From mboxrd@z Thu Jan  1 00:00:00 1970
From: dominick.grift@gmail.com (Dominick Grift)
Date: Thu, 26 Sep 2013 15:16:55 +0200
Subject: [refpolicy] [PATCH 10/20] xserver: xdm chats with accounts
 daemon over dbus
In-Reply-To: <524432B6.3060709@tresys.com>
References: <1380029985-25240-1-git-send-email-dominick.grift@gmail.com>
	<524432B6.3060709@tresys.com>
Message-ID: <1380201415.2561.12.camel@d30>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Thu, 2013-09-26 at 09:12 -0400, Christopher J. PeBenito wrote:
> On Tue 24 Sep 2013 09:39:45 AM EDT, Dominick Grift wrote:
> > make xdm_t a dbus session bus client type so that unconfined_t can chat
> > with it and acquire service on it
> >
> > Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
> > ---
> >  policy/modules/services/xserver.te | 9 +++++++++
> >  1 file changed, 9 insertions(+)
> >
> > diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
> > index 4f6d693..63298c5 100644
> > --- a/policy/modules/services/xserver.te
> > +++ b/policy/modules/services/xserver.te
> > @@ -502,6 +502,10 @@ tunable_policy(`xdm_sysadm_login',`
> >  ')
> >
> >  optional_policy(`
> > +	accountsd_dbus_chat(xdm_t)
> > +')
> 
> I think it makes more sense for this to be nested in the optional you 
> added below for the dbus session bus.

Yes i noticed that as well and i will redo this

> 
> > +optional_policy(`
> >  	alsa_domtrans(xdm_t)
> >  ')
> >
> > @@ -514,6 +518,11 @@ optional_policy(`
> >  ')
> >
> >  optional_policy(`
> > +	dbus_system_bus_client(xdm_t)
> > +	dbus_connect_system_bus(xdm_t)
> > +')
> > +
> > +optional_policy(`
> >  	# Talk to the console mouse server.
> >  	gpm_stream_connect(xdm_t)
> >  	gpm_setattr_gpmctl(xdm_t)
> 
> 
> 
> --
> Chris PeBenito
> Tresys Technology, LLC
> www.tresys.com | oss.tresys.com