[refpolicy] [PATCH 2/3] openoffice: minor update

Guido Trentalancia guido at trentalancia.com
Sat May 20 15:41:40 UTC 2017


Minor update for the Apache OpenOffice(R) module: part 2/3.

This patch introduces a few minor changes to the Apache
OpenOffice(R) module, including fixes for smoother integration
with gnome.

It requires a userdomain interface introduced with part 1/3.

Signed-off-by: Guido Trentalancia <guido at trentalancia.com>
---
 policy/modules/contrib/openoffice.te |   17 +++++++++++++++++
 1 file changed, 17 insertions(+)

--- a/policy/modules/contrib/openoffice.te	2017-04-21 20:01:32.406190979 +0200
+++ b/policy/modules/contrib/openoffice.te	2017-05-20 16:50:54.352231478 +0200
@@ -66,12 +66,16 @@ files_tmp_filetrans(ooffice_t, ooffice_t
 
 can_exec(ooffice_t, ooffice_exec_t)
 
+kernel_dontaudit_read_system_state(ooffice_t)
+
 corecmd_exec_bin(ooffice_t)
 corecmd_exec_shell(ooffice_t)
 
 dev_read_sysfs(ooffice_t)
 dev_read_urand(ooffice_t)
 
+domain_use_interactive_fds(ooffice_t)
+
 files_getattr_all_dirs(ooffice_t)
 files_getattr_all_files(ooffice_t)
 files_getattr_all_symlinks(ooffice_t)
@@ -88,12 +92,18 @@ ooffice_dontaudit_exec_tmp_files(ooffice
 sysnet_dns_name_resolve(ooffice_t)
 
 userdom_dontaudit_exec_user_home_content_files(ooffice_t)
+userdom_dontaudit_manage_user_tmp_dirs(ooffice_t)
+
 userdom_read_user_tmp_files(ooffice_t)
 userdom_manage_user_home_content_dirs(ooffice_t)
 userdom_manage_user_home_content_files(ooffice_t)
 userdom_manage_user_home_content_symlinks(ooffice_t)
 userdom_user_home_dir_filetrans_user_home_content(ooffice_t, { dir file lnk_file fifo_file sock_file })
 
+userdom_manage_user_tmp_sockets(ooffice_t)
+
+userdom_use_inherited_user_terminals(ooffice_t)
+
 tunable_policy(`openoffice_allow_update',`
 	corenet_tcp_connect_http_port(ooffice_t)
 ')
@@ -111,6 +121,8 @@ optional_policy(`
 
 optional_policy(`
 	dbus_all_session_bus_client(ooffice_t)
+
+	userdom_dbus_chat_all_users(ooffice_t)
 ')
 
 optional_policy(`
@@ -119,6 +131,11 @@ optional_policy(`
 ')
 
 optional_policy(`
+	gnome_dbus_chat_gconfd(ooffice_t)
+	gnome_stream_connect_gconf(ooffice_t)
+')
+
+optional_policy(`
 	hostname_exec(ooffice_t)
 ')
 


More information about the refpolicy mailing list