From 77174969ba14cec6d9033417d94b2f252042f57f Mon Sep 17 00:00:00 2001
From: Guido Trentalancia <guido@trentalancia.com>
Date: Wed, 18 Mar 2020 00:11:16 +0100
Subject: [PATCH] wm: add watch perms

Signed-off-by: Guido Trentalancia <guido@trentalancia.com>
--
 policy/modules/apps/wm.if                 |    4 ++++
 policy/modules/services/networkmanager.if |   18 ++++++++++++++++++
 2 files changed, 22 insertions(+)
---
 policy/modules/apps/wm.if                 |  4 ++++
 policy/modules/services/networkmanager.if | 18 ++++++++++++++++++
 2 files changed, 22 insertions(+)

diff --git a/policy/modules/apps/wm.if b/policy/modules/apps/wm.if
index 260a7b015..538d6968f 100644
--- a/policy/modules/apps/wm.if
+++ b/policy/modules/apps/wm.if
@@ -89,6 +89,10 @@ template(`wm_role_template',`
 		gnome_stream_connect_all_gkeyringd($1_wm_t)
 	')
 
+	optional_policy(`
+		networkmanager_watch_etc_dirs($1_wm_t)
+	')
+
 	optional_policy(`
 		policykit_run_auth($1_wm_t, $2)
 		policykit_signal_auth($1_wm_t)
diff --git a/policy/modules/services/networkmanager.if b/policy/modules/services/networkmanager.if
index 4c6dd3424..175ac7532 100644
--- a/policy/modules/services/networkmanager.if
+++ b/policy/modules/services/networkmanager.if
@@ -171,6 +171,24 @@ interface(`networkmanager_signal',`
 	allow $1 NetworkManager_t:process signal;
 ')
 
+########################################
+### <summary>
+###	Watch networkmanager etc dirs.
+### </summary>
+### <param name="domain">
+###	<summary>
+###	Domain allowed access.
+###	</summary>
+### </param>
+##
+interface(`networkmanager_watch_etc_dirs',`
+	gen_require(`
+		type NetworkManager_etc_t;
+	')
+
+	allow $1 NetworkManager_etc_t:dir watch;
+')
+
 ########################################
 ## <summary>
 ##	Read networkmanager etc files.