commit: 8cae0e05081a2d859bc3c4861a2ecd7787ad3e11
Author: Chris PeBenito <pebenito <AT> ieee <DOT> org>
AuthorDate: Sun Aug 14 19:13:24 2016 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Wed Aug 17 16:22:44 2016 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=8cae0e05
Update for the xserver module:
- updated the file contexts for the Xsession script;
- created an interface for chatting over dbus with
xdm (currently used by the userdomain module in
the common user template);
- added permission to chat over dbus with colord.
Signed-off-by: Guido Trentalancia <guido <AT> trentalancia.net>
policy/modules/services/xserver.if | 21 +++++++++++++++++++++
policy/modules/services/xserver.te | 6 +++++-
2 files changed, 26 insertions(+), 1 deletion(-)
diff --git a/policy/modules/services/xserver.if
b/policy/modules/services/xserver.if
index 6bf0ecc..690c2b6 100644
--- a/policy/modules/services/xserver.if
+++ b/policy/modules/services/xserver.if
@@ -713,6 +713,27 @@ interface(`xserver_dontaudit_rw_xdm_pipes',`
########################################
## <summary>
+## Send and receive messages from
+## xdm over dbus.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`xserver_dbus_chat_xdm',`
+ gen_require(`
+ type xdm_t;
+ class dbus send_msg;
+ ')
+
+ allow $1 xdm_t:dbus send_msg;
+ allow xdm_t $1:dbus send_msg;
+')
+
+########################################
+## <summary>
## Read xdm process state files.
## </summary>
## <param name="domain">
diff --git a/policy/modules/services/xserver.te
b/policy/modules/services/xserver.te
index fc19905..44a561b 100644
--- a/policy/modules/services/xserver.te
+++ b/policy/modules/services/xserver.te
@@ -1,4 +1,4 @@
-policy_module(xserver, 3.11.3)
+policy_module(xserver, 3.11.4)
gen_require(`
class x_drawable all_x_drawable_perms;
@@ -511,6 +511,10 @@ optional_policy(`
')
optional_policy(`
+ colord_dbus_chat(xdm_t)
+')
+
+optional_policy(`
consolekit_dbus_chat(xdm_t)
')
