From: domg472@gmail.com (Dominick Grift)
Date: Wed, 22 Sep 2010 17:33:26 +0200
Subject: [refpolicy] [patch 2/2] Allow common users to manage and relabel
	Alsa home files.
Message-ID: <20100922153323.GA25726@localhost.localdomain>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Signed-off-by: Dominick Grift <domg472@gmail.com>
---
:100644 100644 69aa742... 90d5203... M	policy/modules/admin/alsa.if
:100644 100644 b575edd... 35f1476... M	policy/modules/system/userdomain.if
 policy/modules/admin/alsa.if        |   38 +++++++++++++++++++++++++++++++++++
 policy/modules/system/userdomain.if |    2 +
 2 files changed, 40 insertions(+), 0 deletions(-)

diff --git a/policy/modules/admin/alsa.if b/policy/modules/admin/alsa.if
index 69aa742..90d5203 100644
--- a/policy/modules/admin/alsa.if
+++ b/policy/modules/admin/alsa.if
@@ -107,6 +107,25 @@ interface(`alsa_manage_rw_config',`
 
 ########################################
 ## <summary>
+##	Manage alsa home files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`alsa_manage_home_files',`
+	gen_require(`
+		type alsa_home_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+	allow $1 alsa_home_t:file manage_file_perms;
+')
+
+########################################
+## <summary>
 ##	Read Alsa home files.
 ## </summary>
 ## <param name="domain">
@@ -126,6 +145,25 @@ interface(`alsa_read_home_files',`
 
 ########################################
 ## <summary>
+##	Relabel alsa home files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`alsa_relabel_home_files',`
+	gen_require(`
+		type alsa_home_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+	allow $1 alsa_home_t:file relabel_file_perms;
+')
+
+########################################
+## <summary>
 ##	Read Alsa lib files.
 ## </summary>
 ## <param name="domain">
diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
index b575edd..35f1476 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -574,7 +574,9 @@ template(`userdom_common_user_template',`
 	')
 
 	optional_policy(`
+		alsa_manage_home_files($1_t)
 		alsa_read_rw_config($1_t)
+		alsa_relabel_home_files($1_t)
 	')
 
 	optional_policy(`
-- 
1.7.2.3

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20100922/38f0b5a9/attachment.bin