From: guido@trentalancia.net (Guido Trentalancia)
Date: Sun, 14 Aug 2016 21:02:51 +0200
Subject: [refpolicy] [PATCH v2] Update the policy and file contexts for
 the xserver module
In-Reply-To: <f38b5601-5017-acc2-3525-965fd77dcc9a@ieee.org>
References: <1471094827.21480.13.camel@trentalancia.net>
	<1471098223.21480.19.camel@trentalancia.net>
	<f38b5601-5017-acc2-3525-965fd77dcc9a@ieee.org>
Message-ID: <1471201371.27146.13.camel@trentalancia.net>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Hello Chris !

On Sun, 14/08/2016 at 14.24 -0400, Chris PeBenito wrote:
> On 08/13/16 10:23, Guido Trentalancia wrote:
> > Update for the xserver module:
> > 
> > - updated the file contexts for the Xsession script;
> > - created an interface for chatting over dbus with
> > ? xdm;
> > - added permission to chat over dbus with colord.
> > 
> > Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
> > ---
> > ?policy/modules/services/xserver.fc |????1 +
> > ?policy/modules/services/xserver.if |???21 +++++++++++++++++++++
> > ?policy/modules/services/xserver.te |????4 ++++
> > ?3 files changed, 26 insertions(+)
> > 
> > --- refpolicy-git-06082016-orig/policy/modules/services/xserver.fc	
> > 2016-08-06 21:26:43.295774282 +0200
> > +++ refpolicy-git-06082016/policy/modules/services/xserver.fc	
> > 2016-08-13 16:20:35.731361535 +0200
> > @@ -74,6 +74,7 @@ HOME_DIR/\.Xauthority.*	--	gen_cont
> > ext(s
> > ?/usr/lib/xorg/Xorg\.wrap	--	gen_context(system_u:obj
> > ect_r:xserver_exec_t,s0)
> > ?/usr/lib/xorg-server/Xorg	--	gen_context(system_u:ob
> > ject_r:xserver_exec_t,s0)
> > ?/usr/lib/xorg-server/Xorg\.wrap	--	gen_context(syste
> > m_u:object_r:xserver_exec_t,s0)
> > +/usr/lib/X11/xdm/Xsession	--	gen_context(system_u:ob
> > ject_r:xsession_exec_t,s0)
> > 
> > ?/usr/sbin/lightdm	--	gen_context(system_u:object_r:x
> > dm_exec_t,s0)
> > 
> > --- refpolicy-git-06082016-orig/policy/modules/services/xserver.if	
> > 2016-08-06 21:26:43.295774282 +0200
> > +++ refpolicy-git-06082016/policy/modules/services/xserver.if	
> > 2016-08-13 15:01:34.028150851 +0200
> > @@ -1291,3 +1291,24 @@ interface(`xserver_unconfined',`
> > ?	typeattribute $1 x_domain;
> > ?	typeattribute $1 xserver_unconfined_type;
> > ?')
> > +
> > +########################################
> > +## <summary>
> > +##	Send and receive messages from
> > +##	xdm over dbus.
> > +## </summary>
> > +## <param name="domain">
> > +##	<summary>
> > +##	Domain allowed access.
> > +##	</summary>
> > +## </param>
> > +#
> > +interface(`xdm_dbus_chat',`
> 
> Why does this interface need to be added, if it isn't going to be
> used?
> (it's not used below).
> 
> If it is still needed, then the interface should be
> xserver_dbus_chat_xdm()

Thanks for pointing this out. It's used by userdomain.if
(userdom_common_user_template). Please not that you already merged the
userdomain patch.

I am now going to rename it, resubmit this patch and submit a short
patch to rename it in userdomain which you already merged.

Best regards,

Guido