From mboxrd@z Thu Jan  1 00:00:00 1970
From: guido@trentalancia.com (Guido Trentalancia)
Date: Wed, 16 Feb 2011 07:00:59 +0100
Subject: [refpolicy] [PATCH 5/34]: patch to label XDG config files and allow
 policykit to use them
Message-ID: <1297836060.3205.34.camel@tesla.lan>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

This patch labels HOME_DIR/\.config as gnome_home_t and then
allows policykit to read such kind of files.

diff -pruN refpolicy-git-02022011-test-apply/policy/modules/apps/gnome.fc refpolicy-git-02022011-test-apply2/policy/modules/apps/gnome.fc
--- refpolicy-git-02022011-test-apply/policy/modules/apps/gnome.fc	2011-01-08 19:07:21.179731404 +0100
+++ refpolicy-git-02022011-test-apply2/policy/modules/apps/gnome.fc	2011-02-07 00:54:30.568909514 +0100
@@ -1,4 +1,4 @@
-HOME_DIR/\.config/gtk-.*	gen_context(system_u:object_r:gnome_home_t,s0)
+HOME_DIR/\.config(/.*)?		gen_context(system_u:object_r:gnome_home_t,s0)
 HOME_DIR/\.gconf(d)?(/.*)?	gen_context(system_u:object_r:gconf_home_t,s0)
 HOME_DIR/\.gnome2(/.*)?		gen_context(system_u:object_r:gnome_home_t,s0)
 
diff -pruN refpolicy-git-02022011-test-apply/policy/modules/services/policykit.te refpolicy-git-02022011-test-apply2/policy/modules/services/policykit.te
--- refpolicy-git-02022011-test-apply/policy/modules/services/policykit.te	2011-01-08 19:07:21.281747514 +0100
+++ refpolicy-git-02022011-test-apply2/policy/modules/services/policykit.te	2011-02-07 00:55:34.133380018 +0100
@@ -69,6 +69,10 @@ miscfiles_read_localization(policykit_t)
 
 userdom_read_all_users_state(policykit_t)
 
+optional_policy(`
+	gnome_read_config(policykit_t)
+')
+
 ########################################
 #
 # polkit_auth local policy