2013-11-09 08:47:05

by dominick.grift

[permalink] [raw]
Subject: [refpolicy] [RFC] Initial XDG base dir spec policy module

http://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html

Signed-off-by: Dominick Grift <[email protected]>
---
xdg.fc | 5 +
xdg.if | 941 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
xdg.te | 21 ++
3 files changed, 967 insertions(+)
create mode 100644 xdg.fc
create mode 100644 xdg.if
create mode 100644 xdg.te

diff --git a/xdg.fc b/xdg.fc
new file mode 100644
index 0000000..a2b66ac
--- /dev/null
+++ b/xdg.fc
@@ -0,0 +1,5 @@
+HOME_DIR/\.cache(/.*)? gen_context(system_u:object_r:xdg_cache_home_t,s0)
+HOME_DIR/\.config(/.*)? gen_context(system_u:object_r:xdg_config_home_t,s0)
+HOME_DIR/\.local/share(/.*)? gen_context(system_u:object_r:xdg_data_home_t,s0)
+
+/etc/xdg(/.*)? gen_context(system_u:object_r:xdg_conf_t,s0)
diff --git a/xdg.if b/xdg.if
new file mode 100644
index 0000000..cab9411
--- /dev/null
+++ b/xdg.if
@@ -0,0 +1,941 @@
+## <summary>XDG Base Directory Specification.</summary>
+
+########################################
+## <summary>
+## Make the specified type a XDG configuration
+## dirs type.
+## </summary>
+## <desc>
+## <p>
+## Make the specified type usable for
+## XDG configuration dirs. This will also
+## make the type usable for configuration
+## files, making calls to files_config_file(),
+## redundant.
+## </p>
+## <p>
+## A set of preference ordered base directories
+## relative to which configuration files should
+## be searched. This set of directories is
+## defined by the environment variable $XDG_CONFIG_DIRS.
+## </p>
+## <p>
+## Defines the preference-ordered set of base
+## directories to search for configuration files
+## in addition to the $XDG_CONFIG_HOME base
+## directory. The directories in $XDG_CONFIG_DIRS
+## should be seperated with a colon ':'.
+## </p>
+## <p>
+## If $XDG_CONFIG_DIRS is either not set or empty,
+## a value equal to /etc/xdg should be used.
+## </p>
+## </desc>
+## <param name="file_type">
+## <summary>
+## Type to be used as XDG configuration dirs.
+## </summary>
+## </param>
+## <infoflow type="none"/>
+#
+interface(`xdg_config_file',`
+ gen_require(`
+ attribute xdg_config_dirs_type;
+ ')
+
+ files_config_file($1)
+ typeattribute $1 xdg_config_dirs_type;
+')
+
+########################################
+## <summary>
+## Make the specified type a XDG data
+## dirs type.
+## </summary>
+## <desc>
+## <p>
+## Make the specified type usable for
+## XDG data dirs. This will also
+## make the type usable for basic
+## files, making calls to files_type(),
+## redundant.
+## </p>
+## <p>
+## A set of preference ordered base directories
+## relative to which data files should be searched.
+## This set of directories is defined by the
+## environment variable $XDG_DATA_DIRS.
+## </p>
+## <p>
+## Defines the preference-ordered set of base
+## directories to search for data files in
+## addition to the $XDG_DATA_HOME base directory.
+## The directories in $XDG_DATA_DIRS should be
+## seperated with a colon ':'.
+## </p>
+## <p>
+## If $XDG_DATA_DIRS is either not set or empty,
+## a value equal to /usr/local/share/:/usr/share/
+## should be used.
+## </p>
+## </desc>
+## <param name="file_type">
+## <summary>
+## Type to be used as XDG data dirs.
+## </summary>
+## </param>
+## <infoflow type="none"/>
+#
+interface(`xdg_data_file',`
+ gen_require(`
+ attribute xdg_data_dirs_type;
+ ')
+
+ files_type($1)
+ typeattribute $1 xdg_data_dirs_type;
+')
+
+########################################
+## <summary>
+## Make the specified type a XDG runtime
+## dirs type.
