From: dominick.grift@gmail.com (Dominick Grift)
Date: Thu, 18 Oct 2012 20:08:15 +0200
Subject: [refpolicy] [PATCH] Changes to the user domain policy module
Message-ID: <1350583695-21075-1-git-send-email-dominick.grift@gmail.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com


Content that (at least) common users need to be able to relabel and
create with a type transition

Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
index 9d447a2..bcffe18 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -575,6 +575,7 @@
 	')
 
 	optional_policy(`
+		alsa_home_filetrans_alsa_home($1_t, file, ".asoundrc")
 		alsa_manage_home_files($1_t)
 		alsa_read_rw_config($1_t)
 		alsa_relabel_home_files($1_t)
@@ -629,7 +630,18 @@
 	')
 
 	optional_policy(`
+		kerberos_manage_krb5_home_files($1_t)
+		kerberos_relabel_krb5_home_files($1_t)
+		kerberos_home_filetrans_krb5_home($1_t, file, ".k5login")
+	')
+
+	optional_policy(`
 		locate_read_lib_files($1_t)
+	')
+
+	optional_policy(`
+		mpd_manage_user_data_content($1_t)
+		mpd_relabel_user_data_content($1_t)
 	')
 
 	# for running depmod as part of the kernel packaging process
@@ -645,11 +657,16 @@
 		tunable_policy(`allow_user_mysql_connect',`
 			mysql_stream_connect($1_t)
 		')
+
+		mysql_manage_mysqld_home_files($1_t)
+		mysql_relabel_mysqld_home_files($1_t)
+		mysql_home_filetrans_mysqld_home($1_t, file, ".my.cnf")
 	')
 
 	optional_policy(`
 		oident_manage_user_content($1_t)
 		oident_relabel_user_content($1_t)
+		oident_home_filetrans_oidentd_home($1_t, file, ".oidentd.conf")
 	')
 
 	optional_policy(`
@@ -670,6 +687,12 @@
 	')
 
 	optional_policy(`
+		ppp_manage_home_files($1_t)
+		ppp_relabel_home_files($1_t)
+		ppp_home_filetrans_ppp_home($1_t, file, ".ppprc")
+	')
+
+	optional_policy(`
 		resmgr_stream_connect($1_t)
 	')