patch to make cpufreqselector usable with dbus

This patch adds a new interface to the cpufreqselector module
to allow dbus chat. It then uses such interface to allow dbus chat
with system_dbusd_t and xdm_t. This patch also adds some other
permissions needed to run cpufreqselector.

policy/modules/apps/cpufreqselector.if

@@ -1 +1,22 @@
 ## <summary>Command-line CPU frequency settings.</summary>
+
+########################################
+## <summary>
+##      Send and receive messages from
+##      cpufreq-selector over dbus.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+interface(`cpufreqselector_dbus_chat',`
+        gen_require(`
+                type cpufreqselector_t;
+                class dbus send_msg;
+        ')
+
+        allow $1 cpufreqselector_t:dbus send_msg;
+        allow cpufreqselector_t $1:dbus send_msg;
+')

policy/modules/apps/cpufreqselector.te

@@ -15,8 +15,11 @@ application_domain(cpufreqselector_t, cpufreqselector_exec_t)
 #
 
 allow cpufreqselector_t self:capability { sys_nice sys_ptrace };
+allow cpufreqselector_t self:process getsched;
 allow cpufreqselector_t self:fifo_file rw_fifo_file_perms;
 
+kernel_read_system_state(cpufreqselector_t)
+
 files_read_etc_files(cpufreqselector_t)
 files_read_usr_files(cpufreqselector_t)
 

policy/modules/services/dbus.te

@@ -140,6 +140,10 @@ optional_policy(`
 	bind_domtrans(system_dbusd_t)
 ')
 
+optional_policy(`
+	cpufreqselector_dbus_chat(system_dbusd_t)
+')
+
 optional_policy(`
 	policykit_dbus_chat(system_dbusd_t)
 	policykit_domtrans_auth(system_dbusd_t)

policy/modules/services/xserver.te

@@ -516,6 +516,10 @@ optional_policy(`
 	consoletype_exec(xdm_t)
 ')
 
+optional_policy(`
+	cpufreqselector_dbus_chat(xdm_t)
+')
+
 optional_policy(`
 	# Talk to the console mouse server.
 	gpm_stream_connect(xdm_t)