From: aranea@aixah.de (Luis Ressel)
Date: Sun, 2 Feb 2014 13:18:38 +0100
Subject: [refpolicy] [PATCH v2] gpg: Create gpg_agent_connect interface
In-Reply-To: <20140202130500.2160f475@gentp.lnet>
References: <20140202130500.2160f475@gentp.lnet>
Message-ID: <1391343518-18209-1-git-send-email-aranea@aixah.de>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com
---
gpg.if | 18 ++++++++++++++++++
gpg.te | 2 +-
2 files changed, 19 insertions(+), 1 deletion(-)
diff --git a/gpg.if b/gpg.if
index 180f1b7..73d1e94 100644
--- a/gpg.if
+++ b/gpg.if
@@ -193,6 +193,24 @@ interface(`gpg_rw_agent_pipes',`
########################################
##
+## Connect to gpg agent socket
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`gpg_agent_connect',`
+ gen_require(`
+ type gpg_agent_t, gpg_agent_tmp_t;
+ ')
+
+ stream_connect_pattern($1, gpg_agent_tmp_t, gpg_agent_tmp_t, gpg_agent_t)
+')
+
+########################################
+##
## Send messages to and from gpg
## pinentry over DBUS.
##
diff --git a/gpg.te b/gpg.te
index 96f90e6..ed01527 100644
--- a/gpg.te
+++ b/gpg.te
@@ -93,7 +93,7 @@ manage_files_pattern(gpg_t, gpg_secret_t, gpg_secret_t)
manage_lnk_files_pattern(gpg_t, gpg_secret_t, gpg_secret_t)
userdom_user_home_dir_filetrans(gpg_t, gpg_secret_t, dir)
-stream_connect_pattern(gpg_t, gpg_agent_tmp_t, gpg_agent_tmp_t, gpg_agent_t)
+gpg_agent_connect(gpg_t)
domtrans_pattern(gpg_t, gpg_agent_exec_t, gpg_agent_t)
domtrans_pattern(gpg_t, gpg_helper_exec_t, gpg_helper_t)
--
1.8.5.3