| 1 |
commit: eac236a86cba23a1d31e6f9e2c1e530736611bbe |
| 2 |
Author: Guido Trentalancia <guido <AT> trentalancia <DOT> net> |
| 3 |
AuthorDate: Wed May 24 23:43:56 2017 +0000 |
| 4 |
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Thu May 25 16:31:51 2017 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=eac236a8 |
| 7 |
|
| 8 |
gnome: improved integration with openoffice |
| 9 |
|
| 10 |
Minor update for the Apache OpenOffice(R) module: part 3/3. |
| 11 |
|
| 12 |
This patch introduces minor changes in the gnome module for |
| 13 |
smoother integration with Apache OpenOffice(R). |
| 14 |
|
| 15 |
Signed-off-by: Guido Trentalancia <guido at trentalancia.com> |
| 16 |
|
| 17 |
policy/modules/contrib/gnome.te | 7 ++++++- |
| 18 |
policy/modules/contrib/openoffice.if | 20 ++++++++++++++++++++ |
| 19 |
2 files changed, 26 insertions(+), 1 deletion(-) |
| 20 |
|
| 21 |
diff --git a/policy/modules/contrib/gnome.te b/policy/modules/contrib/gnome.te |
| 22 |
index 1b53cb4f..0377c479 100644 |
| 23 |
--- a/policy/modules/contrib/gnome.te |
| 24 |
+++ b/policy/modules/contrib/gnome.te |
| 25 |
@@ -98,7 +98,8 @@ kernel_read_system_state(gconfd_t) |
| 26 |
files_read_var_lib_files(gconfd_t) |
| 27 |
|
| 28 |
userdom_manage_user_tmp_dirs(gconfd_t) |
| 29 |
-userdom_tmp_filetrans_user_tmp(gconfd_t, dir) |
| 30 |
+userdom_manage_user_tmp_sockets(gconfd_t) |
| 31 |
+userdom_tmp_filetrans_user_tmp(gconfd_t, { dir sock_file }) |
| 32 |
userdom_user_runtime_filetrans_user_tmp(gconfd_t, dir) |
| 33 |
|
| 34 |
optional_policy(` |
| 35 |
@@ -111,6 +112,10 @@ optional_policy(` |
| 36 |
nscd_dontaudit_search_pid(gconfd_t) |
| 37 |
') |
| 38 |
|
| 39 |
+optional_policy(` |
| 40 |
+ ooffice_stream_connect(gconfd_t) |
| 41 |
+') |
| 42 |
+ |
| 43 |
############################## |
| 44 |
# |
| 45 |
# Keyring-daemon local policy |
| 46 |
|
| 47 |
diff --git a/policy/modules/contrib/openoffice.if b/policy/modules/contrib/openoffice.if |
| 48 |
index 4cb669c8..5580aaf7 100644 |
| 49 |
--- a/policy/modules/contrib/openoffice.if |
| 50 |
+++ b/policy/modules/contrib/openoffice.if |
| 51 |
@@ -112,3 +112,23 @@ interface(`ooffice_dbus_chat',` |
| 52 |
allow $1 ooffice_t:dbus send_msg; |
| 53 |
allow ooffice_t $1:dbus send_msg; |
| 54 |
') |
| 55 |
+ |
| 56 |
+######################################## |
| 57 |
+## <summary> |
| 58 |
+## Connect to openoffice using a |
| 59 |
+## unix domain stream socket. |
| 60 |
+## </summary> |
| 61 |
+## <param name="domain"> |
| 62 |
+## <summary> |
| 63 |
+## Domain allowed access. |
| 64 |
+## </summary> |
| 65 |
+## </param> |
| 66 |
+# |
| 67 |
+interface(`ooffice_stream_connect',` |
| 68 |
+ gen_require(` |
| 69 |
+ type ooffice_t, ooffice_tmp_t; |
| 70 |
+ ') |
| 71 |
+ |
| 72 |
+ files_search_tmp($1) |
| 73 |
+ stream_connect_pattern($1, ooffice_tmp_t, ooffice_tmp_t, ooffice_t) |
| 74 |
+') |
Archives