dbus: add two interfaces to allow reading from directories and named sockets

Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
This commit is contained in:
Antoine Tenart 2020-09-14 16:31:54 +02:00
parent 23f1e4316b
commit 66c2ff9060

View File

@ -594,6 +594,24 @@ interface(`dbus_watch_system_bus_runtime_dirs',`
allow $1 system_dbusd_runtime_t:dir watch;
')
########################################
## <summary>
## List system bus runtime directories.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dbus_list_system_bus_runtime',`
gen_require(`
type system_dbusd_runtime_t;
')
allow $1 system_dbusd_runtime_t:dir list_dir_perms;
')
########################################
## <summary>
## Watch system bus runtime named sockets.
@ -612,6 +630,24 @@ interface(`dbus_watch_system_bus_runtime_named_sockets',`
allow $1 system_dbusd_runtime_t:sock_file watch;
')
########################################
## <summary>
## Read system bus runtime named sockets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dbus_read_system_bus_runtime_named_sockets',`
gen_require(`
type system_dbusd_runtime_t;
')
allow $1 system_dbusd_runtime_t:sock_file read;
')
########################################
## <summary>
## Unconfined access to DBUS.