Gentoo Archives: gentoo-commits

From: Jason Zaman <perfinion@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/contrib/
Date: Mon, 03 Oct 2016 06:26:56
Message-Id: 1475475213.c568bc4bfa98a347210c4ffd3a8aebe1a203d2d8.perfinion@gentoo
1 commit: c568bc4bfa98a347210c4ffd3a8aebe1a203d2d8
2 Author: Guido Trentalancia <guido <AT> trentalancia <DOT> net>
3 AuthorDate: Fri Sep 2 11:35:53 2016 +0000
4 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
5 CommitDate: Mon Oct 3 06:13:33 2016 +0000
6 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=c568bc4b
7
8 gpg: public key signature verification in evolution
9
10 Let gpg verify public key signatures in the evolution mail client application.
11
12 It doesn't need write permissions on such files for signing/encrypting messages.
13
14 Signed-off-by: Guido Trentalancia <guido <AT> trentalancia.net>
15
16 policy/modules/contrib/evolution.if | 21 +++++++++++++++++++++
17 policy/modules/contrib/gpg.te | 4 ++++
18 2 files changed, 25 insertions(+)
19
20 diff --git a/policy/modules/contrib/evolution.if b/policy/modules/contrib/evolution.if
21 index d9c17d2..7c21ba1 100644
22 --- a/policy/modules/contrib/evolution.if
23 +++ b/policy/modules/contrib/evolution.if
24 @@ -128,6 +128,27 @@ interface(`evolution_stream_connect',`
25
26 ########################################
27 ## <summary>
28 +## Read evolution orbit temporary
29 +## files.
30 +## </summary>
31 +## <param name="domain">
32 +## <summary>
33 +## Domain allowed access.
34 +## </summary>
35 +## </param>
36 +#
37 +interface(`evolution_read_orbit_tmp_files',`
38 + gen_require(`
39 + type evolution_orbit_tmp_t;
40 + ')
41 +
42 + files_search_tmp($1)
43 + read_files_pattern($1, evolution_orbit_tmp_t, evolution_orbit_tmp_t)
44 +')
45 +
46 +
47 +########################################
48 +## <summary>
49 ## Send and receive messages from
50 ## evolution over dbus.
51 ## </summary>
52
53 diff --git a/policy/modules/contrib/gpg.te b/policy/modules/contrib/gpg.te
54 index 072047d..0eedb45 100644
55 --- a/policy/modules/contrib/gpg.te
56 +++ b/policy/modules/contrib/gpg.te
57 @@ -147,6 +147,10 @@ tunable_policy(`use_samba_home_dirs',`
58 ')
59
60 optional_policy(`
61 + evolution_read_orbit_tmp_files(gpg_t)
62 + ')
63 +
64 +optional_policy(`
65 gnome_read_generic_home_content(gpg_t)
66 gnome_stream_connect_all_gkeyringd(gpg_t)
67 ')