From: dominick.grift@gmail.com (Dominick Grift) Date: Sat, 9 Nov 2013 10:40:35 +0100 Subject: [refpolicy] [RFC] userdomain: manage and relabel xdg home content Message-ID: <1383990035-2632-1-git-send-email-dominick.grift@gmail.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Signed-off-by: Dominick Grift --- policy/modules/system/userdomain.if | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if index 189f786..57d4552 100644 --- a/policy/modules/system/userdomain.if +++ b/policy/modules/system/userdomain.if @@ -241,7 +241,7 @@ interface(`userdom_manage_home_role',` relabel_sock_files_pattern($2, { local_home_t user_home_dir_t user_home_t }, { local_home_t user_home_t }) relabel_fifo_files_pattern($2, { local_home_t user_home_dir_t user_home_t }, { local_home_t user_home_t }) filetrans_pattern($2, user_home_dir_t, user_home_t, { dir file lnk_file sock_file fifo_file }) - filetrans_pattern($2, user_home_t, local_home_t, dir, ".local") + filetrans_pattern($2, user_home_dir_t, local_home_t, dir, ".local") files_list_home($2) # cjp: this should probably be removed: @@ -268,6 +268,18 @@ interface(`userdom_manage_home_role',` fs_dontaudit_manage_cifs_dirs($2) fs_dontaudit_manage_cifs_files($2) ') + + optional_policy(` + xdg_manage_generic_cache_home_content($2) + xdg_relabel_generic_cache_home_content($2) + xdg_user_home_dir_filetrans_cache_home($2, dir, ".cache") + xdg_manage_generic_config_home_content($2) + xdg_relabel_generic_config_home_content($2) + xdg_user_home_dir_filetrans_config_home($2, dir, ".config") + xdg_manage_generic_data_home_content($2) + xdg_relabel_generic_data_home_content($2) + xdg_local_home_filetrans_data_home($2, dir, "share") + ') ') ####################################### -- 1.8.3.1