[refpolicy] [PATCH 1/3] userdomain: new dbus chat interface

Guido Trentalancia guido at trentalancia.com
Sat May 20 15:40:23 UTC 2017


Minor update for the Apache OpenOffice(R) module: part 1/3.

This patch introduces a new interface to allow bidirectional
dbus chat from/to the user domain (instead of only unidirectional
messaging).

The new interface is used by part 2/3.

Signed-off-by: Guido Trentalancia <guido at trentalancia.com>
---
 policy/modules/system/userdomain.if |   21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

--- a/policy/modules/system/userdomain.if	2017-04-26 17:47:14.081423048 +0200
+++ b/policy/modules/system/userdomain.if	2017-05-20 15:55:50.405244985 +0200
@@ -4018,6 +4018,27 @@ interface(`userdom_dbus_send_all_users',
 
 ########################################
 ## <summary>
+##	Send and receive dbus messages
+##	from and to all user domains.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`userdom_dbus_chat_all_users',`
+	gen_require(`
+		attribute userdomain;
+		class dbus send_msg;
+	')
+
+	allow $1 userdomain:dbus send_msg;
+	allow userdomain $1:dbus send_msg;
+')
+
+########################################
+## <summary>
 ##     Do not audit attempts to read and write
 ##     unserdomain stream.
 ## </summary>


More information about the refpolicy mailing list