+## </summary>
+## <desc>
+## <p>
+## Make the specified type usable for
+## XDG runtime dirs. This will also
+## make the type usable for basic
+## user temporary files, making calls to
+## userdom_user_tmp_file(), redundant.
+## </p>
+## <p>
+## A single base directory relative to which
+## user-specific runtime files and other file
+## objects should be placed. This directory
+## is defined by the environment variable $XDG_RUNTIME_DIR.
+## </p>
+## <p>
+## Defines the base directory relative to
+## which user-specific non-essential runtime
+## files and other file objects (such as
+## sockets, named pipes, ...) should be stored.
+## The directory MUST be owned by the user,
+## and he MUST be the only one having read and
+## write access to it. Its Unix access mode
+## MUST be 0700.
+## </p>
+## <p>
+## If $XDG_RUNTIME_DIR is not set applications
+## should fall back to a replacement directory
+## with similar capabilities and print a warning
+## message. Applications should use this directory
+## for communication and synchronization purposes
+## and should not place larger files in it, since it
+## might reside in runtime memory and cannot
+## necessarily be swapped out to disk.
+## </p>
+## </desc>
+## <param name="file_type">
+## <summary>
+## Type to be used as XDG runtime dirs.
+## </summary>
+## </param>
+## <infoflow type="none"/>
+#
+interface(`xdg_runtime_file',`
+ gen_require(`
+ attribute xdg_runtime_dirs_type;
+ ')
+
+ userdom_user_tmp_file($1)
+ typeattribute $1 xdg_runtime_dirs_type;
+')
+
+########################################
+## <summary>
+## Make the specified type a XDG cache
+## home type.
+## </summary>
+## <desc>
+## <p>
+## Make the specified type usable for
+## XDG cache home content. This will also
+## make the type usable for user home content
+## files, making calls to userdom_user_home_content(),
+## redundant.
+## </p>
+## <p>
+## A single base directory relative to which user
+## specific non-essential (cached) data should be
+## written. This directory is defined by the
+## environment variable $XDG_CACHE_HOME.
+## </p>
+## <p>
+## Defines the base directory relative to which user
+## specific non-essential data files should be stored.
+## </p>
+## <p>
+## If $XDG_CACHE_HOME is either not set or empty, a
+## default equal to $HOME/.cache should be used.
+## </p>
+## </desc>
+## <param name="file_type">
+## <summary>
+## Type to be used as XDG cache home content.
+## </summary>
+## </param>
+## <infoflow type="none"/>
+#
+interface(`xdg_cache_home_content',`
+ gen_require(`
+ attribute xdg_cache_home_type;
+ ')
+
+ userdom_user_home_content($1)
+ typeattribute $1 xdg_cache_home_type;
+')
+
+########################################
+## <summary>
+## Make the specified type a XDG config
+## home type.
+## </summary>
+## <desc>
+## <p>
+## Make the specified type usable for
+## XDG config home content. This will also
+## make the type usable for user home content
+## files, making calls to userdom_user_home_content(),
+## redundant.
+## </p>
+## <p>
+## A single base directory relative to which user
+## specific configuration files should be written.
+## This directory is defined by the environment
+## variable $XDG_CONFIG_HOME.
+## </p>
+## <p>
+## Defines the base directory relative to which user
+## specific configuration files should be stored.
+## </p>
+## <p>
+## If $XDG_CONFIG_HOME is either not set or empty,
+## a default equal to $HOME/.config should be used.
+## </p>
+## </desc>
+## <param name="file_type">
+## <summary>
+## Type to be used as XDG config home content.
+## </summary>
+## </param>
+## <infoflow type="none"/>
+#
+interface(`xdg_config_home_content',`
+ gen_require(`
+ attribute xdg_config_home_type;
+ ')
+
+ userdom_user_home_content($1)
+ typeattribute $1 xdg_config_home_type;
+')
+
+########################################
+## <summary>
+## Make the specified type a XDG data
+## home type.
