This patch adds assorted permission to chat over dbus needed
for the correct functioning of Gnome and Evolution.
Signed-off-by: Guido Trentalancia <[email protected]>
---
policy/modules/contrib/evolution.te | 5 ++++
policy/modules/contrib/gnome.if | 37 ++++++++++++++++++++++++++++++++++++
2 files changed, 42 insertions(+)
diff -pru refpolicy-git-18042017-1918-orig/policy/modules/contrib/evolution.te refpolicy-git-18042017-1918/policy/modules/contrib/evolution.te
--- refpolicy-git-18042017-1918-orig/policy/modules/contrib/evolution.te 2017-03-29 17:58:00.276386397 +0200
+++ refpolicy-git-18042017-1918/policy/modules/contrib/evolution.te 2017-04-18 19:39:13.184604734 +0200
@@ -340,6 +340,11 @@ tunable_policy(`use_samba_home_dirs',`
optional_policy(`
dbus_all_session_bus_client(evolution_alarm_t)
+ dbus_connect_all_session_bus(evolution_alarm_t)
+
+ optional_policy(`
+ evolution_dbus_chat(evolution_alarm_t)
+ ')
')
optional_policy(`
diff -pru refpolicy-git-18042017-1918-orig/policy/modules/contrib/gnome.if refpolicy-git-18042017-1918/policy/modules/contrib/gnome.if
--- refpolicy-git-18042017-1918-orig/policy/modules/contrib/gnome.if 2017-03-29 17:58:00.281386397 +0200
+++ refpolicy-git-18042017-1918/policy/modules/contrib/gnome.if 2017-04-18 19:51:01.702601837 +0200
@@ -112,8 +112,17 @@ template(`gnome_role_template',`
dbus_spec_session_domain($1, $1_gkeyringd_t, gkeyringd_exec_t)
optional_policy(`
+ evolution_dbus_chat($1_gkeyringd_t)
+ ')
+
+ optional_policy(`
+ gnome_dbus_chat_gconfd($3)
gnome_dbus_chat_gkeyringd($1, $3)
')
+
+ optional_policy(`
+ wm_dbus_chat($1, $1_gkeyringd_t)
+ ')
')
')
@@ -682,6 +691,34 @@ interface(`gnome_read_keyring_home_files
')
########################################
+### <summary>
+### Send and receive messages from
+### gnome configuration daemon over
+### dbus.
+### </summary>
+### <param name="role_prefix">
+### <summary>
+### The prefix of the user domain (e.g., user
+### is the prefix for user_t).
+### </summary>
+### </param>
+### <param name="domain">
+### <summary>
+### Domain allowed access.
+### </summary>
+### </param>
+##
+interface(`gnome_dbus_chat_gconfd',`
+ gen_require(`
+ type gconfd_t;
+ class dbus send_msg;
+ ')
+
+ allow $1 gconfd_t:dbus send_msg;
+ allow gconfd_t $1:dbus send_msg;
+')
+
+########################################
## <summary>
## Send and receive messages from
## gnome keyring daemon over dbus.
On 04/18/2017 02:04 PM, Guido Trentalancia via refpolicy wrote:
> This patch adds assorted permission to chat over dbus needed
> for the correct functioning of Gnome and Evolution.
This didn't apply for me, but may be due to Russell's patches. One
other trivial comment below.
