From: guido@trentalancia.net (Guido Trentalancia)
Date: Fri, 02 Sep 2016 13:26:42 +0200
Subject: [refpolicy] [PATCH] gpg: public key signature verification in
 evolution
In-Reply-To: <bc32fd38-c6d6-aa2e-bd61-44c9a99fb344@gmail.com>
References: <1472737946.17989.0.camel@trentalancia.net>
	<7958812d-93fe-ded7-fb23-6d02c150bcb3@ieee.org>
	<bc32fd38-c6d6-aa2e-bd61-44c9a99fb344@gmail.com>
Message-ID: <1472815602.23008.8.camel@trentalancia.net>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Hello Dominick.

On Fri, 02/09/2016 at 10.48 +0200, Dominick Grift via refpolicy wrote:
> On 09/02/2016 01:26 AM, Chris PeBenito via refpolicy wrote:
> > 
> > On 09/01/16 09:52, Guido Trentalancia via refpolicy wrote:
> > > 
> > > Let gpg verify public key signatures in the evolution mail client
> > > application.
> > > 
> > > Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
> > > ---
> > > ?policy/modules/contrib/evolution.if |???21 +++++++++++++++++++++
> > > ?policy/modules/contrib/gpg.te???????|????4 ++++
> > > ?2 files changed, 25 insertions(+)
> > > 
> > > --- refpolicy-git-06082016-
> > > orig/policy/modules/contrib/evolution.if	2016-08-06
> > > 21:27:11.349094280 +0200
> > > +++ refpolicy-git-06082016/policy/modules/contrib/evolution.if	
> > > 2016-09-01 15:33:27.072148930 +0200
> > > @@ -128,6 +128,27 @@ interface(`evolution_stream_connect',`
> > > 
> > > ?########################################
> > > ?## <summary>
> > > +##	Read evolution orbit temporary
> > > +##	files.
> > > +## </summary>
> > > +## <param name="domain">
> > > +##	<summary>
> > > +##	Domain allowed access.
> > > +##	</summary>
> > > +## </param>
> > > +#
> > > +interface(`evolution_read_orbit_tmp_t',`
> > 
> > evolution_read_orbit_tmp_files()
> > 
> > 
> 
> You dont have to mention "orbit" at all. There are only sockets in
> orbit, and push comes to show that's just a evolution socket. This
> file
> is outside of orbit and so it have nothing to do with orbit
> 
> so i would just use evolution_read_tmp_files()
> 
> however eventually it probably need rw instead of r, For example when
> you sign emails.

Let's try to sign this message and see if it also requires write
permissions...

Guido
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 213 bytes
Desc: This is a digitally signed message part
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20160902/8b95c9e6/attachment-0001.bin