From: pebenito@ieee.org (Chris PeBenito)
Date: Sat, 4 Nov 2017 14:10:37 -0400
Subject: [refpolicy] [PATCH 3/3] gpg: search dir when connecting to
	agent socket
In-Reply-To: <20171102173121.22531-3-jason@perfinion.com>
References: <20171102173121.22531-1-jason@perfinion.com>
	<20171102173121.22531-3-jason@perfinion.com>
Message-ID: <fe86c4a2-e197-5ef2-036b-f641804bd7a4@ieee.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 11/02/2017 01:31 PM, Jason Zaman wrote:
> commit 96ac8920f55e5a652c20aba99a599ce23a4d3c0d
> (gpg: manage user runtime socket files and directories)
> moved /run/user/UID/gnupg/ to gpg_runtime_t. this updates the interface
> so it grants search perms on the dir too.
> ---
>   gpg.if | 4 ++--
>   1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/gpg.if b/gpg.if
> index c4b7c4c..6266019 100644
> --- a/gpg.if
> +++ b/gpg.if
> @@ -191,11 +191,11 @@ interface(`gpg_rw_agent_pipes',`
>   interface(`gpg_stream_connect_agent',`
>   	gen_require(`
>   		type gpg_agent_t, gpg_agent_tmp_t;
> -		type gpg_secret_t;
> +		type gpg_secret_t, gpg_runtime_t;
>   	')
>   
>   	stream_connect_pattern($1, gpg_agent_tmp_t, gpg_agent_tmp_t, gpg_agent_t)
> -	allow $1 gpg_secret_t:dir search_dir_perms;
> +	allow $1 { gpg_secret_t gpg_runtime_t }:dir search_dir_perms;
>   	userdom_search_user_runtime($1)
>   	userdom_search_user_home_dirs($1)
>   ')

Merged.

-- 
Chris PeBenito