> Signed-off-by: Guido Trentalancia <[email protected]>
> ---
> policy/modules/contrib/evolution.te | 5 ++++
> policy/modules/contrib/gnome.if | 37 ++++++++++++++++++++++++++++++++++++
> 2 files changed, 42 insertions(+)
>
> diff -pru refpolicy-git-18042017-1918-orig/policy/modules/contrib/evolution.te refpolicy-git-18042017-1918/policy/modules/contrib/evolution.te
> --- refpolicy-git-18042017-1918-orig/policy/modules/contrib/evolution.te 2017-03-29 17:58:00.276386397 +0200
> +++ refpolicy-git-18042017-1918/policy/modules/contrib/evolution.te 2017-04-18 19:39:13.184604734 +0200
> @@ -340,6 +340,11 @@ tunable_policy(`use_samba_home_dirs',`
>
> optional_policy(`
> dbus_all_session_bus_client(evolution_alarm_t)
> + dbus_connect_all_session_bus(evolution_alarm_t)
> +
> + optional_policy(`
> + evolution_dbus_chat(evolution_alarm_t)
> + ')
> ')
>
> optional_policy(`
> diff -pru refpolicy-git-18042017-1918-orig/policy/modules/contrib/gnome.if refpolicy-git-18042017-1918/policy/modules/contrib/gnome.if
> --- refpolicy-git-18042017-1918-orig/policy/modules/contrib/gnome.if 2017-03-29 17:58:00.281386397 +0200
> +++ refpolicy-git-18042017-1918/policy/modules/contrib/gnome.if 2017-04-18 19:51:01.702601837 +0200
> @@ -112,8 +112,17 @@ template(`gnome_role_template',`
> dbus_spec_session_domain($1, $1_gkeyringd_t, gkeyringd_exec_t)
>
> optional_policy(`
> + evolution_dbus_chat($1_gkeyringd_t)
> + ')
> +
> + optional_policy(`
> + gnome_dbus_chat_gconfd($3)
> gnome_dbus_chat_gkeyringd($1, $3)
> ')
> +
> + optional_policy(`
> + wm_dbus_chat($1, $1_gkeyringd_t)
> + ')
> ')
> ')
>
> @@ -682,6 +691,34 @@ interface(`gnome_read_keyring_home_files
> ')
>
> ########################################
> +### <summary>
> +### Send and receive messages from
> +### gnome configuration daemon over
> +### dbus.
> +### </summary>
> +### <param name="role_prefix">
> +### <summary>
> +### The prefix of the user domain (e.g., user
> +### is the prefix for user_t).
> +### </summary>
> +### </param>
> +### <param name="domain">
> +### <summary>
> +### Domain allowed access.
> +### </summary>
> +### </param>
> +##
Too many #
> +interface(`gnome_dbus_chat_gconfd',`
> + gen_require(`
> + type gconfd_t;
> + class dbus send_msg;
> + ')
> +
> + allow $1 gconfd_t:dbus send_msg;
> + allow gconfd_t $1:dbus send_msg;
> +')
> +
> +########################################
> ## <summary>
> ## Send and receive messages from
> ## gnome keyring daemon over dbus.
--
Chris PeBenito
Hello.
This patch is very important: for example, the password remembering functionality in Evolution depends on it!
I will rebase it, fix the comment format and repost it in a few hours.
Thanks,
Guido
On the 19th of April 2017 03:51:12 CEST, Chris PeBenito <[email protected]> wrote:
>On 04/18/2017 02:04 PM, Guido Trentalancia via refpolicy wrote:
>> This patch adds assorted permission to chat over dbus needed
>> for the correct functioning of Gnome and Evolution.
>
>This didn't apply for me, but may be due to Russell's patches. One
>other trivial comment below.
>
>
>> Signed-off-by: Guido Trentalancia <[email protected]>
>> ---
>> policy/modules/contrib/evolution.te | 5 ++++
>> policy/modules/contrib/gnome.if | 37
>++++++++++++++++++++++++++++++++++++
>> 2 files changed, 42 insertions(+)
>>
>> diff -pru
>refpolicy-git-18042017-1918-orig/policy/modules/contrib/evolution.te
>refpolicy-git-18042017-1918/policy/modules/contrib/evolution.te
>> ---
>refpolicy-git-18042017-1918-orig/policy/modules/contrib/evolution.te 2017-03-29
>17:58:00.276386397 +0200
>> +++
>refpolicy-git-18042017-1918/policy/modules/contrib/evolution.te 2017-04-18
>19:39:13.184604734 +0200
>> @@ -340,6 +340,11 @@ tunable_policy(`use_samba_home_dirs',`
>>
>> optional_policy(`
>> dbus_all_session_bus_client(evolution_alarm_t)
>> + dbus_connect_all_session_bus(evolution_alarm_t)
>> +
>> + optional_policy(`
>> + evolution_dbus_chat(evolution_alarm_t)
>> + ')
>> ')
>>
>> optional_policy(`
>> diff -pru
>refpolicy-git-18042017-1918-orig/policy/modules/contrib/gnome.if
>refpolicy-git-18042017-1918/policy/modules/contrib/gnome.if
>> ---
>refpolicy-git-18042017-1918-orig/policy/modules/contrib/gnome.if 2017-03-29
>17:58:00.281386397 +0200
>> +++
>refpolicy-git-18042017-1918/policy/modules/contrib/gnome.if 2017-04-18
>19:51:01.702601837 +0200
>> @@ -112,8 +112,17 @@ template(`gnome_role_template',`
>> dbus_spec_session_domain($1, $1_gkeyringd_t, gkeyringd_exec_t)
>>
>> optional_policy(`
>> + evolution_dbus_chat($1_gkeyringd_t)
>> + ')
>> +
>> + optional_policy(`
>> + gnome_dbus_chat_gconfd($3)
>> gnome_dbus_chat_gkeyringd($1, $3)
>> ')
>> +
>> + optional_policy(`
>> + wm_dbus_chat($1, $1_gkeyringd_t)
>> + ')
>> ')
>> ')
>>
>> @@ -682,6 +691,34 @@ interface(`gnome_read_keyring_home_files
>> ')
>>
>> ########################################
>> +### <summary>
>> +### Send and receive messages from
>> +### gnome configuration daemon over
>> +### dbus.
