* [refpolicy] [PATCH] Gnome and Evolution dbus chat permissions
@ 2017-04-18 18:04 Guido Trentalancia
2017-04-19 1:51 ` Chris PeBenito
0 siblings, 1 reply; 11+ messages in thread
From: Guido Trentalancia @ 2017-04-18 18:04 UTC (permalink / raw)
To: refpolicy
This patch adds assorted permission to chat over dbus needed
for the correct functioning of Gnome and Evolution.
Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
---
policy/modules/contrib/evolution.te | 5 ++++
policy/modules/contrib/gnome.if | 37 ++++++++++++++++++++++++++++++++++++
2 files changed, 42 insertions(+)
diff -pru refpolicy-git-18042017-1918-orig/policy/modules/contrib/evolution.te refpolicy-git-18042017-1918/policy/modules/contrib/evolution.te
--- refpolicy-git-18042017-1918-orig/policy/modules/contrib/evolution.te 2017-03-29 17:58:00.276386397 +0200
+++ refpolicy-git-18042017-1918/policy/modules/contrib/evolution.te 2017-04-18 19:39:13.184604734 +0200
@@ -340,6 +340,11 @@ tunable_policy(`use_samba_home_dirs',`
optional_policy(`
dbus_all_session_bus_client(evolution_alarm_t)
+ dbus_connect_all_session_bus(evolution_alarm_t)
+
+ optional_policy(`
+ evolution_dbus_chat(evolution_alarm_t)
+ ')
')
optional_policy(`
diff -pru refpolicy-git-18042017-1918-orig/policy/modules/contrib/gnome.if refpolicy-git-18042017-1918/policy/modules/contrib/gnome.if
--- refpolicy-git-18042017-1918-orig/policy/modules/contrib/gnome.if 2017-03-29 17:58:00.281386397 +0200
+++ refpolicy-git-18042017-1918/policy/modules/contrib/gnome.if 2017-04-18 19:51:01.702601837 +0200
@@ -112,8 +112,17 @@ template(`gnome_role_template',`
dbus_spec_session_domain($1, $1_gkeyringd_t, gkeyringd_exec_t)
optional_policy(`
+ evolution_dbus_chat($1_gkeyringd_t)
+ ')
+
+ optional_policy(`
+ gnome_dbus_chat_gconfd($3)
gnome_dbus_chat_gkeyringd($1, $3)
')
+
+ optional_policy(`
+ wm_dbus_chat($1, $1_gkeyringd_t)
+ ')
')
')
@@ -682,6 +691,34 @@ interface(`gnome_read_keyring_home_files
')
########################################
+### <summary>
+### Send and receive messages from
+### gnome configuration daemon over
+### dbus.
+### </summary>
+### <param name="role_prefix">
+### <summary>
+### The prefix of the user domain (e.g., user
+### is the prefix for user_t).
+### </summary>
+### </param>
+### <param name="domain">
+### <summary>
+### Domain allowed access.
+### </summary>
+### </param>
+##
+interface(`gnome_dbus_chat_gconfd',`
+ gen_require(`
+ type gconfd_t;
+ class dbus send_msg;
+ ')
+
+ allow $1 gconfd_t:dbus send_msg;
+ allow gconfd_t $1:dbus send_msg;
+')
+
+########################################
## <summary>
## Send and receive messages from
## gnome keyring daemon over dbus.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [refpolicy] [PATCH] Gnome and Evolution dbus chat permissions
2017-04-18 18:04 [refpolicy] [PATCH] Gnome and Evolution dbus chat permissions Guido Trentalancia
@ 2017-04-19 1:51 ` Chris PeBenito
2017-04-19 11:23 ` Guido Trentalancia
` (2 more replies)
0 siblings, 3 replies; 11+ messages in thread
From: Chris PeBenito @ 2017-04-19 1:51 UTC (permalink / raw)
To: refpolicy
On 04/18/2017 02:04 PM, Guido Trentalancia via refpolicy wrote:
> This patch adds assorted permission to chat over dbus needed
> for the correct functioning of Gnome and Evolution.
This didn't apply for me, but may be due to Russell's patches. One
other trivial comment below.
> Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
> ---
> policy/modules/contrib/evolution.te | 5 ++++
> policy/modules/contrib/gnome.if | 37 ++++++++++++++++++++++++++++++++++++
> 2 files changed, 42 insertions(+)
>
> diff -pru refpolicy-git-18042017-1918-orig/policy/modules/contrib/evolution.te refpolicy-git-18042017-1918/policy/modules/contrib/evolution.te
> --- refpolicy-git-18042017-1918-orig/policy/modules/contrib/evolution.te 2017-03-29 17:58:00.276386397 +0200
> +++ refpolicy-git-18042017-1918/policy/modules/contrib/evolution.te 2017-04-18 19:39:13.184604734 +0200
> @@ -340,6 +340,11 @@ tunable_policy(`use_samba_home_dirs',`
>
> optional_policy(`
> dbus_all_session_bus_client(evolution_alarm_t)
> + dbus_connect_all_session_bus(evolution_alarm_t)
> +
> + optional_policy(`
> + evolution_dbus_chat(evolution_alarm_t)
> + ')
> ')
>
> optional_policy(`
> diff -pru refpolicy-git-18042017-1918-orig/policy/modules/contrib/gnome.if refpolicy-git-18042017-1918/policy/modules/contrib/gnome.if
> --- refpolicy-git-18042017-1918-orig/policy/modules/contrib/gnome.if 2017-03-29 17:58:00.281386397 +0200
> +++ refpolicy-git-18042017-1918/policy/modules/contrib/gnome.if 2017-04-18 19:51:01.702601837 +0200
> @@ -112,8 +112,17 @@ template(`gnome_role_template',`
> dbus_spec_session_domain($1, $1_gkeyringd_t, gkeyringd_exec_t)
>
> optional_policy(`
> + evolution_dbus_chat($1_gkeyringd_t)
> + ')
> +
> + optional_policy(`
> + gnome_dbus_chat_gconfd($3)
> gnome_dbus_chat_gkeyringd($1, $3)
> ')
> +
> + optional_policy(`
> + wm_dbus_chat($1, $1_gkeyringd_t)
> + ')
> ')
> ')
>
> @@ -682,6 +691,34 @@ interface(`gnome_read_keyring_home_files
> ')
>
> ########################################
> +### <summary>
> +### Send and receive messages from
> +### gnome configuration daemon over
> +### dbus.
> +### </summary>
> +### <param name="role_prefix">
> +### <summary>
> +### The prefix of the user domain (e.g., user
> +### is the prefix for user_t).
> +### </summary>
> +### </param>
> +### <param name="domain">
> +### <summary>
> +### Domain allowed access.
> +### </summary>
> +### </param>
> +##
Too many #
> +interface(`gnome_dbus_chat_gconfd',`
> + gen_require(`
> + type gconfd_t;
> + class dbus send_msg;
> + ')
> +
> + allow $1 gconfd_t:dbus send_msg;
> + allow gconfd_t $1:dbus send_msg;
> +')
> +
> +########################################
> ## <summary>
> ## Send and receive messages from
> ## gnome keyring daemon over dbus.
--
Chris PeBenito
^ permalink raw reply [flat|nested] 11+ messages in thread
* [refpolicy] [PATCH] Gnome and Evolution dbus chat permissions
2017-04-19 1:51 ` Chris PeBenito
@ 2017-04-19 11:23 ` Guido Trentalancia
2017-04-19 12:18 ` Guido Trentalancia
2017-04-19 12:54 ` [refpolicy] [PATCH] " Guido Trentalancia
2 siblings, 0 replies; 11+ messages in thread
From: Guido Trentalancia @ 2017-04-19 11:23 UTC (permalink / raw)
To: refpolicy
Hello.
This patch is very important: for example, the password remembering functionality in Evolution depends on it!
I will rebase it, fix the comment format and repost it in a few hours.
Thanks,
Guido
On the 19th of April 2017 03:51:12 CEST, Chris PeBenito <pebenito@ieee.org> wrote:
>On 04/18/2017 02:04 PM, Guido Trentalancia via refpolicy wrote:
>> This patch adds assorted permission to chat over dbus needed
>> for the correct functioning of Gnome and Evolution.
>
>This didn't apply for me, but may be due to Russell's patches. One
>other trivial comment below.
