From: guido@trentalancia.net (Guido Trentalancia) Date: Sun, 14 Aug 2016 21:04:24 +0200 Subject: [refpolicy] [PATCH v2] Allow some more dbus chat perms for user domains (was [PATCH] Allow some dbus chat permissions for the unprivileged user role) In-Reply-To: <97669ef1-2fd9-ecfe-e5fc-b79101926189@ieee.org> References: <993078225.954011.1471108361800.JavaMail.open-xchange@popper08.register.it> <1012632181.942547.1471120426481.JavaMail.open-xchange@popper02.register.it> <240400780.942697.1471123390864.JavaMail.open-xchange@popper02.register.it> <97669ef1-2fd9-ecfe-e5fc-b79101926189@ieee.org> Message-ID: <1471201464.27146.15.camel@trentalancia.net> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Hello Chris ! On Sat, 14/08/2016 at 14.13 -0400, Chris PeBenito wrote: > On 08/13/16 17:23, Guido Trentalancia wrote: > > Allow the system user domains to chat over dbus with a few other > > domains (e.g. gnome session). > > > > Thanks to Jason Zaman for pointing out the correct interface to > > achieve this. > > > > This new version fixes a typographic error in the previous version. > > Merged. You merged an interface xdm_dbus_chat() which, you said, brings a wrong name. I am now going to create a short patch to fix this problem (and a new patch for the xserver module). > > > > Signed-off-by: Guido Trentalancia > > --- > > ?policy/modules/system/userdomain.if |???21 +++++++++++++++++++++ > > ?1 file changed, 21 insertions(+) > > > > --- refpolicy-git-06082016-orig/policy/modules/system/userdomain.if > > 2016-08-06 > > 21:26:43.311774465 +0200 > > +++ refpolicy-git-06082016/policy/modules/system/userdomain.if > > 2016-08-13 > > 23:17:44.315406734 +0200 > > @@ -596,10 +596,18 @@ template(`userdom_common_user_template', > > ? dbus_system_bus_client($1_t) > > > > ? optional_policy(` > > + accountsd_dbus_chat($1_t) > > + ') > > + > > + optional_policy(` > > ? bluetooth_dbus_chat($1_t) > > ? ') > > > > ? optional_policy(` > > + colord_dbus_chat($1_t) > > + ') > > + > > + optional_policy(` > > ? consolekit_dbus_chat($1_t) > > ? ') > > > > @@ -608,6 +616,11 @@ template(`userdom_common_user_template', > > ? ') > > > > ? optional_policy(` > > + devicekit_dbus_chat_disk($1_t) > > + devicekit_dbus_chat_power($1_t) > > + ') > > + > > + optional_policy(` > > ? hal_dbus_chat($1_t) > > ? ') > > > > @@ -618,6 +631,14 @@ template(`userdom_common_user_template', > > ? optional_policy(` > > ? policykit_dbus_chat($1_t) > > ? ') > > + > > + optional_policy(` > > + rtkit_daemon_dbus_chat($1_t) > > + ') > > + > > + optional_policy(` > > + xdm_dbus_chat($1_t) > > + ') > > ? ') > > > > ? optional_policy(` > > _______________________________________________ > >?