LinuxLists.cc - [refpolicy] [PATCH 22/34]: patch to allow dbus chat in the xserver module

2011-02-16 06:27:06

Subject: [refpolicy] [PATCH 22/34]: patch to allow dbus chat in the xserver module

This patch adds an interface to allow dbus chat with
xdm. It then uses such interface to actually allow dbus chat
between dbus and xdm. The patch also allows dbus chat
between hal and xdm, between policykit and xdm and between
setroubleshoot and xdm.

diff -pruN refpolicy-git-02022011-test-apply/policy/modules/services/dbus.te refpolicy-git-02022011-test-apply2/policy/modules/services/dbus.te
--- refpolicy-git-02022011-test-apply/policy/modules/services/dbus.te 2011-02-07 02:10:02.986932990 +0100
+++ refpolicy-git-02022011-test-apply2/policy/modules/services/dbus.te 2011-02-07 02:30:38.511827891 +0100
@@ -177,6 +177,10 @@ optional_policy(`
udev_read_db(system_dbusd_t)
')

+optional_policy(`
+ xserver_xdm_dbus_chat(system_dbusd_t)
+')
+
########################################
#
# Unconfined access to this module
diff -pruN refpolicy-git-02022011-test-apply/policy/modules/services/xserver.if refpolicy-git-02022011-test-apply2/policy/modules/services/xserver.if
--- refpolicy-git-02022011-test-apply/policy/modules/services/xserver.if 2011-02-07 02:20:14.041958794 +0100
+++ refpolicy-git-02022011-test-apply2/policy/modules/services/xserver.if 2011-02-07 02:29:33.218292156 +0100
@@ -1269,3 +1269,24 @@ interface(`xserver_unconfined',`
typeattribute $1 x_domain;
typeattribute $1 xserver_unconfined_type;
')
+
+########################################
+## <summary>
+## Send and receive messages from
+## xdm over dbus.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`xserver_xdm_dbus_chat',`
+ gen_require(`
+ type xdm_t;
+ class dbus send_msg;
+ ')
+
+ allow $1 xdm_t:dbus send_msg;
+ allow xdm_t $1:dbus send_msg;
+')
diff -pruN refpolicy-git-02022011-test-apply/policy/modules/services/xserver.te refpolicy-git-02022011-test-apply2/policy/modules/services/xserver.te
--- refpolicy-git-02022011-test-apply/policy/modules/services/xserver.te 2011-02-07 02:03:04.390680973 +0100
+++ refpolicy-git-02022011-test-apply2/policy/modules/services/xserver.te 2011-02-07 02:32:15.366955672 +0100
@@ -535,6 +535,10 @@ optional_policy(`
')

optional_policy(`
+ hal_dbus_chat(xdm_t)
+')
+
+optional_policy(`
hostname_exec(xdm_t)
')

@@ -556,10 +560,18 @@ optional_policy(`
')

optional_policy(`
+ policykit_dbus_chat(xdm_t)
+')
+
+optional_policy(`
resmgr_stream_connect(xdm_t)
')

optional_policy(`
+ setroubleshoot_dbus_chat(xdm_t)
+')
+
+optional_policy(`
seutil_sigchld_newrole(xdm_t)
')