From: nicky726@gmail.com (Nicky 726)
Date: Thu, 10 Sep 2009 15:12:59 +0200
Subject: [refpolicy] Basic policy for KDE and Konqueror, 2nd look
Message-ID: <f89acf360909100612q57c957a6h453538e955b1490a@mail.gmail.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Hello,

Dominick Grift wrote:
>> ########################################
>> ## <summary>
>> ## ? ?Create file, dir, links of specified type in
>> ## ?kde_shared_home_t dirs with type transition
>> ## </summary>
>> ## <param name="domain">
>> ## ? ?<summary>
>> ## ? ?Domain allowed access
>> ## ? ?</summary>
>> ## </param>
>> ## <param name="private type">
>> ## ? ?<summary>
>> ## ? ?Private type of created object
>> ## ? ?</summary>
>> ## </param>
>> #
>> interface(`files_kde_home_filetrans',`
>> ? ? ? gen_require(`
>> ? ? ? ? ? ? ? type kde_shared_home_t;
>> ? ? ? ')
>>
>> ? ? ? ? ?type_transition $1 kde_shared_home_t:{ file lnk_file sock_file dir } $2;
>>
>> ')
> This is a bad idea. processes should not type transition to type that they do not own.
> use manage_files_pattern instead.
>>

This is because of konqueror config files in directory
~/.kde/share/config/. The directory has type kde_shared_home_t and
config files konqueror_home_t. Now, when theese files are rewritten,
they switch to directory type kde_shared_home_t without this type
transition. This is unwanted, as they should hold their own type
konqueror_home_t. I tried to keep the functionality with
manage_files_pattern, but I was unsuccecful. When I think of it more,
I don't agree that process is type transitioning to type that it
doesn't own. As it is called by process konqueror_t and the files
switch to type konqueror_home_t. But it can probably be called with
whatever type one wants, though it is not in my policy, so I think it
is not an issue, or is it?

Thanks for your time,
Ondrej Vadinsky

-- 
"Don't it always seem to go
That you don't know what you've got
Till it's gone."

                                         (Joni Mitchell)