From: guido@trentalancia.com (Guido Trentalancia)
Date: Wed, 23 Feb 2011 19:50:30 +0100
Subject: [refpolicy] [PATCH 13/34]: patch to allow networkmanager dbus
 chat
In-Reply-To: <4D651B7A.4010100@tresys.com>
References: <1297836836.3205.56.camel@tesla.lan> <4D651B7A.4010100@tresys.com>
Message-ID: <1298487030.29671.20.camel@tesla.lan>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Hello Christopher !

On Wed, 23/02/2011 at 09.36 -0500, Christopher J. PeBenito wrote:
> On 02/16/11 01:13, Guido Trentalancia wrote:
> > This patch allows dbus chat between networkmanager and dbus and
> > between networkmanager and xdm. It also adds a missing permission
> > (sysnet_read_dhcpc_state) to the networkmanager module.
> > 
> > diff -pruN refpolicy-git-15022011-new-before-modification/policy/modules/services/dbus.te refpolicy-git-15022011-new-modified/policy/modules/services/dbus.te
> > --- refpolicy-git-15022011-new-before-modification/policy/modules/services/dbus.te	2011-02-15 23:15:42.079074132 +0100
> > +++ refpolicy-git-15022011-new-modified/policy/modules/services/dbus.te	2011-02-15 23:17:05.366699083 +0100
> > @@ -156,6 +156,10 @@ optional_policy(`
> >  ')
> >  
> >  optional_policy(`
> > +	networkmanager_dbus_chat(system_dbusd_t)
> > +')
> > +
> > +optional_policy(`
> >  	policykit_dbus_chat(system_dbusd_t)
> >  	policykit_domtrans_auth(system_dbusd_t)
> >  	policykit_search_lib(system_dbusd_t)
> > diff -pruN refpolicy-git-15022011-new-before-modification/policy/modules/services/networkmanager.te refpolicy-git-15022011-new-modified/policy/modules/services/networkmanager.te
> > --- refpolicy-git-15022011-new-before-modification/policy/modules/services/networkmanager.te	2011-01-08 19:07:21.269745618 +0100
> > +++ refpolicy-git-15022011-new-modified/policy/modules/services/networkmanager.te	2011-02-15 23:17:58.800809233 +0100
> > @@ -141,6 +141,7 @@ sysnet_domtrans_ifconfig(NetworkManager_
> >  sysnet_domtrans_dhcpc(NetworkManager_t)
> >  sysnet_signal_dhcpc(NetworkManager_t)
> >  sysnet_read_dhcpc_pid(NetworkManager_t)
> > +sysnet_read_dhcpc_state(NetworkManager_t)
> >  sysnet_delete_dhcpc_pid(NetworkManager_t)
> >  sysnet_search_dhcp_state(NetworkManager_t)
> >  # in /etc created by NetworkManager will be labelled net_conf_t.
> > diff -pruN refpolicy-git-15022011-new-before-modification/policy/modules/services/xserver.te refpolicy-git-15022011-new-modified/policy/modules/services/xserver.te
> > --- refpolicy-git-15022011-new-before-modification/policy/modules/services/xserver.te	2011-02-15 23:07:24.845137330 +0100
> > +++ refpolicy-git-15022011-new-modified/policy/modules/services/xserver.te	2011-02-15 23:17:05.369699539 +0100
> > @@ -548,6 +548,10 @@ optional_policy(`
> >  ')
> >  
> >  optional_policy(`
> > +	networkmanager_dbus_chat(xdm_t)
> > +')
> 
> Is there something new with xdm?  I'm concerned that more dbus
> communications are added (this patch and others) with seemingly
> unrelated services.

What you mean exactly for "something new with xdm" ? Do you mean new
features ?

And what do you mean for unrelated services exactly ? NetworkManager not
being very much related to xdm ? Yes, it's not entirely clear to me
either. But could be that due to the applet ?

More or less I have reported back what was being requested (in the form
of a patch).

Regards,

Guido