From: aranea@aixah.de (Luis Ressel)
Date: Mon, 11 Sep 2017 05:18:29 +0200
Subject: [refpolicy] [PATCH 3/3] portage: Allow portage_t and
	portage_sandbox_t to access locale_t
In-Reply-To: <20170911031829.4163-1-aranea@aixah.de>
References: <20170911031829.4163-1-aranea@aixah.de>
Message-ID: <20170911031829.4163-3-aranea@aixah.de>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

This didn't crop out until now due to portage's wideranging access, but
it's neccessary now for the map permission.

I'm aware adding the interface directly for portage_t is redundant, but
I'm doing it nevertheless in case we ever remove
portage_compile_domain(portage_t).
---
 portage.if | 2 ++
 portage.te | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/portage.if b/portage.if
index 3447a45..5e8eb2b 100644
--- a/portage.if
+++ b/portage.if
@@ -180,6 +180,8 @@ interface(`portage_compile_domain',`
 
 	logging_send_syslog_msg($1)
 
+	miscfiles_read_localization($1)
+
 	userdom_use_user_terminals($1)
 
 	# SELinux-enabled programs running in the sandbox
diff --git a/portage.te b/portage.te
index 903d0d1..4a80703 100644
--- a/portage.te
+++ b/portage.te
@@ -195,6 +195,8 @@ auth_manage_shadow(portage_t)
 # merging baselayout will need this:
 init_exec(portage_t)
 
+miscfiles_read_localization(portage_t)
+
 # run setfiles -r
 seutil_run_setfiles(portage_t, portage_roles)
 # run semodule
-- 
2.14.1