commit: eb7f919fae509df9aa4f003cd69208e62346c92b
Author: Dominick Grift <dac.override <AT> gmail <DOT> com>
AuthorDate: Thu Jul 28 19:44:46 2016 +0000
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Sun Jul 31 10:37:35 2016 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=eb7f919f
Revert "dbus: allow system, and session bus clients to answer to dbus
unconfined domains"
Is considered a "security hole"
This reverts commit 6bef7a14757124c56fadc08c255e9dd6c29a15f9.
policy/modules/contrib/dbus.te | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/policy/modules/contrib/dbus.te b/policy/modules/contrib/dbus.te
index 0f1d8a7..255b860 100644
--- a/policy/modules/contrib/dbus.te
+++ b/policy/modules/contrib/dbus.te
@@ -260,5 +260,5 @@ optional_policy(`
# Unconfined access to this module
#
-allow dbusd_unconfined { system_dbusd_t session_bus_type
dbusd_session_bus_client dbusd_system_bus_client }:dbus all_dbus_perms;
-allow { dbusd_session_bus_client dbusd_system_bus_client }
dbusd_unconfined:dbus send_msg;
+allow dbusd_unconfined { dbusd_session_bus_client dbusd_system_bus_client
}:dbus send_msg;
+allow dbusd_unconfined { system_dbusd_t session_bus_type }:dbus all_dbus_perms;
