From: domg472@gmail.com (Dominick Grift)
Date: Tue, 03 Nov 2009 18:30:37 +0100
Subject: [refpolicy] [ userdomain patch 1/1] Split
 userdom_read_user_home_content_files interface.
In-Reply-To: <20091028114537.GA9301@notebook3.grift.internal>
References: <20091028114537.GA9301@notebook3.grift.internal>
Message-ID: <1257269437.9641.1.camel@localhost>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Wed, 2009-10-28 at 12:45 +0100, Dominick Grift wrote:

This patch wont install because attribute user_home_dir_type does not
exist. You would have to replace the attribute with type
user_home_dir_t.

It is handy to have a generic and all interface for user home content
file though for backup purposes.


> Split userdom_read_user_home_content_files into userdom_read_generic_
> user_home_content_files and userdomain_read_all_user_content_files.
> 
> Sometimes one wants to be able to read all user home content files and 
> sometimes one wants to read only generic home content files.
> 
> Signed-off-by: Dominick Grift <domg472@gmail.com>
> 
> ---
> :100644 100644 f209ccf... a26b650... M	policy/modules/system/userdomain.if
>  policy/modules/system/userdomain.if |   43 +++++++++++++++++++++++++++++++++-
>  1 files changed, 41 insertions(+), 2 deletions(-)
> 
> diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
> index f209ccf..a26b650 100644
> --- a/policy/modules/system/userdomain.if
> +++ b/policy/modules/system/userdomain.if
> @@ -1657,7 +1657,26 @@ interface(`userdom_mmap_user_home_content_files',`
>  
>  ########################################
>  ## <summary>
> -##	Read user home files.
> +##      Read all user home files.
> +## </summary>
> +## <param name="domain">
> +##      <summary>
> +##      Domain allowed access.
> +##      </summary>
> +## </param>
> +#
> +interface(`userdom_read_all_user_home_content_files',`
> +        gen_require(`
> +                attribute user_home_dir_type, user_home_type;
> +        ')
> +
> +        read_files_pattern($1, { user_home_dir_type user_home_type }, user_home_type)
> +        files_search_home($1)
> +')
> +
> +########################################
> +## <summary>
> +##	Read generic user home files.
>  ## </summary>
>  ## <param name="domain">
>  ##	<summary>
> @@ -1665,7 +1684,7 @@ interface(`userdom_mmap_user_home_content_files',`
>  ##	</summary>
>  ## </param>
>  #
> -interface(`userdom_read_user_home_content_files',`
> +interface(`userdom_read_generic_user_home_content_files',`
>  	gen_require(`
>  		type user_home_dir_t, user_home_t;
>  	')
> @@ -1676,6 +1695,26 @@ interface(`userdom_read_user_home_content_files',`
>  
>  ########################################
>  ## <summary>
> +##      Read user home files (Deprecated).
> +## </summary>
> +## <param name="domain">
> +##      <summary>
> +##      Domain allowed access.
> +##      </summary>
> +## </param>
> +#
> +interface(`userdom_read_user_home_content_files',`
> +	refpolicywarn(`$0() has been deprecated, please use userdom_read_generic_user_home_content_files() instead.')
> +        gen_require(`
> +                type user_home_dir_t, user_home_t;
> +        ')
> +
> +        read_files_pattern($1, { user_home_dir_t user_home_t }, user_home_t)
> +        files_search_home($1)
> +')
> +
> +########################################
> +## <summary>
>  ##	Do not audit attempts to read user home files.
>  ## </summary>
>  ## <param name="domain">