From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Sun, 13 Nov 2011 21:33:18 +0100
Subject: [refpolicy] [PATCH/RFC v3] Introduce xdg types
In-Reply-To: <20111013140614.GA3116@siphos.be>
References: <20111013140614.GA3116@siphos.be>
Message-ID: <20111113203317.GA17650@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Thu, Oct 13, 2011 at 04:06:14PM +0200, Sven Vermeulen wrote:
> With some delay (busy days at work), the XDG module with the feedback from
> Dominick integrated. Changes since v2 include
> 
> - Rename of interfaces to be more in lign with naming conventions
> - Use of userdom_search_... instead of userdom_list_...
> - Add the lnk_file and fifo_file classes in the xdg_manage_* interfaces
> - Drop the xdg_admin interface
> - Add a few TODOs that need to be written when named file transitions are
>   supported (didn't want to include it as comments since M4 doesn't like
>   that)

Now that named file transitions are supported [1], I'd like to add a rule that,
when a one of the following directories is created, that directory is
immediately labeled appropriately:

- ~/.cache -> xdg_cache_home_t
- ~/.config -> xdg_config_home_t
- ~/.local -> xdg_data_home_t

To do so, I thought about doing this in the following steps:

(1.) Enhance userdom_user_home_dir_filetrans with a fourth argument
     (filename) and use that in its filetrans_pattern() call
(2.) Enhance xdg.if with the xdg_*_home_filetrans statements that accomplish
     something like 
       userdom_user_home_dir_filetrans($1, xdg_cache_home_t, dir, ".cache")
     for the xdg_cache_home_filetrans (others very related)
(3.) Enhance application.te with optional calls like
     "xdg_cache_home_filetrans(application_domain_type)"

Is this a proper way to handle the above? Is application_domain_type the
right level?

Wkr,
	Sven Vermeulen

[1] http://oss.tresys.com/pipermail/refpolicy-commits/2011-November/000029.html