[selinux-policy: 905/3172] dbus obj class cleanup

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 20:23:15 UTC 2010 

commit dab808bde7f621f16afda301eb56ea130ed8e2b0
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Tue Nov 1 15:11:05 2005 +0000

    dbus obj class cleanup

 refpolicy/policy/modules/services/bind.te |   16 +++++++++++-----
 refpolicy/policy/modules/services/hal.te  |   18 +++++++++---------
 2 files changed, 20 insertions(+), 14 deletions(-)
---
diff --git a/refpolicy/policy/modules/services/bind.te b/refpolicy/policy/modules/services/bind.te
index c811b1f..7023453 100644
--- a/refpolicy/policy/modules/services/bind.te
+++ b/refpolicy/policy/modules/services/bind.te
@@ -270,20 +270,26 @@ optional_policy(`nscd.te',`
 # Partially converted rules.  THESE ARE ONLY TEMPORARY
 #
 
+gen_require(`
+	class dbus send_msg;
+')
+
+allow named_t initrc_t:dbus send_msg;
+
 # cjp: this whole block was originally in networkmanager
 optional_policy(`networkmanager.te',`
 	gen_require(`
 		type NetworkManager_t;
 	')
 
-	optional_policy(`dbus.te',`
-		gen_require(`
-			class dbus send_msg;
-		')
+#	optional_policy(`dbus.te',`
+#		gen_require(`
+#			class dbus send_msg;
+#		')
 
 		allow NetworkManager_t named_t:dbus send_msg;
 		allow named_t NetworkManager_t:dbus send_msg;
-	')
+#	')
 
 	bind_domtrans(NetworkManager_t)
 
diff --git a/refpolicy/policy/modules/services/hal.te b/refpolicy/policy/modules/services/hal.te
index 6a94b41..6c80d20 100644
--- a/refpolicy/policy/modules/services/hal.te
+++ b/refpolicy/policy/modules/services/hal.te
@@ -178,26 +178,26 @@ optional_policy(`rhgb.te',`
 
 allow hald_t device_t:dir create_dir_perms;
 
-optional_policy(`updfstab.te',`
-allow updfstab_t hald_t:dbus send_msg;
-allow hald_t updfstab_t:dbus send_msg;
-')
-
 optional_policy(`hald.te',`
 allow udev_t hald_t:unix_dgram_socket sendto;
 ')
 
-allow hald_t initrc_t:dbus send_msg;
-allow initrc_t hald_t:dbus send_msg;
-
 # For /usr/libexec/hald-addon-acpi - writes to /var/run/acpid.socket
 ifdef(`apmd.te', `
 allow hald_t apmd_var_run_t:sock_file write;
 allow hald_t apmd_t:unix_stream_socket connectto;
 ')
+') dnl end TODO
 
 ifdef(`targeted_policy', `
 allow unconfined_t hald_t:dbus send_msg;
 allow hald_t unconfined_t:dbus send_msg;
 ')
-') dnl end TODO
+
+optional_policy(`updfstab.te',`
+	allow updfstab_t hald_t:dbus send_msg;
+	allow hald_t updfstab_t:dbus send_msg;
+')
+
+allow hald_t initrc_t:dbus send_msg;
+allow initrc_t hald_t:dbus send_msg;

More information about the scm-commits mailing list