From: dac.override@gmail.com (Dominick Grift) Date: Sat, 13 Aug 2016 22:23:38 +0200 Subject: [refpolicy] [PATCH] Update the colord module In-Reply-To: <1723933090.942512.1471119061166.JavaMail.open-xchange@popper02.register.it> References: <1723933090.942512.1471119061166.JavaMail.open-xchange@popper02.register.it> Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 08/13/2016 10:11 PM, Guido Trentalancia wrote: > Update the colord module: > > - add support for writing colord subdirectories of /usr/share; > - add support for reading colord subdirectories of /home (e.g. > ICC profiles). > > Signed-off-by: Guido Trentalancia > --- > policy/modules/contrib/colord.fc | 5 +++++ > policy/modules/contrib/colord.te | 13 +++++++++++++ > 2 files changed, 18 insertions(+) > > --- refpolicy-git-06082016-orig/policy/modules/contrib/colord.fc 2016-08-06 > 21:27:11.337094143 +0200 > +++ refpolicy-git-06082016/policy/modules/contrib/colord.fc 2016-08-13 > 17:39:07.096980948 +0200 > @@ -1,3 +1,5 @@ > +HOME_DIR/\.local/share/icc(/.*)? I thought that by now reference policy implemented $XDG_DATA_DIR, $XDG_CONFIG_DIR and $XDG_CACHE_DIR for ~/.local/share, ~/.config and ~/.cache respectively? Am i mistaken? I would probably do that first > gen_context(system_u:object_r:colord_home_t,s0) > + > /usr/lib/colord/colord -- gen_context(system_u:object_r:colord_exec_t,s0) > /usr/lib/colord/colord-sane -- gen_context(system_u:object_r:colord_exec_t,s0) > > @@ -7,5 +9,8 @@ > /usr/libexec/colord -- gen_context(system_u:object_r:colord_exec_t,s0) > /usr/libexec/colord-sane -- gen_context(system_u:object_r:colord_exec_t,s0) > > +/usr/share/color(/.*)? gen_context(system_u:object_r:colord_usr_lib_t,s0) > +/usr/share/colord(/.*)? gen_context(system_u:object_r:colord_usr_lib_t,s0) > + > /var/lib/color(/.*)? gen_context(system_u:object_r:colord_var_lib_t,s0) > /var/lib/colord(/.*)? gen_context(system_u:object_r:colord_var_lib_t,s0) > --- refpolicy-git-06082016-orig/policy/modules/contrib/colord.te 2016-08-06 > 21:27:11.338094155 +0200 > +++ refpolicy-git-06082016/policy/modules/contrib/colord.te 2016-08-13 > 22:01:26.485422418 +0200 > @@ -9,12 +9,18 @@ type colord_t; > type colord_exec_t; > dbus_system_domain(colord_t, colord_exec_t) > > +type colord_home_t; > +userdom_user_home_content(colord_home_t); > + > type colord_tmp_t; > files_tmp_file(colord_tmp_t) > > type colord_tmpfs_t; > files_tmpfs_file(colord_tmpfs_t) > > +type colord_usr_lib_t; > +files_type(colord_usr_lib_t) > + > type colord_var_lib_t; > files_type(colord_var_lib_t) > > @@ -31,6 +37,10 @@ allow colord_t self:netlink_kobject_ueve > allow colord_t self:tcp_socket { accept listen }; > allow colord_t self:shm create_shm_perms; > > +allow colord_t colord_home_t:dir list_dir_perms; > +allow colord_t colord_home_t:file read_file_perms; > +allow colord_t colord_home_t:lnk_file read_lnk_file_perms; > + > manage_dirs_pattern(colord_t, colord_tmp_t, colord_tmp_t) > manage_files_pattern(colord_t, colord_tmp_t, colord_tmp_t) > files_tmp_filetrans(colord_t, colord_tmp_t, { file dir }) > @@ -39,6 +49,9 @@ manage_dirs_pattern(colord_t, colord_tmp > manage_files_pattern(colord_t, colord_tmpfs_t, colord_tmpfs_t) > fs_tmpfs_filetrans(colord_t, colord_tmpfs_t, { dir file }) > > +manage_dirs_pattern(colord_t, colord_usr_lib_t, colord_usr_lib_t) > +manage_files_pattern(colord_t, colord_usr_lib_t, colord_usr_lib_t) > + > manage_dirs_pattern(colord_t, colord_var_lib_t, colord_var_lib_t) > manage_files_pattern(colord_t, colord_var_lib_t, colord_var_lib_t) > files_var_lib_filetrans(colord_t, colord_var_lib_t, dir) > _______________________________________________ > refpolicy mailing list > refpolicy at oss.tresys.com > http://oss.tresys.com/mailman/listinfo/refpolicy > -- Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02 https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02 Dominick Grift -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 648 bytes Desc: OpenPGP digital signature Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20160813/ebf19a8c/attachment-0001.bin