[refpolicy] policykit Debian paths and rules

All of lore.kernel.org
 help / color / mirror / Atom feed

* [refpolicy]  policykit Debian paths and rules
@ 2009-08-17 19:24 Martin Orr
  2009-08-18 13:50 ` Christopher J. PeBenito
  0 siblings, 1 reply; 2+ messages in thread
From: Martin Orr @ 2009-08-17 19:24 UTC (permalink / raw)
  To: refpolicy

The policykit binaries on Debian live in /usr/lib/policykit so add file
contexts for that.
Also a couple of policykit rules.

Index: policy/modules/services/policykit.fc
===================================================================
--- policy/modules/services/policykit.fc.orig
+++ policy/modules/services/policykit.fc
@@ -3,6 +3,11 @@
 /usr/libexec/polkit-resolve-exe-helper.* --	gen_context(system_u:object_r:policykit_resolve_exec_t,s0)
 /usr/libexec/polkitd			--	gen_context(system_u:object_r:policykit_exec_t,s0)
 
+/usr/lib/policykit/polkit-read-auth-helper --	gen_context(system_u:object_r:policykit_auth_exec_t,s0)
+/usr/lib/policykit/polkit-grant-helper.*   --	gen_context(system_u:object_r:policykit_grant_exec_t,s0)
+/usr/lib/policykit/polkit-resolve-exe-helper.* -- gen_context(system_u:object_r:policykit_resolve_exec_t,s0)
+/usr/lib/policykit/polkitd		--	gen_context(system_u:object_r:policykit_exec_t,s0)
+
 /var/lib/misc/PolicyKit.reload			gen_context(system_u:object_r:policykit_reload_t,s0)
 /var/lib/PolicyKit(/.*)?			gen_context(system_u:object_r:policykit_var_lib_t,s0)
 /var/lib/PolicyKit-public(/.*)?			gen_context(system_u:object_r:policykit_var_lib_t,s0)
Index: policy/modules/services/policykit.te
===================================================================
--- policy/modules/services/policykit.te.orig
+++ policy/modules/services/policykit.te
@@ -92,6 +92,8 @@
 manage_files_pattern(policykit_auth_t, policykit_var_run_t, policykit_var_run_t)
 files_pid_filetrans(policykit_auth_t, policykit_var_run_t, { file dir })
 
+kernel_read_system_state(policykit_auth_t)
+
 files_read_etc_files(policykit_auth_t)
 files_read_usr_files(policykit_auth_t)
 
@@ -105,6 +107,7 @@
 
 optional_policy(`
 	dbus_session_bus_client(policykit_auth_t)
+	dbus_system_bus_client(policykit_auth_t)
 
 	optional_policy(`
 		consolekit_dbus_chat(policykit_auth_t)

-- 
Martin Orr

^ permalink raw reply	[flat|nested] 2+ messages in thread

* [refpolicy] policykit Debian paths and rules
  2009-08-17 19:24 [refpolicy] policykit Debian paths and rules Martin Orr
@ 2009-08-18 13:50 ` Christopher J. PeBenito
  0 siblings, 0 replies; 2+ messages in thread
From: Christopher J. PeBenito @ 2009-08-18 13:50 UTC (permalink / raw)
  To: refpolicy

On Mon, 2009-08-17 at 20:24 +0100, Martin Orr wrote:
> The policykit binaries on Debian live in /usr/lib/policykit so add file
> contexts for that.
> Also a couple of policykit rules.

Merged, with a little reorganization.

> Index: policy/modules/services/policykit.fc
> ===================================================================
> --- policy/modules/services/policykit.fc.orig
> +++ policy/modules/services/policykit.fc
> @@ -3,6 +3,11 @@
>  /usr/libexec/polkit-resolve-exe-helper.* --	gen_context(system_u:object_r:policykit_resolve_exec_t,s0)
>  /usr/libexec/polkitd			--	gen_context(system_u:object_r:policykit_exec_t,s0)
>  
> +/usr/lib/policykit/polkit-read-auth-helper --	gen_context(system_u:object_r:policykit_auth_exec_t,s0)
> +/usr/lib/policykit/polkit-grant-helper.*   --	gen_context(system_u:object_r:policykit_grant_exec_t,s0)
> +/usr/lib/policykit/polkit-resolve-exe-helper.* -- gen_context(system_u:object_r:policykit_resolve_exec_t,s0)
> +/usr/lib/policykit/polkitd		--	gen_context(system_u:object_r:policykit_exec_t,s0)
> +
>  /var/lib/misc/PolicyKit.reload			gen_context(system_u:object_r:policykit_reload_t,s0)
>  /var/lib/PolicyKit(/.*)?			gen_context(system_u:object_r:policykit_var_lib_t,s0)
>  /var/lib/PolicyKit-public(/.*)?			gen_context(system_u:object_r:policykit_var_lib_t,s0)
> Index: policy/modules/services/policykit.te
> ===================================================================
> --- policy/modules/services/policykit.te.orig
> +++ policy/modules/services/policykit.te
> @@ -92,6 +92,8 @@
>  manage_files_pattern(policykit_auth_t, policykit_var_run_t, policykit_var_run_t)
>  files_pid_filetrans(policykit_auth_t, policykit_var_run_t, { file dir })
>  
> +kernel_read_system_state(policykit_auth_t)
> +
>  files_read_etc_files(policykit_auth_t)
>  files_read_usr_files(policykit_auth_t)
>  
> @@ -105,6 +107,7 @@
>  
>  optional_policy(`
>  	dbus_session_bus_client(policykit_auth_t)
> +	dbus_system_bus_client(policykit_auth_t)
>  
>  	optional_policy(`
>  		consolekit_dbus_chat(policykit_auth_t)
> 
-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2009-08-18 13:50 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-08-17 19:24 [refpolicy] policykit Debian paths and rules Martin Orr
2009-08-18 13:50 ` Christopher J. PeBenito

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.