4 files changed, 51 insertions, 0 deletions
diff --git a/selinux_pols/build_all.sh b/selinux_pols/build_all.sh
new file mode 100755
index 0000000..0ce8ba5
--- /dev/null
+++ b/selinux_pols/build_all.sh
@@ -0,0 +1,32 @@
+#!/bin/bash
+
+BDIR=$(dirname ${0})
+
+function run_cmd {
+	cmd="${1}"
+	echo "${cmd}"
+	$cmd
+	return $?
+}
+
+echo_cmd
+echo "$0: building all in $BDIR" >&2
+for file in ${BDIR}/*.te; do
+	echo "* building: $file"
+	fname=$(basename ${file} | sed -e 's/^\(.*\)\.\(.*\)$/\1/g')
+	run_cmd "checkmodule -m -M -o ${BDIR}/${fname}.mod ${BDIR}/${fname}.te"
+	if [ $? -ne 0 ]; then
+		echo "checkmodule: ERROR, next .." >&2
+		continue
+	fi
+	run_cmd "semodule_package -m ${BDIR}/${fname}.mod -o ${BDIR}/${fname}.pp"
+	if [ $? -ne 0 ]; then
+		echo "semodule_package: ERROR, next .." >&2
+		continue
+	fi
+	run_cmd "semodule -i ${BDIR}/${fname}.pp"
+	run_cmd "semodule -e ${fname}"
+done
+
+echo "done."
+exit 0
diff --git a/selinux_pols/hald.mod b/selinux_pols/hald.mod
new file mode 100644
index 0000000..d8fea69
--- /dev/null
+++ b/selinux_pols/hald.mod
diff --git a/selinux_pols/hald.pp b/selinux_pols/hald.pp
new file mode 100644
index 0000000..efb718d
--- /dev/null
+++ b/selinux_pols/hald.pp
diff --git a/selinux_pols/hald.te b/selinux_pols/hald.te
new file mode 100644
index 0000000..cff1057
--- /dev/null
+++ b/selinux_pols/hald.te
@@ -0,0 +1,19 @@
+
+module hald-custom 1.0;
+
+require {
+	type fixed_disk_device_t;
+	type mnt_t;
+	type system_dbusd_t;
+	class blk_file { read ioctl open };
+	class dir { write remove_name add_name };
+	class file { write rename create unlink };
+}
+
+#============= system_dbusd_t ==============
+allow system_dbusd_t fixed_disk_device_t:blk_file { ioctl open };
+#!!!! The source type 'system_dbusd_t' can write to a 'dir' of the following types:
+# system_dbusd_var_run_t, system_dbusd_tmp_t, user_home_t, tmp_t, var_run_t
+
+allow system_dbusd_t mnt_t:dir { write remove_name add_name };
+allow system_dbusd_t mnt_t:file { write rename create unlink };