wm: add watch perms

Signed-off-by: Guido Trentalancia <guido@trentalancia.com> -- policy/modules/apps/wm.if | 4 ++++ policy/modules/services/networkmanager.if | 18 ++++++++++++++++++ 2 files changed, 22 insertions(+)
2020-03-18 00:11:16 +01:00 · 2020-03-18 00:11:16 +01:00 · 77174969ba
parent 0cd4068aea
commit 77174969ba
2 changed files with 22 additions and 0 deletions
--- a/policy/modules/apps/wm.if
+++ b/policy/modules/apps/wm.if
@ -89,6 +89,10 @@ template(`wm_role_template',`
 		gnome_stream_connect_all_gkeyringd($1_wm_t)
 	')

+	optional_policy(`
+		networkmanager_watch_etc_dirs($1_wm_t)
+	')
+
 	optional_policy(`
 		policykit_run_auth($1_wm_t, $2)
 		policykit_signal_auth($1_wm_t)
--- a/policy/modules/services/networkmanager.if
+++ b/policy/modules/services/networkmanager.if
@ -171,6 +171,24 @@ interface(`networkmanager_signal',`
 	allow $1 NetworkManager_t:process signal;
 ')

+########################################
+### <summary>
+###	Watch networkmanager etc dirs.
+### </summary>
+### <param name="domain">
+###	<summary>
+###	Domain allowed access.
+###	</summary>
+### </param>
+##
+interface(`networkmanager_watch_etc_dirs',`
+	gen_require(`
+		type NetworkManager_etc_t;
+	')
+
+	allow $1 NetworkManager_etc_t:dir watch;
+')
+
 ########################################
 ## <summary>
 ##	Read networkmanager etc files.