[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/

Thu, 22 May 2014 09:54:10 -0700 

commit:     f0c9d69ef883747dd922d9bdcf3b24e534aa4469
Author:     Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Mon May 19 20:44:45 2014 +0000
Commit:     Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Thu May 22 16:52:42 2014 +0000
URL:        
http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=f0c9d69e

gconfd keeps its database in the xdg directories

gconfd stores settings for applications in the gnome desktop.
it needs to be able to manage gnome directories inside
~/.{cache,config,local}/

Signed-off-by: Jason Zaman <jason <AT> perfinion.com>

---
 policy/modules/contrib/gnome.fc |  2 ++
 policy/modules/contrib/gnome.te | 18 ++++++++++++++++++
 2 files changed, 20 insertions(+)

diff --git a/policy/modules/contrib/gnome.fc b/policy/modules/contrib/gnome.fc
index 9bc2c50..31d8c6c 100644
--- a/policy/modules/contrib/gnome.fc
+++ b/policy/modules/contrib/gnome.fc
@@ -18,5 +18,7 @@ HOME_DIR/\.gnome2_private(/.*)?       
gen_context(system_u:object_r:gnome_home_t,s0)
 
 
 ifdef(`distro_gentoo',`
+HOME_DIR/\.config/dconf(/.*)?  
gen_context(system_u:object_r:gnome_xdg_config_home_t,s0)
+HOME_DIR/\.cache/dconf(/.*)?   
gen_context(system_u:object_r:gnome_xdg_cache_home_t,s0)
 HOME_DIR/\.cache/keyring-.*    
gen_context(system_u:object_r:gnome_xdg_cache_home_t,s0)
 ')

diff --git a/policy/modules/contrib/gnome.te b/policy/modules/contrib/gnome.te
index 98cd996..99b426d 100644
--- a/policy/modules/contrib/gnome.te
+++ b/policy/modules/contrib/gnome.te
@@ -170,4 +170,22 @@ ifdef(`distro_gentoo',`
 
        allow gkeyringd_domain gnome_xdg_data_home_t:file manage_file_perms;
        manage_dirs_pattern(gkeyringd_domain, gnome_xdg_data_home_t, 
gnome_xdg_data_home_t)
+
+       ##
+       ## gconfd
+       ##
+
+       xdg_cache_home_filetrans(gconfd_t, gnome_xdg_cache_home_t, dir)
+       xdg_config_home_filetrans(gconfd_t, gnome_xdg_config_home_t, dir)
+       xdg_data_home_filetrans(gconfd_t, gnome_xdg_data_home_t, dir)
+
+       # gconf stores settings for gnome, it needs access
+       allow gconfd_t gnome_xdg_cache_home_t:file manage_file_perms;
+       manage_dirs_pattern(gconfd_t, gnome_xdg_cache_home_t, 
gnome_xdg_cache_home_t)
+
+       allow gconfd_t gnome_xdg_config_home_t:file manage_file_perms;
+       manage_dirs_pattern(gconfd_t, gnome_xdg_config_home_t, 
gnome_xdg_config_home_t)
+
+       allow gconfd_t gnome_xdg_data_home_t:file manage_file_perms;
+       manage_dirs_pattern(gconfd_t, gnome_xdg_data_home_t, 
gnome_xdg_data_home_t)
 ')

Reply via email to