commit: 8ae4a42143f20541f9a43506ffb3e94fe19c42e1 Author: Laurent Bigonville <bigon <AT> bigon <DOT> be> AuthorDate: Fri Apr 11 17:27:16 2014 +0000 Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org> CommitDate: Thu Apr 17 19:02:10 2014 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=8ae4a421
Fix the usage of dbus_spec_session_domain() interface Change the order of the parameters for the calls to dbus_spec_session_domain() interface. For consistancy with the other dbus interfaces and the backward compatibility, we consider that the description was correct and we change the callers instead. The order of the parameter for this interface is the following: dbus_spec_session_domain(role_prefix, domain, entry_point) --- policy/modules/contrib/dbus.if | 2 +- policy/modules/contrib/gnome.if | 2 +- policy/modules/contrib/obex.if | 2 +- policy/modules/contrib/telepathy.if | 18 +++++++++--------- 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/policy/modules/contrib/dbus.if b/policy/modules/contrib/dbus.if index fa6d806..21e8b5c 100644 --- a/policy/modules/contrib/dbus.if +++ b/policy/modules/contrib/dbus.if @@ -469,7 +469,7 @@ interface(`dbus_spec_session_domain',` type $1_dbusd_t; ') - domtrans_pattern($1_dbusd_t, $2, $3) + domtrans_pattern($1_dbusd_t, $3, $2) dbus_spec_session_bus_client($1, $2) dbus_connect_spec_session_bus($1, $2) diff --git a/policy/modules/contrib/gnome.if b/policy/modules/contrib/gnome.if index ab09d61..112d33b 100644 --- a/policy/modules/contrib/gnome.if +++ b/policy/modules/contrib/gnome.if @@ -109,7 +109,7 @@ template(`gnome_role_template',` gnome_stream_connect_gkeyringd($1, $3) optional_policy(` - dbus_spec_session_domain($1, gkeyringd_exec_t, $1_gkeyringd_t) + dbus_spec_session_domain($1, $1_gkeyringd_t, gkeyringd_exec_t) optional_policy(` gnome_dbus_chat_gkeyringd($1, $3) diff --git a/policy/modules/contrib/obex.if b/policy/modules/contrib/obex.if index 8635ea2..410c0e8 100644 --- a/policy/modules/contrib/obex.if +++ b/policy/modules/contrib/obex.if @@ -42,7 +42,7 @@ template(`obex_role_template',` allow $3 obex_t:process { ptrace signal_perms }; ps_process_pattern($3, obex_t) - dbus_spec_session_domain($1, obex_exec_t, obex_t) + dbus_spec_session_domain($1, obex_t, obex_exec_t) obex_dbus_chat($3) ') diff --git a/policy/modules/contrib/telepathy.if b/policy/modules/contrib/telepathy.if index 42946bc..0d58469 100644 --- a/policy/modules/contrib/telepathy.if +++ b/policy/modules/contrib/telepathy.if @@ -78,15 +78,15 @@ template(`telepathy_role_template',` telepathy_msn_stream_connect($3) telepathy_salut_stream_connect($3) - dbus_spec_session_domain($1, telepathy_gabble_exec_t, telepathy_gabble_t) - dbus_spec_session_domain($1, telepathy_sofiasip_exec_t, telepathy_sofiasip_t) - dbus_spec_session_domain($1, telepathy_idle_exec_t, telepathy_idle_t) - dbus_spec_session_domain($1, telepathy_logger_exec_t, telepathy_logger_t) - dbus_spec_session_domain($1, telepathy_mission_control_exec_t, telepathy_mission_control_t) - dbus_spec_session_domain($1, telepathy_salut_exec_t, telepathy_salut_t) - dbus_spec_session_domain($1, telepathy_sunshine_exec_t, telepathy_sunshine_t) - dbus_spec_session_domain($1, telepathy_stream_engine_exec_t, telepathy_stream_engine_t) - dbus_spec_session_domain($1, telepathy_msn_exec_t, telepathy_msn_t) + dbus_spec_session_domain($1, telepathy_gabble_t, telepathy_gabble_exec_t) + dbus_spec_session_domain($1, telepathy_sofiasip_t, telepathy_sofiasip_exec_t) + dbus_spec_session_domain($1, telepathy_idle_t, telepathy_idle_exec_t) + dbus_spec_session_domain($1, telepathy_logger_t, telepathy_logger_exec_t) + dbus_spec_session_domain($1, telepathy_mission_control_t, telepathy_mission_control_exec_t) + dbus_spec_session_domain($1, telepathy_salut_t, telepathy_salut_exec_t) + dbus_spec_session_domain($1, telepathy_sunshine_t, telepathy_sunshine_exec_t) + dbus_spec_session_domain($1, telepathy_stream_engine_t, telepathy_stream_engine_exec_t) + dbus_spec_session_domain($1, telepathy_msn_t, telepathy_msn_exec_t) allow $3 { telepathy_mission_control_cache_home_t telepathy_cache_home_t telepathy_logger_cache_home_t }:dir { manage_dir_perms relabel_dir_perms }; allow $3 { telepathy_gabble_cache_home_t telepathy_mission_control_home_t telepathy_data_home_t }:dir { manage_dir_perms relabel_dir_perms };