From: guido@trentalancia.com (Guido Trentalancia)
Date: Fri, 26 May 2017 18:00:58 +0200
Subject: [refpolicy] [PATCH 1/6] dirmngr: add to roles and allow gpg to
 domtrans
In-Reply-To: <20170526155801.5441-1-jason@perfinion.com>
References: <20170526155801.5441-1-jason@perfinion.com>
Message-ID: <1495814458.21288.1.camel@trentalancia.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

As already explained earlier on, the whole dirmngr policy goes in the
existing gpg module.

Creating a separate module for dirmngr is wrong !

Regards,

Guido

On Fri, 26/05/2017 at 23.57 +0800, Jason Zaman via refpolicy
wrote:
> ---
>  dirmngr.if | 69
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>  gpg.te     |  4 ++++
>  2 files changed, 73 insertions(+)
> 
> diff --git a/dirmngr.if b/dirmngr.if
> index 4cd2810..2f6875a 100644
> --- a/dirmngr.if
> +++ b/dirmngr.if
> @@ -1,5 +1,74 @@
>  ## <summary>Server for managing and downloading certificate
> revocation lists.</summary>
>  
> +############################################################
> +## <summary>
> +##	Role access for dirmngr.
> +## </summary>
> +## <param name="role">
> +##	<summary>
> +##	Role allowed access.
> +##	</summary>
> +## </param>
> +## <param name="domain">
> +##	<summary>
> +##	User domain for the role.
> +##	</summary>
> +## </param>
> +#
> +interface(`dirmngr_role',`
> +	gen_require(`
> +		type dirmngr_t, dirmngr_exec_t;
> +	')
> +
> +	role $1 types dirmngr_t;
> +
> +	domtrans_pattern($2, dirmngr_exec_t, dirmngr_t)
> +
> +	allow $2 dirmngr_t:process { ptrace signal_perms };
> +	ps_process_pattern($2, dirmngr_t)
> +
> +	allow dirmngr_t $2:fd use;
> +	allow dirmngr_t $2:fifo_file { read write };
> +')
> +
> +########################################
> +## <summary>
> +##	Execute dirmngr in the dirmngr domain.
> +## </summary>
> +## <param name="domain">
> +##	<summary>
> +##	Domain allowed to transition.
> +##	</summary>
> +## </param>
> +#
> +interface(`dirmngr_domtrans',`
> +	gen_require(`
> +		type dirmngr_t, dirmngr_exec_t;
> +	')
> +
> +	corecmd_search_bin($1)
> +	domtrans_pattern($1, dirmngr_exec_t, dirmngr_t)
> +')
> +
> +########################################
> +## <summary>
> +##	Execute the dirmngr in the caller domain.
> +## </summary>
> +## <param name="domain">
> +##	<summary>
> +##	Domain allowed access.
> +##	</summary>
> +## </param>
> +#
> +interface(`dirmngr_exec',`
> +	gen_require(`
> +		type dirmngr_exec_t;
> +	')
> +
> +	corecmd_search_bin($1)
> +	can_exec($1, dirmngr_exec_t)
> +')
> +
>  ########################################
>  ## <summary>
>  ##	All of the rules required to
> diff --git a/gpg.te b/gpg.te
> index 5e87028..d6239c5 100644
> --- a/gpg.te
> +++ b/gpg.te
> @@ -139,6 +139,10 @@ tunable_policy(`use_samba_home_dirs',`
>  ')
>  
>  optional_policy(`
> +	dirmngr_domtrans(gpg_t)
> +')
> +
> +optional_policy(`
>  	evolution_read_orbit_tmp_files(gpg_t)
>  ')
>