>
>
>> Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
>> ---
>> policy/modules/contrib/evolution.te | 5 ++++
>> policy/modules/contrib/gnome.if | 37
>++++++++++++++++++++++++++++++++++++
>> 2 files changed, 42 insertions(+)
>>
>> diff -pru
>refpolicy-git-18042017-1918-orig/policy/modules/contrib/evolution.te
>refpolicy-git-18042017-1918/policy/modules/contrib/evolution.te
>> ---
>refpolicy-git-18042017-1918-orig/policy/modules/contrib/evolution.te 2017-03-29
>17:58:00.276386397 +0200
>> +++
>refpolicy-git-18042017-1918/policy/modules/contrib/evolution.te 2017-04-18
>19:39:13.184604734 +0200
>> @@ -340,6 +340,11 @@ tunable_policy(`use_samba_home_dirs',`
>>
>> optional_policy(`
>> dbus_all_session_bus_client(evolution_alarm_t)
>> + dbus_connect_all_session_bus(evolution_alarm_t)
>> +
>> + optional_policy(`
>> + evolution_dbus_chat(evolution_alarm_t)
>> + ')
>> ')
>>
>> optional_policy(`
>> diff -pru
>refpolicy-git-18042017-1918-orig/policy/modules/contrib/gnome.if
>refpolicy-git-18042017-1918/policy/modules/contrib/gnome.if
>> ---
>refpolicy-git-18042017-1918-orig/policy/modules/contrib/gnome.if 2017-03-29
>17:58:00.281386397 +0200
>> +++
>refpolicy-git-18042017-1918/policy/modules/contrib/gnome.if 2017-04-18
>19:51:01.702601837 +0200
>> @@ -112,8 +112,17 @@ template(`gnome_role_template',`
>> dbus_spec_session_domain($1, $1_gkeyringd_t, gkeyringd_exec_t)
>>
>> optional_policy(`
>> + evolution_dbus_chat($1_gkeyringd_t)
>> + ')
>> +
>> + optional_policy(`
>> + gnome_dbus_chat_gconfd($3)
>> gnome_dbus_chat_gkeyringd($1, $3)
>> ')
>> +
>> + optional_policy(`
>> + wm_dbus_chat($1, $1_gkeyringd_t)
>> + ')
>> ')
>> ')
>>
>> @@ -682,6 +691,34 @@ interface(`gnome_read_keyring_home_files
>> ')
>>
>> ########################################
>> +### <summary>
>> +### Send and receive messages from
>> +### gnome configuration daemon over
>> +### dbus.
>> +### </summary>
>> +### <param name="role_prefix">
>> +### <summary>
>> +### The prefix of the user domain (e.g., user
>> +### is the prefix for user_t).
>> +### </summary>
>> +### </param>
>> +### <param name="domain">
>> +### <summary>
>> +### Domain allowed access.
>> +### </summary>
>> +### </param>
>> +##
>
>Too many #
>
>> +interface(`gnome_dbus_chat_gconfd',`
>> + gen_require(`
>> + type gconfd_t;
>> + class dbus send_msg;
>> + ')
>> +
>> + allow $1 gconfd_t:dbus send_msg;
>> + allow gconfd_t $1:dbus send_msg;
>> +')
>> +
>> +########################################
>> ## <summary>
>> ## Send and receive messages from
>> ## gnome keyring daemon over dbus.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [refpolicy] [PATCH] Gnome and Evolution dbus chat permissions
2017-04-19 1:51 ` Chris PeBenito
2017-04-19 11:23 ` Guido Trentalancia
@ 2017-04-19 12:18 ` Guido Trentalancia
2017-04-19 12:22 ` Guido Trentalancia
2017-04-19 12:54 ` [refpolicy] [PATCH] " Guido Trentalancia
2 siblings, 1 reply; 11+ messages in thread
From: Guido Trentalancia @ 2017-04-19 12:18 UTC (permalink / raw)
To: refpolicy
Hello Christopher.
I have checked again and my patch (above mentioned) applies cleanly to
the current git tree.
However, the build fails while assembling the lvm module due to:
dpkg_script_script_rw_pipes
so, it must be some change introduced by Russell because the dpkg is
used in Debian for package management.
If you experience problems that are strictly related to this patch,
please get back to me and I will check again. Otherwise, I take the
problem lies somewhere else.
I am now going to post a revised version of this patch, which only
fixes the extra "#" in the comments and nothing else.
Thanks for your time.
Regards,
Guido
On Tue, 18/04/2017 at 21.51 -0400, Chris PeBenito wrote:
> On 04/18/2017 02:04 PM, Guido Trentalancia via refpolicy wrote:
> > This patch adds assorted permission to chat over dbus needed
> > for the correct functioning of Gnome and Evolution.
>
> This didn't apply for me, but may be due to Russell's patches.??One?
> other trivial comment below.
