## <summary>Policy for GNU Privacy Guard and related programs.</summary>

############################################################
## <summary>
##	Role access for gpg
## </summary>
## <param name="role">
##	<summary>
##	Role allowed access
##	</summary>
## </param>
## <param name="domain">
##	<summary>
##	User domain for the role
##	</summary>
## </param>
#
interface(`gpg_role',`
	gen_require(`
		type gpg_t, gpg_exec_t;
		type gpg_agent_t, gpg_agent_exec_t;
		type gpg_agent_tmp_t;
		type gpg_helper_t, gpg_pinentry_t;
		type gpg_pinentry_tmp_t;
	')

	role $1 types { gpg_t gpg_agent_t gpg_helper_t gpg_pinentry_t };

	# transition from the userdomain to the derived domain
	domtrans_pattern($2, gpg_exec_t, gpg_t)

	# allow ps to show gpg
	ps_process_pattern($2, gpg_t)
	allow $2 gpg_t:process { signull sigstop signal sigkill };

	# communicate with the user
	allow gpg_helper_t $2:fd use;
	allow gpg_helper_t $2:fifo_file write;

	# allow ps to show gpg-agent
	ps_process_pattern($2, gpg_agent_t)

	# Allow the user shell to signal the gpg-agent program.
	allow $2 gpg_agent_t:process { signal sigkill };

	manage_dirs_pattern($2, gpg_agent_tmp_t, gpg_agent_tmp_t)
	manage_files_pattern($2, gpg_agent_tmp_t, gpg_agent_tmp_t)
	manage_sock_files_pattern($2, gpg_agent_tmp_t, gpg_agent_tmp_t)
	files_tmp_filetrans(gpg_agent_t, gpg_agent_tmp_t, { file sock_file dir })

	# Transition from the user domain to the agent domain.
	domtrans_pattern($2, gpg_agent_exec_t, gpg_agent_t)

	manage_sock_files_pattern($2, gpg_pinentry_tmp_t, gpg_pinentry_tmp_t)
	relabel_sock_files_pattern($2, gpg_pinentry_tmp_t, gpg_pinentry_tmp_t)

	allow gpg_pinentry_t $2:fifo_file { read write };

	optional_policy(`
		gpg_pinentry_dbus_chat($2)
	')

	allow $2 gpg_agent_t:unix_stream_socket { rw_socket_perms connectto };
	ifdef(`hide_broken_symptoms',`
		#Leaked File Descriptors
		dontaudit gpg_t $2:fifo_file rw_fifo_file_perms;
		dontaudit gpg_agent_t $2:fifo_file rw_fifo_file_perms;
	')
')

########################################
## <summary>
##	Transition to a user gpg domain.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed to transition.
##	</summary>
## </param>
#
interface(`gpg_domtrans',`
	gen_require(`
		type gpg_t, gpg_exec_t;
	')

	domtrans_pattern($1, gpg_exec_t, gpg_t)
')

######################################
## <summary>
##	Execute gpg in the caller domain.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`gpg_exec',`
	gen_require(`
		type gpg_exec_t;
	')

	corecmd_search_bin($1)
	can_exec($1, gpg_exec_t)
')

######################################
## <summary>
##  Transition to a gpg web domain.
## </summary>
## <param name="domain">
##  <summary>
##  Domain allowed access.
##  </summary>
## </param>
#
interface(`gpg_domtrans_web',`
    gen_require(`
        type gpg_web_t, gpg_exec_t;
    ')

    domtrans_pattern($1, gpg_exec_t, gpg_web_t)
')

######################################
## <summary>
##  Make gpg an entrypoint for
##  the specified domain.
## </summary>
## <param name="domain">
##  <summary>
##  The domain for which cifs_t is an entrypoint.
##  </summary>
## </param>
#
interface(`gpg_entry_type',`
    gen_require(`
        type gpg_exec_t;
    ')

    domain_entry_file($1, gpg_exec_t)
')

########################################
## <summary>
##	Send generic signals to user gpg processes.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`gpg_signal',`
	gen_require(`
		type gpg_t;
	')

	allow $1 gpg_t:process signal;
')

########################################
## <summary>
##	Read and write GPG agent pipes.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`gpg_rw_agent_pipes',`
	# Just wants read/write could this be a leak?
	gen_require(`
		type gpg_agent_t;
	')

	allow $1 gpg_agent_t:fifo_file rw_fifo_file_perms;
')

########################################
## <summary>
##	Send messages to and from GPG
##	Pinentry over DBUS.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`gpg_pinentry_dbus_chat',`
	gen_require(`
		type gpg_pinentry_t;
		class dbus send_msg;
	')

	allow $1 gpg_pinentry_t:dbus send_msg;
	allow gpg_pinentry_t $1:dbus send_msg;
')

########################################
## <summary>
##	List Gnu Privacy Guard user secrets.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`gpg_list_user_secrets',`
	gen_require(`
		type gpg_secret_t;
	')

	list_dirs_pattern($1, gpg_secret_t, gpg_secret_t)
	userdom_search_user_home_dirs($1)
')
###########################
## <summary>
##	Allow to manage gpg named home content
## </summary>
## <param name="domain">
##	<summary>
##      Domain allowed access.
##	</summary>
## </param>
#
interface(`gpg_manage_home_content',`
	gen_require(`
		type gpg_secret_t;
	')

	manage_files_pattern($1, gpg_secret_t, gpg_secret_t)
	manage_dirs_pattern($1, gpg_secret_t, gpg_secret_t)
	userdom_user_home_dir_filetrans($1, gpg_secret_t, dir, ".gnupg")
')
########################################
## <summary>
##	Transition to gpg named home content
## </summary>
## <param name="domain">
##	<summary>
##      Domain allowed access.
##	</summary>
## </param>
#
interface(`gpg_filetrans_home_content',`
	gen_require(`
		type gpg_secret_t;
	')

	userdom_user_home_dir_filetrans($1, gpg_secret_t, dir, ".gnupg")
')