')
')
+########################################
+## <summary>
+## Send and receive messages from
+## login program domains over dbus.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`authlogin_dbus_chat',`
+ gen_require(`
+ attribute polydomain;
+ class dbus send_msg;
+ ')
+
+ allow $1 polydomain:dbus send_msg;
+ allow polydomain $1:dbus send_msg;
+')
+
+########################################
+## <summary>
+## Read authlogin state files.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`authlogin_read_state',`
+ gen_require(`
+ attribute polydomain;
+ ')
+
+ kernel_search_proc($1)
+ ps_process_pattern($1, polydomain)
+')
+
########################################
## <summary>
## Read and write a authlogin unnamed pipe.
# Actually only have proof of it creating dirs and symlinks (/run/user/$USER/X11/display)
auth_manage_var_auth(systemd_logind_t)
+authlogin_dbus_chat(systemd_logind_t)
+authlogin_read_state(systemd_logind_t)
+
dbus_connect_system_bus(systemd_logind_t)
dbus_system_bus_client(systemd_logind_t)
')
optional_policy(`
- xserver_dbus_chat_xdm(systemd_logind_t)
- xserver_read_state_xdm(systemd_logind_t)
# It links /run/user/$USER/X11/display to /tmp/.X11-unix/X* sock_file
xserver_search_xdm_tmp_dirs(systemd_logind_t)
')
projects / people / stevee / selinux-policy.git / commitdiff
