From: guido@trentalancia.net (Guido Trentalancia)
Date: Sat, 13 Aug 2016 22:33:46 +0200 (CEST)
Subject: [refpolicy] [PATCH] Allow some more dbus chat perms for user
 domains (was [PATCH] Allow some dbus chat permissions for the unprivileged
 user role)
In-Reply-To: <993078225.954011.1471108361800.JavaMail.open-xchange@popper08.register.it>
References: <993078225.954011.1471108361800.JavaMail.open-xchange@popper08.register.it>
Message-ID: <1012632181.942547.1471120426481.JavaMail.open-xchange@popper02.register.it>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Allow the system user domains to chat over dbus with a few other
domains (e.g. gnome session).

Thanks to Jason Zaman for pointing out the correct interface to
achieve this.

Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
---
 policy/modules/system/userdomain.if |   25 +++++++++++++++++++++++--
 1 file changed, 23 insertions(+), 2 deletions(-)

--- refpolicy-git-06082016-orig/policy/modules/system/userdomain.if	2016-08-06
21:26:43.311774465 +0200
+++ refpolicy-git-06082016/policy/modules/system/userdomain.if	2016-08-13
22:23:25.725173974 +0200
@@ -596,10 +596,18 @@ template(`userdom_common_user_template',
 		dbus_system_bus_client($1_t)
 
 		optional_policy(`
+			accountsd_dbus_chat($1_t)
+		')
+
+		optional_policy(`
 			bluetooth_dbus_chat($1_t)
 		')
 
 		optional_policy(`
+			colord_dbus_chat($1_r, $1_t)
+		')
+
+		optional_policy(`
 			consolekit_dbus_chat($1_t)
 		')
 
@@ -608,6 +616,11 @@ template(`userdom_common_user_template',
 		')
 
 		optional_policy(`
+			devicekit_dbus_chat_disk($1_t)
+			devicekit_dbus_chat_power($1_t)
+		')
+
+		optional_policy(`
 			hal_dbus_chat($1_t)
 		')
 
@@ -618,6 +631,14 @@ template(`userdom_common_user_template',
 		optional_policy(`
 			policykit_dbus_chat($1_t)
 		')
+
+		optional_policy(`
+			rtkit_daemon_dbus_chat($1_t)
+		')
+
+		optional_policy(`
+			xdm_dbus_chat($1_t)
+		')
 	')
 
 	optional_policy(`