From: pebenito@ieee.org (Chris PeBenito)
Date: Thu, 11 May 2017 19:29:07 -0400
Subject: [refpolicy] [PATCH 1/6] dirmngr: add to roles and allow gpg to
	domtrans
In-Reply-To: <20170507174343.30160-1-jason@perfinion.com>
References: <20170507174343.30160-1-jason@perfinion.com>
Message-ID: <2cbec465-611d-a888-281d-58be744e4a00@ieee.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 05/07/2017 01:43 PM, Jason Zaman wrote:
> ---
>  dirmngr.if | 69 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>  gpg.te     |  4 ++++
>  2 files changed, 73 insertions(+)
>
> diff --git a/dirmngr.if b/dirmngr.if
> index 4cd2810..2f6875a 100644
> --- a/dirmngr.if
> +++ b/dirmngr.if
> @@ -1,5 +1,74 @@
>  ## <summary>Server for managing and downloading certificate revocation lists.</summary>
>
> +############################################################
> +## <summary>
> +##	Role access for dirmngr.
> +## </summary>
> +## <param name="role">
> +##	<summary>
> +##	Role allowed access.
> +##	</summary>
> +## </param>
> +## <param name="domain">
> +##	<summary>
> +##	User domain for the role.
> +##	</summary>
> +## </param>
> +#
> +interface(`dirmngr_role',`
> +	gen_require(`
> +		type dirmngr_t, dirmngr_exec_t;
> +	')
> +
> +	role $1 types dirmngr_t;
> +
> +	domtrans_pattern($2, dirmngr_exec_t, dirmngr_t)
> +
> +	allow $2 dirmngr_t:process { ptrace signal_perms };
> +	ps_process_pattern($2, dirmngr_t)
> +
> +	allow dirmngr_t $2:fd use;
> +	allow dirmngr_t $2:fifo_file { read write };

Why are these here explicitly? They should be in domtrans_pattern.

> +')
> +
> +########################################
> +## <summary>
> +##	Execute dirmngr in the dirmngr domain.
> +## </summary>
> +## <param name="domain">
> +##	<summary>
> +##	Domain allowed to transition.
> +##	</summary>
> +## </param>
> +#
> +interface(`dirmngr_domtrans',`
> +	gen_require(`
> +		type dirmngr_t, dirmngr_exec_t;
> +	')
> +
> +	corecmd_search_bin($1)
> +	domtrans_pattern($1, dirmngr_exec_t, dirmngr_t)
> +')
> +
> +########################################
> +## <summary>
> +##	Execute the dirmngr in the caller domain.
> +## </summary>
> +## <param name="domain">
> +##	<summary>
> +##	Domain allowed access.
> +##	</summary>
> +## </param>
> +#
> +interface(`dirmngr_exec',`
> +	gen_require(`
> +		type dirmngr_exec_t;
> +	')
> +
> +	corecmd_search_bin($1)
> +	can_exec($1, dirmngr_exec_t)
> +')
> +
>  ########################################
>  ## <summary>
>  ##	All of the rules required to
> diff --git a/gpg.te b/gpg.te
> index 5e87028..d6239c5 100644
> --- a/gpg.te
> +++ b/gpg.te
> @@ -139,6 +139,10 @@ tunable_policy(`use_samba_home_dirs',`
>  ')
>
>  optional_policy(`
> +	dirmngr_domtrans(gpg_t)
> +')
> +
> +optional_policy(`
>  	evolution_read_orbit_tmp_files(gpg_t)
>  ')
>
>


-- 
Chris PeBenito