From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Mon, 22 May 2017 18:11:47 +0200
Subject: [refpolicy] [PATCH 11/19] Make gpg user content access optional
In-Reply-To: <20170522161155.9648-1-sven.vermeulen@siphos.be>
References: <20170522161155.9648-1-sven.vermeulen@siphos.be>
Message-ID: <20170522161155.9648-12-sven.vermeulen@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

The GnuPG application does not require access to users data in all
situations. When used through plugins it only accesses user temporary
data for instance. However, in most cases, access to end user data is
still preferred.

Hence, the read- and manage rights on the generic user content is moved
under support of the right booleans, but with a default value allowing
these privileges.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 gpg.te | 34 ++++++++++++++++++++++++++++++++--
 1 file changed, 32 insertions(+), 2 deletions(-)

diff --git a/gpg.te b/gpg.te
index 5e87028..fd84bbd 100644
--- a/gpg.te
+++ b/gpg.te
@@ -14,6 +14,34 @@ policy_module(gpg, 2.11.1)
 ## </desc>
 gen_tunable(gpg_agent_env_file, false)
 
+## <desc>
+##	<p>
+##	Grant the gpg domains read access to generic user content
+##	</p>
+## </desc>
+gen_tunable(`gpg_read_generic_user_content', true)
+
+## <desc>
+##	<p>
+##	Grant the gpg domains read access to all user content
+##	</p>
+## </desc>
+gen_tunable(`gpg_read_all_user_content', false)
+
+## <desc>
+##	<p>
+##	Grant the gpg domains manage rights on generic user content
+##	</p>
+## </desc>
+gen_tunable(`gpg_manage_generic_user_content', true)
+
+## <desc>
+##	<p>
+##	Grant the gpg domains manage rights on all user content
+##	</p>
+## </desc>
+gen_tunable(`gpg_manage_all_user_content', false)
+
 attribute_role gpg_roles;
 roleattribute system_r gpg_roles;
 
@@ -125,8 +153,8 @@ miscfiles_read_localization(gpg_t)
 userdom_use_user_terminals(gpg_t)
 
 userdom_manage_user_tmp_files(gpg_t)
-userdom_manage_user_home_content_files(gpg_t)
-userdom_user_home_dir_filetrans_user_home_content(gpg_t, file)
+
+userdom_user_content_access_template(gpg, gpg_t)
 
 tunable_policy(`use_nfs_home_dirs',`
 	fs_manage_nfs_dirs(gpg_t)
@@ -338,6 +366,8 @@ miscfiles_read_localization(gpg_pinentry_t)
 
 userdom_use_user_terminals(gpg_pinentry_t)
 
+xdg_read_data_home_files(gpg_pinentry_t)
+
 tunable_policy(`use_nfs_home_dirs',`
 	fs_read_nfs_files(gpg_pinentry_t)
 ')
-- 
2.13.0