From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-489315-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id 41B9713800E
	for <garchives@archives.gentoo.org>; Thu, 26 Jul 2012 19:24:34 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 43672E07FD;
	Thu, 26 Jul 2012 19:23:57 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	by pigeon.gentoo.org (Postfix) with ESMTP id F2061E07FD
	for <gentoo-commits@lists.gentoo.org>; Thu, 26 Jul 2012 19:23:56 +0000 (UTC)
Received: from hornbill.gentoo.org (hornbill.gentoo.org [94.100.119.163])
	(using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 531151B412D
	for <gentoo-commits@lists.gentoo.org>; Thu, 26 Jul 2012 19:23:56 +0000 (UTC)
Received: from localhost.localdomain (localhost [127.0.0.1])
	by hornbill.gentoo.org (Postfix) with ESMTP id 2A14EE5442
	for <gentoo-commits@lists.gentoo.org>; Thu, 26 Jul 2012 19:23:54 +0000 (UTC)
From: "Sven Vermeulen" <sven.vermeulen@siphos.be>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" <sven.vermeulen@siphos.be>
Message-ID: <1343330596.d47f0107bd9bd1566748e7377d9ba902b898c1b0.SwifT@gentoo>
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/
X-VCS-Repository: proj/hardened-refpolicy
X-VCS-Files: policy/modules/system/miscfiles.fc policy/modules/system/miscfiles.if policy/modules/system/miscfiles.te
X-VCS-Directories: policy/modules/system/
X-VCS-Committer: SwifT
X-VCS-Committer-Name: Sven Vermeulen
X-VCS-Revision: d47f0107bd9bd1566748e7377d9ba902b898c1b0
X-VCS-Branch: master
Date: Thu, 26 Jul 2012 19:23:54 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Archives-Salt: b6d44eb1-1bc5-4221-93b0-2c1acbfbf6d8
X-Archives-Hash: 4646f2cc2b3c1c0984c0a633f8f4e46e

commit:     d47f0107bd9bd1566748e7377d9ba902b898c1b0
Author:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Thu Jul 26 19:23:16 2012 +0000
Commit:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
CommitDate: Thu Jul 26 19:23:16 2012 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=d47f0107

Adding cert_home type declaration

---
 policy/modules/system/miscfiles.fc |    2 ++
 policy/modules/system/miscfiles.if |   29 +++++++++++++++++++++++++++++
 policy/modules/system/miscfiles.te |    7 +++++++
 3 files changed, 38 insertions(+), 0 deletions(-)

diff --git a/policy/modules/system/miscfiles.fc b/policy/modules/system/miscfiles.fc
index fe3427d..0328dd6 100644
--- a/policy/modules/system/miscfiles.fc
+++ b/policy/modules/system/miscfiles.fc
@@ -91,3 +91,5 @@ ifdef(`distro_redhat',`
 /var/empty/sshd/etc/localtime -- gen_context(system_u:object_r:locale_t,s0)
 /var/spool/postfix/etc/localtime -- gen_context(system_u:object_r:locale_t,s0)
 ')
+
+HOME_DIR/.nss(/.*)?		gen_context(system_u:object_r:cert_home_t)

diff --git a/policy/modules/system/miscfiles.if b/policy/modules/system/miscfiles.if
index 926ba65..42fa71d 100644
--- a/policy/modules/system/miscfiles.if
+++ b/policy/modules/system/miscfiles.if
@@ -171,6 +171,35 @@ interface(`miscfiles_manage_cert_files',`
 
 ########################################
 ## <summary>
+##	Automatically use the cert_home_t label for selected resources created
+##	in a users home directory
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+## <param name="class">
+##	<summary>
+##	Resource type(s) for which the label should be used
+##	</summary>
+## </param>
+## <param name="filename" optional="true">
+##	<summary>
+##	Name of the resource that is being created
+##	</summary>
+## </param>
+#
+interface(`miscfiles_user_home_dir_filetrans_cert_home',`
+	gen_require(`
+		type cert_home_t;
+	')
+
+	userdom_user_home_dir_filetrans($1, cert_home_t, $2, $3)
+')
+
+########################################
+## <summary>
 ##	Read fonts.
 ## </summary>
 ## <param name="domain">

diff --git a/policy/modules/system/miscfiles.te b/policy/modules/system/miscfiles.te
index 703944c..fab61bc 100644
--- a/policy/modules/system/miscfiles.te
+++ b/policy/modules/system/miscfiles.te
@@ -14,6 +14,13 @@ type cert_t;
 miscfiles_cert_type(cert_t)
 
 #
+# cert_home_t is the type of files in the users' home directories.
+#
+type cert_home_t;
+miscfiles_cert_type(cert_home_t)
+userdom_user_home_content(cert_home_t)
+
+#
 # fonts_t is the type of various font
 # files in /usr
 #