From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Sat, 8 Feb 2014 08:31:52 -0500
Subject: [refpolicy] [PATCH v2] gpg: Create gpg_agent_connect interface
In-Reply-To: <1391343518-18209-1-git-send-email-aranea@aixah.de>
References: <20140202130500.2160f475@gentp.lnet>
	<1391343518-18209-1-git-send-email-aranea@aixah.de>
Message-ID: <52F631C8.1090100@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 2/2/2014 7:18 AM, Luis Ressel wrote:
> ---
>  gpg.if | 18 ++++++++++++++++++
>  gpg.te |  2 +-
>  2 files changed, 19 insertions(+), 1 deletion(-)
> 
> diff --git a/gpg.if b/gpg.if
> index 180f1b7..73d1e94 100644
> --- a/gpg.if
> +++ b/gpg.if
> @@ -193,6 +193,24 @@ interface(`gpg_rw_agent_pipes',`
>  
>  ########################################
>  ## <summary>
> +##	Connect to gpg agent socket
> +## </summary>
> +## <param name="domain">
> +##	<summary>
> +##	Domain allowed access.
> +##	</summary>
> +## </param>
> +#
> +interface(`gpg_agent_connect',`
> +	gen_require(`
> +		type gpg_agent_t, gpg_agent_tmp_t;
> +	')
> +
> +	stream_connect_pattern($1, gpg_agent_tmp_t, gpg_agent_tmp_t, gpg_agent_t)
> +')
> +
> +########################################
> +## <summary>
>  ##	Send messages to and from gpg
>  ##	pinentry over DBUS.
>  ## </summary>
> diff --git a/gpg.te b/gpg.te
> index 96f90e6..ed01527 100644
> --- a/gpg.te
> +++ b/gpg.te
> @@ -93,7 +93,7 @@ manage_files_pattern(gpg_t, gpg_secret_t, gpg_secret_t)
>  manage_lnk_files_pattern(gpg_t, gpg_secret_t, gpg_secret_t)
>  userdom_user_home_dir_filetrans(gpg_t, gpg_secret_t, dir)
>  
> -stream_connect_pattern(gpg_t, gpg_agent_tmp_t, gpg_agent_tmp_t, gpg_agent_t)
> +gpg_agent_connect(gpg_t)
>  
>  domtrans_pattern(gpg_t, gpg_agent_exec_t, gpg_agent_t)
>  domtrans_pattern(gpg_t, gpg_helper_exec_t, gpg_helper_t)

Merged.  I renamed the interface to gpg_stream_connect_agent().

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com