From: guido@trentalancia.net (Guido Trentalancia) Date: Thu, 20 Apr 2017 16:04:13 +0200 (CEST) Subject: [refpolicy] [PATCH v2 9/33] gnome: curb on userdom permissions In-Reply-To: <1492650062.14733.79.camel@trentalancia.net> References: <1492650062.14733.79.camel@trentalancia.net> Message-ID: <1570283669.196236.1492697053272@pim.register.it> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com This patch curbs on userdomain file read and/or write permissions for the gnome graphical desktop module. It aims to ensure user data confidentiality. A boolean has been introduced to revert the previous read/write behavior. This second version removes misplaced unrelated bits under testing. Signed-off-by: Guido Trentalancia --- policy/modules/contrib/gnome.if | 4 ++++ 1 file changed, 4 insertions(+) --- a/policy/modules/contrib/gnome.if 2016-12-11 20:13:21.000000000 +0100 +++ b/policy/modules/contrib/gnome.if 2017-04-19 16:49:45.622763957 +0200 @@ -100,6 +100,8 @@ template(`gnome_role_template',` allow $3 gnome_keyring_tmp_t:sock_file { relabel_sock_file_perms manage_sock_file_perms }; + userdom_user_home_dir_filetrans_user_data($1_gkeyringd_t, dir, ".local") + ps_process_pattern($3, $1_gkeyringd_t) allow $3 $1_gkeyringd_t:process { ptrace signal_perms }; @@ -108,6 +108,8 @@ template(`gnome_role_template',` gnome_stream_connect_gkeyringd($1, $3) + userdom_manage_user_data($1_gkeyringd_t) + optional_policy(` dbus_spec_session_domain($1, $1_gkeyringd_t, gkeyringd_exec_t)