commit: c568bc4bfa98a347210c4ffd3a8aebe1a203d2d8
Author: Guido Trentalancia <guido <AT> trentalancia <DOT> net>
AuthorDate: Fri Sep 2 11:35:53 2016 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Mon Oct 3 06:13:33 2016 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=c568bc4b
gpg: public key signature verification in evolution
Let gpg verify public key signatures in the evolution mail client application.
It doesn't need write permissions on such files for signing/encrypting messages.
Signed-off-by: Guido Trentalancia <guido <AT> trentalancia.net>
policy/modules/contrib/evolution.if | 21 +++++++++++++++++++++
policy/modules/contrib/gpg.te | 4 ++++
2 files changed, 25 insertions(+)
diff --git a/policy/modules/contrib/evolution.if
b/policy/modules/contrib/evolution.if
index d9c17d2..7c21ba1 100644
--- a/policy/modules/contrib/evolution.if
+++ b/policy/modules/contrib/evolution.if
@@ -128,6 +128,27 @@ interface(`evolution_stream_connect',`
########################################
## <summary>
+## Read evolution orbit temporary
+## files.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`evolution_read_orbit_tmp_files',`
+ gen_require(`
+ type evolution_orbit_tmp_t;
+ ')
+
+ files_search_tmp($1)
+ read_files_pattern($1, evolution_orbit_tmp_t, evolution_orbit_tmp_t)
+')
+
+
+########################################
+## <summary>
## Send and receive messages from
## evolution over dbus.
## </summary>
diff --git a/policy/modules/contrib/gpg.te b/policy/modules/contrib/gpg.te
index 072047d..0eedb45 100644
--- a/policy/modules/contrib/gpg.te
+++ b/policy/modules/contrib/gpg.te
@@ -147,6 +147,10 @@ tunable_policy(`use_samba_home_dirs',`
')
optional_policy(`
+ evolution_read_orbit_tmp_files(gpg_t)
+ ')
+
+optional_policy(`
gnome_read_generic_home_content(gpg_t)
gnome_stream_connect_all_gkeyringd(gpg_t)
')
