From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 7E1E6138010 for ; Thu, 4 Oct 2012 17:38:00 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id BF469E0724; Thu, 4 Oct 2012 17:36:21 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 7EE16E0724 for ; Thu, 4 Oct 2012 17:36:16 +0000 (UTC) Received: from hornbill.gentoo.org (hornbill.gentoo.org [94.100.119.163]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 7126D33C4F0 for ; Thu, 4 Oct 2012 17:36:15 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by hornbill.gentoo.org (Postfix) with ESMTP id 94A95E5436 for ; Thu, 4 Oct 2012 17:36:13 +0000 (UTC) From: "Sven Vermeulen" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" Message-ID: <1349371950.6c30179e3c13b4dbbb5e31ff3113e8f41b3e54f4.SwifT@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules/contrib/dbus.if policy/modules/contrib/dbus.te policy/modules/contrib/telepathy.if policy/modules/contrib/telepathy.te policy/modules/contrib/wm.if policy/modules/contrib/wm.te X-VCS-Directories: policy/modules/contrib/ X-VCS-Committer: SwifT X-VCS-Committer-Name: Sven Vermeulen X-VCS-Revision: 6c30179e3c13b4dbbb5e31ff3113e8f41b3e54f4 X-VCS-Branch: master Date: Thu, 4 Oct 2012 17:36:13 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 487acce7-e55c-4656-9f65-68164ef1208a X-Archives-Hash: c4a49aba6d06c273f80410f295fa809a commit: 6c30179e3c13b4dbbb5e31ff3113e8f41b3e54f4 Author: Dominick Grift gmail com> AuthorDate: Thu Oct 4 13:59:22 2012 +0000 Commit: Sven Vermeulen siphos be> CommitDate: Thu Oct 4 17:32:30 2012 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=6c30179e Deprecate various DBUS interfaces and relevant dependencies Signed-off-by: Dominick Grift gmail.com> --- policy/modules/contrib/dbus.if | 132 +++++++++++++++++++++++++++++------ policy/modules/contrib/dbus.te | 2 +- policy/modules/contrib/telepathy.if | 18 +++--- policy/modules/contrib/telepathy.te | 2 +- policy/modules/contrib/wm.if | 2 +- policy/modules/contrib/wm.te | 2 +- 6 files changed, 123 insertions(+), 35 deletions(-) diff --git a/policy/modules/contrib/dbus.if b/policy/modules/contrib/dbus.if index b548647..d3fd93d 100644 --- a/policy/modules/contrib/dbus.if +++ b/policy/modules/contrib/dbus.if @@ -118,15 +118,9 @@ interface(`dbus_system_bus_client',` ####################################### ## -## Acquire service on specified -## DBUS session bus. +## Acquire service on DBUS +## session bus. ## -## -## -## The prefix of the user role (e.g., user -## is the prefix for user_r). -## -## ## ## ## Domain allowed access. @@ -134,12 +128,8 @@ interface(`dbus_system_bus_client',` ## # interface(`dbus_connect_session_bus',` - gen_require(` - type $1_dbusd_t; - class dbus acquire_svc; - ') - - allow $2 $1_dbusd_t:dbus acquire_svc; + refpolicywarn(`$0($*) has been deprecated, use dbus_connect_all_session_bus() instead.') + dbus_connect_all_session_bus($1) ') ####################################### @@ -164,7 +154,7 @@ interface(`dbus_connect_all_session_bus',` ####################################### ## -## Creating connections to specified +## Acquire service on specified ## DBUS session bus. ## ## @@ -179,15 +169,29 @@ interface(`dbus_connect_all_session_bus',` ## ## # -interface(`dbus_session_bus_client',` +interface(`dbus_connect_spec_session_bus',` gen_require(` type $1_dbusd_t; - class dbus send_msg; + class dbus acquire_svc; ') - allow $2 { $1_dbusd_t self }:dbus send_msg; - allow $2 $1_dbusd_t:unix_stream_socket connectto; - allow $2 $1_dbusd_t:fd use; + allow $2 $1_dbusd_t:dbus acquire_svc; +') + +####################################### +## +## Creating connections to DBUS +## session bus. +## +## +## +## Domain allowed access. +## +## +# +interface(`dbus_session_bus_client',` + refpolicywarn(`$0($*) has been deprecated, use dbus_all_session_bus_client() instead.') + dbus_all_session_bus_client($1) ') ####################################### @@ -214,6 +218,34 @@ interface(`dbus_all_session_bus_client',` ####################################### ## +## Creating connections to specified +## DBUS session bus. +## +## +## +## The prefix of the user role (e.g., user +## is the prefix for user_r). +## +## +## +## +## Domain allowed access. +## +## +# +interface(`dbus_spec_session_bus_client',` + gen_require(` + type $1_dbusd_t; + class dbus send_msg; + ') + + allow $2 { $1_dbusd_t self }:dbus send_msg; + allow $2 $1_dbusd_t:unix_stream_socket connectto; + allow $2 $1_dbusd_t:fd