From: aranea@aixah.de (Luis Ressel)
Date: Sun,  9 Aug 2015 23:10:58 +0200
Subject: [refpolicy] [PATCH 2/2] gpg 2.1 places gpg-agent sockets in
	~/.gnupg/
In-Reply-To: <1439154658-18322-1-git-send-email-aranea@aixah.de>
References: <1439154658-18322-1-git-send-email-aranea@aixah.de>
Message-ID: <1439154658-18322-2-git-send-email-aranea@aixah.de>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

---
 gpg.if | 3 ++-
 gpg.te | 3 +++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/gpg.if b/gpg.if
index 13149ca..4141add 100644
--- a/gpg.if
+++ b/gpg.if
@@ -205,10 +205,11 @@ interface(`gpg_rw_agent_pipes',`
 #
 interface(`gpg_stream_connect_agent',`
 	gen_require(`
-		type gpg_agent_t, gpg_agent_tmp_t;
+		type gpg_agent_t, gpg_agent_tmp_t, gpg_secret_t;
 	')
 
 	stream_connect_pattern($1, gpg_agent_tmp_t, gpg_agent_tmp_t, gpg_agent_t)
+	stream_connect_pattern($1, gpg_secret_t, gpg_agent_tmp_t, gpg_agent_t)
 ')
 
 ########################################
diff --git a/gpg.te b/gpg.te
index a40ac69..edf238a 100644
--- a/gpg.te
+++ b/gpg.te
@@ -241,6 +241,9 @@ manage_sock_files_pattern(gpg_agent_t, gpg_agent_tmp_t, gpg_agent_tmp_t)
 files_tmp_filetrans(gpg_agent_t, gpg_agent_tmp_t, { file sock_file dir })
 
 filetrans_pattern(gpg_agent_t, gpg_secret_t, gpg_agent_tmp_t, sock_file, "log-socket")
+filetrans_pattern(gpg_agent_t, gpg_secret_t, gpg_agent_tmp_t, sock_file, "S.gpg-agent")
+filetrans_pattern(gpg_agent_t, gpg_secret_t, gpg_agent_tmp_t, sock_file, "S.gpg-agent.ssh")
+filetrans_pattern(gpg_agent_t, gpg_secret_t, gpg_agent_tmp_t, sock_file, "S.scdaemon")
 
 domtrans_pattern(gpg_agent_t, pinentry_exec_t, gpg_pinentry_t)
 
-- 
2.5.0