>> +### </summary>
>> +### <param name="role_prefix">
>> +### <summary>
>> +### The prefix of the user domain (e.g., user
>> +### is the prefix for user_t).
>> +### </summary>
>> +### </param>
>> +### <param name="domain">
>> +### <summary>
>> +### Domain allowed access.
>> +### </summary>
>> +### </param>
>> +##
>
>Too many #
>
>> +interface(`gnome_dbus_chat_gconfd',`
>> + gen_require(`
>> + type gconfd_t;
>> + class dbus send_msg;
>> + ')
>> +
>> + allow $1 gconfd_t:dbus send_msg;
>> + allow gconfd_t $1:dbus send_msg;
>> +')
>> +
>> +########################################
>> ## <summary>
>> ## Send and receive messages from
>> ## gnome keyring daemon over dbus.
Hello Christopher.
I have checked again and my patch (above mentioned) applies cleanly to
the current git tree.
However, the build fails while assembling the lvm module due to:
dpkg_script_script_rw_pipes
so, it must be some change introduced by Russell because the dpkg is
used in Debian for package management.
If you experience problems that are strictly related to this patch,
please get back to me and I will check again. Otherwise, I take the
problem lies somewhere else.
I am now going to post a revised version of this patch, which only
fixes the extra "#" in the comments and nothing else.
Thanks for your time.
Regards,
Guido
On Tue, 18/04/2017 at 21.51 -0400, Chris PeBenito wrote:
> On 04/18/2017 02:04 PM, Guido Trentalancia via refpolicy wrote:
> > This patch adds assorted permission to chat over dbus needed
> > for the correct functioning of Gnome and Evolution.
>
> This didn't apply for me, but may be due to Russell's patches.??One?
> other trivial comment below.
>
>
> > Signed-off-by: Guido Trentalancia <[email protected]>
> > ---
> > ?policy/modules/contrib/evolution.te |????5 ++++
> > ?policy/modules/contrib/gnome.if?????|???37
> > ++++++++++++++++++++++++++++++++++++
> > ?2 files changed, 42 insertions(+)
> >
> > diff -pru refpolicy-git-18042017-1918-
> > orig/policy/modules/contrib/evolution.te refpolicy-git-18042017-
> > 1918/policy/modules/contrib/evolution.te
> > --- refpolicy-git-18042017-1918-
> > orig/policy/modules/contrib/evolution.te 2017-03-29
> > 17:58:00.276386397 +0200
> > +++ refpolicy-git-18042017-1918/policy/modules/contrib/evolution.te
> > 2017-04-18 19:39:13.184604734 +0200
> > @@ -340,6 +340,11 @@ tunable_policy(`use_samba_home_dirs',`
> >
> > ?optional_policy(`
> > ? dbus_all_session_bus_client(evolution_alarm_t)
> > + dbus_connect_all_session_bus(evolution_alarm_t)
> > +
> > + optional_policy(`
> > + evolution_dbus_chat(evolution_alarm_t)
> > + ')
> > ?')
