From: guido@trentalancia.com (Guido Trentalancia)
Date: Mon, 09 Oct 2017 21:03:48 +0200
Subject: [refpolicy] [PATCH 2/2] dbus: read user home content files
In-Reply-To: <f2750f81-853e-ed6f-ac24-0cbc2c7b8907@ieee.org>
References: <1507316441.20230.11.camel@trentalancia.com>
	<f2750f81-853e-ed6f-ac24-0cbc2c7b8907@ieee.org>
Message-ID: <B09CBAA6-3AB2-4483-9456-F9E1549CCBC0@trentalancia.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com



On the 9th of October 2017 19:56:00 CEST, Chris PeBenito <pebenito@ieee.org> wrote:
>On 10/06/2017 03:00 PM, Guido Trentalancia via refpolicy wrote:
>> Add permissions required to run Gnome (read user color management
>> files).
>> 
>> Signed-off-by: Guido Trentalancia <guido@trentalancia.com>
>> ---
>>   policy/modules/contrib/dbus.te |    2 ++
>>   1 file changed, 2 insertions(+)
>> 
>> --- a/policy/modules/contrib/dbus.te	2017-09-29 19:01:55.142455647
>+0200
>> +++ b/policy/modules/contrib/dbus.te	2017-10-06 00:04:54.272534259
>+0200
>> @@ -147,6 +147,8 @@ seutil_read_default_contexts(system_dbus
>>   userdom_dontaudit_use_unpriv_user_fds(system_dbusd_t)
>>   userdom_dontaudit_search_user_home_dirs(system_dbusd_t)
>>   
>> +userdom_read_user_home_content_files(system_dbusd_t)
>
>Does this not fit in with any of the XDG types instead?

I don't know, it needs to read a file in the ~/.local/share subdirectory. 

Is there a new specific interface for that? 

>>   ifdef(`init_systemd', `
>>   	# gdm3 causes system_dbusd_t to want this access
>>   	dev_rw_dri(system_dbusd_t)

Regards, 

Guido