From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Sun, 25 Mar 2018 13:56:58 +0200
Subject: [refpolicy] [PATCH v3 03/19] Enhance minidlna domain with XDG
	privilege sets
In-Reply-To: <20180325115714.5610-1-sven.vermeulen@siphos.be>
References: <20180325115714.5610-1-sven.vermeulen@siphos.be>
Message-ID: <20180325115714.5610-4-sven.vermeulen@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

The minidlna domain is meant for the minidlna media server. Hence, its
primary duties is to present pictures, videos and music. With these
types of data in the user home directory now being marked as
xdg_pictures_t, xdg_videos_t and xdg_music_t, the minidlna_t domain is
granted read access to these resources.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 minidlna.te | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/minidlna.te b/minidlna.te
index a8b88c5..bb96114 100644
--- a/minidlna.te
+++ b/minidlna.te
@@ -85,6 +85,10 @@ logging_search_logs(minidlna_t)
 miscfiles_read_localization(minidlna_t)
 miscfiles_read_public_files(minidlna_t)
 
+xdg_read_music(minidlna_t)
+xdg_read_pictures(minidlna_t)
+xdg_read_videos(minidlna_t)
+
 tunable_policy(`minidlna_read_generic_user_content',`
 	userdom_list_user_tmp(minidlna_t)
 	userdom_read_user_home_content_files(minidlna_t)
-- 
2.16.1