>
>
> > Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
> > ---
> > ?policy/modules/contrib/evolution.te |????5 ++++
> > ?policy/modules/contrib/gnome.if?????|???37
> > ++++++++++++++++++++++++++++++++++++
> > ?2 files changed, 42 insertions(+)
> >
> > diff -pru refpolicy-git-18042017-1918-
> > orig/policy/modules/contrib/evolution.te refpolicy-git-18042017-
> > 1918/policy/modules/contrib/evolution.te
> > --- refpolicy-git-18042017-1918-
> > orig/policy/modules/contrib/evolution.te 2017-03-29
> > 17:58:00.276386397 +0200
> > +++ refpolicy-git-18042017-1918/policy/modules/contrib/evolution.te
> > 2017-04-18 19:39:13.184604734 +0200
> > @@ -340,6 +340,11 @@ tunable_policy(`use_samba_home_dirs',`
> >
> > ?optional_policy(`
> > ? dbus_all_session_bus_client(evolution_alarm_t)
> > + dbus_connect_all_session_bus(evolution_alarm_t)
> > +
> > + optional_policy(`
> > + evolution_dbus_chat(evolution_alarm_t)
> > + ')
> > ?')
> >
> > ?optional_policy(`
> > diff -pru refpolicy-git-18042017-1918-
> > orig/policy/modules/contrib/gnome.if refpolicy-git-18042017-
> > 1918/policy/modules/contrib/gnome.if
> > --- refpolicy-git-18042017-1918-
> > orig/policy/modules/contrib/gnome.if 2017-03-29
> > 17:58:00.281386397 +0200
> > +++ refpolicy-git-18042017-1918/policy/modules/contrib/gnome.if
> > 2017-04-18 19:51:01.702601837 +0200
> > @@ -112,8 +112,17 @@ template(`gnome_role_template',`
> > ? dbus_spec_session_domain($1, $1_gkeyringd_t,
> > gkeyringd_exec_t)
> >
> > ? optional_policy(`
> > + evolution_dbus_chat($1_gkeyringd_t)
> > + ')
> > +
> > + optional_policy(`
> > + gnome_dbus_chat_gconfd($3)
> > ? gnome_dbus_chat_gkeyringd($1, $3)
> > ? ')
> > +
> > + optional_policy(`
> > + wm_dbus_chat($1, $1_gkeyringd_t)
> > + ')
> > ? ')
> > ?')
> >
> > @@ -682,6 +691,34 @@ interface(`gnome_read_keyring_home_files
> > ?')
> >
> > ?########################################
> > +### <summary>
> > +### Send and receive messages from
> > +### gnome configuration daemon over
> > +### dbus.
> > +### </summary>
> > +### <param name="role_prefix">
> > +### <summary>
> > +### The prefix of the user domain (e.g., user
> > +### is the prefix for user_t).
> > +### </summary>
> > +### </param>
> > +### <param name="domain">
> > +### <summary>
> > +### Domain allowed access.
> > +### </summary>
> > +### </param>
> > +##
>
> Too many #
>
> > +interface(`gnome_dbus_chat_gconfd',`
> > + gen_require(`
> > + type gconfd_t;
> > + class dbus send_msg;
> > + ')
> > +
> > + allow $1 gconfd_t:dbus send_msg;
> > + allow gconfd_t $1:dbus send_msg;
> > +')
> > +
> > +########################################
> > ?## <summary>
> > ?## Send and receive messages from
> > ?## gnome keyring daemon over dbus.
>
>
^ permalink raw reply [flat|nested] 11+ messages in thread
* [refpolicy] [PATCH] Gnome and Evolution dbus chat permissions
2017-04-19 12:18 ` Guido Trentalancia
@ 2017-04-19 12:22 ` Guido Trentalancia
2017-04-19 12:43 ` [refpolicy] [PATCH v2] " Guido Trentalancia
0 siblings, 1 reply; 11+ messages in thread
From: Guido Trentalancia @ 2017-04-19 12:22 UTC (permalink / raw)
To: refpolicy
This patch adds assorted permission to chat over dbus needed
for the correct functioning of Gnome and Evolution.
This second version, simply removes an extra "#" prefix from
the comments.
Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
---
policy/modules/contrib/evolution.te | 5 ++++
policy/modules/contrib/gnome.if | 37 ++++++++++++++++++++++++++++++++++++
2 files changed, 42 insertions(+)
diff -pru refpolicy-git-18042017-1918-orig/policy/modules/contrib/evolution.te refpolicy-git-18042017-1918/policy/modules/contrib/evolution.te
--- refpolicy-git-18042017-1918-orig/policy/modules/contrib/evolution.te 2017-03-29 17:58:00.276386397 +0200
+++ refpolicy-git-18042017-1918/policy/modules/contrib/evolution.te 2017-04-18 19:39:13.184604734 +0200
@@ -340,6 +340,11 @@ tunable_policy(`use_samba_home_dirs',`
optional_policy(`
dbus_all_session_bus_client(evolution_alarm_t)
+ dbus_connect_all_session_bus(evolution_alarm_t)
+
+ optional_policy(`
+ evolution_dbus_chat(evolution_alarm_t)
+ ')
')
optional_policy(`
diff -pru refpolicy-git-18042017-1918-orig/policy/modules/contrib/gnome.if refpolicy-git-18042017-1918/policy/modules/contrib/gnome.if
--- refpolicy-git-18042017-1918-orig/policy/modules/contrib/gnome.if 2017-03-29 17:58:00.281386397 +0200
+++ refpolicy-git-18042017-1918/policy/modules/contrib/gnome.if 2017-04-18 19:51:01.702601837 +0200
@@ -112,8 +112,17 @@ template(`gnome_role_template',`
dbus_spec_session_domain($1, $1_gkeyringd_t, gkeyringd_exec_t)
optional_policy(`
+ evolution_dbus_chat($1_gkeyringd_t)
+ ')
+
+ optional_policy(`
+ gnome_dbus_chat_gconfd($3)
gnome_dbus_chat_gkeyringd($1, $3)
')
+
+ optional_policy(`
+ wm_dbus_chat($1, $1_gkeyringd_t)
+ ')
')
')
@@ -682,6 +691,34 @@ interface(`gnome_read_keyring_home_files
')
########################################
+## <summary>
+## Send and receive messages from
+## gnome configuration daemon over
+## dbus.
+## </summary>
+## <param name="role_prefix">
+## <summary>
+## The prefix of the user domain (e.g., user
+## is the prefix for user_t).
+## </summary>
+## </param>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`gnome_dbus_chat_gconfd',`
+ gen_require(`
+ type gconfd_t;
+ class dbus send_msg;
+ ')
+
+ allow $1 gconfd_t:dbus send_msg;
+ allow gconfd_t $1:dbus send_msg;
+')
+
+########################################
## <summary>
## Send and receive messages from
## gnome keyring daemon over dbus.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [refpolicy] [PATCH v2] Gnome and Evolution dbus chat permissions
2017-04-19 12:22 ` Guido Trentalancia
@ 2017-04-19 12:43 ` Guido Trentalancia
0 siblings, 0 replies; 11+ messages in thread
From: Guido Trentalancia @ 2017-04-19 12:43 UTC (permalink / raw)
To: refpolicy
This patch adds assorted permission to chat over dbus needed
for the correct functioning of Gnome and Evolution.
This second version, simply removes an extra "#" prefix from
the comments.
Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
---
policy/modules/contrib/evolution.te | 5 ++++
policy/modules/contrib/gnome.if | 37 ++++++++++++++++++++++++++++++++++++
2 files changed, 42 insertions(+)
diff -pru refpolicy-git-18042017-1918-orig/policy/modules/contrib/evolution.te refpolicy-git-18042017-1918/policy/modules/contrib/evolution.te
--- refpolicy-git-18042017-1918-orig/policy/modules/contrib/evolution.te 2017-03-29 17:58:00.276386397 +0200
+++ refpolicy-git-18042017-1918/policy/modules/contrib/evolution.te 2017-04-18 19:39:13.184604734 +0200
@@ -340,6 +340,11 @@ tunable_policy(`use_samba_home_dirs',`
optional_policy(`
dbus_all_session_bus_client(evolution_alarm_t)
+ dbus_connect_all_session_bus(evolution_alarm_t)
+
+ optional_policy(`
+ evolution_dbus_chat(evolution_alarm_t)
+ ')
')
optional_policy(`
diff -pru refpolicy-git-18042017-1918-orig/policy/modules/contrib/gnome.if refpolicy-git-18042017-1918/policy/modules/contrib/gnome.if
--- refpolicy-git-18042017-1918-orig/policy/modules/contrib/gnome.if 2017-03-29 17:58:00.281386397 +0200
+++ refpolicy-git-18042017-1918/policy/modules/contrib/gnome.if 2017-04-18 19:51:01.702601837 +0200
@@ -112,8 +112,17 @@ template(`gnome_role_template',`
dbus_spec_session_domain($1, $1_gkeyringd_t, gkeyringd_exec_t)
optional_policy(`
+ evolution_dbus_chat($1_gkeyringd_t)
+ ')
+
+ optional_policy(`
+ gnome_dbus_chat_gconfd($3)
gnome_dbus_chat_gkeyringd($1, $3)
')
+
+ optional_policy(`
+ wm_dbus_chat($1, $1_gkeyringd_t)
+ ')
')
')
@@ -682,6 +691,34 @@ interface(`gnome_read_keyring_home_files
')
########################################
+## <summary>
+## Send and receive messages from
+## gnome configuration daemon over
+## dbus.
