From: guido@trentalancia.net (Guido Trentalancia)
Date: Thu, 01 Sep 2016 15:52:26 +0200
Subject: [refpolicy] [PATCH] gpg: public key signature verification in
	evolution
Message-ID: <1472737946.17989.0.camel@trentalancia.net>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Let gpg verify public key signatures in the evolution mail client application.

Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
---
 policy/modules/contrib/evolution.if |   21 +++++++++++++++++++++
 policy/modules/contrib/gpg.te       |    4 ++++
 2 files changed, 25 insertions(+)

--- refpolicy-git-06082016-orig/policy/modules/contrib/evolution.if	2016-08-06 21:27:11.349094280 +0200
+++ refpolicy-git-06082016/policy/modules/contrib/evolution.if	2016-09-01 15:33:27.072148930 +0200
@@ -128,6 +128,27 @@ interface(`evolution_stream_connect',`
 
 ########################################
 ## <summary>
+##	Read evolution orbit temporary
+##	files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`evolution_read_orbit_tmp_t',`
+	gen_require(`
+		type evolution_orbit_tmp_t;
+	')
+
+	files_search_tmp($1)
+	read_files_pattern($1, evolution_orbit_tmp_t, evolution_orbit_tmp_t)
+')
+
+
+########################################
+## <summary>
 ##	Send and receive messages from
 ##	evolution over dbus.
 ## </summary>
--- refpolicy-git-06082016-orig/policy/modules/contrib/gpg.te	2016-08-06 21:27:11.355094349 +0200
+++ refpolicy-git-06082016/policy/modules/contrib/gpg.te	2016-09-01 15:34:13.366784842 +0200
@@ -147,6 +147,10 @@ tunable_policy(`use_samba_home_dirs',`
 ')
 
 optional_policy(`
+	evolution_read_orbit_tmp_t(gpg_t)
+	')
+
+optional_policy(`
 	gnome_read_generic_home_content(gpg_t)
 	gnome_stream_connect_all_gkeyringd(gpg_t)
 ')