From: bigon@debian.org (Laurent Bigonville)
Date: Fri, 11 Apr 2014 19:27:15 +0200
Subject: [refpolicy] [PATCH 2/5] Allow gconfd to be started by the session
	bus
In-Reply-To: <1397237238-16784-1-git-send-email-bigon@debian.org>
References: <1397237238-16784-1-git-send-email-bigon@debian.org>
Message-ID: <1397237238-16784-2-git-send-email-bigon@debian.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

From: Laurent Bigonville <bigon@bigon.be>

Allow gconfd to be started by the session bus and make it transition to
its own domain.

It also connects to the system bus to listen to signals from
org.gnome.GConf.Defaults interface
---
 gnome.te | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/gnome.te b/gnome.te
index 5e3c10b..a913899 100644
--- a/gnome.te
+++ b/gnome.te
@@ -91,6 +91,12 @@ userdom_manage_user_tmp_dirs(gconfd_t)
 userdom_tmp_filetrans_user_tmp(gconfd_t, dir)
 
 optional_policy(`
+	dbus_all_session_domain(gconfd_t, gconfd_exec_t)
+
+	dbus_system_bus_client(gconfd_t)
+')
+
+optional_policy(`
 	nscd_dontaudit_search_pid(gconfd_t)
 ')
 
-- 
1.9.2