From: jason@perfinion.com (Jason Zaman)
Date: Fri,  8 Jun 2018 17:53:41 +0800
Subject: [refpolicy] [PATCH 5/5] Allow portage to use GPG for tree signature
	verification
In-Reply-To: <20180608095341.20837-1-jason@perfinion.com>
References: <20180608095341.20837-1-jason@perfinion.com>
Message-ID: <20180608095341.20837-5-jason@perfinion.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

---
 dirmngr.te |  6 ++++++
 gpg.te     | 12 ++++++++++++
 portage.te |  4 ++++
 3 files changed, 22 insertions(+)

diff --git a/dirmngr.te b/dirmngr.te
index 983de0c..d087f0e 100644
--- a/dirmngr.te
+++ b/dirmngr.te
@@ -89,3 +89,9 @@ optional_policy(`
 	gpg_secret_filetrans(dirmngr_t, dirmngr_home_t, dir)
 	gpg_stream_connect_agent(dirmngr_t)
 ')
+
+ifdef(`distro_gentoo',`
+	optional_policy(`
+		portage_manage_tmp(dirmngr_t)
+	')
+')
diff --git a/gpg.te b/gpg.te
index 3420a21..fe407f5 100644
--- a/gpg.te
+++ b/gpg.te
@@ -193,6 +193,12 @@ optional_policy(`
 	xserver_rw_xdm_pipes(gpg_t)
 ')
 
+ifdef(`distro_gentoo',`
+	optional_policy(`
+		portage_manage_tmp(gpg_t)
+	')
+')
+
 ########################################
 #
 # Helper local policy
@@ -318,6 +324,12 @@ optional_policy(`
 	xserver_read_user_xauth(gpg_agent_t)
 ')
 
+ifdef(`distro_gentoo',`
+	optional_policy(`
+		portage_manage_tmp(gpg_agent_t)
+	')
+')
+
 ##############################
 #
 # Pinentry local policy
diff --git a/portage.te b/portage.te
index 2146005..4b72a16 100644
--- a/portage.te
+++ b/portage.te
@@ -218,6 +218,10 @@ optional_policy(`
 	cron_system_entry(portage_fetch_t, portage_fetch_exec_t)
 ')
 
+optional_policy(`
+	gpg_domtrans(portage_t)
+')
+
 optional_policy(`
 	modutils_run(portage_t, portage_roles)
 	#dontaudit update_modules_t portage_tmp_t:dir search_dir_perms;
-- 
2.16.4