From: guido@trentalancia.net (guido guido)
Date: Sat, 13 Aug 2016 19:12:41 +0200 (CEST)
Subject: [refpolicy] [PATCH] Allow some dbus chat permissions for the
 unprivileged user role
Message-ID: <993078225.954011.1471108361800.JavaMail.open-xchange@popper08.register.it>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Allow the unprivileged user to chat over dbus with a few
other domains (e.g. in a gnome session). 

Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
---
 policy/modules/roles/unprivuser.te |   14 ++++++++++++++
 1 file changed, 14 insertions(+)

--- refpolicy-git-06082016-orig/policy/modules/roles/unprivuser.te	2016-08-06
21:26:43.293774259 +0200
+++ refpolicy-git-06082016/policy/modules/roles/unprivuser.te	2016-08-13
15:05:58.696124415 +0200
@@ -13,14 +13,27 @@ policy_module(unprivuser, 2.6.0)
 userdom_unpriv_user_template(user)
 
 optional_policy(`
+	accountsd_dbus_chat(user_t)
+')
+
+optional_policy(`
 	apache_role(user_r, user_t)
 ')
 
 optional_policy(`
+	devicekit_dbus_chat_disk(user_t)
+	devicekit_dbus_chat_power(user_t)
+')
+
+optional_policy(`
 	git_role(user_r, user_t)
 ')
 
 optional_policy(`
+	rtkit_daemon_dbus_chat(user_t)
+')
+
+optional_policy(`
 	screen_role_template(user, user_r, user_t)
 ')
 
@@ -30,6 +43,7 @@ optional_policy(`
 
 optional_policy(`
 	xserver_role(user_r, user_t)
+	xdm_dbus_chat(user_t)
 ')
 
 ifndef(`distro_redhat',`