+## </summary>
+## <param name="role_prefix">
+## <summary>
+## The prefix of the user domain (e.g., user
+## is the prefix for user_t).
+## </summary>
+## </param>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`gnome_dbus_chat_gconfd',`
+ gen_require(`
+ type gconfd_t;
+ class dbus send_msg;
+ ')
+
+ allow $1 gconfd_t:dbus send_msg;
+ allow gconfd_t $1:dbus send_msg;
+')
+
+########################################
## <summary>
## Send and receive messages from
## gnome keyring daemon over dbus.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [refpolicy] [PATCH] Gnome and Evolution dbus chat permissions
2017-04-19 1:51 ` Chris PeBenito
2017-04-19 11:23 ` Guido Trentalancia
2017-04-19 12:18 ` Guido Trentalancia
@ 2017-04-19 12:54 ` Guido Trentalancia
2017-04-19 13:23 ` Russell Coker
2 siblings, 1 reply; 11+ messages in thread
From: Guido Trentalancia @ 2017-04-19 12:54 UTC (permalink / raw)
To: refpolicy
On Tue, 18/04/2017 at 21.51 -0400, Chris PeBenito wrote:
> On 04/18/2017 02:04 PM, Guido Trentalancia via refpolicy wrote:
> > This patch adds assorted permission to chat over dbus needed
> > for the correct functioning of Gnome and Evolution.
>
> This didn't apply for me, but may be due to Russell's patches.??One?
> other trivial comment below.
It seems to be due to a missing interface dpkg_script_rw_pipes()
introduced with commit c2b04d1ea2e6ac10c056f89f8dfc9107f211bab8.
Unfortunately, there is another missing interface:
dpkg_manage_script_tmp_files().
I hope this helps.
Regards,
Guido
^ permalink raw reply [flat|nested] 11+ messages in thread
* [refpolicy] [PATCH] Gnome and Evolution dbus chat permissions
2017-04-19 12:54 ` [refpolicy] [PATCH] " Guido Trentalancia
@ 2017-04-19 13:23 ` Russell Coker
2017-04-19 13:27 ` Guido Trentalancia
2017-04-19 13:37 ` [refpolicy] [PATCH v3] " Guido Trentalancia
0 siblings, 2 replies; 11+ messages in thread
From: Russell Coker @ 2017-04-19 13:23 UTC (permalink / raw)
To: refpolicy
On Wed, 19 Apr 2017 10:54:04 PM Guido Trentalancia via refpolicy wrote:
> On Tue, 18/04/2017 at 21.51 -0400, Chris PeBenito wrote:
> > On 04/18/2017 02:04 PM, Guido Trentalancia via refpolicy wrote:
> > > This patch adds assorted permission to chat over dbus needed
> > > for the correct functioning of Gnome and Evolution.
> >
> > This didn't apply for me, but may be due to Russell's patches. One
> > other trivial comment below.
>
> It seems to be due to a missing interface dpkg_script_rw_pipes()
> introduced with commit c2b04d1ea2e6ac10c056f89f8dfc9107f211bab8.
>
> Unfortunately, there is another missing interface:
> dpkg_manage_script_tmp_files().
Both of those interfaces are in the current git policy.
--
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/
^ permalink raw reply [flat|nested] 11+ messages in thread
* [refpolicy] [PATCH] Gnome and Evolution dbus chat permissions
2017-04-19 13:23 ` Russell Coker
@ 2017-04-19 13:27 ` Guido Trentalancia
2017-04-19 13:37 ` [refpolicy] [PATCH v3] " Guido Trentalancia
1 sibling, 0 replies; 11+ messages in thread
From: Guido Trentalancia @ 2017-04-19 13:27 UTC (permalink / raw)
To: refpolicy
All right, thanks for telling me, I forgot to run "git submodule
update"...
After running it, I confirm that the dbus chat patch does not apply.
Something has changed eventually... I'll check that in a minute.
Regards,
Guido
On Wed, 19/04/2017 at 23.23 +1000, Russell Coker wrote:
> On Wed, 19 Apr 2017 10:54:04 PM Guido Trentalancia via refpolicy
> wrote:
> > On Tue, 18/04/2017 at 21.51 -0400, Chris PeBenito wrote:
> > > On 04/18/2017 02:04 PM, Guido Trentalancia via refpolicy wrote:
> > > > This patch adds assorted permission to chat over dbus needed
> > > > for the correct functioning of Gnome and Evolution.
