From: jason@perfinion.com (Jason Zaman)
Date: Sun,  4 Jun 2017 23:23:46 +0800
Subject: [refpolicy] [PATCH v2 2/6] consolekit: Add support for consolekit2
In-Reply-To: <20170604152350.27036-1-jason@perfinion.com>
References: <20170604152350.27036-1-jason@perfinion.com>
Message-ID: <20170604152350.27036-2-jason@perfinion.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

setattr chr_files is to setting dev nodes on login
rw sysfs and devicekit for suspend
connect to cgmanager to track sessions with cgroups
---
 consolekit.te | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/consolekit.te b/consolekit.te
index c99a6cb..c3c58f7 100644
--- a/consolekit.te
+++ b/consolekit.te
@@ -53,7 +53,8 @@ corecmd_exec_bin(consolekit_t)
 corecmd_exec_shell(consolekit_t)
 
 dev_read_urand(consolekit_t)
-dev_read_sysfs(consolekit_t)
+dev_rw_sysfs(consolekit_t)
+dev_setattr_all_chr_files(consolekit_t)
 
 domain_read_all_domains_state(consolekit_t)
 domain_use_interactive_fds(consolekit_t)
@@ -104,6 +105,10 @@ tunable_policy(`use_samba_home_dirs',`
 ')
 
 optional_policy(`
+	cgmanager_stream_connect(consolekit_t)
+')
+
+optional_policy(`
 	dbus_read_lib_files(consolekit_t)
 	dbus_system_domain(consolekit_t, consolekit_exec_t)
 
@@ -125,6 +130,10 @@ optional_policy(`
 ')
 
 optional_policy(`
+	devicekit_manage_log_files(consolekit_t)
+')
+
+optional_policy(`
 	hal_ptrace(consolekit_t)
 ')
 
@@ -156,6 +165,7 @@ optional_policy(`
 optional_policy(`
 	udev_domtrans(consolekit_t)
 	udev_read_db(consolekit_t)
+	udev_read_pid_files(consolekit_t)
 	udev_signal(consolekit_t)
 ')
 
-- 
2.13.0