From 0cdff0e7743063f603ca350ec5cc169e2f3a4df0 Mon Sep 17 00:00:00 2001
From: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
Date: Mon, 18 Dec 2017 08:09:38 +0100
Subject: [PATCH] data/selinux: add policykit_dbus_chat()

Add an optional policy to allow policykit_dbus_chat(). Enables sending to and
receiving messages from policykit.

Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
---
 data/selinux/snappy.te | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/data/selinux/snappy.te b/data/selinux/snappy.te
index 3370fb3943..cd2f0fccce 100644
--- a/data/selinux/snappy.te
+++ b/data/selinux/snappy.te
@@ -216,6 +216,7 @@ corenet_udp_sendrecv_dns_port(snappy_t)
 corenet_tcp_connect_dns_port(snappy_t)
 corenet_sendrecv_dns_client_packets(snappy_t)
 
-# allow polkit to reply to snapd
-gen_require(` type policykit_t; class dbus send_msg; ')
-allow policykit_t snappy_t:dbus send_msg;
+# allow communication with polkit over dbus
+optional_policy(`
+  policykit_dbus_chat(snappy_t)
+')