> >
> > ?optional_policy(`
> > diff -pru refpolicy-git-18042017-1918-
> > orig/policy/modules/contrib/gnome.if refpolicy-git-18042017-
> > 1918/policy/modules/contrib/gnome.if
> > --- refpolicy-git-18042017-1918-
> > orig/policy/modules/contrib/gnome.if 2017-03-29
> > 17:58:00.281386397 +0200
> > +++ refpolicy-git-18042017-1918/policy/modules/contrib/gnome.if
> > 2017-04-18 19:51:01.702601837 +0200
> > @@ -112,8 +112,17 @@ template(`gnome_role_template',`
> > ? dbus_spec_session_domain($1, $1_gkeyringd_t,
> > gkeyringd_exec_t)
> >
> > ? optional_policy(`
> > + evolution_dbus_chat($1_gkeyringd_t)
> > + ')
> > +
> > + optional_policy(`
> > + gnome_dbus_chat_gconfd($3)
> > ? gnome_dbus_chat_gkeyringd($1, $3)
> > ? ')
> > +
> > + optional_policy(`
> > + wm_dbus_chat($1, $1_gkeyringd_t)
> > + ')
> > ? ')
> > ?')
> >
> > @@ -682,6 +691,34 @@ interface(`gnome_read_keyring_home_files
> > ?')
> >
> > ?########################################
> > +### <summary>
> > +### Send and receive messages from
> > +### gnome configuration daemon over
> > +### dbus.
> > +### </summary>
> > +### <param name="role_prefix">
> > +### <summary>
> > +### The prefix of the user domain (e.g., user
> > +### is the prefix for user_t).
> > +### </summary>
> > +### </param>
> > +### <param name="domain">
> > +### <summary>
> > +### Domain allowed access.
> > +### </summary>
> > +### </param>
> > +##
>
> Too many #
>
> > +interface(`gnome_dbus_chat_gconfd',`
> > + gen_require(`
> > + type gconfd_t;
> > + class dbus send_msg;
> > + ')
> > +
> > + allow $1 gconfd_t:dbus send_msg;
> > + allow gconfd_t $1:dbus send_msg;
> > +')
> > +
> > +########################################
> > ?## <summary>
> > ?## Send and receive messages from
> > ?## gnome keyring daemon over dbus.
>
>
This patch adds assorted permission to chat over dbus needed
for the correct functioning of Gnome and Evolution.
This second version, simply removes an extra "#" prefix from
the comments.
Signed-off-by: Guido Trentalancia <[email protected]>
---
policy/modules/contrib/evolution.te | 5 ++++
policy/modules/contrib/gnome.if | 37 ++++++++++++++++++++++++++++++++++++
2 files changed, 42 insertions(+)
diff -pru refpolicy-git-18042017-1918-orig/policy/modules/contrib/evolution.te refpolicy-git-18042017-1918/policy/modules/contrib/evolution.te
--- refpolicy-git-18042017-1918-orig/policy/modules/contrib/evolution.te 2017-03-29 17:58:00.276386397 +0200
+++ refpolicy-git-18042017-1918/policy/modules/contrib/evolution.te 2017-04-18 19:39:13.184604734 +0200
@@ -340,6 +340,11 @@ tunable_policy(`use_samba_home_dirs',`
optional_policy(`
dbus_all_session_bus_client(evolution_alarm_t)
+ dbus_connect_all_session_bus(evolution_alarm_t)
+
+ optional_policy(`
+ evolution_dbus_chat(evolution_alarm_t)
+ ')
')
optional_policy(`
diff -pru refpolicy-git-18042017-1918-orig/policy/modules/contrib/gnome.if refpolicy-git-18042017-1918/policy/modules/contrib/gnome.if
--- refpolicy-git-18042017-1918-orig/policy/modules/contrib/gnome.if 2017-03-29 17:58:00.281386397 +0200
+++ refpolicy-git-18042017-1918/policy/modules/contrib/gnome.if 2017-04-18 19:51:01.702601837 +0200
@@ -112,8 +112,17 @@ template(`gnome_role_template',`
dbus_spec_session_domain($1, $1_gkeyringd_t, gkeyringd_exec_t)
optional_policy(`
+ evolution_dbus_chat($1_gkeyringd_t)
+ ')
+
+ optional_policy(`
+ gnome_dbus_chat_gconfd($3)
gnome_dbus_chat_gkeyringd($1, $3)
')
+
+ optional_policy(`
+ wm_dbus_chat($1, $1_gkeyringd_t)
+ ')
')
')
@@ -682,6 +691,34 @@ interface(`gnome_read_keyring_home_files
')
########################################
+## <summary>
+## Send and receive messages from
+## gnome configuration daemon over
+## dbus.
