summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChris PeBenito <cpebenito@tresys.com>2009-08-18 09:48:28 -0400
committerChris PeBenito <cpebenito@tresys.com>2009-08-18 09:49:31 -0400
commit909922027bdb73dacc0526d52c2801fcc6a95fa1 (patch)
treeaa75919f267569593f2c0d80431a1488aee771ca
parentb2648249d9b0bc0dcf93ba1112ff7ebad428ac04 (diff)
Debian policykit fixes from Martin Orr.
The policykit binaries on Debian live in /usr/lib/policykit so add file contexts for that. Also a couple of policykit rules.
Diffstat
-rw-r--r--Changelog1
-rw-r--r--policy/modules/services/policykit.fc5
-rw-r--r--policy/modules/services/policykit.te5
3 files changed, 10 insertions, 1 deletions
diff --git a/Changelog b/Changelog
index 9154f9a8..c291c280 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,4 @@
+- Debian policykit fixes from Martin Orr.
- Fix unconfined_r use of unconfined_java_t.
- Add missing x_device rules for XI2 functions, from Eamon Walsh.
- Add missing rules to make unconfined_cronjob_t a valid cron job domain.
diff --git a/policy/modules/services/policykit.fc b/policy/modules/services/policykit.fc
index d7264537..27c739c9 100644
--- a/policy/modules/services/policykit.fc
+++ b/policy/modules/services/policykit.fc
@@ -1,3 +1,8 @@
+/usr/lib/policykit/polkit-read-auth-helper -- gen_context(system_u:object_r:policykit_auth_exec_t,s0)
+/usr/lib/policykit/polkit-grant-helper.* -- gen_context(system_u:object_r:policykit_grant_exec_t,s0)
+/usr/lib/policykit/polkit-resolve-exe-helper.* -- gen_context(system_u:object_r:policykit_resolve_exec_t,s0)
+/usr/lib/policykit/polkitd -- gen_context(system_u:object_r:policykit_exec_t,s0)
+
/usr/libexec/polkit-read-auth-helper -- gen_context(system_u:object_r:policykit_auth_exec_t,s0)
/usr/libexec/polkit-grant-helper.* -- gen_context(system_u:object_r:policykit_grant_exec_t,s0)
/usr/libexec/polkit-resolve-exe-helper.* -- gen_context(system_u:object_r:policykit_resolve_exec_t,s0)
diff --git a/policy/modules/services/policykit.te b/policy/modules/services/policykit.te
index 9913701d..4334f27b 100644
--- a/policy/modules/services/policykit.te
+++ b/policy/modules/services/policykit.te
@@ -1,5 +1,5 @@
-policy_module(policykit, 1.0.0)
+policy_module(policykit, 1.0.1)
########################################
#
@@ -92,6 +92,8 @@ manage_dirs_pattern(policykit_auth_t, policykit_var_run_t, policykit_var_run_t)
manage_files_pattern(policykit_auth_t, policykit_var_run_t, policykit_var_run_t)
files_pid_filetrans(policykit_auth_t, policykit_var_run_t, { file dir })
+kernel_read_system_state(policykit_auth_t)
+
files_read_etc_files(policykit_auth_t)
files_read_usr_files(policykit_auth_t)
@@ -104,6 +106,7 @@ miscfiles_read_localization(policykit_auth_t)
userdom_dontaudit_read_user_home_content_files(policykit_auth_t)
optional_policy(`
+ dbus_system_bus_client(policykit_auth_t)
dbus_session_bus_client(policykit_auth_t)
optional_policy(`
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-18 02:10:12 +0000