From: pebenito@ieee.org (Chris PeBenito)
Date: Wed, 13 Dec 2017 18:21:41 -0500
Subject: [refpolicy] [PATCH 3/5] gpg: Add gpg_agent_use_card boolean for
	OpenPGP cards
In-Reply-To: <20171213181722.28545-3-jason@perfinion.com>
References: <20171213181722.28545-1-jason@perfinion.com>
	<20171213181722.28545-3-jason@perfinion.com>
Message-ID: <ed4906e9-5a0d-1343-b6ad-b097e566abf0@ieee.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 12/13/2017 01:17 PM, Jason Zaman wrote:
> ---
>   gpg.te | 13 +++++++++++++
>   1 file changed, 13 insertions(+)
> 
> diff --git a/gpg.te b/gpg.te
> index 619fdb4..0ad774e 100644
> --- a/gpg.te
> +++ b/gpg.te
> @@ -14,6 +14,14 @@ policy_module(gpg, 2.12.3)
>   ## </desc>
>   gen_tunable(gpg_agent_env_file, false)
>   
> +## <desc>
> +##	<p>
> +##	Determine whether GPG agent can use OpenPGP
> +##	cards or Yubikeys over USB
> +##	</p>
> +## </desc>
> +gen_tunable(gpg_agent_use_card, false)
> +
>   attribute_role gpg_roles;
>   roleattribute system_r gpg_roles;
>   
> @@ -274,6 +282,11 @@ tunable_policy(`gpg_agent_env_file',`
>   	userdom_user_home_dir_filetrans_user_home_content(gpg_agent_t, file)
>   ')
>   
> +tunable_policy(`gpg_agent_use_card',`
> +	dev_read_sysfs(gpg_agent_t)
> +	dev_rw_generic_usb_dev(gpg_agent_t)
> +')
> +
>   tunable_policy(`use_nfs_home_dirs',`
>   	fs_manage_nfs_dirs(gpg_agent_t)
>   	fs_manage_nfs_files(gpg_agent_t)

Merged.

-- 
Chris PeBenito