From: guido@trentalancia.com (Guido Trentalancia)
Date: Sat, 20 May 2017 17:40:23 +0200
Subject: [refpolicy] [PATCH 1/3] userdomain: new dbus chat interface
Message-ID: <1495294823.9446.2.camel@trentalancia.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Minor update for the Apache OpenOffice(R) module: part 1/3.

This patch introduces a new interface to allow bidirectional
dbus chat from/to the user domain (instead of only unidirectional
messaging).

The new interface is used by part 2/3.

Signed-off-by: Guido Trentalancia <guido@trentalancia.com>
---
 policy/modules/system/userdomain.if |   21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

--- a/policy/modules/system/userdomain.if	2017-04-26 17:47:14.081423048 +0200
+++ b/policy/modules/system/userdomain.if	2017-05-20 15:55:50.405244985 +0200
@@ -4018,6 +4018,27 @@ interface(`userdom_dbus_send_all_users',
 
 ########################################
 ## <summary>
+##	Send and receive dbus messages
+##	from and to all user domains.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`userdom_dbus_chat_all_users',`
+	gen_require(`
+		attribute userdomain;
+		class dbus send_msg;
+	')
+
+	allow $1 userdomain:dbus send_msg;
+	allow userdomain $1:dbus send_msg;
+')
+
+########################################
+## <summary>
 ##     Do not audit attempts to read and write
 ##     unserdomain stream.
 ## </summary>