From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-947009-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 298BC139694
	for <garchives@archives.gentoo.org>; Sun, 30 Apr 2017 09:33:12 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 659B6E0DF3;
	Sun, 30 Apr 2017 09:33:09 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 348D7E0DF6
	for <gentoo-commits@lists.gentoo.org>; Sun, 30 Apr 2017 09:33:04 +0000 (UTC)
Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 1364D3416A5
	for <gentoo-commits@lists.gentoo.org>; Sun, 30 Apr 2017 09:32:48 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id 3C99F7451
	for <gentoo-commits@lists.gentoo.org>; Sun, 30 Apr 2017 09:32:45 +0000 (UTC)
From: "Jason Zaman" <perfinion@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Jason Zaman" <perfinion@gentoo.org>
Message-ID: <1493543807.007a597180bcd449f400cb15130deca3dae61738.perfinion@gentoo>
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/
X-VCS-Repository: proj/hardened-refpolicy
X-VCS-Files: policy/modules/contrib/evolution.te policy/modules/contrib/gnome.if
X-VCS-Directories: policy/modules/contrib/
X-VCS-Committer: perfinion
X-VCS-Committer-Name: Jason Zaman
X-VCS-Revision: 007a597180bcd449f400cb15130deca3dae61738
X-VCS-Branch: master
Date: Sun, 30 Apr 2017 09:32:45 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Archives-Salt: c19a8649-38bc-462b-8226-5bdf140a19d5
X-Archives-Hash: 26117f0cc48d2adb3feb2183f9f6af2d
Message-ID: <20170430093245.rp9W5M49G2_C1MEAb14D3RofUmdDO8hmrCylzdgwchs@z>

commit:     007a597180bcd449f400cb15130deca3dae61738
Author:     Guido Trentalancia <guido <AT> trentalancia <DOT> net>
AuthorDate: Wed Apr 19 13:37:16 2017 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sun Apr 30 09:16:47 2017 +0000
URL:        https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=007a5971

Gnome and Evolution dbus chat permissions

This patch adds assorted permission to chat over dbus needed
for the correct functioning of Gnome and Evolution.

The second version, simply removes an extra "#" prefix from
the comments.

This third version, rebases the patch so that it applies to
the most recent git tree (thanks to Christopher PeBenito and
Russell Coker for pointing that out).

Signed-off-by: Guido Trentalancia <guido <AT> trentalancia.net>

 policy/modules/contrib/evolution.te |  4 ++++
 policy/modules/contrib/gnome.if     | 37 +++++++++++++++++++++++++++++++++++++
 2 files changed, 41 insertions(+)

diff --git a/policy/modules/contrib/evolution.te b/policy/modules/contrib/evolution.te
index bd1647f2..579c21a6 100644
--- a/policy/modules/contrib/evolution.te
+++ b/policy/modules/contrib/evolution.te
@@ -345,6 +345,10 @@ tunable_policy(`use_samba_home_dirs',`
 optional_policy(`
 	dbus_all_session_bus_client(evolution_alarm_t)
 	dbus_connect_all_session_bus(evolution_alarm_t)
+
+	optional_policy(`
+		evolution_dbus_chat(evolution_alarm_t)
+	')
 ')
 
 optional_policy(`

diff --git a/policy/modules/contrib/gnome.if b/policy/modules/contrib/gnome.if
index 7ea2cf40..ce436cfd 100644
--- a/policy/modules/contrib/gnome.if
+++ b/policy/modules/contrib/gnome.if
@@ -112,8 +112,17 @@ template(`gnome_role_template',`
 		dbus_spec_session_domain($1, $1_gkeyringd_t, gkeyringd_exec_t)
 
 		optional_policy(`
+			evolution_dbus_chat($1_gkeyringd_t)
+		')
+
+		optional_policy(`
+			gnome_dbus_chat_gconfd($3)
 			gnome_dbus_chat_gkeyringd($1, $3)
 		')
+
+		optional_policy(`
+			wm_dbus_chat($1, $1_gkeyringd_t)
+		')
 	')
 
 	ifdef(`distro_gentoo',`
@@ -690,6 +699,34 @@ interface(`gnome_read_keyring_home_files',`
 ########################################
 ## <summary>
 ##	Send and receive messages from
+##	gnome configuration daemon over
+##	dbus.
+## </summary>
+## <param name="role_prefix">
+##	<summary>
+##	The prefix of the user domain (e.g., user
+##	is the prefix for user_t).
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`gnome_dbus_chat_gconfd',`
+	gen_require(`
+		type gconfd_t;
+		class dbus send_msg;
+	')
+
+	allow $1 gconfd_t:dbus send_msg;
+	allow gconfd_t $1:dbus send_msg;
+')
+
+########################################
+## <summary>
+##	Send and receive messages from
 ##	gnome keyring daemon over dbus.
 ## </summary>
 ## <param name="role_prefix">