Unconfined domains have unconfined access to all of dbus rather than only system bus

unconfined: unconfined_t is real-time scheduled by rtkit

Signed-off-by: Dominick Grift <dominick.grift@gmail.com>

policy/modules/system/unconfined.if

@@ -67,8 +67,7 @@ interface(`unconfined_domain_noaudit',`
 	')
 
 	optional_policy(`
-		# Communicate via dbusd.
-		dbus_system_bus_unconfined($1)
+		dbus_unconfined($1)
 	')
 
 	optional_policy(`

policy/modules/system/unconfined.te

@@ -75,40 +75,6 @@ optional_policy(`
 	cron_unconfined_role(unconfined_r, unconfined_t)
 ')
 
-optional_policy(`
-	init_dbus_chat_script(unconfined_t)
-
-	dbus_stub(unconfined_t)
-
-	optional_policy(`
-		avahi_dbus_chat(unconfined_t)
-	')
-
-	optional_policy(`
-		bluetooth_dbus_chat(unconfined_t)
-	')
-
-	optional_policy(`
-		consolekit_dbus_chat(unconfined_t)
-	')
-
-	optional_policy(`
-		cups_dbus_chat_config(unconfined_t)
-	')
-
-	optional_policy(`
-		hal_dbus_chat(unconfined_t)
-	')
-
-	optional_policy(`
-		networkmanager_dbus_chat(unconfined_t)
-	')
-
-	optional_policy(`
-		oddjob_dbus_chat(unconfined_t)
-	')
-')
-
 optional_policy(`
 	firstboot_run(unconfined_t, unconfined_r)
 ')
@@ -178,6 +144,10 @@ optional_policy(`
 	rpc_domtrans_nfsd(unconfined_t)
 ')
 
+optional_policy(`
+	rtkit_scheduled(unconfined_t)
+')
+
 optional_policy(`
 	rpm_run(unconfined_t, unconfined_r)
 ')
@@ -200,6 +170,10 @@ optional_policy(`
 	tzdata_run(unconfined_t, unconfined_r)
 ')
 
+optional_policy(`
+	unconfined_dbus_chat(unconfined_t)
+')
+
 optional_policy(`
 	usermanage_run_admin_passwd(unconfined_t, unconfined_r)
 ')
@@ -229,12 +203,5 @@ allow unconfined_execmem_t self:process { execstack execmem };
 unconfined_domain_noaudit(unconfined_execmem_t)
 
 optional_policy(`
-	dbus_stub(unconfined_execmem_t)
-
-	init_dbus_chat_script(unconfined_execmem_t)
 	unconfined_dbus_chat(unconfined_execmem_t)
-
-	optional_policy(`
-		hal_dbus_chat(unconfined_execmem_t)
-	')
 ')