From: jason@perfinion.com (Jason Zaman)
Date: Sat, 27 May 2017 00:10:51 +0800
Subject: [refpolicy] [PATCH 1/4] consolekit: introduce
	consolekit_use_inhibit_lock interface
In-Reply-To: <20170526161054.15183-1-jason@perfinion.com>
References: <20170526161054.15183-1-jason@perfinion.com>
Message-ID: <20170526161054.15183-2-jason@perfinion.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Applications hold FDs while they hold the lock.
Implements this API:
https://www.freedesktop.org/wiki/Software/systemd/inhibit/
---
 consolekit.if | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/consolekit.if b/consolekit.if
index 5b830ec..c2c203f 100644
--- a/consolekit.if
+++ b/consolekit.if
@@ -42,6 +42,25 @@ interface(`consolekit_dbus_chat',`
 
 ########################################
 ## <summary>
+##	Take inhibit locks from consolekit
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`consolekit_use_inhibit_lock',`
+	gen_require(`
+		type consolekit_t, consolekit_var_run_t;
+	')
+
+	allow $1 consolekit_t:fd use;
+	allow $1 consolekit_var_run_t:fifo_file rw_fifo_file_perms;
+')
+
+########################################
+## <summary>
 ##	Read consolekit log files.
 ## </summary>
 ## <param name="domain">
-- 
2.13.0