From: pebenito@ieee.org (Chris PeBenito) Date: Tue, 27 Sep 2016 18:32:09 -0400 Subject: [refpolicy] [PATCH v2] gpg: public key signature verification in evolution In-Reply-To: <1474988132.2265.2.camel@trentalancia.net> References: <1472737946.17989.0.camel@trentalancia.net> <7958812d-93fe-ded7-fb23-6d02c150bcb3@ieee.org> <1472816153.25473.3.camel@trentalancia.net> <1474988132.2265.2.camel@trentalancia.net> Message-ID: <151e4b8f-7aa6-edc0-0288-d257b658834a@ieee.org> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 09/27/16 10:55, Guido Trentalancia wrote: > Hello Christopher ! > > For some strage reason, I believe this patch has not been applied yet. > > Could you please double-check ? Sorry about that, it's merged now. > On 02/09/2016 at 13.35 +0200, Guido Trentalancia via refpolicy wrote: >> Let gpg verify public key signatures in the evolution mail client >> application. >> >> It doesn't need write permissions on such files for >> signing/encrypting messages. >> >> Signed-off-by: Guido Trentalancia >> --- >> policy/modules/contrib/evolution.if | 21 +++++++++++++++++++++ >> policy/modules/contrib/gpg.te | 4 ++++ >> 2 files changed, 25 insertions(+) >> >> --- refpolicy-git-06082016-orig/policy/modules/contrib/evolution.if >> 2016-08-06 21:27:11.349094280 +0200 >> +++ refpolicy-git-06082016/policy/modules/contrib/evolution.if >> 2016-09-01 15:33:27.072148930 +0200 >> @@ -128,6 +128,27 @@ interface(`evolution_stream_connect',` >> >> ######################################## >> ## >> +## Read evolution orbit temporary >> +## files. >> +## >> +## >> +## >> +## Domain allowed access. >> +## >> +## >> +# >> +interface(`evolution_read_orbit_tmp_files',` >> + gen_require(` >> + type evolution_orbit_tmp_t; >> + ') >> + >> + files_search_tmp($1) >> + read_files_pattern($1, evolution_orbit_tmp_t, >> evolution_orbit_tmp_t) >> +') >> + >> + >> +######################################## >> +## >> ## Send and receive messages from >> ## evolution over dbus. >> ## >> --- refpolicy-git-06082016-orig/policy/modules/contrib/gpg.te >> 2016-08-06 21:27:11.355094349 +0200 >> +++ refpolicy-git-06082016/policy/modules/contrib/gpg.te 2016- >> 09-01 15:34:13.366784842 +0200 >> @@ -147,6 +147,10 @@ tunable_policy(`use_samba_home_dirs',` >> ') >> >> optional_policy(` >> + evolution_read_orbit_tmp_files(gpg_t) >> + ') >> + >> +optional_policy(` >> gnome_read_generic_home_content(gpg_t) >> gnome_stream_connect_all_gkeyringd(gpg_t) >> ') -- Chris PeBenito