+## </summary>
+## <desc>
+## <p>
+## Make the specified type usable for
+## XDG data home content. This will also
+## make the type usable for user home content
+## files, making calls to userdom_user_home_content(),
+## redundant.
+## </p>
+## <p>
+## A single base directory relative to which user
+## specific data files should be written.
+## This directory is defined by the environment
+## variable $XDG_DATA_HOME.
+## </p>
+## <p>
+## Defines the base directory relative to which
+## user specific data files should be stored.
+## </p>
+## <p>
+## If $XDG_DATA_HOME is either not set or empty, a
+## default equal to $HOME/.local/share should be used.
+## </p>
+## </desc>
+## <param name="file_type">
+## <summary>
+## Type to be used as XDG data home content.
+## </summary>
+## </param>
+## <infoflow type="none"/>
+#
+interface(`xdg_data_home_content',`
+ gen_require(`
+ attribute xdg_data_home_type;
+ ')
+
+ userdom_user_home_content($1)
+ typeattribute $1 xdg_data_home_type;
+')
+
+########################################
+## <summary>
+## Create generic XDG cache home directories.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`xdg_create_generic_cache_home_dirs',`
+ gen_require(`
+ type xdg_cache_home_t;
+ ')
+
+ allow $1 xdg_cache_home_t:dir create_dir_perms;
+')
+
+########################################
+## <summary>
+## Read generic XDG cache home content.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`xdg_read_generic_cache_home_content',`
+ gen_require(`
+ type xdg_cache_home_t;
+ ')
+
+ userdom_search_user_home_dirs($1)
+ allow $1 xdg_cache_home_t:dir list_dir_perms;
+ allow $1 xdg_cache_home_t:file read_file_perms;
+ allow $1 xdg_cache_home_t:fifo_file read_fifo_file_perms;
+ allow $1 xdg_cache_home_t:lnk_file read_lnk_file_perms;
+ allow $1 xdg_cache_home_t:sock_file read_sock_file_perms;
+')
+
+########################################
+## <summary>
+## Relabel generic XDG cache home content.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`xdg_relabel_generic_cache_home_content',`
+ gen_require(`
+ type xdg_cache_home_t;
+ ')
+
+ userdom_search_user_home_dirs($1)
+ allow $1 xdg_cache_home_t:notdevfile_class_set { getattr relabelto relabelfrom };
+')
+
+########################################
+## <summary>
+## Create, read, write, and delete
+## generic XDG cache home content.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`xdg_manage_generic_cache_home_content',`
+ gen_require(`
+ type xdg_cache_home_t;
+ ')
+
+ userdom_search_user_home_dirs($1)
+ allow $1 xdg_cache_home_t:dir manage_dir_perms;
+ allow $1 xdg_cache_home_t:file manage_file_perms;
+ allow $1 xdg_cache_home_t:fifo_file manage_fifo_file_perms;
+ allow $1 xdg_cache_home_t:lnk_file manage_lnk_file_perms;
+ allow $1 xdg_cache_home_t:sock_file manage_sock_file_perms;
+')
+
+########################################
+## <summary>
+## Search generic XDG cache home directories.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`xdg_search_generic_cache_home',`
+ gen_require(`
+ type xdg_cache_home_t;
+ ')
+
+ userdom_search_user_home_dirs($1)
+ allow $1 xdg_cache_home_t:dir search_dir_perms;
+')
+
+########################################
+## <summary>
+## Create specified objects in generic
+## XDG cache home directories with a
+## private type.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+## <param name="private_type">
+## <summary>
+## Private file type.
+## </summary>
+## </param>
+## <param name="object_class">
+## <summary>
+## Class of the object being created.
+## </summary>
+## </param>
+## <param name="name" optional="true">
+## <summary>
+## The name of the object being created.
