From mboxrd@z Thu Jan  1 00:00:00 1970
From: guido@trentalancia.net (Guido Trentalancia)
Date: Wed, 14 Dec 2016 01:49:01 +0100
Subject: [refpolicy] [PATCH 4/5] policykit: enable dbus chat with xdm
In-Reply-To: <1481322107.2989.1.camel@trentalancia.net>
References: <1481130053.3300.9.camel@trentalancia.net>
	<1481217618.20182.8.camel@trentalancia.net>
	<1481322107.2989.1.camel@trentalancia.net>
Message-ID: <1481676541.17446.12.camel@trentalancia.net>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Enable dbus messaging between the X Display Manager (XDM) and
PolicyKit.

Also, let PolicyKit read the urandom device.

This patch (along with parts 3/5 and 5/5) might be needed when
running gdm.

Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
---
 policy/modules/contrib/policykit.te |    6 ++++++
 1 file changed, 6 insertions(+)

diff -pruN refpolicy-git-07122016-orig/policy/modules/contrib/policykit.te refpolicy-git-07122016/policy/modules/contrib/policykit.te
--- refpolicy-git-07122016-orig/policy/modules/contrib/policykit.te	2016-10-29 16:29:19.759327926 +0200
+++ refpolicy-git-07122016/policy/modules/contrib/policykit.te	2016-12-12 23:50:23.856370382 +0100
@@ -88,6 +88,8 @@ domtrans_pattern(policykit_t, policykit_
 kernel_read_kernel_sysctls(policykit_t)
 kernel_read_system_state(policykit_t)
 
+dev_read_urand(policykit_t)
+
 domain_read_all_domains_state(policykit_t)
 
 files_dontaudit_search_all_mountpoints(policykit_t)
@@ -110,6 +112,10 @@ optional_policy(`
 	optional_policy(`
 		rpm_dbus_chat(policykit_t)
 	')
+
+	optional_policy(`
+		xserver_dbus_chat_xdm(policykit_t)
+	')
 ')
 
 optional_policy(`