From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Mon, 3 Oct 2011 21:47:20 +0200
Subject: [refpolicy] [PATCH 2/4] Allow the dbusd_t domains to read xdg data
In-Reply-To: <20111003194606.GA7129@siphos.be>
References: <20111003194606.GA7129@siphos.be>
Message-ID: <20111003194720.GC7129@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com


The dbus domains currently hold userdom_read_user_home_content_files,
partially due to it requiring the xdg data (xdg_data_home_t).

Grant xdg_read_data_home to the dbus domain keeps this. From first looks
of it, other xdg locations are not needed by dbus.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 dbus.if |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/dbus.if b/dbus.if
index 1a1becd..f963ea8 100644
--- a/dbus.if
+++ b/dbus.if
@@ -160,6 +160,10 @@ template(`dbus_role_template',`
 	')
 
 	optional_policy(`
+		xdg_read_data_home($1_dbus_t)
+	')
+
+	optional_policy(`
 		xserver_use_xdm_fds($1_dbusd_t)
 		xserver_rw_xdm_pipes($1_dbusd_t)
 	')
-- 
1.7.3.4