From: dominick.grift@gmail.com (Dominick Grift)
Date: Wed, 03 Oct 2012 17:28:24 +0200
Subject: [refpolicy] [REVIEW REQUEST] Changes to the gnome policy module
In-Reply-To: <1349277155-3545-1-git-send-email-dominick.grift@gmail.com>
References: <1349277155-3545-1-git-send-email-dominick.grift@gmail.com>
Message-ID: <1349278104.22995.1.camel@d30.localdomain>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com



On Wed, 2012-10-03 at 17:12 +0200, Dominick Grift wrote:

> +#######################################
> +## <summary>
> +##	Create, read, write, and delete
> +##	all generic gnome user home content.
> +## </summary>
> +## <param name="user_domain">
> +##	<summary>
> +##	Domain allowed access.
> +##	</summary>
> +## </param>
> +## <rolebase/>
> +#
> +interface(`gnome_manage_all_generic_home_content',`
> +	gen_require(`
> +		type cache_home_t, config_home_t, data_home_t;
> +		type gconf_home_t, gnome_home_t, gstreamer_home_t;
> +	')
> +
> +	allow $1 { cache_home_t config_home_t data_home_t gconf_home_t gnome_home_t }:dir manage_dir_perms;
> +	allow $1 { cache_home_t config_home_t data_home_t gconf_home_t gnome_home_t }:file manage_file_perms;
> +	allow $1 { cache_home_t config_home_t data_home_t gconf_home_t gnome_home_t }:lnk_file manage_lnk_file_perms;
> +	allow $1 { cache_home_t config_home_t data_home_t gconf_home_t gnome_home_t }:sock_file manage_sock_file_perms;
> +	allow $1 { cache_home_t config_home_t data_home_t gconf_home_t gnome_home_t }:fifo_file manage_fifo_file_perms;

I added gstreamer_home_t to the above. ( i forgot that)

> +	tunable_policy(`use_nfs_home_dirs',`
> +		fs_manage_nfs_dirs($1)
> +		fs_manage_nfs_files($1)
> +		fs_manage_nfs_symlinks($1)
> +		fs_manage_nfs_named_sockets($1)
> +		fs_manage_nfs_named_pipes($1)
> +	')
> +
> +	tunable_policy(`use_samba_home_dirs',`
> +		fs_manage_cifs_dirs($1)
> +		fs_manage_cifs_files($1)
> +		fs_manage_cifs_symlinks($1)
> +		fs_manage_cifs_named_sockets($1)
> +		fs_manage_cifs_named_pipes($1)
> +	')
> +')