From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Wed, 06 Oct 2010 08:38:02 -0400
Subject: [refpolicy] [ patch 11/44] consoletype: needs to use system
 dbus file descriptors.
In-Reply-To: <1286216636-28449-13-git-send-email-domg472@gmail.com>
References: <1286216636-28449-1-git-send-email-domg472@gmail.com>
	<1286216636-28449-13-git-send-email-domg472@gmail.com>
Message-ID: <4CAC6DAA.1070203@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 10/04/10 14:23, Dominick Grift wrote:
> diff --git a/policy/modules/services/dbus.if b/policy/modules/services/dbus.if
> index 39e901a..8a405e0 100644
> --- a/policy/modules/services/dbus.if
> +++ b/policy/modules/services/dbus.if
> @@ -445,6 +445,24 @@ interface(`dbus_system_domain',`
>
>   ########################################
>   ##<summary>
> +##	Use and inherit system DBUS file descriptors.
> +##</summary>
> +##<param name="domain">
> +##	<summary>
> +##	Domain allowed access.
> +##	</summary>
> +##</param>
> +#
> +interface(`dbus_use_fds',`

dbus_use_system_bus_fds()

> +	gen_require(`
> +		type system_dbusd_t;
> +	')
> +
> +	allow $1 system_dbusd_t:fd use;
> +')
> +
> +########################################
> +##<summary>
>   ##	Dontaudit Read, and write system dbus TCP sockets.
>   ##</summary>
>   ##<param name="domain">


-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com