From: aranea@aixah.de (Luis Ressel)
Date: Fri, 14 Feb 2014 20:47:18 +0100
Subject: [refpolicy] Restricting access to pcscd socket
Message-ID: <1392407241-18492-1-git-send-email-aranea@aixah.de>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

The policy grants the right to access the pcscd socket (PC/SC daemon, a daemon
for accessing smartcards) to some domains which rarely need it: xguest_t,
mozilla_plugin_t and kerberos users (through kerberos_use()). While there are
use cases which require this access, most do not, and access to a smartcard is
something rather critical. Therefore I propose to make this permission a
tunable.

There are some other domains which are granted this access (openct_t,
certmonger_t, certwatch_t, and after my last patch also gpg_agent_t), but they
are specifically crypto-related and should be well-protected, so I decided to
leave their permissions unconditional. (Sure, kerberos is also crypto-related,
but in that policy, the right is granted to any application using kerberos, not
only a separate process.)

What do you think?

Regards,
Luis Ressel