From: guido@trentalancia.net (Guido Trentalancia)
Date: Thu, 20 Apr 2017 03:09:58 +0200 (CEST)
Subject: [refpolicy] [PATCH 28/33] telepathy: curb on userdom permissions
Message-ID: <699945381.164540.1492650598575@pim.register.it>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

This patch aims to adapt the telepathy module to changes in the
userdomain file permissions introduced by this patchset.

This patch would greatly benefit from further testing.

Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
---
 policy/modules/contrib/telepathy.te |   13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

--- refpolicy-2.20170204-orig/policy/modules/contrib/telepathy.te	2017-02-04 19:30:35.000000000 +0100
+++ refpolicy-2.20170204/policy/modules/contrib/telepathy.te	2017-04-19 19:44:04.766253021 +0200
@@ -76,8 +76,7 @@ allow telepathy_gabble_t self:unix_dgram
 # ~/.cache/telepathy/gabble/caps-cache.db-journal
 manage_dirs_pattern(telepathy_gabble_t, telepathy_gabble_cache_home_t, telepathy_gabble_cache_home_t)
 manage_files_pattern(telepathy_gabble_t, telepathy_gabble_cache_home_t, telepathy_gabble_cache_home_t)
-filetrans_pattern(telepathy_gabble_t, telepathy_cache_home_t, telepathy_gabble_cache_home_t, dir, "gabble")
-# gnome_cache_filetrans(telepathy_gabble_t, telepathy_gabble_cache_home_t, dir, "wocky")
+userdom_user_cache_filetrans(telepathy_gabble_t, telepathy_gabble_cache_home_t, { dir file })
 
 manage_dirs_pattern(telepathy_gabble_t, telepathy_gabble_tmp_t, telepathy_gabble_tmp_t)
 manage_sock_files_pattern(telepathy_gabble_t, telepathy_gabble_tmp_t, telepathy_gabble_tmp_t)
@@ -181,11 +180,11 @@ allow telepathy_logger_t self:unix_strea
 
 manage_dirs_pattern(telepathy_logger_t, telepathy_logger_cache_home_t, telepathy_logger_cache_home_t)
 manage_files_pattern(telepathy_logger_t, telepathy_logger_cache_home_t, telepathy_logger_cache_home_t)
-filetrans_pattern(telepathy_logger_t, telepathy_cache_home_t, telepathy_logger_cache_home_t, dir, "logger")
+userdom_user_cache_filetrans(telepathy_logger_t, telepathy_logger_cache_home_t, { dir file })
 
 manage_dirs_pattern(telepathy_logger_t, telepathy_logger_data_home_t, telepathy_logger_data_home_t)
 manage_files_pattern(telepathy_logger_t, telepathy_logger_data_home_t, telepathy_logger_data_home_t)
-# gnome_data_filetrans(telepathy_logger_t, telepathy_logger_data_home_t, dir, "TpLogger")
+userdom_user_data_filetrans(telepathy_logger_t, telepathy_logger_data_home_t, { dir file })
 
 files_read_usr_files(telepathy_logger_t)
 files_search_pids(telepathy_logger_t)
@@ -461,11 +460,13 @@ optional_policy(`
 allow telepathy_domain self:process { getsched signal sigkill };
 allow telepathy_domain self:fifo_file rw_fifo_file_perms;
 
+# the next two file transitions are conflicting (only one of them can exist, unless
+# a different file name is specified)
 manage_dirs_pattern(telepathy_domain, telepathy_cache_home_t, telepathy_cache_home_t)
-# gnome_cache_filetrans(telepathy_domain, telepathy_cache_home_t, dir, "telepathy")
+# userdom_user_cache_filetrans(telepathy_domain, telepathy_cache_home_t, { dir file })
 
 manage_dirs_pattern(telepathy_domain, telepathy_data_home_t, telepathy_data_home_t)
-# gnome_data_filetrans(telepathy_domain, telepathy_data_home_t, dir, "telepathy")
+# userdom_user_data_filetrans(telepathy_domain, telepathy_data_home_t, { dir file })
 
 dev_read_urand(telepathy_domain)