From: guido@trentalancia.net (Guido Trentalancia) Date: Tue, 18 Apr 2017 20:04:22 +0200 Subject: [refpolicy] [PATCH] Gnome and Evolution dbus chat permissions Message-ID: <1492538662.17326.1.camel@trentalancia.net> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com This patch adds assorted permission to chat over dbus needed for the correct functioning of Gnome and Evolution. Signed-off-by: Guido Trentalancia --- policy/modules/contrib/evolution.te | 5 ++++ policy/modules/contrib/gnome.if | 37 ++++++++++++++++++++++++++++++++++++ 2 files changed, 42 insertions(+) diff -pru refpolicy-git-18042017-1918-orig/policy/modules/contrib/evolution.te refpolicy-git-18042017-1918/policy/modules/contrib/evolution.te --- refpolicy-git-18042017-1918-orig/policy/modules/contrib/evolution.te 2017-03-29 17:58:00.276386397 +0200 +++ refpolicy-git-18042017-1918/policy/modules/contrib/evolution.te 2017-04-18 19:39:13.184604734 +0200 @@ -340,6 +340,11 @@ tunable_policy(`use_samba_home_dirs',` optional_policy(` dbus_all_session_bus_client(evolution_alarm_t) + dbus_connect_all_session_bus(evolution_alarm_t) + + optional_policy(` + evolution_dbus_chat(evolution_alarm_t) + ') ') optional_policy(` diff -pru refpolicy-git-18042017-1918-orig/policy/modules/contrib/gnome.if refpolicy-git-18042017-1918/policy/modules/contrib/gnome.if --- refpolicy-git-18042017-1918-orig/policy/modules/contrib/gnome.if 2017-03-29 17:58:00.281386397 +0200 +++ refpolicy-git-18042017-1918/policy/modules/contrib/gnome.if 2017-04-18 19:51:01.702601837 +0200 @@ -112,8 +112,17 @@ template(`gnome_role_template',` dbus_spec_session_domain($1, $1_gkeyringd_t, gkeyringd_exec_t) optional_policy(` + evolution_dbus_chat($1_gkeyringd_t) + ') + + optional_policy(` + gnome_dbus_chat_gconfd($3) gnome_dbus_chat_gkeyringd($1, $3) ') + + optional_policy(` + wm_dbus_chat($1, $1_gkeyringd_t) + ') ') ') @@ -682,6 +691,34 @@ interface(`gnome_read_keyring_home_files ') ######################################## +### +### Send and receive messages from +### gnome configuration daemon over +### dbus. +### +### +### +### The prefix of the user domain (e.g., user +### is the prefix for user_t). +### +### +### +### +### Domain allowed access. +### +### +## +interface(`gnome_dbus_chat_gconfd',` + gen_require(` + type gconfd_t; + class dbus send_msg; + ') + + allow $1 gconfd_t:dbus send_msg; + allow gconfd_t $1:dbus send_msg; +') + +######################################## ## ## Send and receive messages from ## gnome keyring daemon over dbus.