From: dominick.grift@gmail.com (Dominick Grift)
Date: Mon, 10 Oct 2011 12:20:37 +0200
Subject: [refpolicy] [PATCH/RFC v2] Introduce XDG type definition
In-Reply-To: <20111007193513.GA24187@siphos.be>
References: <20111007193513.GA24187@siphos.be>
Message-ID: <1318242037.1827.7.camel@x220.mydomain.internal>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Fri, 2011-10-07 at 21:35 +0200, Sven Vermeulen wrote:

> +########################################
> +## <summary>
> +##	Create objects in an xdg_config_home directory
> +##	with an automatic type transition to
> +##	a specified private type.
> +## </summary>
> +## <param name="domain">
> +##	<summary>
> +##	Domain allowed access.
> +##	</summary>
> +## </param>
> +## <param name="private_type">
> +##	<summary>
> +##	The type of the object to create.
> +##	</summary>
> +## </param>
> +## <param name="object_class">
> +##	<summary>
> +##	The class of the object to be created.
> +##	</summary>
> +## </param>
> +#
> +interface(`xdg_config_home_filetrans',`
> +	gen_require(`
> +		type xdg_config_home_t;
> +	')
> +
> +	filetrans_pattern($1, xdg_config_home_t, $2, $3)
> +')
> +

I have been thinking about this and i think we may want to make these
xdg_*_home_spec_filetrans.

The reason is because we also need a normal xdg_*_home_filetrans for
processes actually creating .config .cache .local and /run/user/$USER

Any process can create these dirs if they do not exist.

example: 

xdg_cache_home_filetrans()
userdom_user_home_dir_filetrans($1, xdg_cache_home_t, dir, ".cache")

xdg_config_home_filetrans()
userdom_user_home_dir_filetrans($1, xdg_config_home_t, dir, ".config")

xdg_data_home_filetrans()
userdom_user_home_dir_filetrans($1, xdg_data_home_t, dir, ".local")

xdg_runtime_home_filetrans()
???

Also hopefully reference policy will add support for named filetrans
soon. We will need it here.