From dab808bde7f621f16afda301eb56ea130ed8e2b0 Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Tue, 1 Nov 2005 15:11:05 +0000 Subject: [PATCH] dbus obj class cleanup --- refpolicy/policy/modules/services/bind.te | 16 +++++++++++----- refpolicy/policy/modules/services/hal.te | 18 +++++++++--------- 2 files changed, 20 insertions(+), 14 deletions(-) diff --git a/refpolicy/policy/modules/services/bind.te b/refpolicy/policy/modules/services/bind.te index c811b1f81..70234539e 100644 --- a/refpolicy/policy/modules/services/bind.te +++ b/refpolicy/policy/modules/services/bind.te @@ -270,20 +270,26 @@ optional_policy(`nscd.te',` # Partially converted rules. THESE ARE ONLY TEMPORARY # +gen_require(` + class dbus send_msg; +') + +allow named_t initrc_t:dbus send_msg; + # cjp: this whole block was originally in networkmanager optional_policy(`networkmanager.te',` gen_require(` type NetworkManager_t; ') - optional_policy(`dbus.te',` - gen_require(` - class dbus send_msg; - ') +# optional_policy(`dbus.te',` +# gen_require(` +# class dbus send_msg; +# ') allow NetworkManager_t named_t:dbus send_msg; allow named_t NetworkManager_t:dbus send_msg; - ') +# ') bind_domtrans(NetworkManager_t) diff --git a/refpolicy/policy/modules/services/hal.te b/refpolicy/policy/modules/services/hal.te index 6a94b4102..6c80d20fc 100644 --- a/refpolicy/policy/modules/services/hal.te +++ b/refpolicy/policy/modules/services/hal.te @@ -178,26 +178,26 @@ optional_policy(`rhgb.te',` allow hald_t device_t:dir create_dir_perms; -optional_policy(`updfstab.te',` -allow updfstab_t hald_t:dbus send_msg; -allow hald_t updfstab_t:dbus send_msg; -') - optional_policy(`hald.te',` allow udev_t hald_t:unix_dgram_socket sendto; ') -allow hald_t initrc_t:dbus send_msg; -allow initrc_t hald_t:dbus send_msg; - # For /usr/libexec/hald-addon-acpi - writes to /var/run/acpid.socket ifdef(`apmd.te', ` allow hald_t apmd_var_run_t:sock_file write; allow hald_t apmd_t:unix_stream_socket connectto; ') +') dnl end TODO ifdef(`targeted_policy', ` allow unconfined_t hald_t:dbus send_msg; allow hald_t unconfined_t:dbus send_msg; ') -') dnl end TODO + +optional_policy(`updfstab.te',` + allow updfstab_t hald_t:dbus send_msg; + allow hald_t updfstab_t:dbus send_msg; +') + +allow hald_t initrc_t:dbus send_msg; +allow initrc_t hald_t:dbus send_msg;