From: domg472@gmail.com (Dominick Grift)
Date: Wed, 28 Oct 2009 12:45:40 +0100
Subject: [refpolicy] [ userdomain patch 1/1] Split
 userdom_read_user_home_content_files interface.
Message-ID: <20091028114537.GA9301@notebook3.grift.internal>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Split userdom_read_user_home_content_files into userdom_read_generic_
user_home_content_files and userdomain_read_all_user_content_files.

Sometimes one wants to be able to read all user home content files and 
sometimes one wants to read only generic home content files.

Signed-off-by: Dominick Grift <domg472@gmail.com>

---
:100644 100644 f209ccf... a26b650... M	policy/modules/system/userdomain.if
 policy/modules/system/userdomain.if |   43 +++++++++++++++++++++++++++++++++-
 1 files changed, 41 insertions(+), 2 deletions(-)

diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
index f209ccf..a26b650 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -1657,7 +1657,26 @@ interface(`userdom_mmap_user_home_content_files',`
 
 ########################################
 ## <summary>
-##	Read user home files.
+##      Read all user home files.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+interface(`userdom_read_all_user_home_content_files',`
+        gen_require(`
+                attribute user_home_dir_type, user_home_type;
+        ')
+
+        read_files_pattern($1, { user_home_dir_type user_home_type }, user_home_type)
+        files_search_home($1)
+')
+
+########################################
+## <summary>
+##	Read generic user home files.
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -1665,7 +1684,7 @@ interface(`userdom_mmap_user_home_content_files',`
 ##	</summary>
 ## </param>
 #
-interface(`userdom_read_user_home_content_files',`
+interface(`userdom_read_generic_user_home_content_files',`
 	gen_require(`
 		type user_home_dir_t, user_home_t;
 	')
@@ -1676,6 +1695,26 @@ interface(`userdom_read_user_home_content_files',`
 
 ########################################
 ## <summary>
+##      Read user home files (Deprecated).
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+interface(`userdom_read_user_home_content_files',`
+	refpolicywarn(`$0() has been deprecated, please use userdom_read_generic_user_home_content_files() instead.')
+        gen_require(`
+                type user_home_dir_t, user_home_t;
+        ')
+
+        read_files_pattern($1, { user_home_dir_t user_home_t }, user_home_t)
+        files_search_home($1)
+')
+
+########################################
+## <summary>
 ##	Do not audit attempts to read user home files.
 ## </summary>
 ## <param name="domain">
-- 
1.6.5.1

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20091028/760c1e0e/attachment.bin