From 82b5d290cce950db66c1a3d7851120f1937fbccc Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Fri, 15 Jan 2010 15:46:07 -0500
Subject: [PATCH] PPP patch from Dan Walsh.

---
 policy/modules/services/ppp.if |  3 ++-
 policy/modules/services/ppp.te | 16 ++++++++++++----
 2 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/policy/modules/services/ppp.if b/policy/modules/services/ppp.if
index 275287d59..821f3bc2a 100644
--- a/policy/modules/services/ppp.if
+++ b/policy/modules/services/ppp.if
@@ -176,11 +176,12 @@ interface(`ppp_run_cond',`
 #
 interface(`ppp_run',`
 	gen_require(`
-		type pppd_t;
+		type pppd_t, pptp_t;
 	')
 
 	ppp_domtrans($1)
 	role $2 types pppd_t;
+	role $2 types pptp_t;
 ')
 
 ########################################
diff --git a/policy/modules/services/ppp.te b/policy/modules/services/ppp.te
index 919dd6163..8fa30e6b1 100644
--- a/policy/modules/services/ppp.te
+++ b/policy/modules/services/ppp.te
@@ -1,5 +1,5 @@
 
-policy_module(ppp, 1.11.0)
+policy_module(ppp, 1.11.1)
 
 ########################################
 #
@@ -38,7 +38,7 @@ type pppd_etc_rw_t;
 files_type(pppd_etc_rw_t)
 
 type pppd_initrc_exec_t alias pppd_script_exec_t;
-files_type(pppd_initrc_exec_t)
+init_script_file(pppd_initrc_exec_t)
 
 # pppd_secret_t is the type of the pap and chap password files
 type pppd_secret_t;
@@ -120,7 +120,7 @@ kernel_read_kernel_sysctls(pppd_t)
 kernel_read_system_state(pppd_t)
 kernel_rw_net_sysctls(pppd_t)
 kernel_read_network_state(pppd_t)
-kernel_load_module(pppd_t)
+kernel_request_load_module(pppd_t)
 
 dev_read_urand(pppd_t)
 dev_search_sysfs(pppd_t)
@@ -216,7 +216,7 @@ optional_policy(`
 # PPTP Local policy
 #
 
-allow pptp_t self:capability { net_raw net_admin };
+allow pptp_t self:capability { dac_override dac_read_search net_raw net_admin };
 dontaudit pptp_t self:capability sys_tty_config;
 allow pptp_t self:process signal;
 allow pptp_t self:fifo_file rw_fifo_file_perms;
@@ -294,6 +294,14 @@ optional_policy(`
 	consoletype_exec(pppd_t)
 ')
 
+optional_policy(`
+	dbus_system_domain(pppd_t, pppd_exec_t)
+
+	optional_policy(`
+		networkmanager_dbus_chat(pppd_t)
+	')
+')
+
 optional_policy(`
 	hostname_exec(pptp_t)
 ')