From fd14cee0e66e0b2b6cc1189d7ec7726a454f4d9d Mon Sep 17 00:00:00 2001
From: Hans Ulrich Niedermann <hun@n-dimensional.de>
Date: Sat, 11 Jul 2009 16:03:44 +0200
Subject: Initial commit

---
 .gitmodules       |  3 +++
 GNUmakefile       |  1 +
 README            | 15 +++++++++++++
 git-rpm           |  1 +
 gpsd-devices.fc   |  6 +++++
 gpsd-devices.if   | 54 +++++++++++++++++++++++++++++++++++++++++++++
 gpsd-devices.spec | 65 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 gpsd-devices.te   | 28 ++++++++++++++++++++++++
 8 files changed, 173 insertions(+)
 create mode 100644 .gitmodules
 create mode 120000 GNUmakefile
 create mode 100644 README
 create mode 160000 git-rpm
 create mode 100644 gpsd-devices.fc
 create mode 100644 gpsd-devices.if
 create mode 100644 gpsd-devices.spec
 create mode 100644 gpsd-devices.te

diff --git a/.gitmodules b/.gitmodules
new file mode 100644
index 0000000..0ccfef1
--- /dev/null
+++ b/.gitmodules
@@ -0,0 +1,3 @@
+[submodule "git-rpm"]
+	path = git-rpm
+	url = git://fedorapeople.org/~ndim/git-rpm.git
diff --git a/GNUmakefile b/GNUmakefile
new file mode 120000
index 0000000..9acf7e6
--- /dev/null
+++ b/GNUmakefile
@@ -0,0 +1 @@
+git-rpm/GNUmakefile
\ No newline at end of file
diff --git a/README b/README
new file mode 100644
index 0000000..17bc4ea
--- /dev/null
+++ b/README
@@ -0,0 +1,15 @@
+Give access to GPS devices more or less automatically.
+
+Basic idea:
+
+  1. Run gpsd as a system service as "nobody.gps" and gpsd_t.
+  2. Communicate with this gpsd
+      a) via /var/run/gpsd.sock for adding/removing devices
+      b) via TCP port 2947 for getting position fixes
+  3. Add database of GPS devices to HAL
+  4. Add policy and scripts to HAL
+  5. Give each GPS device file a "chcon gps_device_t",
+     and group read/write permissions for group "gps"
+     via scripts called by HAL.
+
+
diff --git a/git-rpm b/git-rpm
new file mode 160000
index 0000000..a70c371
--- /dev/null
+++ b/git-rpm
@@ -0,0 +1 @@
+Subproject commit a70c3714c371745087f65732bb9130dc36e60765
diff --git a/gpsd-devices.fc b/gpsd-devices.fc
new file mode 100644
index 0000000..9cf7c4c
--- /dev/null
+++ b/gpsd-devices.fc
@@ -0,0 +1,6 @@
+# myapp executable will have:
+# label: system_u:object_r:myapp_exec_t
+# MLS sensitivity: s0
+# MCS categories: <none>
+
+/usr/sbin/myapp		--	gen_context(system_u:object_r:myapp_exec_t,s0)
diff --git a/gpsd-devices.if b/gpsd-devices.if
new file mode 100644
index 0000000..54d42ae
--- /dev/null
+++ b/gpsd-devices.if
@@ -0,0 +1,54 @@
+## <summary>Myapp example policy</summary>
+## <desc>
+##	<p>
+##		More descriptive text about myapp.  The desc
+##		tag can also use p, ul, and ol
+##		html tags for formatting.
+##	</p>
+##	<p>
+##		This policy supports the following myapp features:
+##		<ul>
+##		<li>Feature A</li>
+##		<li>Feature B</li>
+##		<li>Feature C</li>
+##		</ul>
+##	</p>
+## </desc>
+#
+
+########################################
+## <summary>
+##	Execute a domain transition to run myapp.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+interface(`myapp_domtrans',`
+	gen_require(`
+		type myapp_t, myapp_exec_t;
+	')
+
+	domtrans_pattern($1,myapp_exec_t,myapp_t)
+')
+
+########################################
+## <summary>
+##	Read myapp log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to read the log files.
+##	</summary>
+## </param>
+#
+interface(`myapp_read_log',`
+	gen_require(`
+		type myapp_log_t;
+	')
+
+	logging_search_logs($1)
+	allow $1 myapp_log_t:file read_file_perms;
+')
diff --git a/gpsd-devices.spec b/gpsd-devices.spec
new file mode 100644
index 0000000..29bd980
--- /dev/null
+++ b/gpsd-devices.spec
@@ -0,0 +1,65 @@
+Name:		gps-devices
+Version:	0.0.0
+Release:	1%{?dist}
+Summary:	GPS Devices for navigation
+
+Group:		What/Ever
+License:	Something
+URL:		http://none/
+Source0:	gps-devices-information.fdi
+Source1:	gps-devices-policy.fdi
+#Source2:	
+BuildRoot:	%(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
+
+BuildRequires:	selinux-policy
+Requires:	hal
+Requires:	gpsd >= 2.39-3.0.1
+Requires(pre):	shadow-utils
+
+
+%description
+Automatic setup and use of GPS devices (Global Positioning System)
+for navigational purposes.
+
+Set up gpsd such that it is run as a system service. USB devices will
+be added to and removed from gpsd automatically.
+
+
+%prep
+
+
+%build
+make -f /usr/share/selinux/devel/Makefile
+
+
+%install
+rm -rf "$RPM_BUILD_ROOT"
+make install DESTDIR="$RPM_BUILD_ROOT"
+
+
+%pre
+getent group gps >/dev/null || groupadd -r gps
+exit 0
+
+
+%post
+mkfifo "%{_datadir}/gpsd/dummy-device"
+chown root.gps "%{_datadir}/gpsd/dummy-device"
+chmod 0644 "%{_datadir}/gpsd/dummy-device"
+
+
+%preun
+rm -f "%{_datadir}/gpsd/dummy-device"
+
+
+%clean
+rm -rf "%{buildroot}"
+
+
+%files
+%defattr(-,root,root,-)
+%doc README
+
+
+%changelog
+
diff --git a/gpsd-devices.te b/gpsd-devices.te
new file mode 100644
index 0000000..8238355
--- /dev/null
+++ b/gpsd-devices.te
@@ -0,0 +1,28 @@
+
+policy_module(myapp,1.0.0)
+
+########################################
+#
+# Declarations
+#
+
+type myapp_t;
+type myapp_exec_t;
+domain_type(myapp_t)
+domain_entry_file(myapp_t, myapp_exec_t)
+
+type myapp_log_t;
+logging_log_file(myapp_log_t)
+
+type myapp_tmp_t;
+files_tmp_file(myapp_tmp_t)
+
+########################################
+#
+# Myapp local policy
+#
+
+allow myapp_t myapp_log_t:file { read_file_perms append_file_perms };
+
+allow myapp_t myapp_tmp_t:file manage_file_perms;
+files_tmp_filetrans(myapp_t,myapp_tmp_t,file)
-- 
cgit