From mboxrd@z Thu Jan  1 00:00:00 1970
From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Thu, 26 Sep 2013 09:12:22 -0400
Subject: [refpolicy] [PATCH 10/20] xserver: xdm chats with accounts
 daemon over dbus
In-Reply-To: <1380029985-25240-1-git-send-email-dominick.grift@gmail.com>
References: <1380029985-25240-1-git-send-email-dominick.grift@gmail.com>
Message-ID: <524432B6.3060709@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Tue 24 Sep 2013 09:39:45 AM EDT, Dominick Grift wrote:
> make xdm_t a dbus session bus client type so that unconfined_t can chat
> with it and acquire service on it
>
> Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
> ---
>  policy/modules/services/xserver.te | 9 +++++++++
>  1 file changed, 9 insertions(+)
>
> diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
> index 4f6d693..63298c5 100644
> --- a/policy/modules/services/xserver.te
> +++ b/policy/modules/services/xserver.te
> @@ -502,6 +502,10 @@ tunable_policy(`xdm_sysadm_login',`
>  ')
>
>  optional_policy(`
> +	accountsd_dbus_chat(xdm_t)
> +')

I think it makes more sense for this to be nested in the optional you 
added below for the dbus session bus.

> +optional_policy(`
>  	alsa_domtrans(xdm_t)
>  ')
>
> @@ -514,6 +518,11 @@ optional_policy(`
>  ')
>
>  optional_policy(`
> +	dbus_system_bus_client(xdm_t)
> +	dbus_connect_system_bus(xdm_t)
> +')
> +
> +optional_policy(`
>  	# Talk to the console mouse server.
>  	gpm_stream_connect(xdm_t)
>  	gpm_setattr_gpmctl(xdm_t)



--
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com