From: pebenito@ieee.org (Chris PeBenito) Date: Sun, 30 Oct 2016 14:21:17 -0400 Subject: [refpolicy] [PATCH 4/4] gnome: add gkeyring rules and fcontext In-Reply-To: <1477502361-20223-4-git-send-email-jason@perfinion.com> References: <1477502361-20223-1-git-send-email-jason@perfinion.com> <1477502361-20223-4-git-send-email-jason@perfinion.com> Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 10/26/16 13:19, Jason Zaman wrote: > --- > gnome.fc | 1 + > gnome.if | 2 ++ > gnome.te | 4 +++- > 3 files changed, 6 insertions(+), 1 deletion(-) > > diff --git a/gnome.fc b/gnome.fc > index 230ee6c..43c0ed2 100644 > --- a/gnome.fc > +++ b/gnome.fc > @@ -17,5 +17,6 @@ HOME_DIR/orcexec\..* gen_context(system_u:object_r:gstreamer_orcexec_t,s0) > /usr/lib/[^/]*/gconf/gconfd-2 -- gen_context(system_u:object_r:gconfd_exec_t,s0) > /usr/libexec/gconfd-2 -- gen_context(system_u:object_r:gconfd_exec_t,s0) > > +/var/run/user/%{USERID}/keyring(/.*)? gen_context(system_u:object_r:gnome_keyring_tmp_t,s0) > /var/run/user/[^/]*/orcexec\..* -- gen_context(system_u:object_r:gstreamer_orcexec_t,s0) > /var/run/user/%{USERID}/orcexec\..* -- gen_context(system_u:object_r:gstreamer_orcexec_t,s0) > diff --git a/gnome.if b/gnome.if > index 838be50..640aeea 100644 > --- a/gnome.if > +++ b/gnome.if > @@ -772,6 +772,7 @@ interface(`gnome_stream_connect_gkeyringd',` > ') > > files_search_tmp($2) > + userdom_search_user_runtime($2) > stream_connect_pattern($2, gnome_keyring_tmp_t, gnome_keyring_tmp_t, $1_gkeyringd_t) > ') > > @@ -793,6 +794,7 @@ interface(`gnome_stream_connect_all_gkeyringd',` > ') > > files_search_tmp($1) > + userdom_search_user_runtime($1) > stream_connect_pattern($1, gnome_keyring_tmp_t, gnome_keyring_tmp_t, gkeyringd_domain) > ') > > diff --git a/gnome.te b/gnome.te > index bf48475..9c792fd 100644 > --- a/gnome.te > +++ b/gnome.te > @@ -123,9 +123,11 @@ gnome_home_filetrans(gkeyringd_domain, gnome_keyring_home_t, dir, "keyrings") > manage_dirs_pattern(gkeyringd_domain, gnome_keyring_tmp_t, gnome_keyring_tmp_t) > manage_sock_files_pattern(gkeyringd_domain, gnome_keyring_tmp_t, gnome_keyring_tmp_t) > files_tmp_filetrans(gkeyringd_domain, gnome_keyring_tmp_t, dir) > +userdom_user_runtime_filetrans(gkeyringd_domain, gnome_keyring_tmp_t, dir) > > -kernel_read_system_state(gkeyringd_domain) > kernel_read_crypto_sysctls(gkeyringd_domain) > +kernel_read_kernel_sysctls(gkeyringd_domain) > +kernel_read_system_state(gkeyringd_domain) > > dev_read_rand(gkeyringd_domain) > dev_read_sysfs(gkeyringd_domain) Merged. -- Chris PeBenito