From: pebenito@ieee.org (Chris PeBenito) Date: Sat, 17 Dec 2016 09:05:34 -0500 Subject: [refpolicy] [PATCH v4 1/5 base part] wm: update the window manager (wm) module and enable its role template (v7) In-Reply-To: <1481903971.2610.3.camel@trentalancia.net> References: <1481130053.3300.9.camel@trentalancia.net> <1481217618.20182.8.camel@trentalancia.net> <1481322107.2989.1.camel@trentalancia.net> <1481676520.17446.9.camel@trentalancia.net> <1481680495.3551.1.camel@trentalancia.net> <1481721818.2981.9.camel@trentalancia.net> <1481758999.3080.4.camel@trentalancia.net> <29c383f9-6aba-1f9d-94fc-7b1d72cd1a9f@ieee.org> <1481903971.2610.3.camel@trentalancia.net> Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 12/16/16 10:59, Guido Trentalancia via refpolicy wrote: > Enable the window manager role (wm contrib module) and update > the module to work with gnome-shell. > > This patch requires the following recently posted patch for the > games module: > > [PATCH v3 1/2] games: general update and improved pulseaudio integration > http://oss.tresys.com/pipermail/refpolicy/2016-December/008679.html > > This patch has received some testing with the following two > configurations: > - gnome-shell executing in normal mode (with display managers > other than gdm, such as xdm from XOrg); > - gnome-shell executing in gdm mode (with the Gnome Display > Manager). > > Patches 3/5, 4/5 and 5/5 are needed when gnome-shell is used > in conjunction with gdm. > > Since the window managers are not limited by gnome-shell, this latter > version of the patch (along with part 2/5) uses separate optional > conditionals for the gnome and wm role templates. > > The new wm_application_domain() interface introduced in the sixth > version of this patch is an idea of Jason Zaman. > > This patch also fixes a minor bug in the way the pulseaudio_role() > interface is optionally included by the role templates (pulseaudio > does not depend on dbus). > > This seventh version splits the 1/5 patch in two separate patches: > one for the base policy and one for the contrib policy. > > THIS IS THE BASE POLICY PART. I've merged this set. However, after I applied them, I realized there was an invalid interface added in xserver (nonexistant xdm_domain attribute) and a missing interface called in wm. I've removed them. > Signed-off-by: Guido Trentalancia > --- > policy/modules/roles/staff.te | 8 ++++++-- > policy/modules/roles/sysadm.te | 4 ++++ > policy/modules/roles/unprivuser.te | 8 ++++++-- > 3 files changed, 16 insertions(+), 4 deletions(-) > > diff -pru a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te > --- a/policy/modules/roles/staff.te 2016-12-14 02:24:53.397000941 +0100 > +++ b/policy/modules/roles/staff.te 2016-12-13 22:45:02.857851229 +0100 > @@ -88,11 +88,11 @@ ifndef(`distro_redhat',` > ') > > optional_policy(` > - pulseaudio_role(staff_r, staff_t) > + telepathy_role_template(staff, staff_r, staff_t) > ') > > optional_policy(` > - telepathy_role_template(staff, staff_r, staff_t) > + wm_role_template(staff, staff_r, staff_t) > ') > ') > > @@ -145,6 +145,10 @@ ifndef(`distro_redhat',` > ') > > optional_policy(` > + pulseaudio_role(staff_r, staff_t) > + ') > + > + optional_policy(` > pyzor_role(staff_r, staff_t) > ') > > diff -pru a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te > --- a/policy/modules/roles/sysadm.te 2016-12-14 02:24:53.397000941 +0100 > +++ b/policy/modules/roles/sysadm.te 2016-12-13 22:45:25.577422292 +0100 > @@ -1246,6 +1246,10 @@ ifndef(`distro_redhat',` > optional_policy(` > gnome_role_template(sysadm, sysadm_r, sysadm_t) > ') > + > + optional_policy(` > + wm_role_template(sysadm, sysadm_r, sysadm_t) > + ') > ') > > optional_policy(` > diff -pru a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te > --- a/policy/modules/roles/unprivuser.te 2016-12-14 02:24:53.398000965 +0100 > +++ b/policy/modules/roles/unprivuser.te 2016-12-13 22:44:50.493540449 +0100 > @@ -57,11 +57,11 @@ ifndef(`distro_redhat',` > ') > > optional_policy(` > - pulseaudio_role(user_r, user_t) > + telepathy_role_template(user, user_r, user_t) > ') > > optional_policy(` > - telepathy_role_template(user, user_r, user_t) > + wm_role_template(user, user_r, user_t) > ') > ') > > @@ -122,6 +122,10 @@ ifndef(`distro_redhat',` > ') > > optional_policy(` > + pulseaudio_role(user_r, user_t) > + ') > + > + optional_policy(` > pyzor_role(user_r, user_t) > ') -- Chris PeBenito