From: guido@trentalancia.com (Guido Trentalancia) Date: Sat, 20 May 2017 17:39:12 +0200 Subject: [refpolicy] [PATCH] openoffice: minor update In-Reply-To: <1495238800.24938.1.camel@trentalancia.com> References: <1495238800.24938.1.camel@trentalancia.com> Message-ID: <1495294752.9446.1.camel@trentalancia.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Please drop this patch in favor of a more comprehensive and recent patchset in 3 parts which will be posted shortly. Thanks. On Sat, 20/05/2017 at 02.06 +0200, Guido Trentalancia via refpolicy wrote: > Minor update for the Apache OpenOffice(R) module. > > Signed-off-by: Guido Trentalancia > --- > ?policy/modules/contrib/openoffice.te |???12 ++++++++++++ > ?1 file changed, 12 insertions(+) > > --- a/policy/modules/contrib/openoffice.te 2017-04-21 > 20:01:32.406190979 +0200 > +++ b/policy/modules/contrib/openoffice.te 2017-05-20 > 02:00:02.669450003 +0200 > @@ -66,12 +66,16 @@ files_tmp_filetrans(ooffice_t, ooffice_t > ? > ?can_exec(ooffice_t, ooffice_exec_t) > ? > +kernel_dontaudit_read_system_state(ooffice_t) > + > ?corecmd_exec_bin(ooffice_t) > ?corecmd_exec_shell(ooffice_t) > ? > ?dev_read_sysfs(ooffice_t) > ?dev_read_urand(ooffice_t) > ? > +domain_use_interactive_fds(ooffice_t) > + > ?files_getattr_all_dirs(ooffice_t) > ?files_getattr_all_files(ooffice_t) > ?files_getattr_all_symlinks(ooffice_t) > @@ -94,6 +98,8 @@ userdom_manage_user_home_content_files(o > ?userdom_manage_user_home_content_symlinks(ooffice_t) > ?userdom_user_home_dir_filetrans_user_home_content(ooffice_t, { dir > file lnk_file fifo_file sock_file }) > ? > +userdom_use_inherited_user_terminals(ooffice_t) > + > ?tunable_policy(`openoffice_allow_update',` > ? corenet_tcp_connect_http_port(ooffice_t) > ?') > @@ -111,6 +117,8 @@ optional_policy(` > ? > ?optional_policy(` > ? dbus_all_session_bus_client(ooffice_t) > + > + userdom_dbus_send_all_users(ooffice_t) > ?') > ? > ?optional_policy(` > @@ -119,6 +127,10 @@ optional_policy(` > ?') > ? > ?optional_policy(` > + gnome_dbus_chat_gconfd(ooffice_t) > +') > + > +optional_policy(` > ? hostname_exec(ooffice_t) > ?') Regards, Guido