From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 90C62138334 for ; Sun, 24 Jun 2018 08:46:56 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 8AAB2E09A6; Sun, 24 Jun 2018 08:46:49 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id E304AE096D for ; Sun, 24 Jun 2018 08:46:48 +0000 (UTC) Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 704F7335CA6 for ; Sun, 24 Jun 2018 08:46:47 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 56B6B321 for ; Sun, 24 Jun 2018 08:46:44 +0000 (UTC) From: "Jason Zaman" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Jason Zaman" Message-ID: <1529154962.9e8e1d8565e63678d43e33a9c11130c986cd4bed.perfinion@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules/contrib/gnome.fc policy/modules/contrib/gnome.te X-VCS-Directories: policy/modules/contrib/ X-VCS-Committer: perfinion X-VCS-Committer-Name: Jason Zaman X-VCS-Revision: 9e8e1d8565e63678d43e33a9c11130c986cd4bed X-VCS-Branch: master Date: Sun, 24 Jun 2018 08:46:44 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: eaa865e0-5a51-4447-8d23-facb4254789b X-Archives-Hash: 4a5259b06ff1ed41ee6245664086eec4 commit: 9e8e1d8565e63678d43e33a9c11130c986cd4bed Author: Jason Zaman perfinion com> AuthorDate: Thu Jun 14 14:28:31 2018 +0000 Commit: Jason Zaman gentoo org> CommitDate: Sat Jun 16 13:16:02 2018 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=9e8e1d85 gnome: update to use new upstream xdg interfaces policy/modules/contrib/gnome.fc | 14 +++-------- policy/modules/contrib/gnome.te | 56 +++++------------------------------------ 2 files changed, 9 insertions(+), 61 deletions(-) diff --git a/policy/modules/contrib/gnome.fc b/policy/modules/contrib/gnome.fc index 030f6b7b..81e9716a 100644 --- a/policy/modules/contrib/gnome.fc +++ b/policy/modules/contrib/gnome.fc @@ -1,5 +1,3 @@ -HOME_DIR/\.config/gtk-.* gen_context(system_u:object_r:gnome_xdg_config_t,s0) - HOME_DIR/\.cache/dconf(/.*)? gen_context(system_u:object_r:gnome_xdg_cache_t,s0) HOME_DIR/\.cache/keyring-.* gen_context(system_u:object_r:gnome_xdg_cache_t,s0) HOME_DIR/\.config/dconf(/.*)? gen_context(system_u:object_r:gnome_xdg_config_t,s0) @@ -20,17 +18,11 @@ HOME_DIR/orcexec\..* gen_context(system_u:object_r:gstreamer_orcexec_t,s0) /usr/bin/gnome-keyring-daemon -- gen_context(system_u:object_r:gkeyringd_exec_t,s0) /usr/bin/mate-keyring-daemon -- gen_context(system_u:object_r:gkeyringd_exec_t,s0) + /usr/lib/[^/]*/gconf/gconfd-2 -- gen_context(system_u:object_r:gconfd_exec_t,s0) -/usr/libexec/gconfd-2 -- gen_context(system_u:object_r:gconfd_exec_t,s0) +/usr/libexec/gconfd-2 -- gen_context(system_u:object_r:gconfd_exec_t,s0) /run/user/%{USERID}/keyring(/.*)? gen_context(system_u:object_r:gnome_keyring_tmp_t,s0) /run/user/[^/]*/orcexec\..* -- gen_context(system_u:object_r:gstreamer_orcexec_t,s0) -/run/user/%{USERID}/dconf(/.*)? gen_context(system_u:object_r:gconf_tmp_t,s0) /run/user/%{USERID}/orcexec\..* -- gen_context(system_u:object_r:gstreamer_orcexec_t,s0) - -ifdef(`distro_gentoo',` -HOME_DIR/\.config/dconf(/.