use; +') + +####################################### +## ## Send messages to specified ## DBUS session bus. ## @@ -321,14 +353,70 @@ interface(`dbus_manage_lib_files',` ## # interface(`dbus_session_domain',` + refpolicywarn(`$0($*) has been deprecated, use dbus_all_session_domain() instead.') + dbus_all_session_domain($1, $2) +') + +######################################## +## +## Allow a application domain to be +## started by the specified session bus. +## +## +## +## Type to be used as a domain. +## +## +## +## +## Type of the program to be used as an +## entry point to this domain. +## +## +# +interface(`dbus_all_session_domain',` + gen_require(` + type session_bus_type; + ') + + domtrans_pattern(session_bus_type, $2, $1) + + dbus_all_session_bus_client($1) + dbus_connect_all_session_bus($1) +') + +######################################## +## +## Allow a application domain to be +## started by the specified session bus. +## +## +## +## The prefix of the user role (e.g., user +## is the prefix for user_r). +## +## +## +## +## Type to be used as a domain. +## +## +## +## +## Type of the program to be used as an +## entry point to this domain. +## +## +# +interface(`dbus_spec_session_domain',` gen_require(` type $1_dbusd_t; ') domtrans_pattern($1_dbusd_t, $2, $3) - dbus_session_bus_client($1, $2) - dbus_connect_session_bus($1, $2) + dbus_spec_session_bus_client($1, $2) + dbus_connect_spec_session_bus($1, $2) ') ######################################## diff --git a/policy/modules/contrib/dbus.te b/policy/modules/contrib/dbus.te index 1020bac..e57780d 100644 --- a/policy/modules/contrib/dbus.te +++ b/policy/modules/contrib/dbus.te @@ -1,4 +1,4 @@ -policy_module(dbus, 1.18.0) +policy_module(dbus, 1.18.1) gen_require(` class dbus all_dbus_perms; diff --git a/policy/modules/contrib/telepathy.if b/policy/modules/contrib/telepathy.if index a3530f5..20ebd35 100644 --- a/policy/modules/contrib/telepathy.if +++ b/policy/modules/contrib/telepathy.if @@ -73,15 +73,15 @@ template(`telepathy_role', ` telepathy_msn_stream_connect($2) telepathy_salut_stream_connect($2) - dbus_session_domain($3, telepathy_gabble_exec_t, telepathy_gabble_t) - dbus_session_domain($3, telepathy_sofiasip_exec_t, telepathy_sofiasip_t) - dbus_session_domain($3, telepathy_idle_exec_t, telepathy_idle_t) - dbus_session_domain($3, telepathy_logger_exec_t, telepathy_logger_t) - dbus_session_domain($3, telepathy_mission_control_exec_t, telepathy_mission_control_t) - dbus_session_domain($3, telepathy_salut_exec_t, telepathy_salut_t) - dbus_session_domain($3, telepathy_sunshine_exec_t, telepathy_sunshine_t) - dbus_session_domain($3, telepathy_stream_engine_exec_t, telepathy_stream_engine_t) - dbus_session_domain($3, telepathy_msn_exec_t, telepathy_msn_t) + dbus_spec_session_domain($3, telepathy_gabble_exec_t, telepathy_gabble_t) + dbus_spec_session_domain($3, telepathy_sofiasip_exec_t, telepathy_sofiasip_t) + dbus_spec_session_domain($3, telepathy_idle_exec_t, telepathy_idle_t) + dbus_spec_session_domain($3, telepathy_logger_exec_t, telepathy_logger_t) + dbus_spec_session_domain($3, telepathy_mission_control_exec_t, telepathy_mission_control_t) + dbus_spec_session_domain($3, telepathy_salut_exec_t, telepathy_salut_t) + dbus_spec_session_domain($3, telepathy_sunshine_exec_t, telepathy_sunshine_t) + dbus_spec_session_domain($3, telepathy_stream_engine_exec_t, telepathy_stream_engine_t) + dbus_spec_session_domain($3, telepathy_msn_exec_t, telepathy_msn_t) ') ######################################## diff --git a/policy/modules/contrib/telepathy.te b/policy/modules/contrib/telepathy.te index f01a972..a3c9320 100644 --- a/policy/modules/contrib/telepathy.te +++ b/policy/modules/contrib/telepathy.te @@ -1,4 +1,4 @@ -policy_module(telepathy, 1.3.3) +policy_module(telepathy, 1.3.4) ######################################## # diff --git a/policy/modules/contrib/wm.if b/policy/modules/contrib/wm.if index e6497fb..a115e8c 100644 --- a/policy/modules/contrib/wm.if +++ b/policy/modules/contrib/wm.if @@ -79,7 +79,7 @@ template(`wm_role_template',` optional_policy(` dbus_system_bus_client($1_wm_t) - dbus_session_bus_client($1, $1_wm_t) + dbus_spec_session_bus_client($1, $1_wm_t) ') optional_policy(` diff --git a/policy/modules/contrib/wm.te b/policy/modules/contrib/wm.te index 8e1a668..10ed15f 100644 --- a/policy/modules/contrib/wm.te +++ b/policy/modules/contrib/wm.te @@ -1,4 +1,4 @@ -policy_module(wm, 1.2.1) +policy_module(wm, 1.2.2) ######################################## #