From: pebenito@ieee.org (Chris PeBenito)
Date: Wed, 24 May 2017 19:44:53 -0400
Subject: [refpolicy] [PATCH 3/3] gnome: improved integration with
 openoffice
In-Reply-To: <1495294973.9946.1.camel@trentalancia.com>
References: <1495294823.9446.2.camel@trentalancia.com>
	<1495294973.9946.1.camel@trentalancia.com>
Message-ID: <cc15006e-7790-26e3-a6ab-4ab1b8a1e59e@ieee.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 05/20/2017 11:42 AM, Guido Trentalancia via refpolicy wrote:
> Minor update for the Apache OpenOffice(R) module: part 3/3.
>
> This patch introduces minor changes in the gnome module for
> smoother integration with Apache OpenOffice(R).
>
> Signed-off-by: Guido Trentalancia <guido@trentalancia.com>
> ---
>  policy/modules/contrib/gnome.te      |    7 ++++++-
>  policy/modules/contrib/openoffice.if |   20 ++++++++++++++++++++
>  2 files changed, 26 insertions(+), 1 deletion(-)
>
> --- a/policy/modules/contrib/gnome.te	2017-04-21 20:01:32.406190979 +0200
> +++ b/policy/modules/contrib/gnome.te	2017-05-20 16:41:23.878233810 +0200
> @@ -98,7 +98,8 @@ kernel_read_system_state(gconfd_t)
>  files_read_var_lib_files(gconfd_t)
>
>  userdom_manage_user_tmp_dirs(gconfd_t)
> -userdom_tmp_filetrans_user_tmp(gconfd_t, dir)
> +userdom_manage_user_tmp_sockets(gconfd_t)
> +userdom_tmp_filetrans_user_tmp(gconfd_t, { dir sock_file })
>  userdom_user_runtime_filetrans_user_tmp(gconfd_t, dir)
>
>  optional_policy(`
> @@ -111,6 +112,10 @@ optional_policy(`
>  	nscd_dontaudit_search_pid(gconfd_t)
>  ')
>
> +optional_policy(`
> +	ooffice_stream_connect(gconfd_t)
> +')
> +
>  ##############################
>  #
>  # Keyring-daemon local policy
> --- a/policy/modules/contrib/openoffice.if	2017-03-29 17:58:00.303386397 +0200
> +++ b/policy/modules/contrib/openoffice.if	2017-05-20 16:40:46.358233963 +0200
> @@ -86,3 +86,23 @@ interface(`ooffice_dontaudit_exec_tmp_fi
>
>  	dontaudit $1 ooffice_tmp_t:file exec_file_perms;
>  ')
> +
> +########################################
> +## <summary>
> +##	Connect to openoffice using a
> +##	unix domain stream socket.
> +## </summary>
> +## <param name="domain">
> +##	<summary>
> +##	Domain allowed access.
> +##	</summary>
> +## </param>
> +#
> +interface(`ooffice_stream_connect',`
> +	gen_require(`
> +		type ooffice_t, ooffice_tmp_t;
> +	')
> +
> +	files_search_tmp($1)
> +	stream_connect_pattern($1, ooffice_tmp_t, ooffice_tmp_t, ooffice_t)
> +')

Merged.

-- 
Chris PeBenito