From 246a6042738a1fb44948301fbf779d5acdeb9240 Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Tue, 27 Sep 2005 22:29:45 +0000
Subject: [PATCH] add in a few parts of ftp

---
 refpolicy/policy/modules/services/cron.te    |  4 ++++
 refpolicy/policy/modules/services/tcpd.if    | 21 ++++++++++++++++++++
 refpolicy/policy/modules/system/init.te      |  4 ++++
 refpolicy/policy/modules/system/miscfiles.fc |  6 ++++++
 4 files changed, 35 insertions(+)

diff --git a/refpolicy/policy/modules/services/cron.te b/refpolicy/policy/modules/services/cron.te
index da3836927..8596714d3 100644
--- a/refpolicy/policy/modules/services/cron.te
+++ b/refpolicy/policy/modules/services/cron.te
@@ -326,6 +326,10 @@ tunable_policy(`cron_can_relabel',`
 	seutil_read_file_contexts(system_crond_t)
 ')
 
+optional_policy(`ftp.te',`
+	ftp_read_log(system_crond_t)
+')
+
 optional_policy(`mysql.te',`
 	mysql_read_config(system_crond_t)
 ')
diff --git a/refpolicy/policy/modules/services/tcpd.if b/refpolicy/policy/modules/services/tcpd.if
index 1e5176f7d..d43e52928 100644
--- a/refpolicy/policy/modules/services/tcpd.if
+++ b/refpolicy/policy/modules/services/tcpd.if
@@ -1 +1,22 @@
 ## <summary>Policy for TCP daemon.</summary>
+
+########################################
+## <summary>
+##	Execute tcpd in the tcpd domain.
+## </summary>
+## <param name="domain">
+##	The type of the process performing this action.
+## </param>
+#
+interface(`tcpd_domtrans',`
+	gen_require(`
+		type tcpd_t, tcpd_exec_t;
+	')
+
+	domain_auto_trans($1,tcpd_exec_t,tcpd_t)
+
+	allow $1 tcpd_t:fd use;
+	allow tcpd_t $1:fd use;
+	allow tcpd_t $1:fifo_file rw_file_perms;
+	allow tcpd_t $1:process sigchld;
+')
diff --git a/refpolicy/policy/modules/system/init.te b/refpolicy/policy/modules/system/init.te
index 4d8680548..d2477ff3d 100644
--- a/refpolicy/policy/modules/system/init.te
+++ b/refpolicy/policy/modules/system/init.te
@@ -429,6 +429,10 @@ optional_policy(`cpucontrol.te',`
 	dev_getattr_cpu(initrc_t)
 ')
 
+optional_policy(`ftp.te',`
+	ftp_read_config(initrc_t)
+')
+
 optional_policy(`gpm.te',`
 	gpm_setattr_gpmctl(initrc_t)
 ')
diff --git a/refpolicy/policy/modules/system/miscfiles.fc b/refpolicy/policy/modules/system/miscfiles.fc
index 770a32de9..53e11f133 100644
--- a/refpolicy/policy/modules/system/miscfiles.fc
+++ b/refpolicy/policy/modules/system/miscfiles.fc
@@ -9,6 +9,10 @@
 #
 /opt/(.*)?/man(/.*)?		context_template(system_u:object_r:man_t,s0)
 
+#
+# /srv
+#
+/srv/([^/]*/)?ftp(/.*)?		context_template(system_u:object_r:ftpd_anon_t,s0)
 /srv/([^/]*/)?rsync(/.*)?	context_template(system_u:object_r:ftpd_anon_t,s0)
 
 #
@@ -40,6 +44,8 @@
 #
 # /var
 #
+/var/ftp(/.*)?			context_template(system_u:object_r:ftpd_anon_t,s0)
+
 ifdef(`distro_debian', `
 /var/lib/msttcorefonts(/.*)?	context_template(system_u:object_r:fonts_t,s0)
 ')