From: guido@trentalancia.net (Guido Trentalancia) Date: Wed, 07 Dec 2016 14:04:16 +0100 Subject: [refpolicy] [PATCH] openoffice: rename two interfaces in openoffice and evolution In-Reply-To: References: <1480113700.5692.4.camel@trentalancia.net>

<848bd66a-ead2-97e3-b952-265ab5d8c903@ieee.org> <1480506047.4743.15.camel@trentalancia.net> <129294c5-fc05-bd28-74b0-87e9bc3c2ef8@ieee.org> <1480677884.3915.7.camel@trentalancia.net> <1480860300.13582.3.camel@trentalancia.net> <1480865168.13582.18.camel@trentalancia.net> <1480936039.11864.3.camel@trentalancia.net> <1481056907.14617.3.camel@trentalancia.net> Message-ID: <1481115856.15018.5.camel@trentalancia.net> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Hello Christopher, thanks very much for applying this patch ! On Tue, 06/12/2016 at 20.23 -0500, Chris PeBenito wrote: > On 12/06/16 15:41, Guido Trentalancia via refpolicy wrote: > > > > This is a patch that I have created and tested to support Apache > > OpenOffice with its own module (contrib policy part, 2/2). [...] > I've merged this, but I'd like a couple interface renames (noted > below). I have created a small patch to rename the two interfaces as you suggest. I just hope there will not be any collision with future interfaces that access raw tmp files... > > > > Signed-off-by: Guido Trentalancia > > --- > > ?policy/modules/contrib/evolution.if???|???38 ++++++++++ > > ?policy/modules/contrib/evolution.te???|????5 + > > ?policy/modules/contrib/mozilla.te?????|????5 + > > ?policy/modules/contrib/openoffice.fc??|???30 ++++++++ > > ?policy/modules/contrib/openoffice.if??|???88 > > ++++++++++++++++++++++++ > > ?policy/modules/contrib/openoffice.te??|??120 > > ++++++++++++++++++++++++++++++++++ > > ?policy/modules/contrib/thunderbird.te |????5 + > > ?7 files changed, 291 insertions(+) > > > > diff -pruN refpolicy-git-25112016- > > orig/policy/modules/contrib/evolution.if refpolicy-git- > > 25112016/policy/modules/contrib/evolution.if > > --- refpolicy-git-25112016-orig/policy/modules/contrib/evolution.if > > 2016-12-04 16:02:48.317069925 +0100 > > +++ refpolicy-git-25112016/policy/modules/contrib/evolution.if > > 2016-12-04 16:03:37.777350810 +0100 > > @@ -107,6 +107,24 @@ interface(`evolution_home_filetrans',` > > > > ?######################################## > > ?##

> > +## Read evolution home files. > > +##

> > +## > > +##

> > +## Domain allowed access. > > +##

> > +## > > +# > > +interface(`evolution_read_evolution_home_files',` > > evolution_read_home_files(). > > > > > > + gen_require(` > > + type evolution_t, evolution_home_t; > > + ') > > + > > + read_files_pattern($1, evolution_home_t, evolution_home_t) > > +') > > + > > +######################################## > > +##

> > ?## Connect to evolution using a unix > > ?## domain stream socket. > > ?##

> > [...] > > > > > diff -pruN refpolicy-git-25112016- > > orig/policy/modules/contrib/openoffice.if refpolicy-git- > > 25112016/policy/modules/contrib/openoffice.if > > --- refpolicy-git-25112016- > > orig/policy/modules/contrib/openoffice.if 1970-01-01 > > 01:00:00.000000000 +0100 > > +++ refpolicy-git-25112016/policy/modules/contrib/openoffice.if > > 2016-12-06 21:27:07.252411657 +0100 > > [...] > > > > > + > > +######################################## > > +##

> > +## Read and write temporary > > +## openoffice files. > > +##

> > +## > > +##

> > +## Domain allowed access. > > +##

> > +## > > +# > > +interface(`ooffice_rw_ooffice_tmp_files',` > > ooffice_rw_tmp_files() > > > > > > + gen_require(` > > + type ooffice_tmp_t; > > + ') > > + > > + rw_files_pattern($1, ooffice_tmp_t, ooffice_tmp_t) > > +') > > + > > +######################################## > > +##

> > +## Do not audit attempts to execute > > +## files in temporary directories. > > +##