*)? gen_context(system_u:object_r:gnome_xdg_config_home_t,s0) -HOME_DIR/\.cache/dconf(/.*)? gen_context(system_u:object_r:gnome_xdg_cache_home_t,s0) -HOME_DIR/\.cache/keyring-.* gen_context(system_u:object_r:gnome_xdg_cache_home_t,s0) -HOME_DIR/\.local/share/keyrings(/.*)? gen_context(system_u:object_r:gnome_xdg_data_home_t,s0) -') +/run/user/%{USERID}/dconf(/.*)? gen_context(system_u:object_r:gconf_tmp_t,s0) diff --git a/policy/modules/contrib/gnome.te b/policy/modules/contrib/gnome.te index e198bc71..340e394a 100644 --- a/policy/modules/contrib/gnome.te +++ b/policy/modules/contrib/gnome.te @@ -204,56 +204,12 @@ optional_policy(` telepathy_mission_control_read_state(gkeyringd_domain) ') -ifdef(`distro_gentoo',` - type gnome_xdg_cache_home_t; - type gnome_xdg_config_t; # Fase out - type gnome_xdg_config_home_t; - type gnome_xdg_data_home_t; - - xdg_cache_home_content(gnome_xdg_cache_home_t) - xdg_config_home_content(gnome_xdg_config_t) - xdg_config_home_content(gnome_xdg_config_home_t) - xdg_data_home_content(gnome_xdg_data_home_t) - - ## - ## Keyring - ## - - # When gnome-keyring creates a .cache/keyring-.... make sure it is gnome_xdg_cache_home_t - xdg_cache_home_filetrans(gkeyringd_domain, gnome_xdg_cache_home_t, dir) - # Same for ~/.config and ~/.local stuff - xdg_config_home_filetrans(gkeyringd_domain, gnome_xdg_config_home_t, dir) - xdg_data_home_filetrans(gkeyringd_domain, gnome_xdg_data_home_t, dir) - - allow gkeyringd_domain gnome_xdg_cache_home_t:file manage_file_perms; - allow gkeyringd_domain gnome_xdg_cache_home_t:sock_file manage_sock_file_perms; - manage_dirs_pattern(gkeyringd_domain, gnome_xdg_cache_home_t, gnome_xdg_cache_home_t) - - allow gkeyringd_domain gnome_xdg_config_home_t:file manage_file_perms; - manage_dirs_pattern(gkeyringd_domain, gnome_xdg_config_home_t, gnome_xdg_config_home_t) - - allow gkeyringd_domain gnome_xdg_data_home_t:file manage_file_perms; - manage_dirs_pattern(gkeyringd_domain, gnome_xdg_data_home_t, gnome_xdg_data_home_t) - - ## - ## gconfd - ## - - xdg_cache_home_filetrans(gconfd_t, gnome_xdg_cache_home_t, dir) - xdg_config_home_filetrans(gconfd_t, gnome_xdg_config_home_t, dir) - xdg_data_home_filetrans(gconfd_t, gnome_xdg_data_home_t, dir) - - # gconf stores settings for gnome, it needs access - allow gconfd_t gnome_xdg_cache_home_t:file manage_file_perms; - manage_dirs_pattern(gconfd_t, gnome_xdg_cache_home_t, gnome_xdg_cache_home_t) - - allow gconfd_t gnome_xdg_config_home_t:file manage_file_perms; - manage_dirs_pattern(gconfd_t, gnome_xdg_config_home_t, gnome_xdg_config_home_t) - - allow gconfd_t gnome_xdg_data_home_t:file manage_file_perms; - manage_dirs_pattern(gconfd_t, gnome_xdg_data_home_t, gnome_xdg_data_home_t) -') - optional_policy(` xserver_rw_xsession_log(gkeyringd_domain) ') + +ifdef(`distro_gentoo',` + typealias gnome_xdg_cache_t alias gnome_xdg_cache_home_t; + typealias gnome_xdg_config_t alias gnome_xdg_config_home_t; + typealias gnome_xdg_data_t alias gnome_xdg_data_home_t; +')