trunk: add amtu from dan

Changelog

@@ -21,6 +21,7 @@
 - Fix clockspeed_run_cli() declaration, it was incorrectly defined as a
   template instead of an interface.
 - Added modules:
+	amtu (Dan Walsh)
 	apcupsd (Dan Walsh)
 	rwho (Nalin Dahyabhai)
 

policy/modules/admin/amtu.fc

@@ -0,0 +1 @@
+/usr/bin/amtu    --    gen_context(system_u:object_r:amtu_exec_t,s0)

policy/modules/admin/amtu.if

@@ -0,0 +1,51 @@
+## <summary>Abstract Machine Test Utility</summary>
+
+########################################
+## <summary>
+##	Execute amtu in the amtu domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`amtu_domtrans',`
+	gen_require(`
+		type amtu_t, amtu_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1,amtu_exec_t,amtu_t)
+')
+
+########################################
+## <summary>
+##	Execute amtu in the amtu domain, and
+##	allow the specified role the amtu domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	The role to be allowed the amtu domain.
+##	</summary>
+## </param>
+## <param name="terminal">
+##	<summary>
+##	The type of the terminal allow the amtu domain to use.
+##	</summary>
+## </param>
+#
+interface(`amtu_run',`
+	gen_require(`
+		type amtu_t;
+	')
+
+	amtu_domtrans($1)
+	role $2 types amtu_t;
+	allow amtu_t $3:chr_file rw_term_perms;
+')

policy/modules/admin/amtu.te

@@ -0,0 +1,35 @@
+policy_module(amtu,1.0.23)
+
+########################################
+#
+# Declarations
+#
+
+type amtu_t;
+type amtu_exec_t;
+domain_type(amtu_t)
+domain_entry_file(amtu_t, amtu_exec_t)
+
+########################################
+#
+# amtu local policy
+#
+
+kernel_read_system_state(amtu_t)
+
+files_manage_boot_files(amtu_t)
+files_read_etc_runtime_files(amtu_t)
+files_read_etc_files(amtu_t)
+
+libs_use_ld_so(amtu_t)
+libs_use_shared_libs(amtu_t)
+
+logging_send_audit_msgs(amtu_t)
+
+optional_policy(`
+	nscd_dontaudit_search_pid(amtu_t)
+')
+
+optional_policy(`
+	seutil_use_newrole_fds(amtu_t)
+')