From: bigon@debian.org (Laurent Bigonville) Date: Fri, 11 Apr 2014 19:27:16 +0200 Subject: [refpolicy] [PATCH 3/5] Fix the usage of dbus_spec_session_domain() interface In-Reply-To: <1397237238-16784-1-git-send-email-bigon@debian.org> References: <1397237238-16784-1-git-send-email-bigon@debian.org> Message-ID: <1397237238-16784-3-git-send-email-bigon@debian.org> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com From: Laurent Bigonville Change the order of the parameters for the calls to dbus_spec_session_domain() interface. For consistancy with the other dbus interfaces and the backward compatibility, we consider that the description was correct and we change the callers instead. The order of the parameter for this interface is the following: dbus_spec_session_domain(role_prefix, domain, entry_point) --- dbus.if | 2 +- gnome.if | 2 +- obex.if | 2 +- telepathy.if | 18 +++++++++--------- 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/dbus.if b/dbus.if index d3036c6..c3f2118 100644 --- a/dbus.if +++ b/dbus.if @@ -463,7 +463,7 @@ interface(`dbus_spec_session_domain',` type $1_dbusd_t; ') - domtrans_pattern($1_dbusd_t, $2, $3) + domtrans_pattern($1_dbusd_t, $3, $2) dbus_spec_session_bus_client($1, $2) dbus_connect_spec_session_bus($1, $2) diff --git a/gnome.if b/gnome.if index ab09d61..112d33b 100644 --- a/gnome.if +++ b/gnome.if @@ -109,7 +109,7 @@ template(`gnome_role_template',` gnome_stream_connect_gkeyringd($1, $3) optional_policy(` - dbus_spec_session_domain($1, gkeyringd_exec_t, $1_gkeyringd_t) + dbus_spec_session_domain($1, $1_gkeyringd_t, gkeyringd_exec_t) optional_policy(` gnome_dbus_chat_gkeyringd($1, $3) diff --git a/obex.if b/obex.if index 8635ea2..410c0e8 100644 --- a/obex.if +++ b/obex.if @@ -42,7 +42,7 @@ template(`obex_role_template',` allow $3 obex_t:process { ptrace signal_perms }; ps_process_pattern($3, obex_t) - dbus_spec_session_domain($1, obex_exec_t, obex_t) + dbus_spec_session_domain($1, obex_t, obex_exec_t) obex_dbus_chat($3) ') diff --git a/telepathy.if b/telepathy.if index 42946bc..0d58469 100644 --- a/telepathy.if +++ b/telepathy.if @@ -78,15 +78,15 @@ template(`telepathy_role_template',` telepathy_msn_stream_connect($3) telepathy_salut_stream_connect($3) - dbus_spec_session_domain($1, telepathy_gabble_exec_t, telepathy_gabble_t) - dbus_spec_session_domain($1, telepathy_sofiasip_exec_t, telepathy_sofiasip_t) - dbus_spec_session_domain($1, telepathy_idle_exec_t, telepathy_idle_t) - dbus_spec_session_domain($1, telepathy_logger_exec_t, telepathy_logger_t) - dbus_spec_session_domain($1, telepathy_mission_control_exec_t, telepathy_mission_control_t) - dbus_spec_session_domain($1, telepathy_salut_exec_t, telepathy_salut_t) - dbus_spec_session_domain($1, telepathy_sunshine_exec_t, telepathy_sunshine_t) - dbus_spec_session_domain($1, telepathy_stream_engine_exec_t, telepathy_stream_engine_t) - dbus_spec_session_domain($1, telepathy_msn_exec_t, telepathy_msn_t) + dbus_spec_session_domain($1, telepathy_gabble_t, telepathy_gabble_exec_t) + dbus_spec_session_domain($1, telepathy_sofiasip_t, telepathy_sofiasip_exec_t) + dbus_spec_session_domain($1, telepathy_idle_t, telepathy_idle_exec_t) + dbus_spec_session_domain($1, telepathy_logger_t, telepathy_logger_exec_t) + dbus_spec_session_domain($1, telepathy_mission_control_t, telepathy_mission_control_exec_t) + dbus_spec_session_domain($1, telepathy_salut_t, telepathy_salut_exec_t) + dbus_spec_session_domain($1, telepathy_sunshine_t, telepathy_sunshine_exec_t) + dbus_spec_session_domain($1, telepathy_stream_engine_t, telepathy_stream_engine_exec_t) + dbus_spec_session_domain($1, telepathy_msn_t, telepathy_msn_exec_t) allow $3 { telepathy_mission_control_cache_home_t telepathy_cache_home_t telepathy_logger_cache_home_t }:dir { manage_dir_perms relabel_dir_perms }; allow $3 { telepathy_gabble_cache_home_t telepathy_mission_control_home_t telepathy_data_home_t }:dir { manage_dir_perms relabel_dir_perms }; -- 1.9.2