From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Sun, 4 Sep 2011 14:14:07 +0200
Subject: [refpolicy] [PATCH 3/4] Allow the dbusd_t domains to read xdg data
In-Reply-To: <20110904121223.GA11390@siphos.be>
References: <20110904121223.GA11390@siphos.be>
Message-ID: <20110904121406.GD11390@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

The dbus domains currently hold userdom_read_user_home_content_files,
partially due to it requiring the xdg data (xdg_data_home_t).

Grant xdg_read_data_home to the dbus domain keeps this. From first looks
of it, other xdg locations are not needed by dbus.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 policy/modules/services/dbus.if |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/policy/modules/services/dbus.if b/policy/modules/services/dbus.if
index 1a1becd..948aa56 100644
--- a/policy/modules/services/dbus.if
+++ b/policy/modules/services/dbus.if
@@ -151,6 +151,8 @@ template(`dbus_role_template',`
 
 	userdom_read_user_home_content_files($1_dbusd_t)
 
+	xdg_read_data_home($1_dbusd_t)
+
 	ifdef(`hide_broken_symptoms', `
 		dontaudit $3 $1_dbusd_t:netlink_selinux_socket { read write };
 	')
-- 
1.7.3.4