From: pebenito@ieee.org (Chris PeBenito) Date: Thu, 20 Apr 2017 19:19:38 -0400 Subject: [refpolicy] [PATCH v3] Gnome and Evolution dbus chat permissions In-Reply-To: <1492609036.4994.15.camel@trentalancia.net> References: <1492538662.17326.1.camel@trentalancia.net> <1492606444.4994.9.camel@trentalancia.net> <201704192324.00045.russell@coker.com.au> <1492609036.4994.15.camel@trentalancia.net> Message-ID: <19dcf0d5-8b38-9f2b-2625-16a76b657c2f@ieee.org> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 04/19/2017 09:37 AM, Guido Trentalancia via refpolicy wrote: > This patch adds assorted permission to chat over dbus needed > for the correct functioning of Gnome and Evolution. > > The second version, simply removes an extra "#" prefix from > the comments. > > This third version, rebases the patch so that it applies to > the most recent git tree (thanks to Christopher PeBenito and > Russell Coker for pointing that out). Merged. > Signed-off-by: Guido Trentalancia > --- > policy/modules/contrib/evolution.te | 4 +++ > policy/modules/contrib/gnome.if | 37 ++++++++++++++++++++++++++++++++++++ > 2 files changed, 41 insertions(+) > > diff -pru refpolicy-git-19042017-orig/policy/modules/contrib/evolution.te refpolicy-git-19042017/policy/modules/contrib/evolution.te > --- refpolicy-git-19042017-orig/policy/modules/contrib/evolution.te 2017-04-19 15:24:48.035784797 +0200 > +++ refpolicy-git-19042017/policy/modules/contrib/evolution.te 2017-04-19 15:29:03.587783753 +0200 > @@ -345,6 +345,10 @@ tunable_policy(`use_samba_home_dirs',` > optional_policy(` > dbus_all_session_bus_client(evolution_alarm_t) > dbus_connect_all_session_bus(evolution_alarm_t) > + > + optional_policy(` > + evolution_dbus_chat(evolution_alarm_t) > + ') > ') > > optional_policy(` > diff -pru refpolicy-git-19042017-orig/policy/modules/contrib/gnome.if refpolicy-git-19042017/policy/modules/contrib/gnome.if > --- refpolicy-git-19042017-orig/policy/modules/contrib/gnome.if 2017-03-29 17:58:00.281386397 +0200 > +++ refpolicy-git-19042017/policy/modules/contrib/gnome.if 2017-04-19 15:25:22.778784655 +0200 > @@ -112,8 +112,17 @@ template(`gnome_role_template',` > dbus_spec_session_domain($1, $1_gkeyringd_t, gkeyringd_exec_t) > > optional_policy(` > + evolution_dbus_chat($1_gkeyringd_t) > + ') > + > + optional_policy(` > + gnome_dbus_chat_gconfd($3) > gnome_dbus_chat_gkeyringd($1, $3) > ') > + > + optional_policy(` > + wm_dbus_chat($1, $1_gkeyringd_t) > + ') > ') > ') > > @@ -682,6 +691,34 @@ interface(`gnome_read_keyring_home_files > ') > > ######################################## > +## > +## Send and receive messages from > +## gnome configuration daemon over > +## dbus. > +## > +## > +## > +## The prefix of the user domain (e.g., user > +## is the prefix for user_t). > +## > +## > +## > +## > +## Domain allowed access. > +## > +## > +# > +interface(`gnome_dbus_chat_gconfd',` > + gen_require(` > + type gconfd_t; > + class dbus send_msg; > + ') > + > + allow $1 gconfd_t:dbus send_msg; > + allow gconfd_t $1:dbus send_msg; > +') > + > +######################################## > ## > ## Send and receive messages from > ## gnome keyring daemon over dbus. > _______________________________________________ > refpolicy mailing list > refpolicy at oss.tresys.com > http://oss.tresys.com/mailman/listinfo/refpolicy > -- Chris PeBenito