* [refpolicy] [PATCH 4/34]: patch to make cpufreqselector usable with dbus
@ 2011-02-16 6:00 Guido Trentalancia
2011-02-22 16:36 ` Christopher J. PeBenito
0 siblings, 1 reply; 2+ messages in thread
From: Guido Trentalancia @ 2011-02-16 6:00 UTC (permalink / raw)
To: refpolicy
This patch adds a new interface to the cpufreqselector module
to allow dbus chat. It then uses such interface to allow dbus chat
with system_dbusd_t and xdm_t. This patch also adds some other
permissions needed to run cpufreqselector.
diff -pruN refpolicy-git-02022011-test-apply/policy/modules/apps/cpufreqselector.if refpolicy-git-02022011-test-apply2/policy/modules/apps/cpufreqselector.if
--- refpolicy-git-02022011-test-apply/policy/modules/apps/cpufreqselector.if 2011-01-08 19:07:21.176730930 +0100
+++ refpolicy-git-02022011-test-apply2/policy/modules/apps/cpufreqselector.if 2011-02-07 00:44:07.572642438 +0100
@@ -1 +1,22 @@
## <summary>Command-line CPU frequency settings.</summary>
+
+########################################
+## <summary>
+## Send and receive messages from
+## cpufreq-selector over dbus.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`cpufreqselector_dbus_chat',`
+ gen_require(`
+ type cpufreqselector_t;
+ class dbus send_msg;
+ ')
+
+ allow $1 cpufreqselector_t:dbus send_msg;
+ allow cpufreqselector_t $1:dbus send_msg;
+')
diff -pruN refpolicy-git-02022011-test-apply/policy/modules/apps/cpufreqselector.te refpolicy-git-02022011-test-apply2/policy/modules/apps/cpufreqselector.te
--- refpolicy-git-02022011-test-apply/policy/modules/apps/cpufreqselector.te 2011-01-08 19:07:21.177731088 +0100
+++ refpolicy-git-02022011-test-apply2/policy/modules/apps/cpufreqselector.te 2011-02-07 00:44:07.573642603 +0100
@@ -15,8 +15,11 @@ application_domain(cpufreqselector_t, cp
#
allow cpufreqselector_t self:capability { sys_nice sys_ptrace };
+allow cpufreqselector_t self:process getsched;
allow cpufreqselector_t self:fifo_file rw_fifo_file_perms;
+kernel_read_system_state(cpufreqselector_t)
+
files_read_etc_files(cpufreqselector_t)
files_read_usr_files(cpufreqselector_t)
diff -pruN refpolicy-git-02022011-test-apply/policy/modules/services/dbus.te refpolicy-git-02022011-test-apply2/policy/modules/services/dbus.te
--- refpolicy-git-02022011-test-apply/policy/modules/services/dbus.te 2011-01-08 19:07:21.238740722 +0100
+++ refpolicy-git-02022011-test-apply2/policy/modules/services/dbus.te 2011-02-07 00:45:11.917246756 +0100
@@ -141,6 +141,10 @@ optional_policy(`
')
optional_policy(`
+ cpufreqselector_dbus_chat(system_dbusd_t)
+')
+
+optional_policy(`
policykit_dbus_chat(system_dbusd_t)
policykit_domtrans_auth(system_dbusd_t)
policykit_search_lib(system_dbusd_t)
diff -pruN refpolicy-git-02022011-test-apply/policy/modules/services/xserver.te refpolicy-git-02022011-test-apply2/policy/modules/services/xserver.te
--- refpolicy-git-02022011-test-apply/policy/modules/services/xserver.te 2011-01-08 19:07:21.344757464 +0100
+++ refpolicy-git-02022011-test-apply2/policy/modules/services/xserver.te 2011-02-07 00:46:02.605388279 +0100
@@ -516,6 +516,10 @@ optional_policy(`
')
optional_policy(`
+ cpufreqselector_dbus_chat(xdm_t)
+')
+
+optional_policy(`
# Talk to the console mouse server.
gpm_stream_connect(xdm_t)
gpm_setattr_gpmctl(xdm_t)
^ permalink raw reply [flat|nested] 2+ messages in thread
* [refpolicy] [PATCH 4/34]: patch to make cpufreqselector usable with dbus
2011-02-16 6:00 [refpolicy] [PATCH 4/34]: patch to make cpufreqselector usable with dbus Guido Trentalancia
@ 2011-02-22 16:36 ` Christopher J. PeBenito
0 siblings, 0 replies; 2+ messages in thread
From: Christopher J. PeBenito @ 2011-02-22 16:36 UTC (permalink / raw)
To: refpolicy
On 02/16/11 01:00, Guido Trentalancia wrote:
> This patch adds a new interface to the cpufreqselector module
> to allow dbus chat. It then uses such interface to allow dbus chat
> with system_dbusd_t and xdm_t. This patch also adds some other
> permissions needed to run cpufreqselector.
