From: pebenito@ieee.org (Chris PeBenito)
Date: Tue, 12 Sep 2017 19:04:49 -0400
Subject: [refpolicy] [PATCH] userdomain: man-db needs to map its
 'index.db' cache
In-Reply-To: <20170912071606.21819-1-aranea@aixah.de>
References: <20170912071606.21819-1-aranea@aixah.de>
Message-ID: <9d7e42ca-ee2b-42bd-ccb0-614f78c7686d@ieee.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 09/12/2017 03:16 AM, Luis Ressel via refpolicy wrote:
> ---
>   policy/modules/system/miscfiles.if  | 18 ++++++++++++++++++
>   policy/modules/system/userdomain.if |  2 ++
>   2 files changed, 20 insertions(+)
> 
> diff --git a/policy/modules/system/miscfiles.if b/policy/modules/system/miscfiles.if
> index e4918b471..edf1f5a09 100644
> --- a/policy/modules/system/miscfiles.if
> +++ b/policy/modules/system/miscfiles.if
> @@ -556,6 +556,24 @@ interface(`miscfiles_read_man_cache',`
>   	allow $1 man_cache_t:lnk_file read_lnk_file_perms;
>   ')
>   
> +########################################
> +## <summary>
> +##	Map man cache content.
> +## </summary>
> +## <param name="domain">
> +##	<summary>
> +##	Domain allowed access.
> +##	</summary>
> +## </param>
> +#
> +interface(`miscfiles_map_man_cache',`
> +	gen_require(`
> +		type man_cache_t;
> +	')
> +
> +	allow $1 man_cache_t:file map;
> +')
> +
>   ########################################
>   ## <summary>
>   ##	Create, read, write, and delete
> diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
> index e4d4ca33d..a7c89e723 100644
> --- a/policy/modules/system/userdomain.if
> +++ b/policy/modules/system/userdomain.if
> @@ -861,6 +861,8 @@ template(`userdom_login_user_template', `
>   	logging_dontaudit_getattr_all_logs($1_t)
>   
>   	miscfiles_read_man_pages($1_t)
> +	# map is needed for man-dbs apropos program
> +	miscfiles_map_man_cache($1_t)
>   	# for running TeX programs
>   	miscfiles_read_tetex_data($1_t)
>   	miscfiles_exec_tetex_data($1_t)

Merged.

-- 
Chris PeBenito