+## </summary>
+## </param>
+#
+interface(`xdg_cache_home_content_filetrans',`
+ gen_require(`
+ type xdg_cache_home_t;
+ ')
+
+ userdom_search_user_home_dirs($1)
+ filetrans_pattern($1, xdg_cache_home_t, $2, $3, $4)
+')
+
+########################################
+## <summary>
+## Create specified objects in user home
+## directories with the generic XDG
+## cache home type.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+## <param name="object_class">
+## <summary>
+## Class of the object being created.
+## </summary>
+## </param>
+## <param name="name" optional="true">
+## <summary>
+## The name of the object being created.
+## </summary>
+## </param>
+#
+interface(`xdg_user_home_dir_filetrans_cache_home',`
+ gen_require(`
+ type xdg_cache_home_t;
+ ')
+
+ userdom_user_home_dir_filetrans($1, xdg_cache_home_t, $2, $3)
+')
+
+########################################
+## <summary>
+## Create generic XDG config directories.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`xdg_create_generic_config_dirs',`
+ gen_require(`
+ type xdg_conf_t;
+ ')
+
+ allow $1 xdg_conf_t:dir create_dir_perms;
+')
+
+########################################
+## <summary>
+## Read generic XDG config content.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`xdg_read_generic_config_content',`
+ gen_require(`
+ type xdg_conf_t;
+ ')
+
+ files_search_etc($1)
+ allow $1 xdg_conf_t:dir list_dir_perms;
+ allow $1 xdg_conf_t:file read_file_perms;
+ allow $1 xdg_conf_t:fifo_file read_fifo_file_perms;
+ allow $1 xdg_conf_t:lnk_file read_lnk_file_perms;
+ allow $1 xdg_conf_t:sock_file read_sock_file_perms;
+')
+
+########################################
+## <summary>
+## Create, read, write, and delete
+## generic XDG config content.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`xdg_manage_generic_config_content',`
+ gen_require(`
+ type xdg_conf_t;
+ ')
+
+ files_search_etc($1)
+ allow $1 xdg_conf_t:dir manage_dir_perms;
+ allow $1 xdg_conf_t:file manage_file_perms;
+ allow $1 xdg_conf_t:fifo_file manage_fifo_file_perms;
+ allow $1 xdg_conf_t:lnk_file manage_lnk_file_perms;
+ allow $1 xdg_conf_t:sock_file manage_sock_file_perms;
+')
+
+########################################
+## <summary>
+## Search generic XDG config directories.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`xdg_search_generic_config',`
+ gen_require(`
+ type xdg_conf_t;
+ ')
+
+ files_search_etc($1)
+ allow $1 xdg_conf_t:dir search_dir_perms;
+')
+
+########################################
+## <summary>
+## Create specified objects in generic
+## XDG config directories with a
+## private type.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+## <param name="private_type">
+## <summary>
+## Private file type.
+## </summary>
+## </param>
+## <param name="object_class">
+## <summary>
+## Class of the object being created.
+## </summary>
+## </param>
+## <param name="name" optional="true">
+## <summary>
+## The name of the object being created.
+## </summary>
+## </param>
+#
+interface(`xdg_config_content_filetrans',`
+ gen_require(`
+ type xdg_conf_t;
+ ')
+
+ files_search_etc($1)
+ filetrans_pattern($1, xdg_conf_t, $2, $3, $4)
+')
+
+########################################
+## <summary>
+## Create specified objects in generic
+## configuration directories with the
+## generic XDG config type.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+## <param name="object_class">
+## <summary>
+## Class of the object being created.
+## </summary>
+## </param>
+## <param name="name" optional="true">
+## <summary>
+## The name of the object being created.
