS devices.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`gps_device_rw_gps_dev',`
-	gen_require(`
-		type device_t;
-		type gps_device_t;
-	')
-
-	rw_chr_files_pattern($1, device_t, gps_device_t)
-')
-
-
diff --git a/gps_device.te.in b/gps_device.te.in
deleted file mode 100644
index 1a9483d..0000000
--- a/gps_device.te.in
+++ /dev/null
@@ -1,10 +0,0 @@
-policy_module(gps_device,@VERSION@)
-
-########################################
-#
-# Declarations
-#
-type gps_device_t;
-dev_node(gps_device_t)
-
-
diff --git a/gpsd-devices.spec b/gpsd-devices.spec
deleted file mode 100644
index 8c8bfb7..0000000
--- a/gpsd-devices.spec
+++ /dev/null
@@ -1,99 +0,0 @@
-Name:		gpsd-devices
-Version:	0.0.14
-Release:	0%{?dist}
-Summary:	GPS Devices for navigation
-
-Group:		System Environment/Daemons
-License:	GPLv2+
-URL:		http://none/
-Source0:	gps-devices-information.fdi
-Source1:	gpsd-devices-policy.fdi
-Source11:	gps_device.fc
-Source12:	gps_device.if
-Source13:	gps_device.te.in
-Source21:	gpsd_devices.fc
-Source22:	gpsd_devices.if
-Source23:	gpsd_devices.te.in
-Source30:	README
-BuildRoot:	%(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
-
-BuildArch:	noarch
-
-BuildRequires:	selinux-policy
-Requires:	hal
-Requires:	gpsd >= 2.39-3.0.1
-Requires(pre):	shadow-utils
-
-
-%description
-Automatic setup and use of GPS devices (Global Positioning System)
-for navigational purposes.
-
-Set up gpsd such that it is run as a system service. USB devices will
-be added to and removed from gpsd automatically.
-
-
-%prep
-%setup -c -T
-cp %{SOURCE11} %{SOURCE12} .
-sed 's|[@]VERSION@|%{version}|' %{SOURCE13} > gps_device.te
-cp %{SOURCE21} %{SOURCE22} .
-sed 's|[@]VERSION@|%{version}|' %{SOURCE23} > gpsd_devices.te
-cp %{SOURCE30} .
-
-
-%build
-make -f /usr/share/selinux/devel/Makefile
-
-
-%install
-rm -rf "%{buildroot}"
-
-install -d -m 0755 "%{buildroot}/usr/share/hal/fdi/information/20thirdparty"
-install    -m 0644 %{SOURCE0} "%{buildroot}/usr/share/hal/fdi/information/20thirdparty/10-gps-devices.fdi"
-
-install -d -m 0755 "%{buildroot}/usr/share/hal/fdi/policy/20thirdparty"
-install    -m 0644 %{SOURCE1} "%{buildroot}/usr/share/hal/fdi/policy/20thirdparty/10-gps-devices.fdi"
-
-# FIXME: HACK!
-install -d -m 0755 "%{buildroot}/usr/share/selinux/targeted"
-install    -m 0644 gps_device.pp gpsd_devices.pp "%{buildroot}/usr/share/selinux/targeted/"
-
-install -d -m 0755 "%{buildroot}%{_datadir}/gpsd"
-mkfifo "%{buildroot}%{_datadir}/gpsd/dummy-device"
-chmod 0644 "%{buildroot}%{_datadir}/gpsd/dummy-device"
-
-
-%pre
-getent group gps >/dev/null || groupadd -r gps
-exit 0
-
-
-%post
-semodule -u "%{_datadir}/selinux/targeted/gps_device.pp" "%{_datadir}/selinux/targeted/gpsd_devices.pp" || semodule -i "%{_datadir}/selinux/targeted/gps_device.pp" "%{_datadir}/selinux/targeted/gpsd_devices.pp"
-restorecon -v %{_datadir}/gpsd/dummy-device
-service haldaemon restart
-exit 0
-
-
-%preun
-semodule -r gpsd-devices gps-device
-exit 0
-
-
-%clean
-rm -rf "%{buildroot}"
-
-
-%files
-%defattr(-,root,root,-)
