From: aranea@aixah.de (Luis Ressel)
Date: Fri, 14 Feb 2014 20:47:20 +0100
Subject: [refpolicy] [PATCH 2/3] Add a boolean governing xguest access to
	pcscd.
In-Reply-To: <1392407241-18492-1-git-send-email-aranea@aixah.de>
References: <1392407241-18492-1-git-send-email-aranea@aixah.de>
Message-ID: <1392407241-18492-3-git-send-email-aranea@aixah.de>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

---
 xguest.te | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/xguest.te b/xguest.te
index a64aad3..527a13b 100644
--- a/xguest.te
+++ b/xguest.te
@@ -1,4 +1,4 @@
-policy_module(xguest, 1.2.0)
+policy_module(xguest, 1.2.1)
 
 ########################################
 #
@@ -24,6 +24,14 @@ gen_tunable(xguest_connect_network, false)
 ## <desc>
 ##	<p>
 ##	Determine whether xguest can
+##	connect to pcscd.
+##	</p>
+## </desc>
+gen_tunable(xguest_connect_pcscd, false)
+
+## <desc>
+##	<p>
+##	Determine whether xguest can
 ##	use blue tooth devices.
 ##	</p>
 ## </desc>
@@ -164,8 +172,10 @@ optional_policy(`
 ')
 
 optional_policy(`
-	pcscd_read_pid_files(xguest_t)
-	pcscd_stream_connect(xguest_t)
+	tunable_policy(`xguest_connect_pcscd',`
+		pcscd_read_pid_files(xguest_t)
+		pcscd_stream_connect(xguest_t)
+	')
 ')
 
 #gen_user(xguest_u,, xguest_r, s0, s0)
-- 
1.8.5.4