From: dominick.grift@gmail.com (Dominick Grift)
Date: Wed,  8 Aug 2012 16:19:28 +0200
Subject: [refpolicy] [PATCH] oident daemon fixes
Message-ID: <1344435568-2292-1-git-send-email-dominick.grift@gmail.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com


~/.oidentd.conf is a single file
Remove call to oidentd_read_user_home_content(): "its preferred that you
not create an interface only to use it internally unless its a
complicated concept you're trying to abstract".

Leaving the oidentd_read_user_home_content interface for backwards
compatibility.

Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
diff --git a/oident.fc b/oident.fc
index 5840ea8..33b9aa0 100644
--- a/oident.fc
+++ b/oident.fc
@@ -1,4 +1,4 @@
-HOME_DIR/\.oidentd.conf			gen_context(system_u:object_r:oidentd_home_t, s0)
+HOME_DIR/\.oidentd.conf	--	gen_context(system_u:object_r:oidentd_home_t, s0)
 
 /etc/oidentd\.conf		--	gen_context(system_u:object_r:oidentd_config_t, s0)
 /etc/oidentd_masq\.conf		--	gen_context(system_u:object_r:oidentd_config_t, s0)
diff --git a/oident.te b/oident.te
index 8845174..6e5be53 100644
--- a/oident.te
+++ b/oident.te
@@ -34,6 +34,8 @@
 
 allow oidentd_t oidentd_config_t:file read_file_perms;
 
+allow oidentd_t oidentd_home_t:file read_file_perms;
+
 corenet_all_recvfrom_unlabeled(oidentd_t)
 corenet_all_recvfrom_netlabel(oidentd_t)
 corenet_tcp_sendrecv_generic_if(oidentd_t)
@@ -58,7 +60,7 @@
 
 sysnet_read_config(oidentd_t)
 
-oident_read_user_content(oidentd_t)
+userdom_search_user_home_dirs(oidentd_t)
 
 optional_policy(`
 	nis_use_ypbind(oidentd_t)