From mboxrd@z Thu Jan  1 00:00:00 1970
From: guido@trentalancia.net (Guido Trentalancia)
Date: Thu, 15 Dec 2016 00:09:10 +0100
Subject: [refpolicy] [PATCH v2 5/5] rtkit: enable dbus chat with xdm
In-Reply-To: <7a91e7db-5de3-9c37-549f-e6d1cd8c446b@ieee.org>
References: <1481130053.3300.9.camel@trentalancia.net>
	<1481217618.20182.8.camel@trentalancia.net>
	<1481322107.2989.1.camel@trentalancia.net>
	<1481676545.17446.13.camel@trentalancia.net>
	<7a91e7db-5de3-9c37-549f-e6d1cd8c446b@ieee.org>
Message-ID: <1481756950.3080.2.camel@trentalancia.net>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Enable dbus messaging between the X Display Manager (XDM) and
the rtkit daemon.

Also, let the rtkit daemon set the priority of all X Display
Managers (XDM).

This patch (along with parts 3/5 and 4/5) is needed when
running gdm.

Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
---
 policy/modules/contrib/rtkit.te    |    8 ++++++++
 policy/modules/services/xserver.if |   20 +++++++++++++++++++-
 2 files changed, 27 insertions(+), 1 deletion(-)

--- a/policy/modules/contrib/rtkit.te	2016-12-14 02:25:03.296232854 +0100
+++ b/policy/modules/contrib/rtkit.te	2016-12-15 00:02:39.744279486 +0100
@@ -42,4 +42,12 @@ optional_policy(`
 	optional_policy(`
 		policykit_dbus_chat(rtkit_daemon_t)
 	')
+
+	optional_policy(`
+		xserver_dbus_chat_xdm(rtkit_daemon_t)
+	')
+')
+
+optional_policy(`
+	xserver_setsched_all_xdms(rtkit_daemon_t)
 ')
--- a/policy/modules/services/xserver.if	2016-12-14 02:25:03.297232878 +0100
+++ b/policy/modules/services/xserver.if	2016-12-15 00:03:37.656417716 +0100
@@ -162,7 +162,6 @@ interface(`xserver_role',`
 	manage_files_pattern($2, user_fonts_config_t, user_fonts_config_t)
 	relabel_dirs_pattern($2, user_fonts_config_t, user_fonts_config_t)
 	relabel_files_pattern($2, user_fonts_config_t, user_fonts_config_t)
-
 ')
 
 #######################################
@@ -1350,3 +1349,22 @@ interface(`xserver_unconfined',`
 	typeattribute $1 x_domain;
 	typeattribute $1 xserver_unconfined_type;
 ')
+
+########################################
+## <summary>
+##	Set the priority of all X
+##	Display Managers (XDM).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`xserver_setsched_all_xdms',`
+	gen_require(`
+		attribute xdm_domain;
+	')
+
+	allow $1 xdm_domain:process setsched;
+')