Merged.
> diff -pruN refpolicy-git-02022011-test-apply/policy/modules/apps/cpufreqselector.if refpolicy-git-02022011-test-apply2/policy/modules/apps/cpufreqselector.if
> --- refpolicy-git-02022011-test-apply/policy/modules/apps/cpufreqselector.if 2011-01-08 19:07:21.176730930 +0100
> +++ refpolicy-git-02022011-test-apply2/policy/modules/apps/cpufreqselector.if 2011-02-07 00:44:07.572642438 +0100
> @@ -1 +1,22 @@
> ## <summary>Command-line CPU frequency settings.</summary>
> +
> +########################################
> +## <summary>
> +## Send and receive messages from
> +## cpufreq-selector over dbus.
> +## </summary>
> +## <param name="domain">
> +## <summary>
> +## Domain allowed access.
> +## </summary>
> +## </param>
> +#
> +interface(`cpufreqselector_dbus_chat',`
> + gen_require(`
> + type cpufreqselector_t;
> + class dbus send_msg;
> + ')
> +
> + allow $1 cpufreqselector_t:dbus send_msg;
> + allow cpufreqselector_t $1:dbus send_msg;
> +')
> diff -pruN refpolicy-git-02022011-test-apply/policy/modules/apps/cpufreqselector.te refpolicy-git-02022011-test-apply2/policy/modules/apps/cpufreqselector.te
> --- refpolicy-git-02022011-test-apply/policy/modules/apps/cpufreqselector.te 2011-01-08 19:07:21.177731088 +0100
> +++ refpolicy-git-02022011-test-apply2/policy/modules/apps/cpufreqselector.te 2011-02-07 00:44:07.573642603 +0100
> @@ -15,8 +15,11 @@ application_domain(cpufreqselector_t, cp
> #
>
> allow cpufreqselector_t self:capability { sys_nice sys_ptrace };
> +allow cpufreqselector_t self:process getsched;
> allow cpufreqselector_t self:fifo_file rw_fifo_file_perms;
>
> +kernel_read_system_state(cpufreqselector_t)
> +
> files_read_etc_files(cpufreqselector_t)
> files_read_usr_files(cpufreqselector_t)
>
> diff -pruN refpolicy-git-02022011-test-apply/policy/modules/services/dbus.te refpolicy-git-02022011-test-apply2/policy/modules/services/dbus.te
> --- refpolicy-git-02022011-test-apply/policy/modules/services/dbus.te 2011-01-08 19:07:21.238740722 +0100
> +++ refpolicy-git-02022011-test-apply2/policy/modules/services/dbus.te 2011-02-07 00:45:11.917246756 +0100
> @@ -141,6 +141,10 @@ optional_policy(`
> ')
>
> optional_policy(`
> + cpufreqselector_dbus_chat(system_dbusd_t)
> +')
> +
> +optional_policy(`
> policykit_dbus_chat(system_dbusd_t)
> policykit_domtrans_auth(system_dbusd_t)
> policykit_search_lib(system_dbusd_t)
> diff -pruN refpolicy-git-02022011-test-apply/policy/modules/services/xserver.te refpolicy-git-02022011-test-apply2/policy/modules/services/xserver.te
> --- refpolicy-git-02022011-test-apply/policy/modules/services/xserver.te 2011-01-08 19:07:21.344757464 +0100
> +++ refpolicy-git-02022011-test-apply2/policy/modules/services/xserver.te 2011-02-07 00:46:02.605388279 +0100
> @@ -516,6 +516,10 @@ optional_policy(`
> ')
>
> optional_policy(`
> + cpufreqselector_dbus_chat(xdm_t)
> +')
> +
> +optional_policy(`
> # Talk to the console mouse server.
> gpm_stream_connect(xdm_t)
> gpm_setattr_gpmctl(xdm_t)
>
>
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
--
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2011-02-22 16:36 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-02-16 6:00 [refpolicy] [PATCH 4/34]: patch to make cpufreqselector usable with dbus Guido Trentalancia
2011-02-22 16:36 ` Christopher J. PeBenito
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.