* [refpolicy] [PATCH 10/34]: patch to list/read consolekit pid files
@ 2011-02-16 6:08 Guido Trentalancia
2011-02-23 14:25 ` Christopher J. PeBenito
0 siblings, 1 reply; 3+ messages in thread
From: Guido Trentalancia @ 2011-02-16 6:08 UTC (permalink / raw)
To: refpolicy
This patch adds a new interface to the consolekit module so that
pid files can be listed. It then uses such interface so that
consolekit pid files can be listed and read by both dbus and policykit.
diff -pruN refpolicy-git-02022011-test-apply/policy/modules/services/consolekit.if refpolicy-git-02022011-test-apply2/policy/modules/services/consolekit.if
--- refpolicy-git-02022011-test-apply/policy/modules/services/consolekit.if 2011-01-08 19:07:21.232739776 +0100
+++ refpolicy-git-02022011-test-apply2/policy/modules/services/consolekit.if 2011-02-07 01:37:43.085350703 +0100
@@ -79,6 +79,24 @@ interface(`consolekit_manage_log',`
########################################
## <summary>
+## List consolekit PID files.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`consolekit_list_pid_files',`
+ gen_require(`
+ type consolekit_var_run_t;
+ ')
+
+ list_dirs_pattern($1, consolekit_var_run_t, consolekit_var_run_t)
+')
+
+########################################
+## <summary>
## Read consolekit PID files.
## </summary>
## <param name="domain">
diff -pruN refpolicy-git-02022011-test-apply/policy/modules/services/dbus.te refpolicy-git-02022011-test-apply2/policy/modules/services/dbus.te
--- refpolicy-git-02022011-test-apply/policy/modules/services/dbus.te 2011-02-07 01:14:05.487312743 +0100
+++ refpolicy-git-02022011-test-apply2/policy/modules/services/dbus.te 2011-02-07 01:38:44.965333102 +0100
@@ -141,6 +141,11 @@ optional_policy(`
')
optional_policy(`
+ consolekit_list_pid_files(system_dbusd_t)
+ consolekit_read_pid_files(system_dbusd_t)
+')
+
+optional_policy(`
cpufreqselector_dbus_chat(system_dbusd_t)
')
diff -pruN refpolicy-git-02022011-test-apply/policy/modules/services/policykit.te refpolicy-git-02022011-test-apply2/policy/modules/services/policykit.te
--- refpolicy-git-02022011-test-apply/policy/modules/services/policykit.te 2011-02-07 01:01:15.075210887 +0100
+++ refpolicy-git-02022011-test-apply2/policy/modules/services/policykit.te 2011-02-07 01:40:21.323469411 +0100
@@ -70,6 +70,11 @@ miscfiles_read_localization(policykit_t)
userdom_read_all_users_state(policykit_t)
optional_policy(`
+ consolekit_list_pid_files(policykit_t)
+ consolekit_read_pid_files(policykit_t)
+')
+
+optional_policy(`
gnome_read_config(policykit_t)
')
^ permalink raw reply [flat|nested] 3+ messages in thread
* [refpolicy] [PATCH 10/34]: patch to list/read consolekit pid files
2011-02-16 6:08 [refpolicy] [PATCH 10/34]: patch to list/read consolekit pid files Guido Trentalancia
@ 2011-02-23 14:25 ` Christopher J. PeBenito
2011-02-23 19:23 ` Guido Trentalancia
0 siblings, 1 reply; 3+ messages in thread
From: Christopher J. PeBenito @ 2011-02-23 14:25 UTC (permalink / raw)
To: refpolicy
On 02/16/11 01:08, Guido Trentalancia wrote:
> This patch adds a new interface to the consolekit module so that
> pid files can be listed. It then uses such interface so that
> consolekit pid files can be listed and read by both dbus and policykit.
>
> diff -pruN refpolicy-git-02022011-test-apply/policy/modules/services/consolekit.if refpolicy-git-02022011-test-apply2/policy/modules/services/consolekit.if
> --- refpolicy-git-02022011-test-apply/policy/modules/services/consolekit.if 2011-01-08 19:07:21.232739776 +0100
> +++ refpolicy-git-02022011-test-apply2/policy/modules/services/consolekit.if 2011-02-07 01:37:43.085350703 +0100
> @@ -79,6 +79,24 @@ interface(`consolekit_manage_log',`
>
> ########################################
> ## <summary>
> +## List consolekit PID files.
> +## </summary>
> +## <param name="domain">
> +## <summary>
> +## Domain allowed access.
> +## </summary>
> +## </param>
> +#
> +interface(`consolekit_list_pid_files',`
> + gen_require(`
> + type consolekit_var_run_t;
> + ')
> +
> + list_dirs_pattern($1, consolekit_var_run_t, consolekit_var_run_t)
> +')
> +
> +########################################
> +## <summary>
> ## Read consolekit PID files.
