From: guido@trentalancia.com (Guido Trentalancia)
Date: Tue, 23 May 2017 22:25:48 +0200
Subject: [refpolicy] [PATCH 1/3] userdomain: new dbus chat interface
In-Reply-To: <1495294823.9446.2.camel@trentalancia.com>
References: <1495294823.9446.2.camel@trentalancia.com>
Message-ID: <1495571148.4869.7.camel@trentalancia.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Following recent feedback received from Christoper PeBenito, this part
of the patchset is now dropped.

The interface has been moved to the second version (v2) of part 2/3
(openoffice module).

Part 3/3 remains unchanged.

Thanks,

Guido

On Sat, 20/05/2017 at 17.40 +0200, Guido Trentalancia via
refpolicy wrote:
> Minor update for the Apache OpenOffice(R) module: part 1/3.
> 
> This patch introduces a new interface to allow bidirectional
> dbus chat from/to the user domain (instead of only unidirectional
> messaging).
> 
> The new interface is used by part 2/3.
> 
> Signed-off-by: Guido Trentalancia <guido@trentalancia.com>
> ---
> ?policy/modules/system/userdomain.if |???21 +++++++++++++++++++++
> ?1 file changed, 21 insertions(+)
> 
> --- a/policy/modules/system/userdomain.if	2017-04-26
> 17:47:14.081423048 +0200
> +++ b/policy/modules/system/userdomain.if	2017-05-20
> 15:55:50.405244985 +0200
> @@ -4018,6 +4018,27 @@ interface(`userdom_dbus_send_all_users',
> ?
> ?########################################
> ?## <summary>
> +##	Send and receive dbus messages
> +##	from and to all user domains.
> +## </summary>
> +## <param name="domain">
> +##	<summary>
> +##	Domain allowed access.
> +##	</summary>
> +## </param>
> +#
> +interface(`userdom_dbus_chat_all_users',`
> +	gen_require(`
> +		attribute userdomain;
> +		class dbus send_msg;
> +	')
> +
> +	allow $1 userdomain:dbus send_msg;
> +	allow userdomain $1:dbus send_msg;
> +')
> +
> +########################################
> +## <summary>
> ?##?????Do not audit attempts to read and write
> ?##?????unserdomain stream.
> ?## </summary>