From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-819896-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id 8B64C138D18
	for <garchives@archives.gentoo.org>; Mon, 13 Jul 2015 21:45:59 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 09B29E0924;
	Mon, 13 Jul 2015 21:45:56 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 275DBE0924
	for <gentoo-commits@lists.gentoo.org>; Mon, 13 Jul 2015 21:45:55 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 5090D340A22
	for <gentoo-commits@lists.gentoo.org>; Mon, 13 Jul 2015 21:45:54 +0000 (UTC)
Received: from localhost.localdomain (localhost [127.0.0.1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id D837399F
	for <gentoo-commits@lists.gentoo.org>; Mon, 13 Jul 2015 21:45:51 +0000 (UTC)
From: "Jason Zaman" <perfinion@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Jason Zaman" <perfinion@gentoo.org>
Message-ID: <1436823814.c4b26faf064b20ca42e230b0192fcf08430a5fe5.perfinion@gentoo>
Subject: [gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/contrib/
X-VCS-Repository: proj/hardened-refpolicy
X-VCS-Files: policy/modules/contrib/subsonic.fc policy/modules/contrib/subsonic.if policy/modules/contrib/subsonic.te
X-VCS-Directories: policy/modules/contrib/
X-VCS-Committer: perfinion
X-VCS-Committer-Name: Jason Zaman
X-VCS-Revision: c4b26faf064b20ca42e230b0192fcf08430a5fe5
X-VCS-Branch: next
Date: Mon, 13 Jul 2015 21:45:51 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Archives-Salt: f05e5442-5e7e-41c7-8ae5-573bb1fe8473
X-Archives-Hash: 0b37d1113f220ecc85196d02c5900136
Message-ID: <20150713214551.ym4pbtWhLX22rEXkE9T4sRnRkMnZ26gnAuuD5ihHa24@z>

commit:     c4b26faf064b20ca42e230b0192fcf08430a5fe5
Author:     Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Sat Jul 11 14:56:08 2015 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Mon Jul 13 21:43:34 2015 +0000
URL:        https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=c4b26faf

Introduce policy for subsonic music server

 policy/modules/contrib/subsonic.fc |  6 +++++
 policy/modules/contrib/subsonic.if |  1 +
 policy/modules/contrib/subsonic.te | 48 ++++++++++++++++++++++++++++++++++++++
 3 files changed, 55 insertions(+)

diff --git a/policy/modules/contrib/subsonic.fc b/policy/modules/contrib/subsonic.fc
new file mode 100644
index 0000000..b1d2550
--- /dev/null
+++ b/policy/modules/contrib/subsonic.fc
@@ -0,0 +1,6 @@
+
+/usr/bin/subsonic			--	gen_context(system_u:object_r:subsonic_exec_t,s0)
+
+/var/lib/subsonic(/.*)?				gen_context(system_u:object_r:subsonic_var_lib_t,s0)
+
+/var/run/subsonic(/.*)?				gen_context(system_u:object_r:subsonic_run_t,s0)

diff --git a/policy/modules/contrib/subsonic.if b/policy/modules/contrib/subsonic.if
new file mode 100644
index 0000000..97e7342
--- /dev/null
+++ b/policy/modules/contrib/subsonic.if
@@ -0,0 +1 @@
+## <summary>Subsonic Music Streaming Server</summary>

diff --git a/policy/modules/contrib/subsonic.te b/policy/modules/contrib/subsonic.te
new file mode 100644
index 0000000..cb0c5ac
--- /dev/null
+++ b/policy/modules/contrib/subsonic.te
@@ -0,0 +1,48 @@
+policy_module(subsonic, 0.1.0)
+
+########################################
+#
+# Declarations
+#
+
+type subsonic_t;
+type subsonic_exec_t;
+init_daemon_domain(subsonic_t, subsonic_exec_t)
+
+type subsonic_var_lib_t;
+files_type(subsonic_var_lib_t)
+
+type subsonic_run_t;
+files_pid_file(subsonic_run_t)
+
+##############################
+#
+# Subsonic local policy
+#
+
+allow subsonic_t self:tcp_socket listen;
+
+java_domain_type(subsonic_t)
+
+kernel_dontaudit_list_all_proc(subsonic_t)
+
+manage_dirs_pattern(subsonic_t, subsonic_run_t, subsonic_run_t)
+manage_files_pattern(subsonic_t, subsonic_run_t, subsonic_run_t)
+files_pid_filetrans(subsonic_t, subsonic_run_t, dir)
+
+manage_dirs_pattern(subsonic_t, subsonic_var_lib_t, subsonic_var_lib_t)
+manage_files_pattern(subsonic_t, subsonic_var_lib_t, subsonic_var_lib_t)
+files_var_lib_filetrans(subsonic_t, subsonic_var_lib_t, dir)
+
+corecmd_exec_bin(subsonic_t)
+corecmd_exec_shell(subsonic_t)
+
+corenet_tcp_bind_all_unreserved_ports(subsonic_t)
+corenet_tcp_bind_generic_node(subsonic_t)
+corenet_tcp_connect_http_port(subsonic_t)
+
+domain_use_interactive_fds(subsonic_t)
+
+optional_policy(`
+	miscfiles_read_public_files(subsonic_t)
+')