commit: eae74f80d6ed5f475ecf7fe3c476d8047aca6f39 Author: Guido Trentalancia <guido <AT> trentalancia <DOT> net> AuthorDate: Thu Apr 13 23:26:10 2017 +0000 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> CommitDate: Sun Apr 30 14:17:43 2017 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=eae74f80
wm: load the NetworkManager applet Gnome-shell needs to read NetworkManager configuration files in /etc in order to correctly run the applet. Signed-off-by: Guido Trentalancia <guido <AT> trentalancia.net> policy/modules/contrib/networkmanager.if | 20 ++++++++++++++++++++ policy/modules/contrib/wm.te | 2 ++ 2 files changed, 22 insertions(+) diff --git a/policy/modules/contrib/networkmanager.if b/policy/modules/contrib/networkmanager.if index 10688d21..3c5073d1 100644 --- a/policy/modules/contrib/networkmanager.if +++ b/policy/modules/contrib/networkmanager.if @@ -172,6 +172,26 @@ interface(`networkmanager_signal',` ') ######################################## +### <summary> +### Read networkmanager etc files. +### </summary> +### <param name="domain"> +### <summary> +### Domain allowed access. +### </summary> +### </param> +## +interface(`networkmanager_read_etc_files',` + gen_require(` + type NetworkManager_etc_t; + ') + + files_search_etc($1) + list_dirs_pattern($1, NetworkManager_etc_t, NetworkManager_etc_t) + read_files_pattern($1, NetworkManager_etc_t, NetworkManager_etc_t) +') + +######################################## ## <summary> ## Create, read, and write ## networkmanager library files. diff --git a/policy/modules/contrib/wm.te b/policy/modules/contrib/wm.te index e5f65316..77dcc432 100644 --- a/policy/modules/contrib/wm.te +++ b/policy/modules/contrib/wm.te @@ -68,6 +68,8 @@ miscfiles_read_fonts(wm_domain) miscfiles_read_generic_certs(wm_domain) miscfiles_read_localization(wm_domain) +networkmanager_read_etc_files(wm_domain) + udev_read_pid_files(wm_domain) # this is needed by gnome-shell