> > >?
> > > This didn't apply for me, but may be due to Russell's patches.?
> One?
> > > other trivial comment below.
> >?
> > It seems to be due to a missing interface dpkg_script_rw_pipes()
> > introduced with commit c2b04d1ea2e6ac10c056f89f8dfc9107f211bab8.
> >?
> > Unfortunately, there is another missing interface:
> > dpkg_manage_script_tmp_files().
>
> Both of those interfaces are in the current git policy.
>
> --?
> My Main Blog???????? http://etbe.coker.com.au/
> My Documents Blog??? http://doc.coker.com.au/
^ permalink raw reply [flat|nested] 11+ messages in thread
* [refpolicy] [PATCH v3] Gnome and Evolution dbus chat permissions
2017-04-19 13:23 ` Russell Coker
2017-04-19 13:27 ` Guido Trentalancia
@ 2017-04-19 13:37 ` Guido Trentalancia
2017-04-20 23:19 ` Chris PeBenito
1 sibling, 1 reply; 11+ messages in thread
From: Guido Trentalancia @ 2017-04-19 13:37 UTC (permalink / raw)
To: refpolicy
This patch adds assorted permission to chat over dbus needed
for the correct functioning of Gnome and Evolution.
The second version, simply removes an extra "#" prefix from
the comments.
This third version, rebases the patch so that it applies to
the most recent git tree (thanks to Christopher PeBenito and
Russell Coker for pointing that out).
Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
---
policy/modules/contrib/evolution.te | 4 +++
policy/modules/contrib/gnome.if | 37 ++++++++++++++++++++++++++++++++++++
2 files changed, 41 insertions(+)
diff -pru refpolicy-git-19042017-orig/policy/modules/contrib/evolution.te refpolicy-git-19042017/policy/modules/contrib/evolution.te
--- refpolicy-git-19042017-orig/policy/modules/contrib/evolution.te 2017-04-19 15:24:48.035784797 +0200
+++ refpolicy-git-19042017/policy/modules/contrib/evolution.te 2017-04-19 15:29:03.587783753 +0200
@@ -345,6 +345,10 @@ tunable_policy(`use_samba_home_dirs',`
optional_policy(`
dbus_all_session_bus_client(evolution_alarm_t)
dbus_connect_all_session_bus(evolution_alarm_t)
+
+ optional_policy(`
+ evolution_dbus_chat(evolution_alarm_t)
+ ')
')
optional_policy(`
diff -pru refpolicy-git-19042017-orig/policy/modules/contrib/gnome.if refpolicy-git-19042017/policy/modules/contrib/gnome.if
--- refpolicy-git-19042017-orig/policy/modules/contrib/gnome.if 2017-03-29 17:58:00.281386397 +0200
+++ refpolicy-git-19042017/policy/modules/contrib/gnome.if 2017-04-19 15:25:22.778784655 +0200
@@ -112,8 +112,17 @@ template(`gnome_role_template',`
dbus_spec_session_domain($1, $1_gkeyringd_t, gkeyringd_exec_t)
optional_policy(`
+ evolution_dbus_chat($1_gkeyringd_t)
+ ')
+
+ optional_policy(`
+ gnome_dbus_chat_gconfd($3)
gnome_dbus_chat_gkeyringd($1, $3)
')
+
+ optional_policy(`
+ wm_dbus_chat($1, $1_gkeyringd_t)
+ ')
')
')
@@ -682,6 +691,34 @@ interface(`gnome_read_keyring_home_files
')
########################################
+## <summary>
+## Send and receive messages from
+## gnome configuration daemon over
+## dbus.
+## </summary>
+## <param name="role_prefix">
+## <summary>
+## The prefix of the user domain (e.g., user
+## is the prefix for user_t).
+## </summary>
+## </param>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`gnome_dbus_chat_gconfd',`
+ gen_require(`
+ type gconfd_t;
+ class dbus send_msg;
+ ')
+
+ allow $1 gconfd_t:dbus send_msg;
+ allow gconfd_t $1:dbus send_msg;
+')
+
+########################################
## <summary>
## Send and receive messages from
## gnome keyring daemon over dbus.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [refpolicy] [PATCH v3] Gnome and Evolution dbus chat permissions
2017-04-19 13:37 ` [refpolicy] [PATCH v3] " Guido Trentalancia
@ 2017-04-20 23:19 ` Chris PeBenito
0 siblings, 0 replies; 11+ messages in thread
From: Chris PeBenito @ 2017-04-20 23:19 UTC (permalink / raw)
To: refpolicy
On 04/19/2017 09:37 AM, Guido Trentalancia via refpolicy wrote:
> This patch adds assorted permission to chat over dbus needed
> for the correct functioning of Gnome and Evolution.
