commit: f9fe55e7d7c4635f6de5b252fb1887b200601792
Author: Chris PeBenito <pebenito <AT> ieee <DOT> org>
AuthorDate: Thu Feb 15 22:06:45 2018 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sun Feb 18 11:17:07 2018 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=f9fe55e7
Misc dbus fixes from Russell Coker.
policy/modules/contrib/apt.te | 11 ++++++++++-
policy/modules/contrib/dbus.te | 5 ++++-
policy/modules/contrib/devicekit.te | 8 +++++++-
policy/modules/contrib/networkmanager.te | 3 ++-
4 files changed, 23 insertions(+), 4 deletions(-)
diff --git a/policy/modules/contrib/apt.te b/policy/modules/contrib/apt.te
index c54e2126..ed05a060 100644
--- a/policy/modules/contrib/apt.te
+++ b/policy/modules/contrib/apt.te
@@ -1,4 +1,4 @@
-policy_module(apt, 1.11.0)
+policy_module(apt, 1.11.1)
########################################
#
@@ -135,6 +135,15 @@ optional_policy(`
optional_policy(`
dbus_system_domain(apt_t, apt_exec_t)
+
+ optional_policy(`
+ # for packagekitd
+ policykit_dbus_chat(apt_t)
+ ')
+
+ optional_policy(`
+ unconfined_dbus_send(apt_t)
+ ')
')
optional_policy(`
diff --git a/policy/modules/contrib/dbus.te b/policy/modules/contrib/dbus.te
index 00a15e45..0d84f3dd 100644
--- a/policy/modules/contrib/dbus.te
+++ b/policy/modules/contrib/dbus.te
@@ -1,4 +1,4 @@
-policy_module(dbus, 1.24.0)
+policy_module(dbus, 1.24.1)
gen_require(`
class dbus all_dbus_perms;
@@ -136,6 +136,9 @@ init_use_script_ptys(system_dbusd_t)
init_all_labeled_script_domtrans(system_dbusd_t)
init_start_system(system_dbusd_t) # needed by dbus-broker
+# for powerdevil /usr/lib/x86_64-linux-gnu/libexec/kauth/*
+libs_exec_lib_files(system_dbusd_t)
+
logging_send_audit_msgs(system_dbusd_t)
logging_send_syslog_msg(system_dbusd_t)
diff --git a/policy/modules/contrib/devicekit.te
b/policy/modules/contrib/devicekit.te
index 562cede8..390564a3 100644
--- a/policy/modules/contrib/devicekit.te
+++ b/policy/modules/contrib/devicekit.te
@@ -1,4 +1,4 @@
-policy_module(devicekit, 1.8.0)
+policy_module(devicekit, 1.8.1)
########################################
#
@@ -163,6 +163,11 @@ optional_policy(`
optional_policy(`
policykit_dbus_chat(devicekit_disk_t)
')
+
+ optional_policy(`
+ # gwenview triggers the need for this
+ xserver_dbus_chat_xdm(devicekit_disk_t)
+ ')
')
optional_policy(`
@@ -287,6 +292,7 @@ optional_policy(`
optional_policy(`
dbus_system_bus_client(devicekit_power_t)
+ init_dbus_chat(devicekit_power_t)
allow devicekit_power_t devicekit_t:dbus send_msg;
diff --git a/policy/modules/contrib/networkmanager.te
b/policy/modules/contrib/networkmanager.te
index 18137aed..e65eb094 100644
--- a/policy/modules/contrib/networkmanager.te
+++ b/policy/modules/contrib/networkmanager.te
@@ -1,4 +1,4 @@
-policy_module(networkmanager, 1.22.0)
+policy_module(networkmanager, 1.22.1)
########################################
#
@@ -224,6 +224,7 @@ optional_policy(`
optional_policy(`
dbus_system_domain(NetworkManager_t, NetworkManager_exec_t)
+ init_dbus_chat(NetworkManager_t)
optional_policy(`
avahi_dbus_chat(NetworkManager_t)
