From: guido@trentalancia.net (Guido Trentalancia) Date: Wed, 19 Apr 2017 14:18:51 +0200 Subject: [refpolicy] [PATCH] Gnome and Evolution dbus chat permissions In-Reply-To: References: <1492538662.17326.1.camel@trentalancia.net> Message-ID: <1492604331.4994.4.camel@trentalancia.net> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Hello Christopher. I have checked again and my patch (above mentioned) applies cleanly to the current git tree. However, the build fails while assembling the lvm module due to: dpkg_script_script_rw_pipes so, it must be some change introduced by Russell because the dpkg is used in Debian for package management. If you experience problems that are strictly related to this patch, please get back to me and I will check again. Otherwise, I take the problem lies somewhere else. I am now going to post a revised version of this patch, which only fixes the extra "#" in the comments and nothing else. Thanks for your time. Regards, Guido On Tue, 18/04/2017 at 21.51 -0400, Chris PeBenito wrote: > On 04/18/2017 02:04 PM, Guido Trentalancia via refpolicy wrote: > > This patch adds assorted permission to chat over dbus needed > > for the correct functioning of Gnome and Evolution. > > This didn't apply for me, but may be due to Russell's patches.??One? > other trivial comment below. > > > > Signed-off-by: Guido Trentalancia > > --- > > ?policy/modules/contrib/evolution.te |????5 ++++ > > ?policy/modules/contrib/gnome.if?????|???37 > > ++++++++++++++++++++++++++++++++++++ > > ?2 files changed, 42 insertions(+) > > > > diff -pru refpolicy-git-18042017-1918- > > orig/policy/modules/contrib/evolution.te refpolicy-git-18042017- > > 1918/policy/modules/contrib/evolution.te > > --- refpolicy-git-18042017-1918- > > orig/policy/modules/contrib/evolution.te 2017-03-29 > > 17:58:00.276386397 +0200 > > +++ refpolicy-git-18042017-1918/policy/modules/contrib/evolution.te > > 2017-04-18 19:39:13.184604734 +0200 > > @@ -340,6 +340,11 @@ tunable_policy(`use_samba_home_dirs',` > > > > ?optional_policy(` > > ? dbus_all_session_bus_client(evolution_alarm_t) > > + dbus_connect_all_session_bus(evolution_alarm_t) > > + > > + optional_policy(` > > + evolution_dbus_chat(evolution_alarm_t) > > + ') > > ?') > > > > ?optional_policy(` > > diff -pru refpolicy-git-18042017-1918- > > orig/policy/modules/contrib/gnome.if refpolicy-git-18042017- > > 1918/policy/modules/contrib/gnome.if > > --- refpolicy-git-18042017-1918- > > orig/policy/modules/contrib/gnome.if 2017-03-29 > > 17:58:00.281386397 +0200 > > +++ refpolicy-git-18042017-1918/policy/modules/contrib/gnome.if > > 2017-04-18 19:51:01.702601837 +0200 > > @@ -112,8 +112,17 @@ template(`gnome_role_template',` > > ? dbus_spec_session_domain($1, $1_gkeyringd_t, > > gkeyringd_exec_t) > > > > ? optional_policy(` > > + evolution_dbus_chat($1_gkeyringd_t) > > + ') > > + > > + optional_policy(` > > + gnome_dbus_chat_gconfd($3) > > ? gnome_dbus_chat_gkeyringd($1, $3) > > ? ') > > + > > + optional_policy(` > > + wm_dbus_chat($1, $1_gkeyringd_t) > > + ') > > ? ') > > ?') > > > > @@ -682,6 +691,34 @@ interface(`gnome_read_keyring_home_files > > ?') > > > > ?######################################## > > +### > > +### Send and receive messages from > > +### gnome configuration daemon over > > +### dbus. > > +### > > +### > > +### > > +### The prefix of the user domain (e.g., user > > +### is the prefix for user_t). > > +### > > +### > > +### > > +### > > +### Domain allowed access. > > +### > > +### > > +## > > Too many # > > > +interface(`gnome_dbus_chat_gconfd',` > > + gen_require(` > > + type gconfd_t; > > + class dbus send_msg; > > + ') > > + > > + allow $1 gconfd_t:dbus send_msg; > > + allow gconfd_t $1:dbus send_msg; > > +') > > + > > +######################################## > > ?## > > ?## Send and receive messages from > > ?## gnome keyring daemon over dbus. > >