[selinux-policy: 905/3172] dbus obj class cleanup
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 20:23:15 UTC 2010
commit dab808bde7f621f16afda301eb56ea130ed8e2b0
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Tue Nov 1 15:11:05 2005 +0000
dbus obj class cleanup
refpolicy/policy/modules/services/bind.te | 16 +++++++++++-----
refpolicy/policy/modules/services/hal.te | 18 +++++++++---------
2 files changed, 20 insertions(+), 14 deletions(-)
---
diff --git a/refpolicy/policy/modules/services/bind.te b/refpolicy/policy/modules/services/bind.te
index c811b1f..7023453 100644
--- a/refpolicy/policy/modules/services/bind.te
+++ b/refpolicy/policy/modules/services/bind.te
@@ -270,20 +270,26 @@ optional_policy(`nscd.te',`
# Partially converted rules. THESE ARE ONLY TEMPORARY
#
+gen_require(`
+ class dbus send_msg;
+')
+
+allow named_t initrc_t:dbus send_msg;
+
# cjp: this whole block was originally in networkmanager
optional_policy(`networkmanager.te',`
gen_require(`
type NetworkManager_t;
')
- optional_policy(`dbus.te',`
- gen_require(`
- class dbus send_msg;
- ')
+# optional_policy(`dbus.te',`
+# gen_require(`
+# class dbus send_msg;
+# ')
allow NetworkManager_t named_t:dbus send_msg;
allow named_t NetworkManager_t:dbus send_msg;
- ')
+# ')
bind_domtrans(NetworkManager_t)
diff --git a/refpolicy/policy/modules/services/hal.te b/refpolicy/policy/modules/services/hal.te
index 6a94b41..6c80d20 100644
--- a/refpolicy/policy/modules/services/hal.te
+++ b/refpolicy/policy/modules/services/hal.te
@@ -178,26 +178,26 @@ optional_policy(`rhgb.te',`
allow hald_t device_t:dir create_dir_perms;
-optional_policy(`updfstab.te',`
-allow updfstab_t hald_t:dbus send_msg;
-allow hald_t updfstab_t:dbus send_msg;
-')
-
optional_policy(`hald.te',`
allow udev_t hald_t:unix_dgram_socket sendto;
')
-allow hald_t initrc_t:dbus send_msg;
-allow initrc_t hald_t:dbus send_msg;
-
# For /usr/libexec/hald-addon-acpi - writes to /var/run/acpid.socket
ifdef(`apmd.te', `
allow hald_t apmd_var_run_t:sock_file write;
allow hald_t apmd_t:unix_stream_socket connectto;
')
+') dnl end TODO
ifdef(`targeted_policy', `
allow unconfined_t hald_t:dbus send_msg;
allow hald_t unconfined_t:dbus send_msg;
')
-') dnl end TODO
+
+optional_policy(`updfstab.te',`
+ allow updfstab_t hald_t:dbus send_msg;
+ allow hald_t updfstab_t:dbus send_msg;
+')
+
+allow hald_t initrc_t:dbus send_msg;
+allow initrc_t hald_t:dbus send_msg;
More information about the scm-commits
mailing list