roles: move dbus_role_template to userdom_common_user_template

After commit cc8374fd24129a2a20669bda2b57d8b029945047 (various: systemd user fixes and additional support), the dbus_role_template is required for all roles. Move it to userdom_common_user_template. Before the patch if set DISTRO=redhat: root@qemux86-64:~# ps xZ | grep "systemd --user" root:sysadm_r:sysadm_t 240 ? Ss 0:00 /lib/systemd/systemd --user After the patch: root@qemux86-64:~# ps xZ | grep "systemd --user" root:sysadm_r:sysadm_systemd_t 218 ? Ss 0:00 /lib/systemd/systemd --user Signed-off-by: Yi Zhao <[email protected]>
0xC0ncord · Jul 20, 2021 · c8798fb · c8798fb
1 parent 7109706
commit c8798fb
Show file tree

Hide file tree

Showing 6 changed files with 23 additions and 42 deletions.
diff --git a/policy/modules/roles/auditadm.te b/policy/modules/roles/auditadm.te
@@ -39,10 +39,6 @@ optional_policy(`
 	dmesg_exec(auditadm_t)
 ')
 
-optional_policy(`
-	dbus_role_template(auditadm, auditadm_r, auditadm_t)
-')
-
 optional_policy(`
 	screen_role_template(auditadm, auditadm_r, auditadm_t)
 ')

diff --git a/policy/modules/roles/secadm.te b/policy/modules/roles/secadm.te
@@ -48,10 +48,6 @@ optional_policy(`
 	auditadm_role_change(secadm_r)
 ')
 
-optional_policy(`
-	dbus_role_template(secadm, secadm_r, secadm_t)
-')
-
 optional_policy(`
 	dmesg_exec(secadm_t)
 ')

diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te
@@ -98,19 +98,15 @@ ifndef(`distro_redhat',`
 	')
 
 	optional_policy(`
-		dbus_role_template(staff, staff_r, staff_t)
-
-		optional_policy(`
-			gnome_role_template(staff, staff_r, staff_t)
-		')
+		gnome_role_template(staff, staff_r, staff_t)
+	')
 
-		optional_policy(`
-			telepathy_role_template(staff, staff_r, staff_t)
-		')
+	optional_policy(`
+		telepathy_role_template(staff, staff_r, staff_t)
+	')
 
-		optional_policy(`
-			wm_role_template(staff, staff_r, staff_t)
-		')
+	optional_policy(`
+		wm_role_template(staff, staff_r, staff_t)
 	')
 
 	optional_policy(`

diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
@@ -1222,15 +1222,11 @@ ifndef(`distro_redhat',`
 	')
 
 	optional_policy(`
-		dbus_role_template(sysadm, sysadm_r, sysadm_t)
-
-		optional_policy(`
-			gnome_role_template(sysadm, sysadm_r, sysadm_t)
-		')
+		gnome_role_template(sysadm, sysadm_r, sysadm_t)
+	')
 
-		optional_policy(`
-			wm_role_template(sysadm, sysadm_r, sysadm_t)
-		')
+	optional_policy(`
+		wm_role_template(sysadm, sysadm_r, sysadm_t)
 	')
 
 	optional_policy(`

diff --git a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te
@@ -62,19 +62,15 @@ ifndef(`distro_redhat',`
 	')
 
 	optional_policy(`
-		dbus_role_template(user, user_r, user_t)
-
-		optional_policy(`
-			gnome_role_template(user, user_r, user_t)
-		')
+		gnome_role_template(user, user_r, user_t)
+	')
 
-		optional_policy(`
-			telepathy_role_template(user, user_r, user_t)
-		')
+	optional_policy(`
+		telepathy_role_template(user, user_r, user_t)
+	')
 
-		optional_policy(`
-			wm_role_template(user, user_r, user_t)
-		')
+	optional_policy(`
+		wm_role_template(user, user_r, user_t)
 	')
 
 	optional_policy(`

diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
@@ -729,6 +729,7 @@ template(`userdom_common_user_template',`
 	')
 
 	optional_policy(`
+		dbus_role_template($1, $1_r, $1_t)
 		dbus_system_bus_client($1_t)
 
 		optional_policy(`
@@ -767,6 +768,10 @@ template(`userdom_common_user_template',`
 		optional_policy(`
 			xserver_dbus_chat_xdm($1_t)
 		')
+
+		optional_policy(`
+			systemd_role_template($1, $1_r, $1_t)
+		')
 	')
 
 	optional_policy(`
@@ -868,10 +873,6 @@ template(`userdom_common_user_template',`
 		slrnpull_search_spool($1_t)
 	')
 
-	optional_policy(`
-		systemd_role_template($1, $1_r, $1_t)
-	')
-
 	optional_policy(`
 		udev_read_runtime_files($1_t)
 	')