From: dac.override@gmail.com (Dominick Grift) Date: Fri, 2 Sep 2016 10:48:34 +0200 Subject: [refpolicy] [PATCH] gpg: public key signature verification in evolution In-Reply-To: <7958812d-93fe-ded7-fb23-6d02c150bcb3@ieee.org> References: <1472737946.17989.0.camel@trentalancia.net> <7958812d-93fe-ded7-fb23-6d02c150bcb3@ieee.org> Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 09/02/2016 01:26 AM, Chris PeBenito via refpolicy wrote: > On 09/01/16 09:52, Guido Trentalancia via refpolicy wrote: >> Let gpg verify public key signatures in the evolution mail client application. >> >> Signed-off-by: Guido Trentalancia >> --- >> policy/modules/contrib/evolution.if | 21 +++++++++++++++++++++ >> policy/modules/contrib/gpg.te | 4 ++++ >> 2 files changed, 25 insertions(+) >> >> --- refpolicy-git-06082016-orig/policy/modules/contrib/evolution.if 2016-08-06 21:27:11.349094280 +0200 >> +++ refpolicy-git-06082016/policy/modules/contrib/evolution.if 2016-09-01 15:33:27.072148930 +0200 >> @@ -128,6 +128,27 @@ interface(`evolution_stream_connect',` >> >> ######################################## >> ## >> +## Read evolution orbit temporary >> +## files. >> +## >> +## >> +## >> +## Domain allowed access. >> +## >> +## >> +# >> +interface(`evolution_read_orbit_tmp_t',` > > evolution_read_orbit_tmp_files() > > You dont have to mention "orbit" at all. There are only sockets in orbit, and push comes to show that's just a evolution socket. This file is outside of orbit and so it have nothing to do with orbit so i would just use evolution_read_tmp_files() however eventually it probably need rw instead of r, For example when you sign emails. -- Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02 https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02 Dominick Grift -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 648 bytes Desc: OpenPGP digital signature Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20160902/6b43ccf9/attachment.bin