> > +## > > +##

> > +## Domain to not audit. > > +##

> > +## > > +# > > +interface(`ooffice_dontaudit_exec_tmp_files',` > > + gen_require(` > > + type ooffice_tmp_t; > > + ') > > + > > + dontaudit $1 ooffice_tmp_t:file exec_file_perms; > > +') [cut] Rename 1 openoffice interface and 1 evolution interfaces that have been recently added with the new openoffice module. Signed-off-by: Guido Trentalancia --- policy/modules/contrib/evolution.if | 2 +- policy/modules/contrib/evolution.te | 2 +- policy/modules/contrib/mozilla.te | 2 +- policy/modules/contrib/openoffice.if | 2 +- policy/modules/contrib/openoffice.te | 2 +- policy/modules/contrib/thunderbird.te | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff -pruN refpolicy-git-07122016-orig/policy/modules/contrib/evolution.if refpolicy-git-07122016/policy/modules/contrib/evolution.if --- refpolicy-git-07122016-orig/policy/modules/contrib/evolution.if 2016-12-07 13:39:49.974910275 +0100 +++ refpolicy-git-07122016/policy/modules/contrib/evolution.if 2016-12-07 13:42:47.297046820 +0100 @@ -115,7 +115,7 @@ interface(`evolution_home_filetrans',` ## ## # -interface(`evolution_read_evolution_home_files',` +interface(`evolution_read_home_files',` gen_require(` type evolution_t, evolution_home_t; ') diff -pruN refpolicy-git-07122016-orig/policy/modules/contrib/evolution.te refpolicy-git-07122016/policy/modules/contrib/evolution.te --- refpolicy-git-07122016-orig/policy/modules/contrib/evolution.te 2016-12-07 13:39:49.975910286 +0100 +++ refpolicy-git-07122016/policy/modules/contrib/evolution.te 2016-12-07 13:42:47.299046842 +0100 @@ -271,7 +271,7 @@ optional_policy(` optional_policy(` ooffice_domtrans(evolution_t) - ooffice_rw_ooffice_tmp_files(evolution_t) + ooffice_rw_tmp_files(evolution_t) ') optional_policy(` diff -pruN refpolicy-git-07122016-orig/policy/modules/contrib/mozilla.te refpolicy-git-07122016/policy/modules/contrib/mozilla.te --- refpolicy-git-07122016-orig/policy/modules/contrib/mozilla.te 2016-12-07 13:39:50.051911134 +0100 +++ refpolicy-git-07122016/policy/modules/contrib/mozilla.te 2016-12-07 13:42:47.299046842 +0100 @@ -297,7 +297,7 @@ optional_policy(` optional_policy(` ooffice_domtrans(mozilla_t) - ooffice_rw_ooffice_tmp_files(mozilla_t) + ooffice_rw_tmp_files(mozilla_t) ') optional_policy(` diff -pruN refpolicy-git-07122016-orig/policy/modules/contrib/openoffice.if refpolicy-git-07122016/policy/modules/contrib/openoffice.if --- refpolicy-git-07122016-orig/policy/modules/contrib/openoffice.if 2016-12-07 13:39:50.052911146 +0100 +++ refpolicy-git-07122016/policy/modules/contrib/openoffice.if 2016-12-07 13:42:47.300046853 +0100 @@ -60,7 +60,7 @@ interface(`ooffice_domtrans',` ## ## # -interface(`ooffice_rw_ooffice_tmp_files',` +interface(`ooffice_rw_tmp_files',` gen_require(` type ooffice_tmp_t; ') diff -pruN refpolicy-git-07122016-orig/policy/modules/contrib/openoffice.te refpolicy-git-07122016/policy/modules/contrib/openoffice.te --- refpolicy-git-07122016-orig/policy/modules/contrib/openoffice.te 2016-12-07 13:39:50.052911146 +0100 +++ refpolicy-git-07122016/policy/modules/contrib/openoffice.te 2016-12-07 13:42:47.301046865 +0100 @@ -92,7 +92,7 @@ optional_policy(` optional_policy(` evolution_domtrans(ooffice_t) - evolution_read_evolution_home_files(ooffice_t) + evolution_read_home_files(ooffice_t) ') optional_policy(` diff -pruN refpolicy-git-07122016-orig/policy/modules/contrib/thunderbird.te refpolicy-git-07122016/policy/modules/contrib/thunderbird.te --- refpolicy-git-07122016-orig/policy/modules/contrib/thunderbird.te 2016-12-07 13:39:50.097911648 +0100 +++ refpolicy-git-07122016/policy/modules/contrib/thunderbird.te 2016-12-07 13:42:47.301046865 +0100 @@ -169,5 +169,5 @@ optional_policy(` optional_policy(` ooffice_domtrans(thunderbird_t) - ooffice_rw_ooffice_tmp_files(thunderbird_t) + ooffice_rw_tmp_files(thunderbird_t) ')