> ## </summary>
> ## <param name="domain">
> diff -pruN refpolicy-git-02022011-test-apply/policy/modules/services/dbus.te refpolicy-git-02022011-test-apply2/policy/modules/services/dbus.te
> --- refpolicy-git-02022011-test-apply/policy/modules/services/dbus.te 2011-02-07 01:14:05.487312743 +0100
> +++ refpolicy-git-02022011-test-apply2/policy/modules/services/dbus.te 2011-02-07 01:38:44.965333102 +0100
> @@ -141,6 +141,11 @@ optional_policy(`
> ')
>
> optional_policy(`
> + consolekit_list_pid_files(system_dbusd_t)
> + consolekit_read_pid_files(system_dbusd_t)
> +')
> +
> +optional_policy(`
> cpufreqselector_dbus_chat(system_dbusd_t)
> ')
>
> diff -pruN refpolicy-git-02022011-test-apply/policy/modules/services/policykit.te refpolicy-git-02022011-test-apply2/policy/modules/services/policykit.te
> --- refpolicy-git-02022011-test-apply/policy/modules/services/policykit.te 2011-02-07 01:01:15.075210887 +0100
> +++ refpolicy-git-02022011-test-apply2/policy/modules/services/policykit.te 2011-02-07 01:40:21.323469411 +0100
> @@ -70,6 +70,11 @@ miscfiles_read_localization(policykit_t)
> userdom_read_all_users_state(policykit_t)
>
> optional_policy(`
> + consolekit_list_pid_files(policykit_t)
> + consolekit_read_pid_files(policykit_t)
> +')
> +
> +optional_policy(`
> gnome_read_config(policykit_t)
> ')
I think it would be fine just to add the list permission to the
read_pid_files interface.
--
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com
^ permalink raw reply [flat|nested] 3+ messages in thread
* [refpolicy] [PATCH 10/34]: patch to list/read consolekit pid files
2011-02-23 14:25 ` Christopher J. PeBenito
@ 2011-02-23 19:23 ` Guido Trentalancia
0 siblings, 0 replies; 3+ messages in thread
From: Guido Trentalancia @ 2011-02-23 19:23 UTC (permalink / raw)
To: refpolicy
On Wed, 23/02/2011 at 09.25 -0500, Christopher J. PeBenito wrote:
> On 02/16/11 01:08, Guido Trentalancia wrote:
> > This patch adds a new interface to the consolekit module so that
> > pid files can be listed. It then uses such interface so that
> > consolekit pid files can be listed and read by both dbus and policykit.
> >
> > diff -pruN refpolicy-git-02022011-test-apply/policy/modules/services/consolekit.if refpolicy-git-02022011-test-apply2/policy/modules/services/consolekit.if
> > --- refpolicy-git-02022011-test-apply/policy/modules/services/consolekit.if 2011-01-08 19:07:21.232739776 +0100
> > +++ refpolicy-git-02022011-test-apply2/policy/modules/services/consolekit.if 2011-02-07 01:37:43.085350703 +0100
> > @@ -79,6 +79,24 @@ interface(`consolekit_manage_log',`
> >
> > ########################################
> > ## <summary>
> > +## List consolekit PID files.
> > +## </summary>
> > +## <param name="domain">
> > +## <summary>
> > +## Domain allowed access.
> > +## </summary>
> > +## </param>
> > +#
> > +interface(`consolekit_list_pid_files',`
> > + gen_require(`
> > + type consolekit_var_run_t;
> > + ')
> > +
> > + list_dirs_pattern($1, consolekit_var_run_t, consolekit_var_run_t)
> > +')
> > +
> > +########################################
> > +## <summary>
> > ## Read consolekit PID files.
> > ## </summary>
> > ## <param name="domain">
> > diff -pruN refpolicy-git-02022011-test-apply/policy/modules/services/dbus.te refpolicy-git-02022011-test-apply2/policy/modules/services/dbus.te
> > --- refpolicy-git-02022011-test-apply/policy/modules/services/dbus.te 2011-02-07 01:14:05.487312743 +0100
> > +++ refpolicy-git-02022011-test-apply2/policy/modules/services/dbus.te 2011-02-07 01:38:44.965333102 +0100
> > @@ -141,6 +141,11 @@ optional_policy(`
> > ')
> >
> > optional_policy(`
> > + consolekit_list_pid_files(system_dbusd_t)
> > + consolekit_read_pid_files(system_dbusd_t)
> > +')
> > +
> > +optional_policy(`
> > cpufreqselector_dbus_chat(system_dbusd_t)
> > ')
> >
> > diff -pruN refpolicy-git-02022011-test-apply/policy/modules/services/policykit.te refpolicy-git-02022011-test-apply2/policy/modules/services/policykit.te
> > --- refpolicy-git-02022011-test-apply/policy/modules/services/policykit.te 2011-02-07 01:01:15.075210887 +0100
> > +++ refpolicy-git-02022011-test-apply2/policy/modules/services/policykit.te 2011-02-07 01:40:21.323469411 +0100
> > @@ -70,6 +70,11 @@ miscfiles_read_localization(policykit_t)
> > userdom_read_all_users_state(policykit_t)
> >
> > optional_policy(`
> > + consolekit_list_pid_files(policykit_t)
> > + consolekit_read_pid_files(policykit_t)
> > +')
> > +
> > +optional_policy(`
> > gnome_read_config(policykit_t)
> > ')
>
> I think it would be fine just to add the list permission to the
> read_pid_files interface.
Do you mean list_dir_perms in read interface and remove list interface ?
That's fine to me. It would improve the style.
Regards,
Guido
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2011-02-23 19:23 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-02-16 6:08 [refpolicy] [PATCH 10/34]: patch to list/read consolekit pid files Guido Trentalancia
2011-02-23 14:25 ` Christopher J. PeBenito
2011-02-23 19:23 ` Guido Trentalancia
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.