roles: move dbus_role_template to userdom_common_user_template

After commit cc8374fd24 (various: systemd user fixes and additional support), the dbus_role_template is required for all roles. Move it to userdom_common_user_template. Before the patch if set DISTRO=redhat: root@qemux86-64:~# ps xZ | grep "systemd --user" root:sysadm_r:sysadm_t 240 ? Ss 0:00 /lib/systemd/systemd --user After the patch: root@qemux86-64:~# ps xZ | grep "systemd --user" root:sysadm_r:sysadm_systemd_t 218 ? Ss 0:00 /lib/systemd/systemd --user Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
2021-05-17 14:10:28 +08:00 · 2021-05-17 14:10:28 +08:00 · 7ee15a0681
parent 4412ad507c
commit 7ee15a0681
6 changed files with 23 additions and 42 deletions
--- a/policy/modules/roles/auditadm.te
+++ b/policy/modules/roles/auditadm.te
@ -39,10 +39,6 @@ optional_policy(`
 	dmesg_exec(auditadm_t)
 ')
 optional_policy(`
 	dbus_role_template(auditadm, auditadm_r, auditadm_t)
 ')
 optional_policy(`
 	screen_role_template(auditadm, auditadm_r, auditadm_t)
 ')
--- a/policy/modules/roles/secadm.te
+++ b/policy/modules/roles/secadm.te
@ -48,10 +48,6 @@ optional_policy(`
 	auditadm_role_change(secadm_r)
 ')
 optional_policy(`
 	dbus_role_template(secadm, secadm_r, secadm_t)
 ')
 optional_policy(`
 	dmesg_exec(secadm_t)
 ')
--- a/policy/modules/roles/staff.te
+++ b/policy/modules/roles/staff.te
@ -97,9 +97,6 @@ ifndef(`distro_redhat',`
 		cron_role(staff_r, staff_t)
 	')
 	optional_policy(`
 		dbus_role_template(staff, staff_r, staff_t)
 	optional_policy(`
 		gnome_role_template(staff, staff_r, staff_t)
 	')
@ -111,7 +108,6 @@ ifndef(`distro_redhat',`
 	optional_policy(`
 		wm_role_template(staff, staff_r, staff_t)
 	')
 	')
 	optional_policy(`
 		dirmngr_role(staff_r, staff_t)
--- a/policy/modules/roles/sysadm.te
+++ b/policy/modules/roles/sysadm.te
@ -1225,9 +1225,6 @@ ifndef(`distro_redhat',`
 		cryfs_role(sysadm_r, sysadm_t)
 	')
 	optional_policy(`
 		dbus_role_template(sysadm, sysadm_r, sysadm_t)
 	optional_policy(`
 		gnome_role_template(sysadm, sysadm_r, sysadm_t)
 	')
@ -1235,7 +1232,6 @@ ifndef(`distro_redhat',`
 	optional_policy(`
 		wm_role_template(sysadm, sysadm_r, sysadm_t)
 	')
 	')
 	optional_policy(`
 		dirmngr_role(sysadm_r, sysadm_t)
--- a/policy/modules/roles/unprivuser.te
+++ b/policy/modules/roles/unprivuser.te
@ -61,9 +61,6 @@ ifndef(`distro_redhat',`
 		cron_role(user_r, user_t)
 	')
 	optional_policy(`
 		dbus_role_template(user, user_r, user_t)
 	optional_policy(`
 		gnome_role_template(user, user_r, user_t)
 	')
@ -75,7 +72,6 @@ ifndef(`distro_redhat',`
 	optional_policy(`
 		wm_role_template(user, user_r, user_t)
 	')
 	')
 	optional_policy(`
 		dirmngr_role(user_r, user_t)
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@ -722,6 +722,7 @@ template(`userdom_common_user_template',`
 	')
 	optional_policy(`
 		dbus_role_template($1, $1_r, $1_t)
 		dbus_system_bus_client($1_t)
 		optional_policy(`
@ -760,6 +761,10 @@ template(`userdom_common_user_template',`
 		optional_policy(`
 			xserver_dbus_chat_xdm($1_t)
 		')
 		optional_policy(`
 			systemd_role_template($1, $1_r, $1_t)
 		')
 	')
 	optional_policy(`
@ -861,10 +866,6 @@ template(`userdom_common_user_template',`
 		slrnpull_search_spool($1_t)
 	')
 	optional_policy(`
 		systemd_role_template($1, $1_r, $1_t)
 	')
 	optional_policy(`
 		udev_read_runtime_files($1_t)
 	')