Written by: Martin Orr

Allow dbus to read client domains' state
From somewhere between 1.2.1 and 1.2.12, it reads connecting processes' command
lines for logging purposes
Add this to dbus_system_bus_client, dbus_session_bus_client and
dbus_system_bus_unconfined

Index: policy/modules/services/dbus.if
===================================================================
--- policy/modules/services/dbus.if.orig
+++ policy/modules/services/dbus.if
@@ -194,6 +194,9 @@
 	files_search_pids($1)
 	stream_connect_pattern($1, system_dbusd_var_run_t, system_dbusd_var_run_t, system_dbusd_t)
 	dbus_read_config($1)
+
+	# DBus reads /proc/$pid/cmdline for logging
+	read_files_pattern(system_dbusd_t, $1, $1)
 ')
 
 #######################################
@@ -218,6 +221,9 @@
 
 	# For connecting to the bus
 	allow $1 session_bus_type:unix_stream_socket connectto;
+
+	# DBus reads /proc/$pid/cmdline for logging
+	read_files_pattern(session_bus_type, $1, $1)
 ')
 
 ########################################
@@ -401,6 +407,9 @@
 	')
 
 	allow $1 system_dbusd_t:dbus *;
+
+	# DBus reads /proc/$pid/cmdline for logging
+	read_files_pattern(system_dbusd_t, $1, $1)
 ')
 
 ########################################