From: pebenito@ieee.org (Chris PeBenito)
Date: Tue, 27 Sep 2016 18:32:09 -0400
Subject: [refpolicy] [PATCH v2] gpg: public key signature verification
 in evolution
In-Reply-To: <1474988132.2265.2.camel@trentalancia.net>
References: <1472737946.17989.0.camel@trentalancia.net>
	<7958812d-93fe-ded7-fb23-6d02c150bcb3@ieee.org>
	<1472816153.25473.3.camel@trentalancia.net>
	<1474988132.2265.2.camel@trentalancia.net>
Message-ID: <151e4b8f-7aa6-edc0-0288-d257b658834a@ieee.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 09/27/16 10:55, Guido Trentalancia wrote:
> Hello Christopher !
>
> For some strage reason, I believe this patch has not been applied yet.
>
> Could you please double-check ?

Sorry about that, it's merged now.


> On 02/09/2016 at 13.35 +0200, Guido Trentalancia via refpolicy wrote:
>> Let gpg verify public key signatures in the evolution mail client
>> application.
>>
>> It doesn't need write permissions on such files for
>> signing/encrypting messages.
>>
>> Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
>> ---
>>  policy/modules/contrib/evolution.if |   21 +++++++++++++++++++++
>>  policy/modules/contrib/gpg.te       |    4 ++++
>>  2 files changed, 25 insertions(+)
>>
>> --- refpolicy-git-06082016-orig/policy/modules/contrib/evolution.if	
>> 2016-08-06 21:27:11.349094280 +0200
>> +++ refpolicy-git-06082016/policy/modules/contrib/evolution.if	
>> 2016-09-01 15:33:27.072148930 +0200
>> @@ -128,6 +128,27 @@ interface(`evolution_stream_connect',`
>>
>>  ########################################
>>  ## <summary>
>> +##	Read evolution orbit temporary
>> +##	files.
>> +## </summary>
>> +## <param name="domain">
>> +##	<summary>
>> +##	Domain allowed access.
>> +##	</summary>
>> +## </param>
>> +#
>> +interface(`evolution_read_orbit_tmp_files',`
>> +	gen_require(`
>> +		type evolution_orbit_tmp_t;
>> +	')
>> +
>> +	files_search_tmp($1)
>> +	read_files_pattern($1, evolution_orbit_tmp_t,
>> evolution_orbit_tmp_t)
>> +')
>> +
>> +
>> +########################################
>> +## <summary>
>>  ##	Send and receive messages from
>>  ##	evolution over dbus.
>>  ## </summary>
>> --- refpolicy-git-06082016-orig/policy/modules/contrib/gpg.te	
>> 2016-08-06 21:27:11.355094349 +0200
>> +++ refpolicy-git-06082016/policy/modules/contrib/gpg.te	2016-
>> 09-01 15:34:13.366784842 +0200
>> @@ -147,6 +147,10 @@ tunable_policy(`use_samba_home_dirs',`
>>  ')
>>
>>  optional_policy(`
>> +	evolution_read_orbit_tmp_files(gpg_t)
>> +	')
>> +
>> +optional_policy(`
>>  	gnome_read_generic_home_content(gpg_t)
>>  	gnome_stream_connect_all_gkeyringd(gpg_t)
>>  ')


-- 
Chris PeBenito