This patch adds two new interfaces to the ntp module. The first
interface can be used to allow dbus chat and the second interface
allows to connect to dbus using a unix domain stream socket.
Both interfaces are used to allow dbus chat between ntpd and
dbus and to allow ntpd to connect to dbus using a unix domain
stream socket.
diff -pruN refpolicy-git-02022011-test-apply/policy/modules/services/dbus.te refpolicy-git-02022011-test-apply2/policy/modules/services/dbus.te
--- refpolicy-git-02022011-test-apply/policy/modules/services/dbus.te 2011-02-07 01:57:28.517803483 +0100
+++ refpolicy-git-02022011-test-apply2/policy/modules/services/dbus.te 2011-02-07 02:07:54.389747263 +0100
@@ -160,6 +160,10 @@ optional_policy(`
')
optional_policy(`
+ ntp_dbus_chat(system_dbusd_t)
+')
+
+optional_policy(`
policykit_dbus_chat(system_dbusd_t)
policykit_domtrans_auth(system_dbusd_t)
policykit_search_lib(system_dbusd_t)
diff -pruN refpolicy-git-02022011-test-apply/policy/modules/services/ntp.if refpolicy-git-02022011-test-apply2/policy/modules/services/ntp.if
--- refpolicy-git-02022011-test-apply/policy/modules/services/ntp.if 2011-01-08 19:07:21.272746092 +0100
+++ refpolicy-git-02022011-test-apply2/policy/modules/services/ntp.if 2011-02-07 02:05:17.879861318 +0100
@@ -163,3 +163,43 @@ interface(`ntp_admin',`
files_list_pids($1)
admin_pattern($1, ntpd_var_run_t)
')
+
+########################################
+## <summary>
+## Send and receive messages from
+## ntpd over dbus.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`ntp_dbus_chat',`
+ gen_require(`
+ type ntpd_t;
+ class dbus send_msg;
+ ')
+
+ allow $1 ntpd_t:dbus send_msg;
+ allow ntpd_t $1:dbus send_msg;
+')
+
+########################################
+## <summary>
+## Connect to dbus using a unix domain stream socket.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`ntp_dbus_stream_connect',`
+ gen_require(`
+ type system_dbusd_t, system_dbusd_var_run_t;
+ ')
+
+ files_search_pids($1)
+ stream_connect_pattern($1, system_dbusd_var_run_t, system_dbusd_var_run_t, system_dbusd_t)
+')
diff -pruN refpolicy-git-02022011-test-apply/policy/modules/services/ntp.te refpolicy-git-02022011-test-apply2/policy/modules/services/ntp.te
--- refpolicy-git-02022011-test-apply/policy/modules/services/ntp.te 2011-02-07 02:03:04.389680812 +0100
+++ refpolicy-git-02022011-test-apply2/policy/modules/services/ntp.te 2011-02-07 02:06:54.181383927 +0100
@@ -152,6 +152,10 @@ optional_policy(`
')
optional_policy(`
+ ntp_dbus_stream_connect(ntpd_t)
+')
+
+optional_policy(`
seutil_sigchld_newrole(ntpd_t)
')