From: guido@trentalancia.net (Guido Trentalancia) Date: Wed, 19 Apr 2017 14:22:36 +0200 Subject: [refpolicy] [PATCH] Gnome and Evolution dbus chat permissions In-Reply-To: <1492604331.4994.4.camel@trentalancia.net> References: <1492538662.17326.1.camel@trentalancia.net> <1492604331.4994.4.camel@trentalancia.net> Message-ID: <1492604556.4994.6.camel@trentalancia.net> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com This patch adds assorted permission to chat over dbus needed for the correct functioning of Gnome and Evolution. This second version, simply removes an extra "#" prefix from the comments. Signed-off-by: Guido Trentalancia --- policy/modules/contrib/evolution.te | 5 ++++ policy/modules/contrib/gnome.if | 37 ++++++++++++++++++++++++++++++++++++ 2 files changed, 42 insertions(+) diff -pru refpolicy-git-18042017-1918-orig/policy/modules/contrib/evolution.te refpolicy-git-18042017-1918/policy/modules/contrib/evolution.te --- refpolicy-git-18042017-1918-orig/policy/modules/contrib/evolution.te 2017-03-29 17:58:00.276386397 +0200 +++ refpolicy-git-18042017-1918/policy/modules/contrib/evolution.te 2017-04-18 19:39:13.184604734 +0200 @@ -340,6 +340,11 @@ tunable_policy(`use_samba_home_dirs',` optional_policy(` dbus_all_session_bus_client(evolution_alarm_t) + dbus_connect_all_session_bus(evolution_alarm_t) + + optional_policy(` + evolution_dbus_chat(evolution_alarm_t) + ') ') optional_policy(` diff -pru refpolicy-git-18042017-1918-orig/policy/modules/contrib/gnome.if refpolicy-git-18042017-1918/policy/modules/contrib/gnome.if --- refpolicy-git-18042017-1918-orig/policy/modules/contrib/gnome.if 2017-03-29 17:58:00.281386397 +0200 +++ refpolicy-git-18042017-1918/policy/modules/contrib/gnome.if 2017-04-18 19:51:01.702601837 +0200 @@ -112,8 +112,17 @@ template(`gnome_role_template',` dbus_spec_session_domain($1, $1_gkeyringd_t, gkeyringd_exec_t) optional_policy(` + evolution_dbus_chat($1_gkeyringd_t) + ') + + optional_policy(` + gnome_dbus_chat_gconfd($3) gnome_dbus_chat_gkeyringd($1, $3) ') + + optional_policy(` + wm_dbus_chat($1, $1_gkeyringd_t) + ') ') ') @@ -682,6 +691,34 @@ interface(`gnome_read_keyring_home_files ') ######################################## +## +## Send and receive messages from +## gnome configuration daemon over +## dbus. +## +## +## +## The prefix of the user domain (e.g., user +## is the prefix for user_t). +## +## +## +## +## Domain allowed access. +## +## +# +interface(`gnome_dbus_chat_gconfd',` + gen_require(` + type gconfd_t; + class dbus send_msg; + ') + + allow $1 gconfd_t:dbus send_msg; + allow gconfd_t $1:dbus send_msg; +') + +######################################## ## ## Send and receive messages from ## gnome keyring daemon over dbus.