selinux/dbus/org.selinux.policy
Dan Walsh e103c5b2ee
dbus: Fix name of polkit function
Add missing action org.selinux.change_default_mode for change_default_mode() and
remove unused action org.selinux.change_policy_type.

Fixes: e8718ef51463 ("Make sure we do the polkit check on all dbus interfaces.")

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2019-02-10 17:04:19 +01:00

83 lines
3.2 KiB
XML

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE policyconfig PUBLIC
"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
"http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
<policyconfig>
<vendor>Red Hat Inc.</vendor>
<vendor_url>http://www.redhat.com</vendor_url>
<action id="org.selinux.restorecon">
<description>SELinux write access</description>
<message>System policy prevents restorecon access to SELinux</message>
<defaults>
<allow_any>no</allow_any>
<allow_inactive>no</allow_inactive>
<allow_active>auth_admin_keep</allow_active>
</defaults>
</action>
<action id="org.selinux.setenforce">
<description>SELinux write access</description>
<message>System policy prevents setenforce access to SELinux</message>
<defaults>
<allow_any>no</allow_any>
<allow_inactive>no</allow_inactive>
<allow_active>auth_admin_keep</allow_active>
</defaults>
</action>
<action id="org.selinux.semanage">
<description>SELinux write access</description>
<message>System policy prevents semanage access to SELinux</message>
<defaults>
<allow_any>no</allow_any>
<allow_inactive>no</allow_inactive>
<allow_active>auth_admin_keep</allow_active>
</defaults>
</action>
<action id="org.selinux.customized">
<description>SELinux Read access</description>
<message>System policy prevents read access to SELinux</message>
<defaults>
<allow_any>no</allow_any>
<allow_inactive>no</allow_inactive>
<allow_active>auth_admin_keep</allow_active>
</defaults>
</action>
<action id="org.selinux.semodule_list">
<description>SELinux list modules access</description>
<message>System policy prevents read access to SELinux modules</message>
<defaults>
<allow_any>no</allow_any>
<allow_inactive>no</allow_inactive>
<allow_active>auth_admin_keep</allow_active>
</defaults>
</action>
<action id="org.selinux.relabel_on_boot">
<description>SELinux write access</description>
<message>System policy prevents relabel_on_boot access to SELinux</message>
<defaults>
<allow_any>no</allow_any>
<allow_inactive>no</allow_inactive>
<allow_active>auth_admin_keep</allow_active>
</defaults>
</action>
<action id="org.selinux.change_default_policy">
<description>SELinux write access</description>
<message>System policy prevents change_default_policy access to SELinux</message>
<defaults>
<allow_any>no</allow_any>
<allow_inactive>no</allow_inactive>
<allow_active>auth_admin_keep</allow_active>
</defaults>
</action>
<action id="org.selinux.change_default_mode">
<description>Change SELinux default enforcing mode</description>
<message>System policy prevents change_default_policy access to SELinux</message>
<defaults>
<allow_any>no</allow_any>
<allow_inactive>no</allow_inactive>
<allow_active>auth_admin_keep</allow_active>
</defaults>
</action>
</policyconfig>