From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Wed, 23 Feb 2011 09:36:42 -0500
Subject: [refpolicy] [PATCH 13/34]: patch to allow networkmanager dbus
 chat
In-Reply-To: <1297836836.3205.56.camel@tesla.lan>
References: <1297836836.3205.56.camel@tesla.lan>
Message-ID: <4D651B7A.4010100@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 02/16/11 01:13, Guido Trentalancia wrote:
> This patch allows dbus chat between networkmanager and dbus and
> between networkmanager and xdm. It also adds a missing permission
> (sysnet_read_dhcpc_state) to the networkmanager module.
> 
> diff -pruN refpolicy-git-15022011-new-before-modification/policy/modules/services/dbus.te refpolicy-git-15022011-new-modified/policy/modules/services/dbus.te
> --- refpolicy-git-15022011-new-before-modification/policy/modules/services/dbus.te	2011-02-15 23:15:42.079074132 +0100
> +++ refpolicy-git-15022011-new-modified/policy/modules/services/dbus.te	2011-02-15 23:17:05.366699083 +0100
> @@ -156,6 +156,10 @@ optional_policy(`
>  ')
>  
>  optional_policy(`
> +	networkmanager_dbus_chat(system_dbusd_t)
> +')
> +
> +optional_policy(`
>  	policykit_dbus_chat(system_dbusd_t)
>  	policykit_domtrans_auth(system_dbusd_t)
>  	policykit_search_lib(system_dbusd_t)
> diff -pruN refpolicy-git-15022011-new-before-modification/policy/modules/services/networkmanager.te refpolicy-git-15022011-new-modified/policy/modules/services/networkmanager.te
> --- refpolicy-git-15022011-new-before-modification/policy/modules/services/networkmanager.te	2011-01-08 19:07:21.269745618 +0100
> +++ refpolicy-git-15022011-new-modified/policy/modules/services/networkmanager.te	2011-02-15 23:17:58.800809233 +0100
> @@ -141,6 +141,7 @@ sysnet_domtrans_ifconfig(NetworkManager_
>  sysnet_domtrans_dhcpc(NetworkManager_t)
>  sysnet_signal_dhcpc(NetworkManager_t)
>  sysnet_read_dhcpc_pid(NetworkManager_t)
> +sysnet_read_dhcpc_state(NetworkManager_t)
>  sysnet_delete_dhcpc_pid(NetworkManager_t)
>  sysnet_search_dhcp_state(NetworkManager_t)
>  # in /etc created by NetworkManager will be labelled net_conf_t.
> diff -pruN refpolicy-git-15022011-new-before-modification/policy/modules/services/xserver.te refpolicy-git-15022011-new-modified/policy/modules/services/xserver.te
> --- refpolicy-git-15022011-new-before-modification/policy/modules/services/xserver.te	2011-02-15 23:07:24.845137330 +0100
> +++ refpolicy-git-15022011-new-modified/policy/modules/services/xserver.te	2011-02-15 23:17:05.369699539 +0100
> @@ -548,6 +548,10 @@ optional_policy(`
>  ')
>  
>  optional_policy(`
> +	networkmanager_dbus_chat(xdm_t)
> +')

Is there something new with xdm?  I'm concerned that more dbus
communications are added (this patch and others) with seemingly
unrelated services.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com