From: guido@trentalancia.com (Guido Trentalancia) Date: Sat, 20 May 2017 17:42:53 +0200 Subject: [refpolicy] [PATCH 3/3] gnome: improved integration with openoffice In-Reply-To: <1495294823.9446.2.camel@trentalancia.com> References: <1495294823.9446.2.camel@trentalancia.com> Message-ID: <1495294973.9946.1.camel@trentalancia.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Minor update for the Apache OpenOffice(R) module: part 3/3. This patch introduces minor changes in the gnome module for smoother integration with Apache OpenOffice(R). Signed-off-by: Guido Trentalancia --- policy/modules/contrib/gnome.te | 7 ++++++- policy/modules/contrib/openoffice.if | 20 ++++++++++++++++++++ 2 files changed, 26 insertions(+), 1 deletion(-) --- a/policy/modules/contrib/gnome.te 2017-04-21 20:01:32.406190979 +0200 +++ b/policy/modules/contrib/gnome.te 2017-05-20 16:41:23.878233810 +0200 @@ -98,7 +98,8 @@ kernel_read_system_state(gconfd_t) files_read_var_lib_files(gconfd_t) userdom_manage_user_tmp_dirs(gconfd_t) -userdom_tmp_filetrans_user_tmp(gconfd_t, dir) +userdom_manage_user_tmp_sockets(gconfd_t) +userdom_tmp_filetrans_user_tmp(gconfd_t, { dir sock_file }) userdom_user_runtime_filetrans_user_tmp(gconfd_t, dir) optional_policy(` @@ -111,6 +112,10 @@ optional_policy(` nscd_dontaudit_search_pid(gconfd_t) ') +optional_policy(` + ooffice_stream_connect(gconfd_t) +') + ############################## # # Keyring-daemon local policy --- a/policy/modules/contrib/openoffice.if 2017-03-29 17:58:00.303386397 +0200 +++ b/policy/modules/contrib/openoffice.if 2017-05-20 16:40:46.358233963 +0200 @@ -86,3 +86,23 @@ interface(`ooffice_dontaudit_exec_tmp_fi dontaudit $1 ooffice_tmp_t:file exec_file_perms; ') + +######################################## +## +## Connect to openoffice using a +## unix domain stream socket. +## +## +## +## Domain allowed access. +## +## +# +interface(`ooffice_stream_connect',` + gen_require(` + type ooffice_t, ooffice_tmp_t; + ') + + files_search_tmp($1) + stream_connect_pattern($1, ooffice_tmp_t, ooffice_tmp_t, ooffice_t) +')