From ca7fa520e7990b9e9ac838aa4138e4513601c77e Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Thu, 3 Sep 2009 08:23:18 -0400
Subject: gpg patch from dan.

gpg sends sigstop and signull

Reads usb devices

Can encrypts users content in /tmp and the homedir, as well as on NFS and cifs
---
 policy/modules/apps/gpg.if |  2 +-
 policy/modules/apps/gpg.te | 12 +++++++++---
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/policy/modules/apps/gpg.if b/policy/modules/apps/gpg.if
index f264608d..260bd9d4 100644
--- a/policy/modules/apps/gpg.if
+++ b/policy/modules/apps/gpg.if
@@ -30,7 +30,7 @@ interface(`gpg_role',`
 
 	# allow ps to show gpg
 	ps_process_pattern($2, gpg_t)
-	allow $2 gpg_t:process { signal sigkill };
+	allow $2 gpg_t:process { signull sigstop signal sigkill };
 
 	# communicate with the user 
 	allow gpg_helper_t $2:fd use;
diff --git a/policy/modules/apps/gpg.te b/policy/modules/apps/gpg.te
index ff18fc77..9d162a8e 100644
--- a/policy/modules/apps/gpg.te
+++ b/policy/modules/apps/gpg.te
@@ -1,5 +1,5 @@
 
-policy_module(gpg, 2.1.0)
+policy_module(gpg, 2.1.1)
 
 ########################################
 #
@@ -92,6 +92,7 @@ corenet_sendrecv_all_client_packets(gpg_t)
 
 dev_read_rand(gpg_t)
 dev_read_urand(gpg_t)
+dev_read_generic_usb_dev(gpg_t)
 
 fs_getattr_xattr_fs(gpg_t)
 
@@ -145,13 +146,18 @@ files_read_etc_files(gpg_helper_t)
 auth_use_nsswitch(gpg_helper_t)
 
 userdom_use_user_terminals(gpg_helper_t)
+# sign/encrypt user files
+userdom_manage_user_tmp_files(gpg_t)
+userdom_manage_user_home_content_files(gpg_t)
 
 tunable_policy(`use_nfs_home_dirs',`
-	fs_dontaudit_rw_nfs_files(gpg_helper_t)
+	fs_manage_nfs_dirs(gpg_t)
+	fs_manage_nfs_files(gpg_t)
 ')
 
 tunable_policy(`use_samba_home_dirs',`
-	fs_dontaudit_rw_cifs_files(gpg_helper_t)
+	fs_manage_cifs_dirs(gpg_t)
+	fs_manage_cifs_files(gpg_t)
 ')
 
 optional_policy(`
-- 
cgit v1.2.3