commit: b7f21ed3852a1688dc52dc89f2f37b85e93a0d9c
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Fri Jun 8 11:18:05 2018 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Fri Jun 8 11:19:06 2018 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=b7f21ed3
gpg: Introduce gpg_exec_agent()
policy/modules/contrib/gpg.if | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
diff --git a/policy/modules/contrib/gpg.if b/policy/modules/contrib/gpg.if
index 359560f8..78efb186 100644
--- a/policy/modules/contrib/gpg.if
+++ b/policy/modules/contrib/gpg.if
@@ -123,6 +123,25 @@ interface(`gpg_spec_domtrans',`
domain_auto_transition_pattern($1, gpg_exec_t, $2)
')
+########################################
+## <summary>
+## Execute the gpg-agent in the caller domain.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`gpg_exec_agent',`
+ gen_require(`
+ type gpg_agent_exec_t;
+ ')
+
+ corecmd_search_bin($1)
+ can_exec($1, gpg_agent_exec_t)
+')
+
######################################
## <summary>
## Make gpg executable files an
