From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-947112-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 76988139694
	for <garchives@archives.gentoo.org>; Sun, 30 Apr 2017 14:20:21 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id C522221C0C6;
	Sun, 30 Apr 2017 14:20:10 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 91FF921C0C6
	for <gentoo-commits@lists.gentoo.org>; Sun, 30 Apr 2017 14:20:10 +0000 (UTC)
Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 47CEC34105A
	for <gentoo-commits@lists.gentoo.org>; Sun, 30 Apr 2017 14:20:03 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id 7CE2B744F
	for <gentoo-commits@lists.gentoo.org>; Sun, 30 Apr 2017 14:20:00 +0000 (UTC)
From: "Jason Zaman" <perfinion@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Jason Zaman" <perfinion@gentoo.org>
Message-ID: <1493561864.1ea4f1cd05f02e5996c2c168d5f64bdf1304b3db.perfinion@gentoo>
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/
X-VCS-Repository: proj/hardened-refpolicy
X-VCS-Files: policy/modules/contrib/evolution.te policy/modules/contrib/gnome.if
X-VCS-Directories: policy/modules/contrib/
X-VCS-Committer: perfinion
X-VCS-Committer-Name: Jason Zaman
X-VCS-Revision: 1ea4f1cd05f02e5996c2c168d5f64bdf1304b3db
X-VCS-Branch: master
Date: Sun, 30 Apr 2017 14:20:00 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Archives-Salt: 3f018d92-575e-4c5c-af12-367053c71c7b
X-Archives-Hash: e5d545a9f6bb43a0784a4a224c728e93

commit:     1ea4f1cd05f02e5996c2c168d5f64bdf1304b3db
Author:     Guido Trentalancia <guido <AT> trentalancia <DOT> net>
AuthorDate: Wed Apr 19 13:37:16 2017 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sun Apr 30 14:17:44 2017 +0000
URL:        https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=1ea4f1cd

Gnome and Evolution dbus chat permissions

This patch adds assorted permission to chat over dbus needed
for the correct functioning of Gnome and Evolution.

The second version, simply removes an extra "#" prefix from
the comments.

This third version, rebases the patch so that it applies to
the most recent git tree (thanks to Christopher PeBenito and
Russell Coker for pointing that out).

Signed-off-by: Guido Trentalancia <guido <AT> trentalancia.net>

 policy/modules/contrib/evolution.te |  4 ++++
 policy/modules/contrib/gnome.if     | 37 +++++++++++++++++++++++++++++++++++++
 2 files changed, 41 insertions(+)

diff --git a/policy/modules/contrib/evolution.te b/policy/modules/contrib/evolution.te
index bd1647f2..579c21a6 100644
--- a/policy/modules/contrib/evolution.te
+++ b/policy/modules/contrib/evolution.te
@@ -345,6 +345,10 @@ tunable_policy(`use_samba_home_dirs',`
 optional_policy(`
 	dbus_all_session_bus_client(evolution_alarm_t)
 	dbus_connect_all_session_bus(evolution_alarm_t)
+
+	optional_policy(`
+		evolution_dbus_chat(evolution_alarm_t)
+	')
 ')
 
 optional_policy(`

diff --git a/policy/modules/contrib/gnome.if b/policy/modules/contrib/gnome.if
index 7ea2cf40..ce436cfd 100644
--- a/policy/modules/contrib/gnome.if
+++ b/policy/modules/contrib/gnome.if
@@ -112,8 +112,17 @@ template(`gnome_role_template',`
 		dbus_spec_session_domain($1, $1_gkeyringd_t, gkeyringd_exec_t)
 
 		optional_policy(`
+			evolution_dbus_chat($1_gkeyringd_t)
+		')
+
+		optional_policy(`
+			gnome_dbus_chat_gconfd($3)
 			gnome_dbus_chat_gkeyringd($1, $3)
 		')
+
+		optional_policy(`
+			wm_dbus_chat($1, $1_gkeyringd_t)
+		')
 	')
 
 	ifdef(`distro_gentoo',`
@@ -690,6 +699,34 @@ interface(`gnome_read_keyring_home_files',`
 ########################################
 ## <summary>
 ##	Send and receive messages from
+##	gnome configuration daemon over
+##	dbus.
+## </summary>
+## <param name="role_prefix">
+##	<summary>
+##	The prefix of the user domain (e.g., user
+##	is the prefix for user_t).
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`gnome_dbus_chat_gconfd',`
+	gen_require(`
+		type gconfd_t;
+		class dbus send_msg;
+	')
+
+	allow $1 gconfd_t:dbus send_msg;
+	allow gconfd_t $1:dbus send_msg;
+')
+
+########################################
+## <summary>
+##	Send and receive messages from
 ##	gnome keyring daemon over dbus.
 ## </summary>
 ## <param name="role_prefix">