commit: ad72efd64eb17bf500c13b58120437b3dacc4aab
Author: Chris PeBenito <pebenito <AT> ieee <DOT> org>
AuthorDate: Thu Sep 8 23:15:11 2016 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Mon Oct 3 06:05:14 2016 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=ad72efd6
evolution: Read user certs from Guido Trentalancia.
policy/modules/contrib/evolution.te | 25 ++++++++++++++++++++++++-
1 file changed, 24 insertions(+), 1 deletion(-)
diff --git a/policy/modules/contrib/evolution.te
b/policy/modules/contrib/evolution.te
index 55ee470..a3cf532 100644
--- a/policy/modules/contrib/evolution.te
+++ b/policy/modules/contrib/evolution.te
@@ -1,10 +1,19 @@
-policy_module(evolution, 2.4.1)
+policy_module(evolution, 2.4.2)
########################################
#
# Declarations
#
+## <desc>
+## <p>
+## Allow evolution to create and write
+## user certificates in addition to
+## being able to read them
+## </p>
+## </desc>
+gen_tunable(evolution_manage_user_certs, false)
+
attribute_role evolution_roles;
type evolution_t;
@@ -185,6 +194,13 @@ udev_read_state(evolution_t)
userdom_use_user_terminals(evolution_t)
+tunable_policy(`evolution_manage_user_certs',`
+ userdom_manage_user_certs(evolution_t)
+',`
+ userdom_dontaudit_manage_user_certs(evolution_t)
+ userdom_read_user_certs(evolution_t)
+')
+
userdom_manage_user_tmp_dirs(evolution_t)
userdom_manage_user_tmp_files(evolution_t)
@@ -437,6 +453,13 @@ miscfiles_read_generic_certs(evolution_server_t)
userdom_dontaudit_read_user_home_content_files(evolution_server_t)
+tunable_policy(`evolution_manage_user_certs',`
+ userdom_manage_user_certs(evolution_server_t)
+',`
+ userdom_dontaudit_manage_user_certs(evolution_server_t)
+ userdom_read_user_certs(evolution_server_t)
+')
+
tunable_policy(`use_nfs_home_dirs',`
fs_manage_nfs_dirs(evolution_server_t)
fs_manage_nfs_files(evolution_server_t)