+## </summary>
+## <param name="role_prefix">
+## <summary>
+## The prefix of the user domain (e.g., user
+## is the prefix for user_t).
+## </summary>
+## </param>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`gnome_dbus_chat_gconfd',`
+ gen_require(`
+ type gconfd_t;
+ class dbus send_msg;
+ ')
+
+ allow $1 gconfd_t:dbus send_msg;
+ allow gconfd_t $1:dbus send_msg;
+')
+
+########################################
## <summary>
## Send and receive messages from
## gnome keyring daemon over dbus.
This patch adds assorted permission to chat over dbus needed
for the correct functioning of Gnome and Evolution.
This second version, simply removes an extra "#" prefix from
the comments.
Signed-off-by: Guido Trentalancia <[email protected]>
---
policy/modules/contrib/evolution.te | 5 ++++
policy/modules/contrib/gnome.if | 37 ++++++++++++++++++++++++++++++++++++
2 files changed, 42 insertions(+)
diff -pru refpolicy-git-18042017-1918-orig/policy/modules/contrib/evolution.te refpolicy-git-18042017-1918/policy/modules/contrib/evolution.te
--- refpolicy-git-18042017-1918-orig/policy/modules/contrib/evolution.te 2017-03-29 17:58:00.276386397 +0200
+++ refpolicy-git-18042017-1918/policy/modules/contrib/evolution.te 2017-04-18 19:39:13.184604734 +0200
@@ -340,6 +340,11 @@ tunable_policy(`use_samba_home_dirs',`
optional_policy(`
dbus_all_session_bus_client(evolution_alarm_t)
+ dbus_connect_all_session_bus(evolution_alarm_t)
+
+ optional_policy(`
+ evolution_dbus_chat(evolution_alarm_t)
+ ')
')
optional_policy(`
diff -pru refpolicy-git-18042017-1918-orig/policy/modules/contrib/gnome.if refpolicy-git-18042017-1918/policy/modules/contrib/gnome.if
--- refpolicy-git-18042017-1918-orig/policy/modules/contrib/gnome.if 2017-03-29 17:58:00.281386397 +0200
+++ refpolicy-git-18042017-1918/policy/modules/contrib/gnome.if 2017-04-18 19:51:01.702601837 +0200
@@ -112,8 +112,17 @@ template(`gnome_role_template',`
dbus_spec_session_domain($1, $1_gkeyringd_t, gkeyringd_exec_t)
optional_policy(`
+ evolution_dbus_chat($1_gkeyringd_t)
+ ')
+
+ optional_policy(`
+ gnome_dbus_chat_gconfd($3)
gnome_dbus_chat_gkeyringd($1, $3)
')
+
+ optional_policy(`
+ wm_dbus_chat($1, $1_gkeyringd_t)
+ ')
')
')
@@ -682,6 +691,34 @@ interface(`gnome_read_keyring_home_files
')
########################################
+## <summary>
+## Send and receive messages from
+## gnome configuration daemon over
+## dbus.
+## </summary>
+## <param name="role_prefix">
+## <summary>
+## The prefix of the user domain (e.g., user
+## is the prefix for user_t).
+## </summary>
+## </param>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`gnome_dbus_chat_gconfd',`
+ gen_require(`
+ type gconfd_t;
+ class dbus send_msg;
+ ')
+
+ allow $1 gconfd_t:dbus send_msg;
+ allow gconfd_t $1:dbus send_msg;
+')
+
+########################################
## <summary>
## Send and receive messages from
## gnome keyring daemon over dbus.
On Tue, 18/04/2017 at 21.51 -0400, Chris PeBenito wrote:
> On 04/18/2017 02:04 PM, Guido Trentalancia via refpolicy wrote:
> > This patch adds assorted permission to chat over dbus needed
> > for the correct functioning of Gnome and Evolution.
>
> This didn't apply for me, but may be due to Russell's patches.??One?
> other trivial comment below.
It seems to be due to a missing interface dpkg_script_rw_pipes()
introduced with commit c2b04d1ea2e6ac10c056f89f8dfc9107f211bab8.
Unfortunately, there is another missing interface:
dpkg_manage_script_tmp_files().
I hope this helps.
