radicale add missing source files

Signed-off-by: webbuilder_pel7x64builder0 <webbuilder@powerel.org>

SOURCES/radicale.fc

@@ -0,0 +1,13 @@
+/usr/bin/radicale		--	gen_context(system_u:object_r:radicale_exec_t,s0)
+
+/usr/lib/systemd/system/radicale.service		--	gen_context(system_u:object_r:radicale_unit_file_t,s0)
+
+/var/lib/radicale(/.*)?		gen_context(system_u:object_r:radicale_var_lib_t,s0)
+
+/var/log/radicale(/.*)?		gen_context(system_u:object_r:radicale_log_t,s0)
+
+/var/run/radicale(/.*)?         gen_context(system_u:object_r:radicale_var_run_t,s0)
+
+/etc/radicale(/.*)?         gen_context(system_u:object_r:radicale_etc_t,s0)
+
+#portcon tcp     5232   gen_context(system_u:object_r:radicale_port_t,s0)

SOURCES/radicale.if

@@ -0,0 +1,265 @@
+
+## <summary>policy for radicale</summary>
+
+########################################
+## <summary>
+##	Execute TEMPLATE in the radicale domin.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+interface(`radicale_domtrans',`
+	gen_require(`
+		type radicale_t, radicale_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, radicale_exec_t, radicale_t)
+')
+########################################
+## <summary>
+##	Read radicale's log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`radicale_read_log',`
+	gen_require(`
+		type radicale_log_t;
+	')
+
+	logging_search_logs($1)
+	read_files_pattern($1, radicale_log_t, radicale_log_t)
+')
+
+########################################
+## <summary>
+##	Append to radicale log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`radicale_append_log',`
+	gen_require(`
+		type radicale_log_t;
+	')
+
+	logging_search_logs($1)
+	append_files_pattern($1, radicale_log_t, radicale_log_t)
+')
+
+########################################
+## <summary>
+##	Manage radicale log files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`radicale_manage_log',`
+	gen_require(`
+		type radicale_log_t;
+	')
+
+	logging_search_logs($1)
+	manage_dirs_pattern($1, radicale_log_t, radicale_log_t)
+	manage_files_pattern($1, radicale_log_t, radicale_log_t)
+	manage_lnk_files_pattern($1, radicale_log_t, radicale_log_t)
+')
+
+########################################
+## <summary>
+##	Search radicale lib directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`radicale_search_lib',`
+	gen_require(`
+		type radicale_var_lib_t;
+	')
+
+	allow $1 radicale_var_lib_t:dir search_dir_perms;
+	files_search_var_lib($1)
+')
+
+########################################
+## <summary>
+##	Read radicale lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`radicale_read_lib_files',`
+	gen_require(`
+		type radicale_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	read_files_pattern($1, radicale_var_lib_t, radicale_var_lib_t)
+')
+
+########################################
+## <summary>
+##	Manage radicale lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`radicale_manage_lib_files',`
+	gen_require(`
+		type radicale_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	manage_files_pattern($1, radicale_var_lib_t, radicale_var_lib_t)
+')
+
+########################################
+## <summary>
+##	Manage radicale lib directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`radicale_manage_lib_dirs',`
+	gen_require(`
+		type radicale_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	manage_dirs_pattern($1, radicale_var_lib_t, radicale_var_lib_t)
+')
+
+#####################################
+## <summary>
+##      Read radicale pid files.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+interface(`radicale_read_pid_files',`
+        gen_require(`
+                type radicale_var_run_t;
+        ')
+        files_search_pids($1)
+        read_files_pattern($1, radicale_var_run_t, radicale_var_run_t)
+')
+
+#####################################
+## <summary>
+##      Search radicale pid files.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+##
+#
+interface(`radicale_search_pid_files',`
+        gen_require(`
+                type radicale_var_run_t;
+        ')
+        files_search_pids($1)
+        search_dirs_pattern($1, radicale_var_run_t, radicale_var_run_t)
+')
+
+########################################
+## <summary>
+##	Execute radicale server in the radicale domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+interface(`radicale_systemctl',`
+	gen_require(`
+		type radicale_t;
+		type radicale_unit_file_t;
+	')
+
+	systemd_exec_systemctl($1)
+        systemd_read_fifo_file_password_run($1)
+	allow $1 radicale_unit_file_t:file read_file_perms;
+	allow $1 radicale_unit_file_t:service manage_service_perms;
+
+	ps_process_pattern($1, radicale_t)
+')
+
+
+########################################
+## <summary>
+##	All of the rules required to administrate
+##	an radicale environment
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`radicale_admin',`
+	gen_require(`
+		type radicale_t;
+		type radicale_log_t;
+		type radicale_var_lib_t;
+                type radicale_var_run_t;
+                type radicale_unit_file_t;
+	')
+
+	allow $1 radicale_t:process { ptrace signal_perms };
+	ps_process_pattern($1, radicale_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, radicale_log_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, radicale_var_lib_t)
+
+        radicale_search_pid_files($1)
+        radicale_read_pid_files($1)
+
+	radicale_systemctl($1)
+	admin_pattern($1, radicale_unit_file_t)
+	allow $1 radicale_unit_file_t:service all_service_perms;
+	optional_policy(`
+		systemd_passwd_agent_exec($1)
+		systemd_read_fifo_file_passwd_run($1)
+	')
+')

