diff --git a/policy/modules/apps/gnome.if b/policy/modules/apps/gnome.if
index b1b6bf6..f9149e7 100644
--- a/policy/modules/apps/gnome.if
+++ b/policy/modules/apps/gnome.if
@@ -51,7 +51,7 @@ interface(`gnome_role',`
## </param>
## <param name="user_domain">
## <summary>
-## The user domain associated with the role.
+## The user domain associated with the role.
## </summary>
## </param>
#
@@ -98,7 +98,7 @@ interface(`gnome_role_gkeyringd',`
allow $1_gkeyringd_t $3:dbus send_msg;
allow $3 $1_gkeyringd_t:dbus send_msg;
optional_policy(`
- dbus_session_domain($1_gkeyringd_t, gkeyringd_exec_t)
+ dbus_session_domain($1, gkeyringd_exec_t, $1_gkeyringd_t)
dbus_session_bus_client($1_gkeyringd_t)
gnome_home_dir_filetrans($1_gkeyringd_t)
gnome_manage_generic_home_dirs($1_gkeyringd_t)
diff --git a/policy/modules/apps/telepathy.if b/policy/modules/apps/telepathy.if
index 6878d68..4730846 100644
--- a/policy/modules/apps/telepathy.if
+++ b/policy/modules/apps/telepathy.if
@@ -28,8 +28,6 @@ template(`telepathy_domain_template',`
type telepathy_$1_tmp_t;
files_tmp_file(telepathy_$1_tmp_t)
ubac_constrained(telepathy_$1_tmp_t)
-
- dbus_session_domain(telepathy_$1_t, telepathy_$1_exec_t)
')
#######################################
@@ -51,6 +49,22 @@ template(`telepathy_domain_template',`
template(`telepathy_dbus_session_role', `
gen_require(`
attribute telepathy_domain;
+ type telepathy_gabble_t;
+ type telepathy_sofiasip_t;
+ type telepathy_idle_t;
+ type telepathy_mission_control_t;
+ type telepathy_salut_t;
+ type telepathy_sunshine_t;
+ type telepathy_stream_engine_t;
+ type telepathy_msn_t;
+ type telepathy_gabble_exec_t;
+ type telepathy_sofiasip_exec_t;
+ type telepathy_idle_exec_t;
+ type telepathy_mission_control_exec_t;
+ type telepathy_salut_exec_t;
+ type telepathy_sunshine_exec_t;
+ type telepathy_stream_engine_exec_t;
+ type telepathy_msn_exec_t;
')
role $1 types telepathy_domain;
@@ -65,6 +79,15 @@ template(`telepathy_dbus_session_role', `
telepathy_gabble_stream_connect($2)
telepathy_msn_stream_connect($2)
telepathy_salut_stream_connect($2)
+
+ dbus_session_domain($2, telepathy_gabble_exec_t, telepathy_gabble_t)
+ dbus_session_domain($2, telepathy_sofiasip_exec_t, telepathy_sofiasip_t)
+ dbus_session_domain($2, telepathy_idle_exec_t, telepathy_idle_t)
+ dbus_session_domain($2, telepathy_mission_control_exec_t, telepathy_mission_control_t)
+ dbus_session_domain($2, telepathy_salut_exec_t, telepathy_salut_t)
+ dbus_session_domain($2, telepathy_sunshine_exec_t, telepathy_sunshine_t)
+ dbus_session_domain($2, telepathy_stream_engine_exec_t, telepathy_stream_engine_t)
+ dbus_session_domain($2, telepathy_msn_exec_t, telepathy_msn_t)
')
########################################
@@ -147,7 +170,6 @@ interface(`telepathy_msn_stream_connect', `
files_search_tmp($1)
')
-
########################################
## <summary>
## Stream connect to Telepathy Salut
@@ -191,3 +213,46 @@ interface(`telepathy_mission_control_read_state',`
ps_process_pattern($1, telepathy_mission_control_t)
')
+########################################
+## <summary>
+## Execute telepathy executable
+## in the specified domain.
+## </summary>
+## <desc>
+## <p>
+## Execute a telepathy executable
+## in the specified domain. This allows
+## the specified domain to execute any file
+## on these filesystems in the specified
+## domain.
+## </p>
+## <p>
+## No interprocess communication (signals, pipes,
+## etc.) is provided by this interface since
+## the domains are not owned by this module.
+## </p>
+## <p>
+## This interface was added to handle
+## the ssh-agent policy.