Regards,
Guido
On Wed, 19 Apr 2017 10:54:04 PM Guido Trentalancia via refpolicy wrote:
> On Tue, 18/04/2017 at 21.51 -0400, Chris PeBenito wrote:
> > On 04/18/2017 02:04 PM, Guido Trentalancia via refpolicy wrote:
> > > This patch adds assorted permission to chat over dbus needed
> > > for the correct functioning of Gnome and Evolution.
> >
> > This didn't apply for me, but may be due to Russell's patches. One
> > other trivial comment below.
>
> It seems to be due to a missing interface dpkg_script_rw_pipes()
> introduced with commit c2b04d1ea2e6ac10c056f89f8dfc9107f211bab8.
>
> Unfortunately, there is another missing interface:
> dpkg_manage_script_tmp_files().
Both of those interfaces are in the current git policy.
--
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/
All right, thanks for telling me, I forgot to run "git submodule
update"...
After running it, I confirm that the dbus chat patch does not apply.
Something has changed eventually... I'll check that in a minute.
Regards,
Guido
On Wed, 19/04/2017 at 23.23 +1000, Russell Coker wrote:
> On Wed, 19 Apr 2017 10:54:04 PM Guido Trentalancia via refpolicy
> wrote:
> > On Tue, 18/04/2017 at 21.51 -0400, Chris PeBenito wrote:
> > > On 04/18/2017 02:04 PM, Guido Trentalancia via refpolicy wrote:
> > > > This patch adds assorted permission to chat over dbus needed
> > > > for the correct functioning of Gnome and Evolution.
> > >?
> > > This didn't apply for me, but may be due to Russell's patches.?
> One?
> > > other trivial comment below.
> >?
> > It seems to be due to a missing interface dpkg_script_rw_pipes()
> > introduced with commit c2b04d1ea2e6ac10c056f89f8dfc9107f211bab8.
> >?
> > Unfortunately, there is another missing interface:
> > dpkg_manage_script_tmp_files().
>
> Both of those interfaces are in the current git policy.
>
> --?
> My Main Blog???????? http://etbe.coker.com.au/
> My Documents Blog??? http://doc.coker.com.au/
This patch adds assorted permission to chat over dbus needed
for the correct functioning of Gnome and Evolution.
The second version, simply removes an extra "#" prefix from
the comments.
This third version, rebases the patch so that it applies to
the most recent git tree (thanks to Christopher PeBenito and
Russell Coker for pointing that out).
Signed-off-by: Guido Trentalancia <[email protected]>
---
policy/modules/contrib/evolution.te | 4 +++
policy/modules/contrib/gnome.if | 37 ++++++++++++++++++++++++++++++++++++
2 files changed, 41 insertions(+)
diff -pru refpolicy-git-19042017-orig/policy/modules/contrib/evolution.te refpolicy-git-19042017/policy/modules/contrib/evolution.te
--- refpolicy-git-19042017-orig/policy/modules/contrib/evolution.te 2017-04-19 15:24:48.035784797 +0200
+++ refpolicy-git-19042017/policy/modules/contrib/evolution.te 2017-04-19 15:29:03.587783753 +0200
@@ -345,6 +345,10 @@ tunable_policy(`use_samba_home_dirs',`
optional_policy(`
dbus_all_session_bus_client(evolution_alarm_t)
dbus_connect_all_session_bus(evolution_alarm_t)
+
+ optional_policy(`
+ evolution_dbus_chat(evolution_alarm_t)
+ ')
')
optional_policy(`
diff -pru refpolicy-git-19042017-orig/policy/modules/contrib/gnome.if refpolicy-git-19042017/policy/modules/contrib/gnome.if
--- refpolicy-git-19042017-orig/policy/modules/contrib/gnome.if 2017-03-29 17:58:00.281386397 +0200
+++ refpolicy-git-19042017/policy/modules/contrib/gnome.if 2017-04-19 15:25:22.778784655 +0200
@@ -112,8 +112,17 @@ template(`gnome_role_template',`
dbus_spec_session_domain($1, $1_gkeyringd_t, gkeyringd_exec_t)
optional_policy(`
+ evolution_dbus_chat($1_gkeyringd_t)
+ ')
+
+ optional_policy(`
+ gnome_dbus_chat_gconfd($3)
gnome_dbus_chat_gkeyringd($1, $3)
')
+
+ optional_policy(`
+ wm_dbus_chat($1, $1_gkeyringd_t)
+ ')
')
')
@@ -682,6 +691,34 @@ interface(`gnome_read_keyring_home_files
')
########################################
+## <summary>
+## Send and receive messages from
+## gnome configuration daemon over
+## dbus.