+## </summary>
+## </param>
+#
+interface(`xdg_etc_filetrans_config',`
+ gen_require(`
+ type xdg_conf_t;
+ ')
+
+ files_etc_filetrans($1, xdg_conf_t, $2, $3)
+')
+
+########################################
+## <summary>
+## Create generic XDG config home directories.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`xdg_create_generic_config_home_dirs',`
+ gen_require(`
+ type xdg_config_home_t;
+ ')
+
+ allow $1 xdg_config_home_t:dir create_dir_perms;
+')
+
+########################################
+## <summary>
+## Read generic XDG config home content.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`xdg_read_generic_config_home_content',`
+ gen_require(`
+ type xdg_config_home_t;
+ ')
+
+ userdom_search_user_home_dirs($1)
+ allow $1 xdg_config_home_t:dir list_dir_perms;
+ allow $1 xdg_config_home_t:file read_file_perms;
+ allow $1 xdg_config_home_t:fifo_file read_fifo_file_perms;
+ allow $1 xdg_config_home_t:lnk_file read_lnk_file_perms;
+ allow $1 xdg_config_home_t:sock_file read_sock_file_perms;
+')
+
+########################################
+## <summary>
+## Relabel generic XDG config home content.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`xdg_relabel_generic_config_home_content',`
+ gen_require(`
+ type xdg_config_home_t;
+ ')
+
+ userdom_search_user_home_dirs($1)
+ allow $1 xdg_config_home_t:notdevfile_class_set { getattr relabelto relabelfrom };
+')
+
+########################################
+## <summary>
+## Create, read, write, and delete
+## generic XDG config home content.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`xdg_manage_generic_config_home_content',`
+ gen_require(`
+ type xdg_config_home_t;
+ ')
+
+ userdom_search_user_home_dirs($1)
+ allow $1 xdg_config_home_t:dir manage_dir_perms;
+ allow $1 xdg_config_home_t:file manage_file_perms;
+ allow $1 xdg_config_home_t:fifo_file manage_fifo_file_perms;
+ allow $1 xdg_config_home_t:lnk_file manage_lnk_file_perms;
+ allow $1 xdg_config_home_t:sock_file manage_sock_file_perms;
+')
+
+########################################
+## <summary>
+## Search generic XDG config home directories.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`xdg_search_generic_config_home',`
+ gen_require(`
+ type xdg_config_home_t;
+ ')
+
+ userdom_search_user_home_dirs($1)
+ allow $1 xdg_config_home_t:dir search_dir_perms;
+')
+
+########################################
+## <summary>
+## Create specified objects in generic
+## XDG config home directories with a
+## private type.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+## <param name="private_type">
+## <summary>
+## Private file type.
+## </summary>
+## </param>
+## <param name="object_class">
+## <summary>
+## Class of the object being created.
+## </summary>
+## </param>
+## <param name="name" optional="true">
+## <summary>
+## The name of the object being created.
+## </summary>
+## </param>
+#
+interface(`xdg_config_home_content_filetrans',`
+ gen_require(`
+ type xdg_config_home_t;
+ ')
+
+ userdom_search_user_home_dirs($1)
+ filetrans_pattern($1, xdg_config_home_t, $2, $3, $4)
+')
+
+########################################
+## <summary>
+## Create specified objects in user home
+## directories with the generic XDG
+## config home type.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+## <param name="object_class">
+## <summary>
+## Class of the object being created.
+## </summary>
+## </param>
+## <param name="name" optional="true">
+## <summary>
+## The name of the object being created.
