rpms / selinux-policy

Clone
Source Code
GIT

Files

  1.   b43435fa7ac41650fdad786ebf393dbf93d9e36b
  2.   policy-dbus.patch
Blob Blame History Raw 
diff --git a/policy/modules/apps/gnome.if b/policy/modules/apps/gnome.if
index b1b6bf6..f9149e7 100644
--- a/policy/modules/apps/gnome.if
+++ b/policy/modules/apps/gnome.if
@@ -51,7 +51,7 @@ interface(`gnome_role',`
 ## </param>
 ## <param name="user_domain">
 ##      <summary>
-##      The user domain associated with the role.
+##      The user domain associated with the role. 
 ##      </summary>
 ## </param>
 #
@@ -98,7 +98,7 @@ interface(`gnome_role_gkeyringd',`
 	allow $1_gkeyringd_t $3:dbus send_msg;
 	allow $3 $1_gkeyringd_t:dbus send_msg;
 	optional_policy(`
-	       	dbus_session_domain($1_gkeyringd_t, gkeyringd_exec_t)
+	       	dbus_session_domain($1, gkeyringd_exec_t, $1_gkeyringd_t)
 		dbus_session_bus_client($1_gkeyringd_t)
 		gnome_home_dir_filetrans($1_gkeyringd_t)
 		gnome_manage_generic_home_dirs($1_gkeyringd_t)
diff --git a/policy/modules/apps/telepathy.if b/policy/modules/apps/telepathy.if
index 6878d68..4730846 100644
--- a/policy/modules/apps/telepathy.if
+++ b/policy/modules/apps/telepathy.if
@@ -28,8 +28,6 @@ template(`telepathy_domain_template',`
 	type telepathy_$1_tmp_t;
 	files_tmp_file(telepathy_$1_tmp_t)
 	ubac_constrained(telepathy_$1_tmp_t)
-
-	dbus_session_domain(telepathy_$1_t, telepathy_$1_exec_t)
 ')
 
 #######################################
@@ -51,6 +49,22 @@ template(`telepathy_domain_template',`
 template(`telepathy_dbus_session_role', `
 	gen_require(`
 		attribute telepathy_domain;
+		type telepathy_gabble_t;
+		type telepathy_sofiasip_t;
+		type telepathy_idle_t;
+		type telepathy_mission_control_t;
+		type telepathy_salut_t;
+		type telepathy_sunshine_t;
+		type telepathy_stream_engine_t;
+		type telepathy_msn_t;
+		type telepathy_gabble_exec_t;
+		type telepathy_sofiasip_exec_t;
+		type telepathy_idle_exec_t;
+		type telepathy_mission_control_exec_t;
+		type telepathy_salut_exec_t;
+		type telepathy_sunshine_exec_t;
+		type telepathy_stream_engine_exec_t;
+		type telepathy_msn_exec_t;
 	')
 
         role $1 types telepathy_domain;
@@ -65,6 +79,15 @@ template(`telepathy_dbus_session_role', `
 	telepathy_gabble_stream_connect($2)
 	telepathy_msn_stream_connect($2)
 	telepathy_salut_stream_connect($2)	
+
+	dbus_session_domain($2, telepathy_gabble_exec_t, telepathy_gabble_t)
+	dbus_session_domain($2, telepathy_sofiasip_exec_t, telepathy_sofiasip_t)
+	dbus_session_domain($2, telepathy_idle_exec_t, telepathy_idle_t)
+	dbus_session_domain($2, telepathy_mission_control_exec_t, telepathy_mission_control_t)
+	dbus_session_domain($2, telepathy_salut_exec_t, telepathy_salut_t)
+	dbus_session_domain($2, telepathy_sunshine_exec_t, telepathy_sunshine_t)
+	dbus_session_domain($2, telepathy_stream_engine_exec_t, telepathy_stream_engine_t)
+	dbus_session_domain($2, telepathy_msn_exec_t, telepathy_msn_t)
 ')
 
 ########################################
@@ -147,7 +170,6 @@ interface(`telepathy_msn_stream_connect', `
         files_search_tmp($1)
 ')
 
-
 ########################################
 ## <summary>
 ##	Stream connect to Telepathy Salut
@@ -191,3 +213,46 @@ interface(`telepathy_mission_control_read_state',`
 	ps_process_pattern($1, telepathy_mission_control_t)
 ')
 
