1 |
commit: ad72efd64eb17bf500c13b58120437b3dacc4aab |
2 |
Author: Chris PeBenito <pebenito <AT> ieee <DOT> org> |
3 |
AuthorDate: Thu Sep 8 23:15:11 2016 +0000 |
4 |
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> |
5 |
CommitDate: Mon Oct 3 06:05:14 2016 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=ad72efd6 |
7 |
|
8 |
evolution: Read user certs from Guido Trentalancia. |
9 |
|
10 |
policy/modules/contrib/evolution.te | 25 ++++++++++++++++++++++++- |
11 |
1 file changed, 24 insertions(+), 1 deletion(-) |
12 |
|
13 |
diff --git a/policy/modules/contrib/evolution.te b/policy/modules/contrib/evolution.te |
14 |
index 55ee470..a3cf532 100644 |
15 |
--- a/policy/modules/contrib/evolution.te |
16 |
+++ b/policy/modules/contrib/evolution.te |
17 |
@@ -1,10 +1,19 @@ |
18 |
-policy_module(evolution, 2.4.1) |
19 |
+policy_module(evolution, 2.4.2) |
20 |
|
21 |
######################################## |
22 |
# |
23 |
# Declarations |
24 |
# |
25 |
|
26 |
+## <desc> |
27 |
+## <p> |
28 |
+## Allow evolution to create and write |
29 |
+## user certificates in addition to |
30 |
+## being able to read them |
31 |
+## </p> |
32 |
+## </desc> |
33 |
+gen_tunable(evolution_manage_user_certs, false) |
34 |
+ |
35 |
attribute_role evolution_roles; |
36 |
|
37 |
type evolution_t; |
38 |
@@ -185,6 +194,13 @@ udev_read_state(evolution_t) |
39 |
|
40 |
userdom_use_user_terminals(evolution_t) |
41 |
|
42 |
+tunable_policy(`evolution_manage_user_certs',` |
43 |
+ userdom_manage_user_certs(evolution_t) |
44 |
+',` |
45 |
+ userdom_dontaudit_manage_user_certs(evolution_t) |
46 |
+ userdom_read_user_certs(evolution_t) |
47 |
+') |
48 |
+ |
49 |
userdom_manage_user_tmp_dirs(evolution_t) |
50 |
userdom_manage_user_tmp_files(evolution_t) |
51 |
|
52 |
@@ -437,6 +453,13 @@ miscfiles_read_generic_certs(evolution_server_t) |
53 |
|
54 |
userdom_dontaudit_read_user_home_content_files(evolution_server_t) |
55 |
|
56 |
+tunable_policy(`evolution_manage_user_certs',` |
57 |
+ userdom_manage_user_certs(evolution_server_t) |
58 |
+',` |
59 |
+ userdom_dontaudit_manage_user_certs(evolution_server_t) |
60 |
+ userdom_read_user_certs(evolution_server_t) |
61 |
+') |
62 |
+ |
63 |
tunable_policy(`use_nfs_home_dirs',` |
64 |
fs_manage_nfs_dirs(evolution_server_t) |
65 |
fs_manage_nfs_files(evolution_server_t) |