commit:     eac236a86cba23a1d31e6f9e2c1e530736611bbe
Author:     Guido Trentalancia <guido <AT> trentalancia <DOT> net>
AuthorDate: Wed May 24 23:43:56 2017 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Thu May 25 16:31:51 2017 +0000
URL:        
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=eac236a8

gnome: improved integration with openoffice

Minor update for the Apache OpenOffice(R) module: part 3/3.

This patch introduces minor changes in the gnome module for
smoother integration with Apache OpenOffice(R).

Signed-off-by: Guido Trentalancia <guido at trentalancia.com>

 policy/modules/contrib/gnome.te      |  7 ++++++-
 policy/modules/contrib/openoffice.if | 20 ++++++++++++++++++++
 2 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/policy/modules/contrib/gnome.te b/policy/modules/contrib/gnome.te
index 1b53cb4f..0377c479 100644
--- a/policy/modules/contrib/gnome.te
+++ b/policy/modules/contrib/gnome.te
@@ -98,7 +98,8 @@ kernel_read_system_state(gconfd_t)
 files_read_var_lib_files(gconfd_t)
 
 userdom_manage_user_tmp_dirs(gconfd_t)
-userdom_tmp_filetrans_user_tmp(gconfd_t, dir)
+userdom_manage_user_tmp_sockets(gconfd_t)
+userdom_tmp_filetrans_user_tmp(gconfd_t, { dir sock_file })
 userdom_user_runtime_filetrans_user_tmp(gconfd_t, dir)
 
 optional_policy(`
@@ -111,6 +112,10 @@ optional_policy(`
        nscd_dontaudit_search_pid(gconfd_t)
 ')
 
+optional_policy(`
+       ooffice_stream_connect(gconfd_t)
+')
+
 ##############################
 #
 # Keyring-daemon local policy

diff --git a/policy/modules/contrib/openoffice.if 
b/policy/modules/contrib/openoffice.if
index 4cb669c8..5580aaf7 100644
--- a/policy/modules/contrib/openoffice.if
+++ b/policy/modules/contrib/openoffice.if
@@ -112,3 +112,23 @@ interface(`ooffice_dbus_chat',`
        allow $1 ooffice_t:dbus send_msg;
        allow ooffice_t $1:dbus send_msg;
 ')
+
+########################################
+## <summary>
+##     Connect to openoffice using a
+##     unix domain stream socket.
+## </summary>
+## <param name="domain">
+##     <summary>
+##     Domain allowed access.
+##     </summary>
+## </param>
+#
+interface(`ooffice_stream_connect',`
+       gen_require(`
+               type ooffice_t, ooffice_tmp_t;
+       ')
+
+       files_search_tmp($1)
+       stream_connect_pattern($1, ooffice_tmp_t, ooffice_tmp_t, ooffice_t)
+')

Reply via email to