From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Mon, 22 May 2017 18:11:39 +0200
Subject: [refpolicy] [PATCH 03/19] Enhance minidlna domain with XDG
	privilege sets
In-Reply-To: <20170522161155.9648-1-sven.vermeulen@siphos.be>
References: <20170522161155.9648-1-sven.vermeulen@siphos.be>
Message-ID: <20170522161155.9648-4-sven.vermeulen@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

The minidlna domain is meant for the minidlna media server. Hence, its
primary duties is to present pictures, videos and music. With these
types of data in the user home directory now being marked as
xdg_pictures_t, xdg_videos_t and xdg_music_t, the minidlna_t domain is
granted read access to these resources.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 minidlna.te | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/minidlna.te b/minidlna.te
index fc4d80a..941f727 100644
--- a/minidlna.te
+++ b/minidlna.te
@@ -85,6 +85,10 @@ logging_search_logs(minidlna_t)
 miscfiles_read_localization(minidlna_t)
 miscfiles_read_public_files(minidlna_t)
 
+xdg_read_music(minidlna_t)
+xdg_read_pictures(minidlna_t)
+xdg_read_videos(minidlna_t)
+
 tunable_policy(`minidlna_read_generic_user_content',`
 	userdom_list_user_tmp(minidlna_t)
 	userdom_read_user_home_content_files(minidlna_t)
-- 
2.13.0