+## </summary>
+## <param name="role_prefix">
+## <summary>
+## The prefix of the user domain (e.g., user
+## is the prefix for user_t).
+## </summary>
+## </param>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`gnome_dbus_chat_gconfd',`
+ gen_require(`
+ type gconfd_t;
+ class dbus send_msg;
+ ')
+
+ allow $1 gconfd_t:dbus send_msg;
+ allow gconfd_t $1:dbus send_msg;
+')
+
+########################################
## <summary>
## Send and receive messages from
## gnome keyring daemon over dbus.
On 04/19/2017 09:37 AM, Guido Trentalancia via refpolicy wrote:
> This patch adds assorted permission to chat over dbus needed
> for the correct functioning of Gnome and Evolution.
>
> The second version, simply removes an extra "#" prefix from
> the comments.
>
> This third version, rebases the patch so that it applies to
> the most recent git tree (thanks to Christopher PeBenito and
> Russell Coker for pointing that out).
Merged.
> Signed-off-by: Guido Trentalancia <[email protected]>
> ---
> policy/modules/contrib/evolution.te | 4 +++
> policy/modules/contrib/gnome.if | 37 ++++++++++++++++++++++++++++++++++++
> 2 files changed, 41 insertions(+)
>
> diff -pru refpolicy-git-19042017-orig/policy/modules/contrib/evolution.te refpolicy-git-19042017/policy/modules/contrib/evolution.te
> --- refpolicy-git-19042017-orig/policy/modules/contrib/evolution.te 2017-04-19 15:24:48.035784797 +0200
> +++ refpolicy-git-19042017/policy/modules/contrib/evolution.te 2017-04-19 15:29:03.587783753 +0200
> @@ -345,6 +345,10 @@ tunable_policy(`use_samba_home_dirs',`
> optional_policy(`
> dbus_all_session_bus_client(evolution_alarm_t)
> dbus_connect_all_session_bus(evolution_alarm_t)
> +
> + optional_policy(`
> + evolution_dbus_chat(evolution_alarm_t)
> + ')
> ')
>
> optional_policy(`
> diff -pru refpolicy-git-19042017-orig/policy/modules/contrib/gnome.if refpolicy-git-19042017/policy/modules/contrib/gnome.if
> --- refpolicy-git-19042017-orig/policy/modules/contrib/gnome.if 2017-03-29 17:58:00.281386397 +0200
> +++ refpolicy-git-19042017/policy/modules/contrib/gnome.if 2017-04-19 15:25:22.778784655 +0200
> @@ -112,8 +112,17 @@ template(`gnome_role_template',`
> dbus_spec_session_domain($1, $1_gkeyringd_t, gkeyringd_exec_t)
>
> optional_policy(`
> + evolution_dbus_chat($1_gkeyringd_t)
> + ')
> +
> + optional_policy(`
> + gnome_dbus_chat_gconfd($3)
> gnome_dbus_chat_gkeyringd($1, $3)
> ')
> +
> + optional_policy(`
> + wm_dbus_chat($1, $1_gkeyringd_t)
> + ')
> ')
> ')
>
> @@ -682,6 +691,34 @@ interface(`gnome_read_keyring_home_files
> ')
>
> ########################################
> +## <summary>
> +## Send and receive messages from
> +## gnome configuration daemon over
> +## dbus.
> +## </summary>
> +## <param name="role_prefix">
> +## <summary>
> +## The prefix of the user domain (e.g., user
> +## is the prefix for user_t).
> +## </summary>
> +## </param>
> +## <param name="domain">
> +## <summary>
> +## Domain allowed access.
> +## </summary>
> +## </param>
> +#
> +interface(`gnome_dbus_chat_gconfd',`
> + gen_require(`
> + type gconfd_t;
> + class dbus send_msg;
> + ')
> +
> + allow $1 gconfd_t:dbus send_msg;
> + allow gconfd_t $1:dbus send_msg;
> +')
> +
> +########################################
> ## <summary>
> ## Send and receive messages from
> ## gnome keyring daemon over dbus.
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
>
--
Chris PeBenito