Colord: Support nfs/cifs (other than mounted on /home)

Colord: Allow colord to get attributes of any filesystem (who knows
what one may have mounted on /media) #708474

diff --git a/policy/modules/services/colord.te b/policy/modules/services/colord.te
index 9d5aa8893774203f98f456a26c159e8ca85ff703..341836b9bd0aaaedf02477624f909c5124b04351 100644 (file)
--- a/policy/modules/services/colord.te
+++ b/policy/modules/services/colord.te
@@ -5,6 +5,20 @@ policy_module(colord,1.0.0)
 # Declarations
 #
 
+## <desc>
+##     <p>
+##     Allow colord to access cifs file systems
+##     </p>
+## </desc>
+gen_tunable(colord_use_cifs, false)
+
+## <desc>
+##     <p>
+##     Allow colord to access nfs file systems
+##     </p>
+## </desc>
+gen_tunable(colord_use_nfs, false)
+
 type colord_t;
 type colord_exec_t;
 dbus_system_domain(colord_t, colord_exec_t)
@@ -66,6 +80,7 @@ files_list_mnt(colord_t)
 files_read_etc_files(colord_t)
 files_read_usr_files(colord_t)
 
+fs_getattr_all_fs(colord_t)
 fs_search_all(colord_t)
 fs_read_noxattr_fs_files(colord_t)
 
@@ -81,12 +96,22 @@ sysnet_dns_name_resolve(colord_t)
 
 userdom_read_inherited_user_home_content_files(colord_t)
 
+tunable_policy(`colord_use_cifs',`
+       fs_manage_cifs_dirs(colord_t)
+       fs_manage_cifs_files(colord_t)
+')
+
+tunable_policy(`colord_use_nfs',`
+       fs_manage_nfs_dirs(colord_t)
+       fs_manage_nfs_files(colord_t)
+')
+
 tunable_policy(`use_nfs_home_dirs',`
-        fs_read_nfs_files(colord_t)
+               fs_read_nfs_files(colord_t)
 ')
 
 tunable_policy(`use_samba_home_dirs',`
-        fs_read_cifs_files(colord_t)
+               fs_read_cifs_files(colord_t)
 ')
 
 optional_policy(`