## Policy for GNU Privacy Guard and related programs.
############################################################
##
## Role access for gpg
##
##
##
## Role allowed access
##
##
##
##
## User domain for the role
##
##
#
interface(`gpg_role',`
gen_require(`
type gpg_t, gpg_exec_t;
type gpg_agent_t, gpg_agent_exec_t;
type gpg_agent_tmp_t;
type gpg_helper_t, gpg_pinentry_t;
')
role $1 types { gpg_t gpg_agent_t gpg_helper_t gpg_pinentry_t };
# transition from the userdomain to the derived domain
domtrans_pattern($2, gpg_exec_t, gpg_t)
# allow ps to show gpg
ps_process_pattern($2, gpg_t)
allow $2 gpg_t:process { signal sigkill };
# communicate with the user
allow gpg_helper_t $2:fd use;
allow gpg_helper_t $2:fifo_file write;
# allow ps to show gpg-agent
ps_process_pattern($2, gpg_agent_t)
# Allow the user shell to signal the gpg-agent program.
allow $2 gpg_agent_t:process { signal sigkill };
manage_dirs_pattern($2, gpg_agent_tmp_t, gpg_agent_tmp_t)
manage_files_pattern($2, gpg_agent_tmp_t, gpg_agent_tmp_t)
manage_sock_files_pattern($2, gpg_agent_tmp_t, gpg_agent_tmp_t)
files_tmp_filetrans(gpg_agent_t, gpg_agent_tmp_t, { file sock_file dir })
# Transition from the user domain to the agent domain.
domtrans_pattern($2, gpg_agent_exec_t, gpg_agent_t)
ifdef(`hide_broken_symptoms',`
#Leaked File Descriptors
dontaudit gpg_t $2:fifo_file rw_fifo_file_perms;
dontaudit gpg_t $2:tcp_socket rw_socket_perms;
dontaudit gpg_t $2:udp_socket rw_socket_perms;
dontaudit gpg_t $2:unix_stream_socket rw_socket_perms;
dontaudit gpg_t $2:unix_dgram_socket rw_socket_perms;
')
')
########################################
##
## Transition to a user gpg domain.
##
##
##
## Domain allowed access.
##
##
#
interface(`gpg_domtrans',`
gen_require(`
type gpg_t, gpg_exec_t;
')
domtrans_pattern($1, gpg_exec_t, gpg_t)
')
########################################
##
## Send generic signals to user gpg processes.
##
##
##
## Domain allowed access.
##
##
#
interface(`gpg_signal',`
gen_require(`
type gpg_t;
')
allow $1 gpg_t:process signal;
')