From: aranea@aixah.de (Luis Ressel)
Date: Sat, 15 Feb 2014 22:00:25 +0100
Subject: [refpolicy] Restricting access to pcscd socket
In-Reply-To: <52FFCFC0.8030407@tresys.com>
References: <1392407241-18492-1-git-send-email-aranea@aixah.de>
	<52FFCFC0.8030407@tresys.com>
Message-ID: <20140215220025.2cb38402@gentp.lnet>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Sat, 15 Feb 2014 15:36:16 -0500
"Christopher J. PeBenito" <cpebenito@tresys.com> wrote:

> Typically I would take something like this.  Conditionally making the
> policy stricter is usually a good thing.  I'm not so sure that it
> makes sense here.  It doesn't seem like it buys much.
> 

I'm not sure about either. If I understand it correctly, once one
application accesses a smartcard, it gets exclusive access - other
applications can't access it anymore until the using application stops
using the smartcard (and hopefully resets it before).

On the other hand, something as security-critical as a smartcard daemon
should be well-protected, and mozilla_plugin_t is a really exposed
domain. Same goes for xguest_t - you expect that one to have minimal
permissions, and that normally wouldn't include access to smartcards.

Therefore, I think it would be a good idea to add these booleans. Could
you perhaps elaborate a bit on them "not buying much"?


Regards,
Luis Ressel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 966 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20140215/439d0445/attachment.bin