systemd_logind: this is a bit cleaner

diff --git a/policy/modules/system/authlogin.if b/policy/modules/system/authlogin.if
index c2dc2c5085562770b9b81688fa36027f6a9ed69e..dedb9173f873e47cf67d1a718089512d64dec224 100644 (file)
--- a/policy/modules/system/authlogin.if
+++ b/policy/modules/system/authlogin.if
@@ -213,32 +213,12 @@ interface(`auth_login_pgm_domain',`
        ')
 
        optional_policy(`
+               systemd_dbus_chat_logind($1)
                systemd_use_fds_logind($1)
                systemd_write_inherited_logind_sessions_pipes($1)
        ')
 ')
 
-########################################
-## <summary>
-##     Send and receive messages from
-##     login program domains over dbus.
-## </summary>
-## <param name="domain">
-##     <summary>
-##     Domain allowed access.
-##     </summary>
-## </param>
-#
-interface(`authlogin_dbus_chat',`
-       gen_require(`
-               attribute polydomain;
-               class dbus send_msg;
-       ')
-
-       allow $1 polydomain:dbus send_msg;
-       allow polydomain $1:dbus send_msg;
-')
-
 ########################################
 ## <summary>
 ##     Read authlogin state files.

diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
index 06e5b12f7d8c837051d6c5b41b93ac56c12f8227..4f365084cc8de2b0c1f46b9cfc334111f1bf4f7b 100644 (file)
--- a/policy/modules/system/systemd.te
+++ b/policy/modules/system/systemd.te
@@ -103,7 +103,6 @@ term_use_unallocated_ttys(systemd_logind_t)
 # Actually only have proof of it creating dirs and symlinks (/run/user/$USER/X11/display)
 auth_manage_var_auth(systemd_logind_t)
 
-authlogin_dbus_chat(systemd_logind_t)
 authlogin_read_state(systemd_logind_t)
 
 dbus_connect_system_bus(systemd_logind_t)