From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Tue, 18 Aug 2009 09:50:24 -0400 Subject: [refpolicy] policykit Debian paths and rules In-Reply-To: <4A89AE85.80905@martinorr.name> References: <4A89AE85.80905@martinorr.name> Message-ID: <1250603424.27712.93.camel@gorn.columbia.tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Mon, 2009-08-17 at 20:24 +0100, Martin Orr wrote: > The policykit binaries on Debian live in /usr/lib/policykit so add file > contexts for that. > Also a couple of policykit rules. Merged, with a little reorganization. > Index: policy/modules/services/policykit.fc > =================================================================== > --- policy/modules/services/policykit.fc.orig > +++ policy/modules/services/policykit.fc > @@ -3,6 +3,11 @@ > /usr/libexec/polkit-resolve-exe-helper.* -- gen_context(system_u:object_r:policykit_resolve_exec_t,s0) > /usr/libexec/polkitd -- gen_context(system_u:object_r:policykit_exec_t,s0) > > +/usr/lib/policykit/polkit-read-auth-helper -- gen_context(system_u:object_r:policykit_auth_exec_t,s0) > +/usr/lib/policykit/polkit-grant-helper.* -- gen_context(system_u:object_r:policykit_grant_exec_t,s0) > +/usr/lib/policykit/polkit-resolve-exe-helper.* -- gen_context(system_u:object_r:policykit_resolve_exec_t,s0) > +/usr/lib/policykit/polkitd -- gen_context(system_u:object_r:policykit_exec_t,s0) > + > /var/lib/misc/PolicyKit.reload gen_context(system_u:object_r:policykit_reload_t,s0) > /var/lib/PolicyKit(/.*)? gen_context(system_u:object_r:policykit_var_lib_t,s0) > /var/lib/PolicyKit-public(/.*)? gen_context(system_u:object_r:policykit_var_lib_t,s0) > Index: policy/modules/services/policykit.te > =================================================================== > --- policy/modules/services/policykit.te.orig > +++ policy/modules/services/policykit.te > @@ -92,6 +92,8 @@ > manage_files_pattern(policykit_auth_t, policykit_var_run_t, policykit_var_run_t) > files_pid_filetrans(policykit_auth_t, policykit_var_run_t, { file dir }) > > +kernel_read_system_state(policykit_auth_t) > + > files_read_etc_files(policykit_auth_t) > files_read_usr_files(policykit_auth_t) > > @@ -105,6 +107,7 @@ > > optional_policy(` > dbus_session_bus_client(policykit_auth_t) > + dbus_system_bus_client(policykit_auth_t) > > optional_policy(` > consolekit_dbus_chat(policykit_auth_t) > -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150