From: dac.override@gmail.com (Dominick Grift) Date: Fri, 2 Sep 2016 16:46:27 +0200 Subject: [refpolicy] [PATCH] gpg: public key signature verification in evolution In-Reply-To: <1472827326.21408.7.camel@trentalancia.net> References: <1472737946.17989.0.camel@trentalancia.net> <7958812d-93fe-ded7-fb23-6d02c150bcb3@ieee.org> <1472815602.23008.8.camel@trentalancia.net> <09e0ed56-7f4d-71e8-d970-acecc18e2376@gmail.com> <1472827326.21408.7.camel@trentalancia.net> Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 09/02/2016 04:42 PM, Guido Trentalancia via refpolicy wrote: > On Fri, 02/09/2016 at 15.48 +0200, Dominick Grift wrote: >> On 09/02/2016 01:26 PM, Guido Trentalancia wrote: >>> >>> Hello Dominick. >>> >>> On Fri, 02/09/2016 at 10.48 +0200, Dominick Grift via refpolicy >>> wrote: >>>> >>>> On 09/02/2016 01:26 AM, Chris PeBenito via refpolicy wrote: >>>>> >>>>> >>>>> On 09/01/16 09:52, Guido Trentalancia via refpolicy wrote: >>>>>> >>>>>> >>>>>> Let gpg verify public key signatures in the evolution mail >>>>>> client >>>>>> application. >>>>>> >>>>>> Signed-off-by: Guido Trentalancia >>>>>> --- >>>>>> policy/modules/contrib/evolution.if | 21 >>>>>> +++++++++++++++++++++ >>>>>> policy/modules/contrib/gpg.te | 4 ++++ >>>>>> 2 files changed, 25 insertions(+) >>>>>> >>>>>> --- refpolicy-git-06082016- >>>>>> orig/policy/modules/contrib/evolution.if 2016-08-06 >>>>>> 21:27:11.349094280 +0200 >>>>>> +++ refpolicy-git- >>>>>> 06082016/policy/modules/contrib/evolution.if >>>>>> 2016-09-01 15:33:27.072148930 +0200 >>>>>> @@ -128,6 +128,27 @@ interface(`evolution_stream_connect',` >>>>>> >>>>>> ######################################## >>>>>> ## >>>>>> +## Read evolution orbit temporary >>>>>> +## files. >>>>>> +## >>>>>> +## >>>>>> +## >>>>>> +## Domain allowed access. >>>>>> +## >>>>>> +## >>>>>> +# >>>>>> +interface(`evolution_read_orbit_tmp_t',` >>>>> >>>>> evolution_read_orbit_tmp_files() >>>>> >>>>> >>>> >>>> You dont have to mention "orbit" at all. There are only sockets >>>> in >>>> orbit, and push comes to show that's just a evolution socket. >>>> This >>>> file >>>> is outside of orbit and so it have nothing to do with orbit >>>> >>>> so i would just use evolution_read_tmp_files() > > There are different types of evolution temporary files, so it is > necessary to distinguish amongst them. > >>>> however eventually it probably need rw instead of r, For example >>>> when >>>> you sign emails. >>> >>> Let's try to sign this message and see if it also requires write >>> permissions... > > It doesn't require write permissions, as it is evident in the new > version of the patch. > >> is that PGP/MIME or in-line signing? I dont use evolution so not sure >> if >> it even support in-line signatures or PGP/MIME > > It's PGP signing. SMIME signing does not use gpg. > I think there is a misunderstanding PGP/MIME will (AFAIK) attach the signature in a separate file whereas in-line signing adds the signature to the actual message instead. Anyhow no big deal. >> Either way, would be easy enough to adjust if and when someone needs >> it > > It works as it is, without write permissions on that temporary file. > There is nothing to adjust. > >> I still don't like the reference to orbit though > > See above (different types of temporary files). > > Originally I typed a wrong name by mistake (you know, copy and paste > the type name). > > I have now amended the name, as kindly suggested by Christopher. See > version 2. > Okay, that is not what i was referring to but fine. > Regards, > > Guido > _______________________________________________ > refpolicy mailing list > refpolicy at oss.tresys.com > http://oss.tresys.com/mailman/listinfo/refpolicy > -- Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02 https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02 Dominick Grift -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 648 bytes Desc: OpenPGP digital signature Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20160902/bc776eec/attachment.bin