[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/

[Jason Zaman]

commit:     6291bac4cdcbd366f63d6d0b66f73a535ecc0340
Author:     Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Wed Oct 26 17:19:21 2016 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Tue Dec  6 13:19:40 2016 +0000
URL:        
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=6291bac4

gnome: add gkeyring rules and fcontext

 policy/modules/contrib/gnome.fc | 1 +
 policy/modules/contrib/gnome.if | 2 ++
 policy/modules/contrib/gnome.te | 4 +++-
 3 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/policy/modules/contrib/gnome.fc b/policy/modules/contrib/gnome.fc
index ce12193..cd2ead4 100644
--- a/policy/modules/contrib/gnome.fc
+++ b/policy/modules/contrib/gnome.fc
@@ -18,6 +18,7 @@ HOME_DIR/orcexec\..*  
gen_context(system_u:object_r:gstreamer_orcexec_t,s0)
 /usr/lib/[^/]*/gconf/gconfd-2  --      
gen_context(system_u:object_r:gconfd_exec_t,s0)
 /usr/libexec/gconfd-2  --      gen_context(system_u:object_r:gconfd_exec_t,s0)
 
+/var/run/user/%{USERID}/keyring(/.*)?          
gen_context(system_u:object_r:gnome_keyring_tmp_t,s0)
 /var/run/user/[^/]*/orcexec\..*        --      
gen_context(system_u:object_r:gstreamer_orcexec_t,s0)
 /var/run/user/%{USERID}/orcexec\..*    --      
gen_context(system_u:object_r:gstreamer_orcexec_t,s0)
 

diff --git a/policy/modules/contrib/gnome.if b/policy/modules/contrib/gnome.if
index 190fa16..b08670b 100644
--- a/policy/modules/contrib/gnome.if
+++ b/policy/modules/contrib/gnome.if
@@ -778,6 +778,7 @@ interface(`gnome_stream_connect_gkeyringd',`
        ')
 
        files_search_tmp($2)
+       userdom_search_user_runtime($2)
        stream_connect_pattern($2, gnome_keyring_tmp_t, gnome_keyring_tmp_t, 
$1_gkeyringd_t)
 ')
 
@@ -799,6 +800,7 @@ interface(`gnome_stream_connect_all_gkeyringd',`
        ')
 
        files_search_tmp($1)
+       userdom_search_user_runtime($1)
        stream_connect_pattern($1, gnome_keyring_tmp_t, gnome_keyring_tmp_t, 
gkeyringd_domain)
 ')
 

diff --git a/policy/modules/contrib/gnome.te b/policy/modules/contrib/gnome.te
index 5a6f728..a874924 100644
--- a/policy/modules/contrib/gnome.te
+++ b/policy/modules/contrib/gnome.te
@@ -123,9 +123,11 @@ gnome_home_filetrans(gkeyringd_domain, 
gnome_keyring_home_t, dir, "keyrings")
 manage_dirs_pattern(gkeyringd_domain, gnome_keyring_tmp_t, gnome_keyring_tmp_t)
 manage_sock_files_pattern(gkeyringd_domain, gnome_keyring_tmp_t, 
gnome_keyring_tmp_t)
 files_tmp_filetrans(gkeyringd_domain, gnome_keyring_tmp_t, dir)
+userdom_user_runtime_filetrans(gkeyringd_domain, gnome_keyring_tmp_t, dir)
 
-kernel_read_system_state(gkeyringd_domain)
 kernel_read_crypto_sysctls(gkeyringd_domain)
+kernel_read_kernel_sysctls(gkeyringd_domain)
+kernel_read_system_state(gkeyringd_domain)
 
 dev_read_rand(gkeyringd_domain)
 dev_read_sysfs(gkeyringd_domain)