+########################################
+## <summary>
+##	Execute telepathy executable
+##	in the specified domain.
+## </summary>
+## <desc>
+##	<p>
+##	Execute a telepathy executable
+##	in the specified domain.  This allows
+##	the specified domain to execute any file
+##	on these filesystems in the specified
+##	domain. 
+##	</p>
+##	<p>
+##	No interprocess communication (signals, pipes,
+##	etc.) is provided by this interface since
+##	the domains are not owned by this module.
+##	</p>
+##	<p>
+##	This interface was added to handle
+##	the ssh-agent policy.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="target_domain">
+##	<summary>
+##	The type of the new process.
+##	</summary>
+## </param>
+#
+interface(`telepathy_command_domtrans', `
+	gen_require(`
+		attribute telepathy_executable;
+	')
+
+	allow $2 telepathy_executable:file entrypoint;
+	domain_transition_pattern($1, telepathy_executable, $2)
+	type_transition $1 telepathy_executable:process $2;
+')
diff --git a/policy/modules/apps/telepathy.te b/policy/modules/apps/telepathy.te
index 68211c2..665dce1 100644
--- a/policy/modules/apps/telepathy.te
+++ b/policy/modules/apps/telepathy.te
@@ -351,3 +351,14 @@ permissive telepathy_salut_t;
 permissive telepathy_sunshine_t;
 permissive telepathy_stream_engine_t;
 permissive telepathy_msn_t;
+
+
+# Just for F15
+
+optional_policy(`
+	gen_require(`
+		role unconfined_r;
+	')
+
+	role unconfined_r types telepathy_domain;
+')
diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te
index db5a937..fb6c6bd 100644
--- a/policy/modules/roles/staff.te
+++ b/policy/modules/roles/staff.te
@@ -84,8 +84,6 @@ optional_policy(`
 
 optional_policy(`
 	gnome_role(staff_r, staff_t)
-	gnome_role_gkeyringd(staff, staff_r, staff_t)
-	permissive staff_gkeyringd_t;
 ')
 
 optional_policy(`
diff --git a/policy/modules/roles/unconfineduser.te b/policy/modules/roles/unconfineduser.te
index 805d0ea..693d944 100644
--- a/policy/modules/roles/unconfineduser.te
+++ b/policy/modules/roles/unconfineduser.te
@@ -295,6 +295,10 @@ optional_policy(`
 	')
 
 	optional_policy(`
+		telepathy_command_domtrans(unconfined_dbusd_t, unconfined_t)
+	')
+
+	optional_policy(`
 		oddjob_dbus_chat(unconfined_usertype)
 	')
 
@@ -416,10 +420,6 @@ optional_policy(`
 ')
 
 optional_policy(`
-	telepathy_dbus_session_role(unconfined_r, unconfined_t)
-')
-
-optional_policy(`
 	vbetool_run(unconfined_t, unconfined_r)
 ')
 
@@ -500,4 +500,3 @@ domain_ptrace_all_domains(unconfined_notrans_t)
 #
 
 gen_user(unconfined_u, user, unconfined_r system_r, s0, s0 - mls_systemhigh, mcs_allcats)
-
diff --git a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te
index dc6b88f..b56a290 100644
--- a/policy/modules/roles/unprivuser.te
+++ b/policy/modules/roles/unprivuser.te
@@ -35,7 +35,6 @@ optional_policy(`
 
 optional_policy(`
 	gnome_role(user_r, user_t)
-
 ')
 
 optional_policy(`
diff --git a/policy/modules/services/dbus.if b/policy/modules/services/dbus.if
index cee56c8..d2d4d9d 100644
--- a/policy/modules/services/dbus.if
+++ b/policy/modules/services/dbus.if
@@ -363,6 +363,12 @@ interface(`dbus_connect_session_bus',`
 ##	Allow a application domain to be started
 ##	by the session dbus.
 ## </summary>
+## <param name="prefix">
+##	<summary>
+##	The prefix of the dbus session domain (e.g., user
+##	is the prefix for user_t).
+##	</summary>
+## </param>
 ## <param name="domain">
 ##	<summary>
 ##	Type to be used as a domain.
@@ -377,13 +383,13 @@ interface(`dbus_connect_session_bus',`
 #
 interface(`dbus_session_domain',`
 	gen_require(`
-		attribute session_bus_type;
+		type $1_dbusd_t;
 	')
 
-	domtrans_pattern(session_bus_type, $2, $1)
+	domtrans_pattern($1_dbusd_t, $2, $3)
 
-	dbus_session_bus_client($1)
-	dbus_connect_session_bus($1)
+	dbus_session_bus_client($3)
+	dbus_connect_session_bus($3)
 ')
 
 ########################################
diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
index 4984747..f690d75 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -1078,6 +1078,7 @@ template(`userdom_restricted_xwindows_user_template',`
 	 # bug: #682499
 	 optional_policy(`
 	 	gnome_read_usr_config($1_usertype)
+		gnome_role_gkeyringd($1, $1_r, $1_t)
 	')
 
 	optional_policy(`
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.