commit: 16ff7b295abda770a89717da10f312fc235c9050
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Sat Jun 7 19:09:59 2014 +0000
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Sat Jun 7 19:12:07 2014 +0000
URL:
http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=16ff7b29
Gentoo additions for the Dropbox module
Signed-off-by: Jason Zaman <jason <AT> perfinion.com>
---
policy/modules/contrib/dropbox.fc | 3 +++
policy/modules/contrib/dropbox.te | 8 ++++++++
2 files changed, 11 insertions(+)
diff --git a/policy/modules/contrib/dropbox.fc
b/policy/modules/contrib/dropbox.fc
index 8f35880..ddc22f0 100644
--- a/policy/modules/contrib/dropbox.fc
+++ b/policy/modules/contrib/dropbox.fc
@@ -7,5 +7,8 @@ HOME_DIR/\.dropbox-master(/.*)?
gen_context(system_u:object_r:dropbo
HOME_DIR/\.dropbox-dist/dropboxd? --
gen_context(system_u:object_r:dropbox_exec_t,s0)
/opt/bin/dropbox -l
gen_context(system_u:object_r:dropbox_exec_t,s0)
+/opt/dropbox/.*py?\.?.*egg(/.*)?
gen_context(system_u:object_r:lib_t,s0)
+/opt/dropbox/lib.*\.so\.. --
gen_context(system_u:object_r:lib_t,s0)
/opt/dropbox/dropboxd? --
gen_context(system_u:object_r:dropbox_exec_t,s0)
+/opt/dropbox/library\.zip -l
gen_context(system_u:object_r:lib_t,s0)
diff --git a/policy/modules/contrib/dropbox.te
b/policy/modules/contrib/dropbox.te
index 1348ff0..0921a59 100644
--- a/policy/modules/contrib/dropbox.te
+++ b/policy/modules/contrib/dropbox.te
@@ -108,3 +108,11 @@ tunable_policy(`dropbox_bind_port',`
allow dropbox_t self:udp_socket { send_msg recv_msg };
')
+ifdef(`distro_gentoo',`
+ optional_policy(`
+ xdg_read_config_home_files(dropbox_t)
+ xdg_read_data_home_files(dropbox_t)
+ userdom_user_content_access_template(dropbox, dropbox_t)
+ ')
+')
+
