[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/roles/

Sat, 06 Dec 2014 01:03:07 -0800 

commit:     504ccfdd5b8e902defb65a4f644e8c81829afaec
Author:     Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Tue Dec  2 12:00:05 2014 +0000
Commit:     Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Sat Dec  6 09:01:48 2014 +0000
URL:        
http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=504ccfdd

Allow users to talk to devicekit

Needed to read battery status and disk info and for suspend

Gentoo bug: 531784

type=USER_AVC msg=audit(1417367573.060:234): pid=3121 uid=101
auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t
msg='avc:  denied  { send_msg } for msgtype=signal
interface=org.freedesktop.UPower member=DeviceChanged
dest=org.freedesktop.DBus spid=3606 tpid=3858
scontext=system_u:system_r:devicekit_power_t
tcontext=staff_u:staff_r:staff_t tclass=dbus  exe="/usr/bin/dbus-daemon"
sauid=101 hostname=? addr=? terminal=?'

type=USER_AVC msg=audit(1417363447.011:103525): pid=3339 uid=101
auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t
msg='avc:  denied  { send_msg } for msgtype=signal
interface=org.freedesktop.DBus.Properties member=PropertiesChanged
dest=org.freedesktop.DBus spid=4094 tpid=4090
scontext=system_u:system_r:devicekit_disk_t
tcontext=staff_u:staff_r:staff_t tclass=dbus  exe="/usr/bin/dbus-daemon"
sauid=101 hostname=? addr=? terminal=?'

---
 policy/modules/roles/staff.te      | 6 ++++++
 policy/modules/roles/unprivuser.te | 5 +++++
 2 files changed, 11 insertions(+)

diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te
index d98704d..13ecf4d 100644
--- a/policy/modules/roles/staff.te
+++ b/policy/modules/roles/staff.te
@@ -200,6 +200,12 @@ ifdef(`distro_gentoo',`
        ')
 
        optional_policy(`
+               # bug 531784
+               devicekit_dbus_chat_disk(staff_t)
+               devicekit_dbus_chat_power(staff_t)
+       ')
+
+       optional_policy(`
                dropbox_role(staff_r, staff_t)
        ')
 

diff --git a/policy/modules/roles/unprivuser.te 
b/policy/modules/roles/unprivuser.te
index 5c12488..93e2d60 100644
--- a/policy/modules/roles/unprivuser.te
+++ b/policy/modules/roles/unprivuser.te
@@ -185,6 +185,11 @@ ifdef(`distro_gentoo',`
        ')
 
        optional_policy(`
+               devicekit_dbus_chat_disk(user_t)
+               devicekit_dbus_chat_power(user_t)
+       ')
+
+       optional_policy(`
                dropbox_role(user_r, user_t)
        ')

Reply via email to