From: aranea@aixah.de (Luis Ressel)
Date: Sun,  2 Feb 2014 13:18:38 +0100
Subject: [refpolicy] [PATCH v2] gpg: Create gpg_agent_connect interface
In-Reply-To: <20140202130500.2160f475@gentp.lnet>
References: <20140202130500.2160f475@gentp.lnet>
Message-ID: <1391343518-18209-1-git-send-email-aranea@aixah.de>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

---
 gpg.if | 18 ++++++++++++++++++
 gpg.te |  2 +-
 2 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/gpg.if b/gpg.if
index 180f1b7..73d1e94 100644
--- a/gpg.if
+++ b/gpg.if
@@ -193,6 +193,24 @@ interface(`gpg_rw_agent_pipes',`
 
 ########################################
 ## <summary>
+##	Connect to gpg agent socket
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`gpg_agent_connect',`
+	gen_require(`
+		type gpg_agent_t, gpg_agent_tmp_t;
+	')
+
+	stream_connect_pattern($1, gpg_agent_tmp_t, gpg_agent_tmp_t, gpg_agent_t)
+')
+
+########################################
+## <summary>
 ##	Send messages to and from gpg
 ##	pinentry over DBUS.
 ## </summary>
diff --git a/gpg.te b/gpg.te
index 96f90e6..ed01527 100644
--- a/gpg.te
+++ b/gpg.te
@@ -93,7 +93,7 @@ manage_files_pattern(gpg_t, gpg_secret_t, gpg_secret_t)
 manage_lnk_files_pattern(gpg_t, gpg_secret_t, gpg_secret_t)
 userdom_user_home_dir_filetrans(gpg_t, gpg_secret_t, dir)
 
-stream_connect_pattern(gpg_t, gpg_agent_tmp_t, gpg_agent_tmp_t, gpg_agent_t)
+gpg_agent_connect(gpg_t)
 
 domtrans_pattern(gpg_t, gpg_agent_exec_t, gpg_agent_t)
 domtrans_pattern(gpg_t, gpg_helper_exec_t, gpg_helper_t)
-- 
1.8.5.3