dbus obj class cleanup

2005-11-01 15:11:05 +00:00 · 2005-11-01 15:11:05 +00:00 · dab808bde7
commit dab808bde7
parent ce0ff19691
2 changed files with 20 additions and 14 deletions
--- a/refpolicy/policy/modules/services/bind.te
+++ b/refpolicy/policy/modules/services/bind.te
@ -270,20 +270,26 @@ optional_policy(`nscd.te',`
 # Partially converted rules.  THESE ARE ONLY TEMPORARY
 #

+gen_require(`
+	class dbus send_msg;
+')
+
+allow named_t initrc_t:dbus send_msg;
+
 # cjp: this whole block was originally in networkmanager
 optional_policy(`networkmanager.te',`
 	gen_require(`
 		type NetworkManager_t;
 	')

-	optional_policy(`dbus.te',`
-		gen_require(`
-			class dbus send_msg;
-		')
+#	optional_policy(`dbus.te',`
+#		gen_require(`
+#			class dbus send_msg;
+#		')

 		allow NetworkManager_t named_t:dbus send_msg;
 		allow named_t NetworkManager_t:dbus send_msg;
-	')
+#	')

 	bind_domtrans(NetworkManager_t)

--- a/refpolicy/policy/modules/services/hal.te
+++ b/refpolicy/policy/modules/services/hal.te
@ -178,26 +178,26 @@ optional_policy(`rhgb.te',`

 allow hald_t device_t:dir create_dir_perms;

-optional_policy(`updfstab.te',`
-allow updfstab_t hald_t:dbus send_msg;
-allow hald_t updfstab_t:dbus send_msg;
-')
-
 optional_policy(`hald.te',`
 allow udev_t hald_t:unix_dgram_socket sendto;
 ')

-allow hald_t initrc_t:dbus send_msg;
-allow initrc_t hald_t:dbus send_msg;
-
 # For /usr/libexec/hald-addon-acpi - writes to /var/run/acpid.socket
 ifdef(`apmd.te', `
 allow hald_t apmd_var_run_t:sock_file write;
 allow hald_t apmd_t:unix_stream_socket connectto;
 ')
+') dnl end TODO

 ifdef(`targeted_policy', `
 allow unconfined_t hald_t:dbus send_msg;
 allow hald_t unconfined_t:dbus send_msg;
 ')
-') dnl end TODO
+
+optional_policy(`updfstab.te',`
+	allow updfstab_t hald_t:dbus send_msg;
+	allow hald_t updfstab_t:dbus send_msg;
+')
+
+allow hald_t initrc_t:dbus send_msg;
+allow initrc_t hald_t:dbus send_msg;