From: guido@trentalancia.com (Guido Trentalancia)
Date: Wed, 16 Feb 2011 07:23:45 +0100
Subject: [refpolicy] [PATCH 19/34]: patch for the setroubleshoot module (new
 optional blocks)
Message-ID: <1297837425.3205.77.camel@tesla.lan>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

This patch adds a new interface to the logging module and uses
such interface (as optional policy) from the setroubleshoot module.
The patch also adds another optional policy block to the setroubleshoot
(so that the locate module can read lib files).

diff -pruN -x booleans.conf -x corenetwork.if -x corenetwork.te -x modules.conf refpolicy-git-02022011/policy/modules/services/setroubleshoot.te refpolicy-git-02022011-new/policy/modules/services/setroubleshoot.te
--- refpolicy-git-02022011/policy/modules/services/setroubleshoot.te	2011-01-08 19:07:21.305751304 +0100
+++ refpolicy-git-02022011-new/policy/modules/services/setroubleshoot.te	2011-02-06 23:43:07.912654284 +0100
@@ -125,6 +125,14 @@ optional_policy(`
 ')
 
 optional_policy(`
+	locate_read_lib_files(setroubleshootd_t)
+')
+
+optional_policy(`
+	logging_dbus_chat_dispatcher(setroubleshootd_t)
+')
+
+optional_policy(`
 	rpm_signull(setroubleshootd_t)
 	rpm_read_db(setroubleshootd_t)
 	rpm_dontaudit_manage_db(setroubleshootd_t)
diff -pruN -x booleans.conf -x corenetwork.if -x corenetwork.te -x modules.conf refpolicy-git-02022011/policy/modules/system/logging.if refpolicy-git-02022011-new/policy/modules/system/logging.if
--- refpolicy-git-02022011/policy/modules/system/logging.if	2011-01-08 19:07:21.355759202 +0100
+++ refpolicy-git-02022011-new/policy/modules/system/logging.if	2011-02-06 23:29:21.571770219 +0100
@@ -337,6 +337,27 @@ interface(`logging_stream_connect_dispat
 
 ########################################
 ## <summary>
+##      Send and receive messages from
+##      the audit dispatcher over dbus.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+interface(`logging_dbus_chat_dispatcher',`
+	gen_require(`
+		type audisp_t;
+		class dbus send_msg;
+	')
+
+	allow $1 audisp_t:dbus send_msg;
+	allow audisp_t $1:dbus send_msg;
+')
+
+########################################
+## <summary>
 ##	Manage the auditd configuration files.
 ## </summary>
 ## <param name="domain">