+## </summary>
+## </param>
+#
+interface(`xdg_user_home_dir_filetrans_config_home',`
+ gen_require(`
+ type xdg_config_home_t;
+ ')
+
+ userdom_user_home_dir_filetrans($1, xdg_config_home_t, $2, $3)
+')
+
+########################################
+## <summary>
+## Create generic XDG data home directories.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`xdg_create_generic_data_home_dirs',`
+ gen_require(`
+ type xdg_data_home_t;
+ ')
+
+ allow $1 xdg_data_home_t:dir create_dir_perms;
+')
+
+########################################
+## <summary>
+## Read generic XDG data home content.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`xdg_read_generic_data_home_content',`
+ gen_require(`
+ type xdg_data_home_t;
+ ')
+
+ userdom_search_user_home_dirs($1)
+ allow $1 xdg_data_home_t:dir list_dir_perms;
+ allow $1 xdg_data_home_t:file read_file_perms;
+ allow $1 xdg_data_home_t:fifo_file read_fifo_file_perms;
+ allow $1 xdg_data_home_t:lnk_file read_lnk_file_perms;
+ allow $1 xdg_data_home_t:sock_file read_sock_file_perms;
+')
+
+########################################
+## <summary>
+## Relabel generic XDG data home content.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`xdg_relabel_generic_data_home_content',`
+ gen_require(`
+ type xdg_data_home_t;
+ ')
+
+ userdom_search_user_home_dirs($1)
+ allow $1 xdg_data_home_t:notdevfile_class_set { getattr relabelto relabelfrom };
+')
+
+########################################
+## <summary>
+## Create, read, write, and delete
+## generic XDG data home content.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`xdg_manage_generic_data_home_content',`
+ gen_require(`
+ type xdg_data_home_t;
+ ')
+
+ userdom_search_user_home_dirs($1)
+ allow $1 xdg_data_home_t:dir manage_dir_perms;
+ allow $1 xdg_data_home_t:file manage_file_perms;
+ allow $1 xdg_data_home_t:fifo_file manage_fifo_file_perms;
+ allow $1 xdg_data_home_t:lnk_file manage_lnk_file_perms;
+ allow $1 xdg_data_home_t:sock_file manage_sock_file_perms;
+')
+
+########################################
+## <summary>
+## Search generic XDG data home directories.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`xdg_search_generic_data_home',`
+ gen_require(`
+ type xdg_data_home_t;
+ ')
+
+ userdom_search_user_home_dirs($1)
+ allow $1 xdg_data_home_t:dir search_dir_perms;
+')
+
+########################################
+## <summary>
+## Create specified objects in generic
+## XDG data home directories with a
+## private type.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+## <param name="private_type">
+## <summary>
+## Private file type.
+## </summary>
+## </param>
+## <param name="object_class">
+## <summary>
+## Class of the object being created.
+## </summary>
+## </param>
+## <param name="name" optional="true">
+## <summary>
+## The name of the object being created.
+## </summary>
+## </param>
+#
+interface(`xdg_data_home_content_filetrans',`
+ gen_require(`
+ type xdg_data_home_t;
+ ')
+
+ userdom_search_user_home_dirs($1)
+ filetrans_pattern($1, xdg_data_home_t, $2, $3, $4)
+')
+
+########################################
+## <summary>
+## Create specified objects in user home
+## directories with the generic XDG
+## data home type.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+## <param name="object_class">
+## <summary>
+## Class of the object being created.
+## </summary>
+## </param>
+## <param name="name" optional="true">
+## <summary>
+## The name of the object being created.
+## </summary>
+## </param>
+#
+interface(`xdg_local_home_filetrans_data_home',`
+ gen_require(`
+ type xdg_data_home_t;
+ ')
+
+ userdom_local_home_filetrans($1, xdg_data_home_t, $2, $3)
+')
diff --git a/xdg.te b/xdg.te
new file mode 100644
index 0000000..90f869b
--- /dev/null
+++ b/xdg.te
@@ -0,0 +1,21 @@
+policy_module(xdg, 1.0.0)
+
+attribute xdg_config_dirs_type;
+attribute xdg_data_dirs_type;
+attribute xdg_runtime_dirs_type;
+
+attribute xdg_cache_home_type;
+attribute xdg_config_home_type;
+attribute xdg_data_home_type;
+
+type xdg_cache_home_t;
+xdg_cache_home_content(xdg_cache_home_t)
+
+type xdg_conf_t;
+xdg_config_file(xdg_conf_t)
+
+type xdg_config_home_t;
+xdg_config_home_content(xdg_config_home_t)
+
+type xdg_data_home_t;
+xdg_data_home_content(xdg_data_home_t)
--
1.8.3.1