+## </p>
+## </desc>
+## <param name="domain">
+## <summary>
+## Domain allowed to transition.
+## </summary>
+## </param>
+## <param name="target_domain">
+## <summary>
+## The type of the new process.
+## </summary>
+## </param>
+#
+interface(`telepathy_command_domtrans', `
+ gen_require(`
+ attribute telepathy_executable;
+ ')
+
+ allow $2 telepathy_executable:file entrypoint;
+ domain_transition_pattern($1, telepathy_executable, $2)
+ type_transition $1 telepathy_executable:process $2;
+')
diff --git a/policy/modules/apps/telepathy.te b/policy/modules/apps/telepathy.te
index 68211c2..665dce1 100644
--- a/policy/modules/apps/telepathy.te
+++ b/policy/modules/apps/telepathy.te
@@ -351,3 +351,14 @@ permissive telepathy_salut_t;
permissive telepathy_sunshine_t;
permissive telepathy_stream_engine_t;
permissive telepathy_msn_t;
+
+
+# Just for F15
+
+optional_policy(`
+ gen_require(`
+ role unconfined_r;
+ ')
+
+ role unconfined_r types telepathy_domain;
+')
diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te
index db5a937..fb6c6bd 100644
--- a/policy/modules/roles/staff.te
+++ b/policy/modules/roles/staff.te
@@ -84,8 +84,6 @@ optional_policy(`
optional_policy(`
gnome_role(staff_r, staff_t)
- gnome_role_gkeyringd(staff, staff_r, staff_t)
- permissive staff_gkeyringd_t;
')
optional_policy(`
diff --git a/policy/modules/roles/unconfineduser.te b/policy/modules/roles/unconfineduser.te
index 805d0ea..693d944 100644
--- a/policy/modules/roles/unconfineduser.te
+++ b/policy/modules/roles/unconfineduser.te
@@ -295,6 +295,10 @@ optional_policy(`
')
optional_policy(`
+ telepathy_command_domtrans(unconfined_dbusd_t, unconfined_t)
+ ')
+
+ optional_policy(`
oddjob_dbus_chat(unconfined_usertype)
')
@@ -416,10 +420,6 @@ optional_policy(`
')
optional_policy(`
- telepathy_dbus_session_role(unconfined_r, unconfined_t)
-')
-
-optional_policy(`
vbetool_run(unconfined_t, unconfined_r)
')
@@ -500,4 +500,3 @@ domain_ptrace_all_domains(unconfined_notrans_t)
#
gen_user(unconfined_u, user, unconfined_r system_r, s0, s0 - mls_systemhigh, mcs_allcats)
-
diff --git a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te
index dc6b88f..b56a290 100644
--- a/policy/modules/roles/unprivuser.te
+++ b/policy/modules/roles/unprivuser.te
@@ -35,7 +35,6 @@ optional_policy(`
optional_policy(`
gnome_role(user_r, user_t)
-
')
optional_policy(`
diff --git a/policy/modules/services/dbus.if b/policy/modules/services/dbus.if
index cee56c8..d2d4d9d 100644
--- a/policy/modules/services/dbus.if
+++ b/policy/modules/services/dbus.if
@@ -363,6 +363,12 @@ interface(`dbus_connect_session_bus',`
## Allow a application domain to be started
## by the session dbus.
## </summary>
+## <param name="prefix">
+## <summary>
+## The prefix of the dbus session domain (e.g., user
+## is the prefix for user_t).
+## </summary>
+## </param>
## <param name="domain">
## <summary>
## Type to be used as a domain.
@@ -377,13 +383,13 @@ interface(`dbus_connect_session_bus',`
#
interface(`dbus_session_domain',`
gen_require(`
- attribute session_bus_type;
+ type $1_dbusd_t;
')
- domtrans_pattern(session_bus_type, $2, $1)
+ domtrans_pattern($1_dbusd_t, $2, $3)
- dbus_session_bus_client($1)
- dbus_connect_session_bus($1)
+ dbus_session_bus_client($3)
+ dbus_connect_session_bus($3)
')
########################################
diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
index 4984747..f690d75 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -1078,6 +1078,7 @@ template(`userdom_restricted_xwindows_user_template',`
# bug: #682499
optional_policy(`
gnome_read_usr_config($1_usertype)
+ gnome_role_gkeyringd($1, $1_r, $1_t)
')
optional_policy(`