From 02b7b92051ad176febdf6a4c2f77b0ac7db3097b Mon Sep 17 00:00:00 2001
From: Matěj Cepl <mcepl@cepl.eu>
Date: Sat, 6 Feb 2021 01:30:55 +0100
Subject: Local policy for dictd having files in ~/.dictd

---
 .gitignore      |  2 ++
 generate.sh     |  4 ++++
 mydictdaddon.fc |  1 +
 mydictdaddon.if |  1 +
 mydictdaddon.te | 13 +++++++++++++
 5 files changed, 21 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 generate.sh
 create mode 100644 mydictdaddon.fc
 create mode 100644 mydictdaddon.if
 create mode 100644 mydictdaddon.te

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..b2545cd
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+*.pp
+/tmp/
diff --git a/generate.sh b/generate.sh
new file mode 100644
index 0000000..ba2acbf
--- /dev/null
+++ b/generate.sh
@@ -0,0 +1,4 @@
+# Have foo.te and foo.fc
+make -f /usr/share/selinux/devel/Makefile foo.pp
+# sudo semodule -i mydictdaddon.pp
+# then use ~/.dictd for your dictd home stuff
diff --git a/mydictdaddon.fc b/mydictdaddon.fc
new file mode 100644
index 0000000..3aacd1e
--- /dev/null
+++ b/mydictdaddon.fc
@@ -0,0 +1 @@
+HOME_DIR/\.dictd(/.*)? gen_context(system_u:object_r:dictd_home_t,s0)
diff --git a/mydictdaddon.if b/mydictdaddon.if
new file mode 100644
index 0000000..3eb6a30
--- /dev/null
+++ b/mydictdaddon.if
@@ -0,0 +1 @@
+## <summary></summary>
diff --git a/mydictdaddon.te b/mydictdaddon.te
new file mode 100644
index 0000000..76c2a14
--- /dev/null
+++ b/mydictdaddon.te
@@ -0,0 +1,13 @@
+policy_module(mydictdaddon,1.0.2)
+gen_require(` type dictd_t; ')
+gen_require(` attribute userdomain; ')
+userdom_search_user_home_dirs(dictd_t)
+type dictd_home_t;
+userdom_user_home_content(dictd_home_t)
+allow dictd_t dictd_home_t:dir list_dir_perms;
+allow dictd_t dictd_home_t:file read_file_perms;
+allow dictd_t dictd_home_t:lnk_file read_lnk_file_perms;;
+allow userdomain dictd_home_t:dir manage_dir_perms;
+allow userdomain dictd_home_t:file manage_file_perms;
+allow userdomain dictd_home_t:lnk_file manage_lnk_file_perms;
+userdom_user_home_dir_filetrans(userdomain, dictd_home_t, dir, ".dictd")
-- 
cgit