From: guido@trentalancia.net (Guido Trentalancia)
Date: Thu, 20 Apr 2017 16:04:13 +0200 (CEST)
Subject: [refpolicy] [PATCH v2 9/33] gnome: curb on userdom permissions
In-Reply-To: <1492650062.14733.79.camel@trentalancia.net>
References: <1492650062.14733.79.camel@trentalancia.net>
Message-ID: <1570283669.196236.1492697053272@pim.register.it>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

This patch curbs on userdomain file read and/or write permissions
for the gnome graphical desktop module.

It aims to ensure user data confidentiality.

A boolean has been introduced to revert the previous read/write
behavior.

This second version removes misplaced unrelated bits under testing.

Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
---
 policy/modules/contrib/gnome.if |    4 ++++
 1 file changed, 4 insertions(+)

--- a/policy/modules/contrib/gnome.if	2016-12-11 20:13:21.000000000 +0100
+++ b/policy/modules/contrib/gnome.if	2017-04-19 16:49:45.622763957 +0200
@@ -100,6 +100,8 @@ template(`gnome_role_template',`
 
 	allow $3 gnome_keyring_tmp_t:sock_file { relabel_sock_file_perms manage_sock_file_perms };
 
+	userdom_user_home_dir_filetrans_user_data($1_gkeyringd_t, dir, ".local")
+
 	ps_process_pattern($3, $1_gkeyringd_t)
 	allow $3 $1_gkeyringd_t:process { ptrace signal_perms };
 
@@ -108,6 +108,8 @@ template(`gnome_role_template',`
 
 	gnome_stream_connect_gkeyringd($1, $3)
 
+	userdom_manage_user_data($1_gkeyringd_t)
+
 	optional_policy(`
 		dbus_spec_session_domain($1, $1_gkeyringd_t, gkeyringd_exec_t)