From: aranea@aixah.de (Luis Ressel)
Date: Fri,  9 Dec 2016 19:14:21 +0100
Subject: [refpolicy] [PATCH 1/3] gpg: Add filetrans for scdaemon socket and
	gpg-agent extra sockets
Message-ID: <20161209181423.29820-1-aranea@aixah.de>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

scdaemon is part of gnupg's subsystem for handling smartcards. The two
new gpg-agent sockets are used by gnupg 2.1.16.
---
 gpg.fc | 4 ++--
 gpg.te | 3 +++
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/gpg.fc b/gpg.fc
index 3f1d1d2..eee870e 100644
--- a/gpg.fc
+++ b/gpg.fc
@@ -1,7 +1,7 @@
 HOME_DIR/\.gnupg(/.+)?	gen_context(system_u:object_r:gpg_secret_t,s0)
 HOME_DIR/\.gnupg/log-socket	-s	gen_context(system_u:object_r:gpg_agent_tmp_t,s0)
-HOME_DIR/\.gnupg/S\.gpg-agent	-s	gen_context(system_u:object_r:gpg_agent_tmp_t,s0)
-HOME_DIR/\.gnupg/S\.gpg-agent\.ssh -s	gen_context(system_u:object_r:gpg_agent_tmp_t,s0)
+HOME_DIR/\.gnupg/S\.gpg-agent.*	-s	gen_context(system_u:object_r:gpg_agent_tmp_t,s0)
+HOME_DIR/\.gnupg/S\.scdaemon	-s	gen_context(system_u:object_r:gpg_agent_tmp_t,s0)
 
 /usr/bin/gpg(2)?	--	gen_context(system_u:object_r:gpg_exec_t,s0)
 /usr/bin/gpgsm	--	gen_context(system_u:object_r:gpg_exec_t,s0)
diff --git a/gpg.te b/gpg.te
index 02e868d..a671ffe 100644
--- a/gpg.te
+++ b/gpg.te
@@ -230,7 +230,10 @@ files_tmp_filetrans(gpg_agent_t, gpg_agent_tmp_t, { file sock_file dir })
 
 filetrans_pattern(gpg_agent_t, gpg_secret_t, gpg_agent_tmp_t, sock_file, "log-socket")
 filetrans_pattern(gpg_agent_t, gpg_secret_t, gpg_agent_tmp_t, sock_file, "S.gpg-agent")
+filetrans_pattern(gpg_agent_t, gpg_secret_t, gpg_agent_tmp_t, sock_file, "S.gpg-agent.browser")
+filetrans_pattern(gpg_agent_t, gpg_secret_t, gpg_agent_tmp_t, sock_file, "S.gpg-agent.extra")
 filetrans_pattern(gpg_agent_t, gpg_secret_t, gpg_agent_tmp_t, sock_file, "S.gpg-agent.ssh")
+filetrans_pattern(gpg_agent_t, gpg_secret_t, gpg_agent_tmp_t, sock_file, "S.scdaemon")
 
 domtrans_pattern(gpg_agent_t, pinentry_exec_t, gpg_pinentry_t)
 
-- 
2.11.0