uucp patch from Dan Walsh

"Executes ssh to setup connection"

policy/modules/services/uucp.if

@@ -1,5 +1,24 @@
 ## <summary>Unix to Unix Copy</summary>
 
+########################################
+## <summary>
+##	Execute the uucico program in the
+##	uucpd_t domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+interface(`uucp_domtrans',`
+	gen_require(`
+		type uucpd_t, uucpd_exec_t;
+	')
+
+	domtrans_pattern($1, uucpd_exec_t, uucpd_t)
+')
+
 ########################################
 ## <summary>
 ##	Allow the specified domain to append
@@ -63,7 +82,7 @@ interface(`uucp_domtrans_uux',`
 
 ########################################
 ## <summary>
-##	All of the rules required to administrate 
+##	All of the rules required to administrate
 ##	an uucp environment
 ## </summary>
 ## <param name="domain">
@@ -80,7 +99,7 @@ interface(`uucp_admin',`
 		type uucpd_var_run_t;
 	')
 
-	allow $1 uucpd_t:process { ptrace signal_perms getattr };
+	allow $1 uucpd_t:process { ptrace signal_perms };
 	ps_process_pattern($1, uucpd_t)
 
 	logging_list_logs($1)

policy/modules/services/uucp.te

@@ -7,7 +7,6 @@ policy_module(uucp, 1.11.0)
 type uucpd_t;
 type uucpd_exec_t;
 inetd_tcp_service_domain(uucpd_t, uucpd_exec_t)
-role system_r types uucpd_t;
 
 type uucpd_lock_t;
 files_lock_file(uucpd_lock_t)
@@ -83,6 +82,7 @@ corenet_tcp_sendrecv_generic_node(uucpd_t)
 corenet_udp_sendrecv_generic_node(uucpd_t)
 corenet_tcp_sendrecv_all_ports(uucpd_t)
 corenet_udp_sendrecv_all_ports(uucpd_t)
+corenet_tcp_connect_ssh_port(uucpd_t)
 
 dev_read_urand(uucpd_t)
 
@@ -113,13 +113,17 @@ optional_policy(`
 	kerberos_use(uucpd_t)
 ')
 
+optional_policy(`
+	ssh_exec(uucpd_t)
+')
+
 ########################################
 #
 # UUX Local policy
 #
 
 allow uux_t self:capability { setuid setgid };
-allow uux_t self:fifo_file write_file_perms;
+allow uux_t self:fifo_file write_fifo_file_perms;
 
 uucp_append_log(uux_t)
 uucp_manage_spool(uux_t)