-%doc README
-%{_datadir}/hal/fdi/information/20thirdparty/10-gps-devices.fdi
-%{_datadir}/hal/fdi/policy/20thirdparty/10-gps-devices.fdi
-%{_datadir}/selinux/targeted/gps_device.pp
-%{_datadir}/selinux/targeted/gpsd_devices.pp
-%attr(0644,root,gps) %{_datadir}/gpsd/dummy-device
-
-
-%changelog
-
diff --git a/gpsd_devices.fc b/gpsd_devices.fc
deleted file mode 100644
index e5071f1..0000000
--- a/gpsd_devices.fc
+++ /dev/null
@@ -1,6 +0,0 @@
-/etc/rc\.d/init\.d/gpsd          --      gen_context(system_u:object_r:gpsd_initrc_exec_t,s0)
-
-/usr/sbin/gpsd                 --      gen_context(system_u:object_r:gpsd_exec_t,s0)
-
-/var/run/gpsd\.pid               --      gen_context(system_u:object_r:gpsd_var_run_t,s0)
-/var/run/gpsd\.sock              -s      gen_context(system_u:object_r:gpsd_var_run_t,s0)
diff --git a/gpsd_devices.if b/gpsd_devices.if
deleted file mode 100644
index a24defd..0000000
--- a/gpsd_devices.if
+++ /dev/null
@@ -1 +0,0 @@
-## <summary>gpsd monitor daemon (use gpsd.if stuff)</summary>
diff --git a/gpsd_devices.te.in b/gpsd_devices.te.in
deleted file mode 100644
index 900b2be..0000000
--- a/gpsd_devices.te.in
+++ /dev/null
@@ -1,70 +0,0 @@
-policy_module(gpsd_devices,@VERSION@)
-
-########################################
-#
-# Declarations
-#
-
-type gpsd_t;
-type gpsd_exec_t;
-application_domain(gpsd_t, gpsd_exec_t)
-init_daemon_domain(gpsd_t, gpsd_exec_t)
-
-type gpsd_initrc_exec_t;
-init_script_file(gpsd_initrc_exec_t)
-
-type gpsd_tmpfs_t;
-files_tmpfs_file(gpsd_tmpfs_t)
-
-type gpsd_var_run_t;
-files_pid_file(gpsd_var_run_t)
-
-########################################
-#
-# gpsd local policy
-#
-
-allow gpsd_t self:capability { setuid sys_nice setgid fowner };
-allow gpsd_t self:process setsched;
-allow gpsd_t self:shm create_shm_perms;
-allow gpsd_t self:unix_dgram_socket { create_socket_perms sendto };
-allow gpsd_t self:tcp_socket create_stream_socket_perms;
-
-manage_dirs_pattern(gpsd_t, gpsd_tmpfs_t, gpsd_tmpfs_t)
-manage_files_pattern(gpsd_t, gpsd_tmpfs_t, gpsd_tmpfs_t)
-fs_tmpfs_filetrans(gpsd_t, gpsd_tmpfs_t, { dir file })
-
-manage_files_pattern(gpsd_t, gpsd_var_run_t, gpsd_var_run_t)
-manage_sock_files_pattern(gpsd_t, gpsd_var_run_t, gpsd_var_run_t)
-files_pid_filetrans(gpsd_t, gpsd_var_run_t, { file sock_file })
-
-corenet_all_recvfrom_unlabeled(gpsd_t)
-corenet_all_recvfrom_netlabel(gpsd_t)
-corenet_tcp_sendrecv_generic_if(gpsd_t)
-corenet_tcp_sendrecv_generic_node(gpsd_t)
-corenet_tcp_sendrecv_all_ports(gpsd_t)
-corenet_tcp_bind_all_nodes(gpsd_t)
-corenet_tcp_bind_gpsd_port(gpsd_t)
-
-term_use_unallocated_ttys(gpsd_t)
-term_setattr_unallocated_ttys(gpsd_t)
-
-auth_use_nsswitch(gpsd_t)
-
-logging_send_syslog_msg(gpsd_t)
-
-miscfiles_read_localization(gpsd_t)
-
-optional_policy(`
-	ntpd_rw_shm(gpsd_t)
-	ntpd_rw_tmpfs_files(gpsd_t)
-')
-
-optional_policy(`
-        dbus_system_bus_client(gpsd_t)
-')
-
-gps_device_getattr_gps_dev(gpsd_t)
-gps_device_setattr_gps_dev(gpsd_t)
-gps_device_read_gps_dev(gpsd_t)
-gps_device_rw_gps_dev(gpsd_t)