From: guido@trentalancia.net (Guido Trentalancia) Date: Thu, 27 Oct 2016 00:53:36 +0200 Subject: [refpolicy] [PATCH 4/4] gnome: add gkeyring rules and fcontext In-Reply-To: <1477502361-20223-4-git-send-email-jason@perfinion.com> References: <1477502361-20223-1-git-send-email-jason@perfinion.com> <1477502361-20223-4-git-send-email-jason@perfinion.com> Message-ID: <52D44D76-A406-4BDD-9312-82706A192527@trentalancia.net> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Hello! I am using the latest version of Gnome and it works fine without the changes that you are proposing, therefore I suspect that they are distribution-specific... Can you please confirm? If so, they should be included within appropriate "ifdef" statements so that they only get compiled on that specific distribution. Otherwise, how can I reproduce it? Regards, Guido On the 26th of October 2016 19:19:21 CEST, Jason Zaman via refpolicy wrote: >--- > gnome.fc | 1 + > gnome.if | 2 ++ > gnome.te | 4 +++- > 3 files changed, 6 insertions(+), 1 deletion(-) > >diff --git a/gnome.fc b/gnome.fc >index 230ee6c..43c0ed2 100644 >--- a/gnome.fc >+++ b/gnome.fc >@@ -17,5 +17,6 @@ >HOME_DIR/orcexec\..* gen_context(system_u:object_r:gstreamer_orcexec_t,s0) >/usr/lib/[^/]*/gconf/gconfd-2 -- gen_context(system_u:object_r:gconfd_exec_t,s0) >/usr/libexec/gconfd-2 -- gen_context(system_u:object_r:gconfd_exec_t,s0) > >+/var/run/user/%{USERID}/keyring(/.*)? gen_context(system_u:object_r:gnome_keyring_tmp_t,s0) >/var/run/user/[^/]*/orcexec\..* -- gen_context(system_u:object_r:gstreamer_orcexec_t,s0) >/var/run/user/%{USERID}/orcexec\..* -- gen_context(system_u:object_r:gstreamer_orcexec_t,s0) >diff --git a/gnome.if b/gnome.if >index 838be50..640aeea 100644 >--- a/gnome.if >+++ b/gnome.if >@@ -772,6 +772,7 @@ interface(`gnome_stream_connect_gkeyringd',` > ') > > files_search_tmp($2) >+ userdom_search_user_runtime($2) > stream_connect_pattern($2, gnome_keyring_tmp_t, gnome_keyring_tmp_t, >$1_gkeyringd_t) > ') > >@@ -793,6 +794,7 @@ interface(`gnome_stream_connect_all_gkeyringd',` > ') > > files_search_tmp($1) >+ userdom_search_user_runtime($1) > stream_connect_pattern($1, gnome_keyring_tmp_t, gnome_keyring_tmp_t, >gkeyringd_domain) > ') > >diff --git a/gnome.te b/gnome.te >index bf48475..9c792fd 100644 >--- a/gnome.te >+++ b/gnome.te >@@ -123,9 +123,11 @@ gnome_home_filetrans(gkeyringd_domain, >gnome_keyring_home_t, dir, "keyrings") >manage_dirs_pattern(gkeyringd_domain, gnome_keyring_tmp_t, >gnome_keyring_tmp_t) >manage_sock_files_pattern(gkeyringd_domain, gnome_keyring_tmp_t, >gnome_keyring_tmp_t) > files_tmp_filetrans(gkeyringd_domain, gnome_keyring_tmp_t, dir) >+userdom_user_runtime_filetrans(gkeyringd_domain, gnome_keyring_tmp_t, >dir) > >-kernel_read_system_state(gkeyringd_domain) > kernel_read_crypto_sysctls(gkeyringd_domain) >+kernel_read_kernel_sysctls(gkeyringd_domain) >+kernel_read_system_state(gkeyringd_domain) > > dev_read_rand(gkeyringd_domain) > dev_read_sysfs(gkeyringd_domain)