[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/

[Jason Zaman]

commit:     9e8e1d8565e63678d43e33a9c11130c986cd4bed
Author:     Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Thu Jun 14 14:28:31 2018 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sat Jun 16 13:16:02 2018 +0000
URL:        
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=9e8e1d85

gnome: update to use new upstream xdg interfaces

 policy/modules/contrib/gnome.fc | 14 +++--------
 policy/modules/contrib/gnome.te | 56 +++++------------------------------------
 2 files changed, 9 insertions(+), 61 deletions(-)

diff --git a/policy/modules/contrib/gnome.fc b/policy/modules/contrib/gnome.fc
index 030f6b7b..81e9716a 100644
--- a/policy/modules/contrib/gnome.fc
+++ b/policy/modules/contrib/gnome.fc
@@ -1,5 +1,3 @@
-HOME_DIR/\.config/gtk-.*       
gen_context(system_u:object_r:gnome_xdg_config_t,s0)
-
 HOME_DIR/\.cache/dconf(/.*)?   
gen_context(system_u:object_r:gnome_xdg_cache_t,s0)
 HOME_DIR/\.cache/keyring-.*    
gen_context(system_u:object_r:gnome_xdg_cache_t,s0)
 HOME_DIR/\.config/dconf(/.*)?  
gen_context(system_u:object_r:gnome_xdg_config_t,s0)
@@ -20,17 +18,11 @@ HOME_DIR/orcexec\..*        
gen_context(system_u:object_r:gstreamer_orcexec_t,s0)
 
 /usr/bin/gnome-keyring-daemon  --      
gen_context(system_u:object_r:gkeyringd_exec_t,s0)
 /usr/bin/mate-keyring-daemon   --      
gen_context(system_u:object_r:gkeyringd_exec_t,s0)
+
 /usr/lib/[^/]*/gconf/gconfd-2  --      
gen_context(system_u:object_r:gconfd_exec_t,s0)
-/usr/libexec/gconfd-2  --      gen_context(system_u:object_r:gconfd_exec_t,s0)
+/usr/libexec/gconfd-2  --      gen_context(system_u:object_r:gconfd_exec_t,s0)
 
 /run/user/%{USERID}/keyring(/.*)?              
gen_context(system_u:object_r:gnome_keyring_tmp_t,s0)
 /run/user/[^/]*/orcexec\..*    --      
gen_context(system_u:object_r:gstreamer_orcexec_t,s0)
-/run/user/%{USERID}/dconf(/.*)?                
gen_context(system_u:object_r:gconf_tmp_t,s0)
 /run/user/%{USERID}/orcexec\..*        --      
gen_context(system_u:object_r:gstreamer_orcexec_t,s0)
-
-ifdef(`distro_gentoo',`
-HOME_DIR/\.config/dconf(/.*)?  
gen_context(system_u:object_r:gnome_xdg_config_home_t,s0)
-HOME_DIR/\.cache/dconf(/.*)?   
gen_context(system_u:object_r:gnome_xdg_cache_home_t,s0)
-HOME_DIR/\.cache/keyring-.*    
gen_context(system_u:object_r:gnome_xdg_cache_home_t,s0)
-HOME_DIR/\.local/share/keyrings(/.*)?  
gen_context(system_u:object_r:gnome_xdg_data_home_t,s0)
-')
+/run/user/%{USERID}/dconf(/.*)?                
gen_context(system_u:object_r:gconf_tmp_t,s0)

diff --git a/policy/modules/contrib/gnome.te b/policy/modules/contrib/gnome.te
index e198bc71..340e394a 100644
--- a/policy/modules/contrib/gnome.te
+++ b/policy/modules/contrib/gnome.te
@@ -204,56 +204,12 @@ optional_policy(`
        telepathy_mission_control_read_state(gkeyringd_domain)
 ')
 
-ifdef(`distro_gentoo',`
-       type gnome_xdg_cache_home_t;
-       type gnome_xdg_config_t; # Fase out
-       type gnome_xdg_config_home_t;
-       type gnome_xdg_data_home_t;
-
-       xdg_cache_home_content(gnome_xdg_cache_home_t)
-       xdg_config_home_content(gnome_xdg_config_t)
-       xdg_config_home_content(gnome_xdg_config_home_t)
-       xdg_data_home_content(gnome_xdg_data_home_t)
-
-       ##
-       ## Keyring
-       ##
-
-       # When gnome-keyring creates a .cache/keyring-.... make sure it is 
gnome_xdg_cache_home_t
-       xdg_cache_home_filetrans(gkeyringd_domain, gnome_xdg_cache_home_t, dir)
-       # Same for ~/.config and ~/.local stuff
-       xdg_config_home_filetrans(gkeyringd_domain, gnome_xdg_config_home_t, 
dir)
-       xdg_data_home_filetrans(gkeyringd_domain, gnome_xdg_data_home_t, dir)
-
-       allow gkeyringd_domain gnome_xdg_cache_home_t:file manage_file_perms;
-       allow gkeyringd_domain gnome_xdg_cache_home_t:sock_file 
manage_sock_file_perms;
-       manage_dirs_pattern(gkeyringd_domain, gnome_xdg_cache_home_t, 
gnome_xdg_cache_home_t)
-
-       allow gkeyringd_domain gnome_xdg_config_home_t:file manage_file_perms;
-       manage_dirs_pattern(gkeyringd_domain, gnome_xdg_config_home_t, 
gnome_xdg_config_home_t)
-
-       allow gkeyringd_domain gnome_xdg_data_home_t:file manage_file_perms;
-       manage_dirs_pattern(gkeyringd_domain, gnome_xdg_data_home_t, 
gnome_xdg_data_home_t)
-
-       ##
-       ## gconfd
-       ##
-
-       xdg_cache_home_filetrans(gconfd_t, gnome_xdg_cache_home_t, dir)
-       xdg_config_home_filetrans(gconfd_t, gnome_xdg_config_home_t, dir)
-       xdg_data_home_filetrans(gconfd_t, gnome_xdg_data_home_t, dir)
-
-       # gconf stores settings for gnome, it needs access
-       allow gconfd_t gnome_xdg_cache_home_t:file manage_file_perms;
-       manage_dirs_pattern(gconfd_t, gnome_xdg_cache_home_t, 
gnome_xdg_cache_home_t)
-
-       allow gconfd_t gnome_xdg_config_home_t:file manage_file_perms;
-       manage_dirs_pattern(gconfd_t, gnome_xdg_config_home_t, 
gnome_xdg_config_home_t)
-
-       allow gconfd_t gnome_xdg_data_home_t:file manage_file_perms;
-       manage_dirs_pattern(gconfd_t, gnome_xdg_data_home_t, 
gnome_xdg_data_home_t)
-')
-
 optional_policy(`
        xserver_rw_xsession_log(gkeyringd_domain)
 ')
+
+ifdef(`distro_gentoo',`
+       typealias gnome_xdg_cache_t alias gnome_xdg_cache_home_t;
+       typealias gnome_xdg_config_t alias gnome_xdg_config_home_t;
+       typealias gnome_xdg_data_t alias gnome_xdg_data_home_t;
+')