From mboxrd@z Thu Jan 1 00:00:00 1970
From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Tue, 22 Feb 2011 11:36:33 -0500
Subject: [refpolicy] [PATCH 4/34]: patch to make cpufreqselector usable
with dbus
In-Reply-To: <1297836056.3205.33.camel@tesla.lan>
References: <1297836056.3205.33.camel@tesla.lan>
Message-ID: <4D63E611.3090906@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com
On 02/16/11 01:00, Guido Trentalancia wrote:
> This patch adds a new interface to the cpufreqselector module
> to allow dbus chat. It then uses such interface to allow dbus chat
> with system_dbusd_t and xdm_t. This patch also adds some other
> permissions needed to run cpufreqselector.
Merged.
> diff -pruN refpolicy-git-02022011-test-apply/policy/modules/apps/cpufreqselector.if refpolicy-git-02022011-test-apply2/policy/modules/apps/cpufreqselector.if
> --- refpolicy-git-02022011-test-apply/policy/modules/apps/cpufreqselector.if 2011-01-08 19:07:21.176730930 +0100
> +++ refpolicy-git-02022011-test-apply2/policy/modules/apps/cpufreqselector.if 2011-02-07 00:44:07.572642438 +0100
> @@ -1 +1,22 @@
> ## Command-line CPU frequency settings.
> +
> +########################################
> +##
> +## Send and receive messages from
> +## cpufreq-selector over dbus.
> +##
> +##
> +##
> +## Domain allowed access.
> +##
> +##
> +#
> +interface(`cpufreqselector_dbus_chat',`
> + gen_require(`
> + type cpufreqselector_t;
> + class dbus send_msg;
> + ')
> +
> + allow $1 cpufreqselector_t:dbus send_msg;
> + allow cpufreqselector_t $1:dbus send_msg;
> +')
> diff -pruN refpolicy-git-02022011-test-apply/policy/modules/apps/cpufreqselector.te refpolicy-git-02022011-test-apply2/policy/modules/apps/cpufreqselector.te
> --- refpolicy-git-02022011-test-apply/policy/modules/apps/cpufreqselector.te 2011-01-08 19:07:21.177731088 +0100
> +++ refpolicy-git-02022011-test-apply2/policy/modules/apps/cpufreqselector.te 2011-02-07 00:44:07.573642603 +0100
> @@ -15,8 +15,11 @@ application_domain(cpufreqselector_t, cp
> #
>
> allow cpufreqselector_t self:capability { sys_nice sys_ptrace };
> +allow cpufreqselector_t self:process getsched;
> allow cpufreqselector_t self:fifo_file rw_fifo_file_perms;
>
> +kernel_read_system_state(cpufreqselector_t)
> +
> files_read_etc_files(cpufreqselector_t)
> files_read_usr_files(cpufreqselector_t)
>
> diff -pruN refpolicy-git-02022011-test-apply/policy/modules/services/dbus.te refpolicy-git-02022011-test-apply2/policy/modules/services/dbus.te
> --- refpolicy-git-02022011-test-apply/policy/modules/services/dbus.te 2011-01-08 19:07:21.238740722 +0100
> +++ refpolicy-git-02022011-test-apply2/policy/modules/services/dbus.te 2011-02-07 00:45:11.917246756 +0100
> @@ -141,6 +141,10 @@ optional_policy(`
> ')
>
> optional_policy(`
> + cpufreqselector_dbus_chat(system_dbusd_t)
> +')
> +
> +optional_policy(`
> policykit_dbus_chat(system_dbusd_t)
> policykit_domtrans_auth(system_dbusd_t)
> policykit_search_lib(system_dbusd_t)
> diff -pruN refpolicy-git-02022011-test-apply/policy/modules/services/xserver.te refpolicy-git-02022011-test-apply2/policy/modules/services/xserver.te
> --- refpolicy-git-02022011-test-apply/policy/modules/services/xserver.te 2011-01-08 19:07:21.344757464 +0100
> +++ refpolicy-git-02022011-test-apply2/policy/modules/services/xserver.te 2011-02-07 00:46:02.605388279 +0100
> @@ -516,6 +516,10 @@ optional_policy(`
> ')
>
> optional_policy(`
> + cpufreqselector_dbus_chat(xdm_t)
> +')
> +
> +optional_policy(`
> # Talk to the console mouse server.
> gpm_stream_connect(xdm_t)
> gpm_setattr_gpmctl(xdm_t)
>
>
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
--
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com