From: jason@perfinion.com (Jason Zaman)
Date: Thu, 27 Oct 2016 01:19:21 +0800
Subject: [refpolicy] [PATCH 4/4] gnome: add gkeyring rules and fcontext
In-Reply-To: <1477502361-20223-1-git-send-email-jason@perfinion.com>
References: <1477502361-20223-1-git-send-email-jason@perfinion.com>
Message-ID: <1477502361-20223-4-git-send-email-jason@perfinion.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

---
 gnome.fc | 1 +
 gnome.if | 2 ++
 gnome.te | 4 +++-
 3 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/gnome.fc b/gnome.fc
index 230ee6c..43c0ed2 100644
--- a/gnome.fc
+++ b/gnome.fc
@@ -17,5 +17,6 @@ HOME_DIR/orcexec\..*	gen_context(system_u:object_r:gstreamer_orcexec_t,s0)
 /usr/lib/[^/]*/gconf/gconfd-2	--	gen_context(system_u:object_r:gconfd_exec_t,s0)
 /usr/libexec/gconfd-2	--	gen_context(system_u:object_r:gconfd_exec_t,s0)
 
+/var/run/user/%{USERID}/keyring(/.*)?		gen_context(system_u:object_r:gnome_keyring_tmp_t,s0)
 /var/run/user/[^/]*/orcexec\..*	--	gen_context(system_u:object_r:gstreamer_orcexec_t,s0)
 /var/run/user/%{USERID}/orcexec\..*	--	gen_context(system_u:object_r:gstreamer_orcexec_t,s0)
diff --git a/gnome.if b/gnome.if
index 838be50..640aeea 100644
--- a/gnome.if
+++ b/gnome.if
@@ -772,6 +772,7 @@ interface(`gnome_stream_connect_gkeyringd',`
 	')
 
 	files_search_tmp($2)
+	userdom_search_user_runtime($2)
 	stream_connect_pattern($2, gnome_keyring_tmp_t, gnome_keyring_tmp_t, $1_gkeyringd_t)
 ')
 
@@ -793,6 +794,7 @@ interface(`gnome_stream_connect_all_gkeyringd',`
 	')
 
 	files_search_tmp($1)
+	userdom_search_user_runtime($1)
 	stream_connect_pattern($1, gnome_keyring_tmp_t, gnome_keyring_tmp_t, gkeyringd_domain)
 ')
 
diff --git a/gnome.te b/gnome.te
index bf48475..9c792fd 100644
--- a/gnome.te
+++ b/gnome.te
@@ -123,9 +123,11 @@ gnome_home_filetrans(gkeyringd_domain, gnome_keyring_home_t, dir, "keyrings")
 manage_dirs_pattern(gkeyringd_domain, gnome_keyring_tmp_t, gnome_keyring_tmp_t)
 manage_sock_files_pattern(gkeyringd_domain, gnome_keyring_tmp_t, gnome_keyring_tmp_t)
 files_tmp_filetrans(gkeyringd_domain, gnome_keyring_tmp_t, dir)
+userdom_user_runtime_filetrans(gkeyringd_domain, gnome_keyring_tmp_t, dir)
 
-kernel_read_system_state(gkeyringd_domain)
 kernel_read_crypto_sysctls(gkeyringd_domain)
+kernel_read_kernel_sysctls(gkeyringd_domain)
+kernel_read_system_state(gkeyringd_domain)
 
 dev_read_rand(gkeyringd_domain)
 dev_read_sysfs(gkeyringd_domain)
-- 
2.7.3