>
> The second version, simply removes an extra "#" prefix from
> the comments.
>
> This third version, rebases the patch so that it applies to
> the most recent git tree (thanks to Christopher PeBenito and
> Russell Coker for pointing that out).
Merged.
> Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
> ---
> policy/modules/contrib/evolution.te | 4 +++
> policy/modules/contrib/gnome.if | 37 ++++++++++++++++++++++++++++++++++++
> 2 files changed, 41 insertions(+)
>
> diff -pru refpolicy-git-19042017-orig/policy/modules/contrib/evolution.te refpolicy-git-19042017/policy/modules/contrib/evolution.te
> --- refpolicy-git-19042017-orig/policy/modules/contrib/evolution.te 2017-04-19 15:24:48.035784797 +0200
> +++ refpolicy-git-19042017/policy/modules/contrib/evolution.te 2017-04-19 15:29:03.587783753 +0200
> @@ -345,6 +345,10 @@ tunable_policy(`use_samba_home_dirs',`
> optional_policy(`
> dbus_all_session_bus_client(evolution_alarm_t)
> dbus_connect_all_session_bus(evolution_alarm_t)
> +
> + optional_policy(`
> + evolution_dbus_chat(evolution_alarm_t)
> + ')
> ')
>
> optional_policy(`
> diff -pru refpolicy-git-19042017-orig/policy/modules/contrib/gnome.if refpolicy-git-19042017/policy/modules/contrib/gnome.if
> --- refpolicy-git-19042017-orig/policy/modules/contrib/gnome.if 2017-03-29 17:58:00.281386397 +0200
> +++ refpolicy-git-19042017/policy/modules/contrib/gnome.if 2017-04-19 15:25:22.778784655 +0200
> @@ -112,8 +112,17 @@ template(`gnome_role_template',`
> dbus_spec_session_domain($1, $1_gkeyringd_t, gkeyringd_exec_t)
>
> optional_policy(`
> + evolution_dbus_chat($1_gkeyringd_t)
> + ')
> +
> + optional_policy(`
> + gnome_dbus_chat_gconfd($3)
> gnome_dbus_chat_gkeyringd($1, $3)
> ')
> +
> + optional_policy(`
> + wm_dbus_chat($1, $1_gkeyringd_t)
> + ')
> ')
> ')
>
> @@ -682,6 +691,34 @@ interface(`gnome_read_keyring_home_files
> ')
>
> ########################################
> +## <summary>
> +## Send and receive messages from
> +## gnome configuration daemon over
> +## dbus.
> +## </summary>
> +## <param name="role_prefix">
> +## <summary>
> +## The prefix of the user domain (e.g., user
> +## is the prefix for user_t).
> +## </summary>
> +## </param>
> +## <param name="domain">
> +## <summary>
> +## Domain allowed access.
> +## </summary>
> +## </param>
> +#
> +interface(`gnome_dbus_chat_gconfd',`
> + gen_require(`
> + type gconfd_t;
> + class dbus send_msg;
> + ')
> +
> + allow $1 gconfd_t:dbus send_msg;
> + allow gconfd_t $1:dbus send_msg;
> +')
> +
> +########################################
> ## <summary>
> ## Send and receive messages from
> ## gnome keyring daemon over dbus.
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
>
--
Chris PeBenito
^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2017-04-20 23:19 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-04-18 18:04 [refpolicy] [PATCH] Gnome and Evolution dbus chat permissions Guido Trentalancia
2017-04-19 1:51 ` Chris PeBenito
2017-04-19 11:23 ` Guido Trentalancia
2017-04-19 12:18 ` Guido Trentalancia
2017-04-19 12:22 ` Guido Trentalancia
2017-04-19 12:43 ` [refpolicy] [PATCH v2] " Guido Trentalancia
2017-04-19 12:54 ` [refpolicy] [PATCH] " Guido Trentalancia
2017-04-19 13:23 ` Russell Coker
2017-04-19 13:27 ` Guido Trentalancia
2017-04-19 13:37 ` [refpolicy] [PATCH v3] " Guido Trentalancia
2017-04-20 23:19 ` Chris PeBenito
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.