1 |
commit: 3677ba127d40a22289d282c32d28323604c5e4c1 |
2 |
Author: Jason Zaman <jason <AT> perfinion <DOT> com> |
3 |
AuthorDate: Tue Dec 2 12:00:05 2014 +0000 |
4 |
Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com> |
5 |
CommitDate: Tue Dec 2 14:17:11 2014 +0000 |
6 |
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=3677ba12 |
7 |
|
8 |
Allow users to talk to devicekit |
9 |
|
10 |
Needed to read battery status and disk info. |
11 |
|
12 |
type=USER_AVC msg=audit(1417367573.060:234): pid=3121 uid=101 |
13 |
auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t |
14 |
msg='avc: denied { send_msg } for msgtype=signal |
15 |
interface=org.freedesktop.UPower member=DeviceChanged |
16 |
dest=org.freedesktop.DBus spid=3606 tpid=3858 |
17 |
scontext=system_u:system_r:devicekit_power_t |
18 |
tcontext=staff_u:staff_r:staff_t tclass=dbus exe="/usr/bin/dbus-daemon" |
19 |
sauid=101 hostname=? addr=? terminal=?' |
20 |
|
21 |
type=USER_AVC msg=audit(1417363447.011:103525): pid=3339 uid=101 |
22 |
auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t |
23 |
msg='avc: denied { send_msg } for msgtype=signal |
24 |
interface=org.freedesktop.DBus.Properties member=PropertiesChanged |
25 |
dest=org.freedesktop.DBus spid=4094 tpid=4090 |
26 |
scontext=system_u:system_r:devicekit_disk_t |
27 |
tcontext=staff_u:staff_r:staff_t tclass=dbus exe="/usr/bin/dbus-daemon" |
28 |
sauid=101 hostname=? addr=? terminal=?' |
29 |
|
30 |
--- |
31 |
policy/modules/roles/staff.te | 5 +++++ |
32 |
policy/modules/roles/unprivuser.te | 5 +++++ |
33 |
2 files changed, 10 insertions(+) |
34 |
|
35 |
diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te |
36 |
index 1a867f0..0c15bb5 100644 |
37 |
--- a/policy/modules/roles/staff.te |
38 |
+++ b/policy/modules/roles/staff.te |
39 |
@@ -200,6 +200,11 @@ ifdef(`distro_gentoo',` |
40 |
') |
41 |
|
42 |
optional_policy(` |
43 |
+ devicekit_dbus_chat_disk(staff_t) |
44 |
+ devicekit_dbus_chat_power(staff_t) |
45 |
+ ') |
46 |
+ |
47 |
+ optional_policy(` |
48 |
dropbox_role(staff_r, staff_t) |
49 |
') |
50 |
|
51 |
|
52 |
diff --git a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te |
53 |
index e349a03..63dced4 100644 |
54 |
--- a/policy/modules/roles/unprivuser.te |
55 |
+++ b/policy/modules/roles/unprivuser.te |
56 |
@@ -185,6 +185,11 @@ ifdef(`distro_gentoo',` |
57 |
') |
58 |
|
59 |
optional_policy(` |
60 |
+ devicekit_dbus_chat_disk(user_t) |
61 |
+ devicekit_dbus_chat_power(user_t) |
62 |
+ ') |
63 |
+ |
64 |
+ optional_policy(` |
65 |
dropbox_role(user_r, user_t) |
66 |
') |