From: guido@trentalancia.net (Guido Trentalancia) Date: Thu, 01 Sep 2016 15:52:26 +0200 Subject: [refpolicy] [PATCH] gpg: public key signature verification in evolution Message-ID: <1472737946.17989.0.camel@trentalancia.net> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Let gpg verify public key signatures in the evolution mail client application. Signed-off-by: Guido Trentalancia --- policy/modules/contrib/evolution.if | 21 +++++++++++++++++++++ policy/modules/contrib/gpg.te | 4 ++++ 2 files changed, 25 insertions(+) --- refpolicy-git-06082016-orig/policy/modules/contrib/evolution.if 2016-08-06 21:27:11.349094280 +0200 +++ refpolicy-git-06082016/policy/modules/contrib/evolution.if 2016-09-01 15:33:27.072148930 +0200 @@ -128,6 +128,27 @@ interface(`evolution_stream_connect',` ######################################## ## +## Read evolution orbit temporary +## files. +## +## +## +## Domain allowed access. +## +## +# +interface(`evolution_read_orbit_tmp_t',` + gen_require(` + type evolution_orbit_tmp_t; + ') + + files_search_tmp($1) + read_files_pattern($1, evolution_orbit_tmp_t, evolution_orbit_tmp_t) +') + + +######################################## +## ## Send and receive messages from ## evolution over dbus. ## --- refpolicy-git-06082016-orig/policy/modules/contrib/gpg.te 2016-08-06 21:27:11.355094349 +0200 +++ refpolicy-git-06082016/policy/modules/contrib/gpg.te 2016-09-01 15:34:13.366784842 +0200 @@ -147,6 +147,10 @@ tunable_policy(`use_samba_home_dirs',` ') optional_policy(` + evolution_read_orbit_tmp_t(gpg_t) + ') + +optional_policy(` gnome_read_generic_home_content(gpg_t) gnome_stream_connect_all_gkeyringd(gpg_t) ')