From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Sun, 4 Sep 2011 14:13:41 +0200
Subject: [refpolicy] [PATCH/RFC 2/4] Allow users to manage their xdg_*
	locations
In-Reply-To: <20110904121223.GA11390@siphos.be>
References: <20110904121223.GA11390@siphos.be>
Message-ID: <20110904121341.GC11390@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

The xdg locations as defined under the xdg module are all within a
users' HOMEDIR.

We allow the user to administer his xdg_* files.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 policy/modules/system/userdomain.if |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
index c6d3cc8..c4afffe 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -243,6 +243,9 @@ interface(`userdom_manage_home_role',`
 	filetrans_pattern($2, user_home_dir_t, user_home_t, { dir file lnk_file sock_file fifo_file })
 	files_list_home($2)
 
+	# manage user xdg locations
+	xdg_admin($2)
+
 	# cjp: this should probably be removed:
 	allow $2 user_home_dir_t:dir { manage_dir_perms relabel_dir_perms };
 
-- 
1.7.3.4