From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=5Nvc=2O=vger.kernel.org=selinux-refpolicy-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-9.8 required=3.0 tests=DKIM_SIGNED,DKIM_VALID,
	HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY,
	SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no
	version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id C7A1BC2D0CF
	for <selinux-refpolicy@archiver.kernel.org>; Tue, 24 Dec 2019 10:11:10 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id 97DBE20643
	for <selinux-refpolicy@archiver.kernel.org>; Tue, 24 Dec 2019 10:11:10 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=pass (2048-bit key) header.d=perfinion-com.20150623.gappssmtp.com header.i=@perfinion-com.20150623.gappssmtp.com header.b="l2KgSNER"
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726222AbfLXKLK (ORCPT
        <rfc822;selinux-refpolicy@archiver.kernel.org>);
        Tue, 24 Dec 2019 05:11:10 -0500
Received: from mail-pl1-f179.google.com ([209.85.214.179]:46183 "EHLO
        mail-pl1-f179.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726084AbfLXKLK (ORCPT
        <rfc822;selinux-refpolicy@vger.kernel.org>);
        Tue, 24 Dec 2019 05:11:10 -0500
Received: by mail-pl1-f179.google.com with SMTP id y8so8286649pll.13
        for <selinux-refpolicy@vger.kernel.org>; Tue, 24 Dec 2019 02:11:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=perfinion-com.20150623.gappssmtp.com; s=20150623;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=LSVEfk11zGAgPv7jywM9AL/+MxQla69q5uh2eCUmamE=;
        b=l2KgSNERf80Tze9LvuAI6bRbtld2kVbGX4wolSBspgImb0IAP0/Knj/O/IDm9Hkjet
         /nz5JHK36ze/uiUWu/LFpv2HiyFuSil7JlA3yCoA5ZkRCAwhyntspSTPoEAzY392TXRS
         yQcjYf/X10I1NGGCY4fL38g4jQ/vNB3VMwPBPJEWjn576KPi0HSCMzrEQt0BWyzEHkPe
         avr/Cxx+Hr2BFbug6xoEbvitloa5vVQVEECWomsvYgDhpEBRGqRQ3NDXiGxlqiINAOIb
         iJA3JR9935nM4Ivcsa7eJosCyLrywEqyjKZK5cINPa99z/rOOL/JbqayIDO+aYqtwlNd
         J+uw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=LSVEfk11zGAgPv7jywM9AL/+MxQla69q5uh2eCUmamE=;
        b=N6vd8UaT+SX91tGJ0i1dhjV5RkquIX81SyM2QYeJe3TL+p3C2AaO0IPAANZq3yiZNY
         /qxhrUwwH0TKcpAsxmlfpCzMxIKpquVacQptQRRGpZr8YUj4vGnkZWFTjugY6wbbP1mX
         gbYwYLQnZEvcD4ZSdK3ZO1NBbdplExzUeoEZXDUCpJld9yWUQ6ela8gSUPL6x97KR72Y
         rChKj+/nJg2NbB1+ky/ap3NSR5jLnkPktKHebeG1gsUujXPJQDNPYrEQaRunynmAr8pD
         hg0mMA+LBlGU34PseTMgTVRHMIcv2WcuHe/9yOHT/ig7cNl9S34XvW1n1wkZPrSla2MP
         MTsw==
X-Gm-Message-State: APjAAAUjbOUWzJ0ZYu7b3sl/1m+myfUJa/qCL6s16hlAZ7yFflxtgbeV
        JMHAxzRu4BIXByQ7fARTTIrdOKJm2iwreA==
X-Google-Smtp-Source: APXvYqwexDeyZZ7WnvjQfzIVVkBVvR1QOhJChQzU7rt3WLh2HWXLF0u/9GX07aunW4t+0CHI6EAWBg==
X-Received: by 2002:a17:90a:d783:: with SMTP id z3mr4697682pju.3.1577182269313;
        Tue, 24 Dec 2019 02:11:09 -0800 (PST)
Received: from localhost ([101.127.140.252])
        by smtp.gmail.com with ESMTPSA id a17sm2855214pjv.6.2019.12.24.02.11.08
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 24 Dec 2019 02:11:08 -0800 (PST)
From:   Jason Zaman <jason@perfinion.com>
To:     selinux-refpolicy@vger.kernel.org
Cc:     Jason Zaman <jason@perfinion.com>
Subject: [PATCH 5/9] dirmngr: accept unix stream socket
Date:   Tue, 24 Dec 2019 18:10:39 +0800
Message-Id: <20191224101043.58122-5-jason@perfinion.com>
X-Mailer: git-send-email 2.24.1
In-Reply-To: <20191224101043.58122-1-jason@perfinion.com>
References: <20191224101043.58122-1-jason@perfinion.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: selinux-refpolicy-owner@vger.kernel.org
Precedence: bulk
List-ID: <selinux-refpolicy.vger.kernel.org>
X-Mailing-List: selinux-refpolicy@vger.kernel.org

dirmngr needs to listen and accept on /run/user/1000/gnupg/S.dirmngr

type=AVC msg=audit(1554175286.968:2720907): avc:  denied  { accept } for  pid=15692 comm="dirmngr" path="/run/user/1000/gnupg/S.dirmngr" scontext=staff_u:staff_r:dirmngr_t:s0-s0:c0.c1023 tcontext=staff_u:staff_r:dirmngr_t:s0-s0:c0.c1023 tclass=unix_stream_socket permissive=0

Signed-off-by: Jason Zaman <jason@perfinion.com>
---
 policy/modules/services/dirmngr.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/policy/modules/services/dirmngr.te b/policy/modules/services/dirmngr.te
index 056cd97b..e34295e7 100644
--- a/policy/modules/services/dirmngr.te
+++ b/policy/modules/services/dirmngr.te
@@ -37,6 +37,7 @@ userdom_user_home_content(dirmngr_home_t)
 #
 
 allow dirmngr_t self:fifo_file rw_file_perms;
+allow dirmngr_t self:unix_stream_socket rw_stream_socket_perms;
 
 allow dirmngr_t dirmngr_conf_t:dir list_dir_perms;
 allow dirmngr_t dirmngr_conf_t:file read_file_perms;
-- 
2.24.1