From: dominick.grift@gmail.com (grift)
Date: Mon, 17 Dec 2012 21:18:08 +0100
Subject: [refpolicy] [PATCH 2/9] Allow system_dbusd_t to transition to
 networkmanager_initrc_t
In-Reply-To: <1355774297-13606-2-git-send-email-bigon@debian.org>
References: <1355774297-13606-1-git-send-email-bigon@debian.org>
	<1355774297-13606-2-git-send-email-bigon@debian.org>
Message-ID: <1355775488.2269.12.camel@localhost>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Mon, 2012-12-17 at 20:58 +0100, Laurent Bigonville wrote:
> From: Laurent Bigonville <bigon@bigon.be>
> 
> nm-dispatcher.action executable is labeled as
> NetworkManager_initrc_exec_t and will be executed by the system dbus
> ---
>  dbus.te |    4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/dbus.te b/dbus.te
> index ad29d6f..2ed2d6e 100644
> --- a/dbus.te
> +++ b/dbus.te
> @@ -148,6 +148,10 @@ optional_policy(`
>  ')
>  
>  optional_policy(`
> +	networkmanager_initrc_domtrans(system_dbusd_t)
> +')
> +
> +optional_policy(`
>  	policykit_read_lib(system_dbusd_t)
>  ')
>  

This is a better solution (which i am about to commit instead):

> From 3629eb16814fa4ea3542892508250dd1b5e00c9d Mon, 17 Dec 2012 21:16:33 +0100
> From: Dominick Grift <dominick.grift@gmail.com>
> Date: Mon, 17 Dec 2012 21:16:23 +0100
> Subject: [PATCH] Changes to the dbus policy module
> 
> 
> System bus needs to be able to transition to init script domain on any
> init script file type instead of only the generic init script file type
> 
> Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
> diff --git a/dbus.te b/dbus.te
> index ad29d6f..4f75f33 100644
> --- a/dbus.te
> +++ b/dbus.te
> @@ -1,4 +1,4 @@
> -policy_module(dbus, 1.18.6)
> +policy_module(dbus, 1.18.7)
>  
>  gen_require(`
>  	class dbus all_dbus_perms;
> @@ -125,7 +125,7 @@
>  
>  init_use_fds(system_dbusd_t)
>  init_use_script_ptys(system_dbusd_t)
> -init_domtrans_script(system_dbusd_t)
> +init_all_labeled_script_domtrans(system_dbusd_t)
>  
>  init_use_fds(system_dbusd_t)
>  init_use_script_ptys(system_dbusd_t)