SOURCES/radicale.service

@@ -0,0 +1,22 @@
+[Unit]
+Description=Radicale CalDAV and CardDAV server
+Documentation=http://radicale.org/documentation/
+After=network-online.target
+Requires=network-online.target
+
+[Service]
+Type=forking
+WorkingDirectory=/var/lib/radicale
+User=radicale
+Group=radicale
+UMask=0027
+PIDFile=/var/run/radicale/radicale.pid
+ExecStart=/usr/bin/radicale --daemon --pid=/var/run/radicale/radicale.pid
+PrivateTmp=true
+CapabilityBoundingSet=
+ProtectSystem=full
+ProtectHome=true
+Restart=on-abnormal
+
+[Install]
+WantedBy=multi-user.target

SOURCES/radicale.te

@@ -0,0 +1,92 @@
+policy_module(radicale, 1.0.8)
+
+gen_require(`
+    type httpd_t;
+    type pop_port_t;
+')
+
+########################################
+#
+# Declarations
+#
+
+type radicale_t;
+type radicale_exec_t;
+init_daemon_domain(radicale_t, radicale_exec_t)
+
+type radicale_log_t;
+logging_log_file(radicale_log_t)
+
+type radicale_var_lib_t;
+files_type(radicale_var_lib_t)
+
+type radicale_var_run_t;
+files_pid_file(radicale_var_run_t)
+
+type radicale_etc_t;
+files_config_file(radicale_etc_t);
+
+type radicale_unit_file_t;
+systemd_unit_file(radicale_unit_file_t)
+
+type radicale_port_t;
+corenet_port(radicale_port_t)
+
+########################################
+#
+# radicale local policy
+#
+allow radicale_t self:fifo_file rw_fifo_file_perms;
+allow radicale_t self:unix_stream_socket create_stream_socket_perms;
+allow radicale_t self:tcp_socket create_stream_socket_perms;
+allow radicale_t self:unix_dgram_socket create_stream_socket_perms;
+
+allow radicale_t radicale_port_t:tcp_socket name_bind;
+allow radicale_t pop_port_t:tcp_socket name_connect;
+
+manage_dirs_pattern(radicale_t, radicale_log_t, radicale_log_t)
+manage_files_pattern(radicale_t, radicale_log_t, radicale_log_t)
+manage_lnk_files_pattern(radicale_t, radicale_log_t, radicale_log_t)
+logging_log_filetrans(radicale_t, radicale_log_t, { dir file lnk_file })
+
+manage_dirs_pattern(radicale_t, radicale_var_lib_t, radicale_var_lib_t)
+manage_files_pattern(radicale_t, radicale_var_lib_t, radicale_var_lib_t)
+manage_lnk_files_pattern(radicale_t, radicale_var_lib_t, radicale_var_lib_t)
+files_var_lib_filetrans(radicale_t, radicale_var_lib_t, { dir file lnk_file })
+
+manage_files_pattern(radicale_t, radicale_var_run_t, radicale_var_run_t)
+files_pid_filetrans(radicale_t, radicale_var_lib_t, file)
+
+domain_use_interactive_fds(radicale_t)
+
+files_read_etc_files(radicale_t)
+read_files_pattern(radicale_t, radicale_etc_t, radicale_etc_t)
+
+bool httpd_can_read_write_radicale false;
+
+if (httpd_can_read_write_radicale) {
+    manage_dirs_pattern(httpd_t, radicale_log_t, radicale_log_t)
+    manage_files_pattern(httpd_t, radicale_log_t, radicale_log_t)
+    manage_lnk_files_pattern(httpd_t, radicale_log_t, radicale_log_t)
+    #logging_log_filetrans(httpd_t, radicale_log_t, { dir file lnk_file })
+
+    manage_dirs_pattern(httpd_t, radicale_var_lib_t, radicale_var_lib_t)
+    manage_files_pattern(httpd_t, radicale_var_lib_t, radicale_var_lib_t)
+    manage_lnk_files_pattern(httpd_t, radicale_var_lib_t, radicale_var_lib_t)
+    #files_var_lib_filetrans(httpd_t, radicale_var_lib_t, { dir file lnk_file })
+
+    #domain_use_interactive_fds(httpd_t)
+
+    #files_read_etc_files(radicale_t)
+    read_files_pattern(httpd_t, radicale_etc_t, radicale_etc_t)
+} 
+
+miscfiles_read_localization(radicale_t)
+dev_read_urand(radicale_t)
+dev_read_rand(radicale_t)
+auth_use_nsswitch(radicale_t)
+corecmd_exec_shell(radicale_t)
+corecmd_exec_bin(radicale_t)
+libs_exec_ldconfig(radicale_t)
+kernel_read_system_state(radicale_t)
+apache_search_config(radicale_t)