[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/

[Jason Zaman]

commit:     1ea4f1cd05f02e5996c2c168d5f64bdf1304b3db
Author:     Guido Trentalancia <guido <AT> trentalancia <DOT> net>
AuthorDate: Wed Apr 19 13:37:16 2017 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sun Apr 30 14:17:44 2017 +0000
URL:        
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=1ea4f1cd

Gnome and Evolution dbus chat permissions

This patch adds assorted permission to chat over dbus needed
for the correct functioning of Gnome and Evolution.

The second version, simply removes an extra "#" prefix from
the comments.

This third version, rebases the patch so that it applies to
the most recent git tree (thanks to Christopher PeBenito and
Russell Coker for pointing that out).

Signed-off-by: Guido Trentalancia <guido <AT> trentalancia.net>

 policy/modules/contrib/evolution.te |  4 ++++
 policy/modules/contrib/gnome.if     | 37 +++++++++++++++++++++++++++++++++++++
 2 files changed, 41 insertions(+)

diff --git a/policy/modules/contrib/evolution.te 
b/policy/modules/contrib/evolution.te
index bd1647f2..579c21a6 100644
--- a/policy/modules/contrib/evolution.te
+++ b/policy/modules/contrib/evolution.te
@@ -345,6 +345,10 @@ tunable_policy(`use_samba_home_dirs',`
 optional_policy(`
        dbus_all_session_bus_client(evolution_alarm_t)
        dbus_connect_all_session_bus(evolution_alarm_t)
+
+       optional_policy(`
+               evolution_dbus_chat(evolution_alarm_t)
+       ')
 ')
 
 optional_policy(`

diff --git a/policy/modules/contrib/gnome.if b/policy/modules/contrib/gnome.if
index 7ea2cf40..ce436cfd 100644
--- a/policy/modules/contrib/gnome.if
+++ b/policy/modules/contrib/gnome.if
@@ -112,8 +112,17 @@ template(`gnome_role_template',`
                dbus_spec_session_domain($1, $1_gkeyringd_t, gkeyringd_exec_t)
 
                optional_policy(`
+                       evolution_dbus_chat($1_gkeyringd_t)
+               ')
+
+               optional_policy(`
+                       gnome_dbus_chat_gconfd($3)
                        gnome_dbus_chat_gkeyringd($1, $3)
                ')
+
+               optional_policy(`
+                       wm_dbus_chat($1, $1_gkeyringd_t)
+               ')
        ')
 
        ifdef(`distro_gentoo',`
@@ -690,6 +699,34 @@ interface(`gnome_read_keyring_home_files',`
 ########################################
 ## <summary>
 ##     Send and receive messages from
+##     gnome configuration daemon over
+##     dbus.
+## </summary>
+## <param name="role_prefix">
+##     <summary>
+##     The prefix of the user domain (e.g., user
+##     is the prefix for user_t).
+##     </summary>
+## </param>
+## <param name="domain">
+##     <summary>
+##     Domain allowed access.
+##     </summary>
+## </param>
+#
+interface(`gnome_dbus_chat_gconfd',`
+       gen_require(`
+               type gconfd_t;
+               class dbus send_msg;
+       ')
+
+       allow $1 gconfd_t:dbus send_msg;
+       allow gconfd_t $1:dbus send_msg;
+')
+
+########################################
+## <summary>
+##     Send and receive messages from
 ##     gnome keyring daemon over dbus.
 ## </summary>
 ## <param name="role_prefix">