- Merge upstream changes

- Add Xavier Toth patches
2008-09-17 12:17:30 +00:00 · 2008-09-17 12:17:30 +00:00 · 0abbc2d405
commit 0abbc2d405
parent 13e7ea697a
1 changed files with 109 additions and 88 deletions
--- a/policy-20080710.patch
+++ b/policy-20080710.patch
@ -3571,7 +3571,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/usr/lib64/[^/]*firefox[^/]*/firefox -- gen_context(system_u:object_r:mozilla_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.if serefpolicy-3.5.8/policy/modules/apps/mozilla.if
 --- nsaserefpolicy/policy/modules/apps/mozilla.if	2008-08-07 11:15:02.000000000 -0400
-+++ serefpolicy-3.5.8/policy/modules/apps/mozilla.if	2008-09-12 10:59:28.000000000 -0400
+++ serefpolicy-3.5.8/policy/modules/apps/mozilla.if	2008-09-17 07:36:14.000000000 -0400
@@ -35,7 +35,10 @@
 template(`mozilla_per_role_template',`
 	gen_require(`
@ -3583,7 +3583,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 	########################################
 	#
-@@ -45,20 +48,24 @@
+@@ -45,36 +48,44 @@
 	application_domain($1_mozilla_t, mozilla_exec_t)
 	role $3 types $1_mozilla_t;
@ -3609,15 +3609,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 	allow $1_mozilla_t self:capability { sys_nice setgid setuid };
 -	allow $1_mozilla_t self:process { sigkill signal setsched getsched setrlimit };
-+	allow $1_mozilla_t self:process { ptrace sigkill signal setsched getsched setrlimit };
+	allow $1_mozilla_t self:process { ptrace sigkill signal signull setsched getsched setrlimit };
 	allow $1_mozilla_t self:fifo_file rw_fifo_file_perms;
 	allow $1_mozilla_t self:shm { unix_read unix_write read write destroy create };
 	allow $1_mozilla_t self:sem create_sem_perms;
-@@ -66,15 +73,19 @@
+ 	allow $1_mozilla_t self:socket create_socket_perms;
 	allow $1_mozilla_t self:unix_stream_socket { listen accept };
 	# Browse the web, connect to printer
- 	allow $1_mozilla_t self:tcp_socket create_socket_perms;
+-	allow $1_mozilla_t self:tcp_socket create_socket_perms;
 -	allow $1_mozilla_t self:netlink_route_socket r_netlink_socket_perms;
 +	allow $1_mozilla_t self:tcp_socket create_stream_socket_perms;
 	# for bash - old mozilla binary
 	can_exec($1_mozilla_t, mozilla_exec_t)
@ -3720,15 +3721,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 	# Browse the web, connect to printer
 	corenet_all_recvfrom_unlabeled($1_mozilla_t)
-@@ -139,7 +178,6 @@
+@@ -137,9 +176,9 @@
 	corenet_tcp_sendrecv_ipp_port($1_mozilla_t)
 	corenet_tcp_connect_http_port($1_mozilla_t)
 	corenet_tcp_connect_http_cache_port($1_mozilla_t)
 +	corenet_tcp_connect_flash_port($1_mozilla_t)
 	corenet_tcp_connect_ftp_port($1_mozilla_t)
 	corenet_tcp_connect_ipp_port($1_mozilla_t)
 -	corenet_tcp_connect_generic_port($1_mozilla_t)
 	corenet_sendrecv_http_client_packets($1_mozilla_t)
 	corenet_sendrecv_http_cache_client_packets($1_mozilla_t)
 	corenet_sendrecv_ftp_client_packets($1_mozilla_t)
-@@ -165,13 +203,28 @@
+@@ -165,13 +204,28 @@
 	files_read_var_files($1_mozilla_t)
 	files_read_var_symlinks($1_mozilla_t)
  	files_dontaudit_getattr_boot_dirs($1_mozilla_t)
@ -3757,7 +3761,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 	libs_use_ld_so($1_mozilla_t)
 	libs_use_shared_libs($1_mozilla_t)
-@@ -180,16 +233,8 @@
+@@ -180,17 +234,10 @@
 	miscfiles_read_fonts($1_mozilla_t)
 	miscfiles_read_localization($1_mozilla_t)
@ -3774,9 +3778,11 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	userdom_dontaudit_read_user_tmp_files($1, $1_mozilla_t)
 +	userdom_dontaudit_use_user_terminals($1, $1_mozilla_t)
 +	xserver_read_xdm_pid($1_mozilla_t)
 	xserver_user_x_domain_template($1, $1_mozilla, $1_mozilla_t, $1_mozilla_tmpfs_t)
 	xserver_dontaudit_read_xdm_tmp_files($1_mozilla_t)
-@@ -211,131 +256,8 @@
+ 	xserver_dontaudit_getattr_xdm_tmp_sockets($1_mozilla_t)
@@ -211,131 +258,8 @@
 		fs_manage_cifs_symlinks($1_mozilla_t)
 	')
@ -3910,7 +3916,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 	')
 	optional_policy(`
-@@ -350,57 +272,48 @@
+@@ -350,57 +274,48 @@
 	optional_policy(`
 		cups_read_rw_config($1_mozilla_t)
 		cups_dbus_chat($1_mozilla_t)
@ -3984,7 +3990,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ')
 ########################################
-@@ -430,11 +343,11 @@
+@@ -430,11 +345,11 @@
 #
 template(`mozilla_read_user_home_files',`
 	gen_require(`
@ -3999,7 +4005,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ')
 ########################################
-@@ -464,11 +377,10 @@
+@@ -464,11 +379,10 @@
 #
 template(`mozilla_write_user_home_files',`
 	gen_require(`
@ -4013,7 +4019,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ')
 ########################################
-@@ -573,3 +485,27 @@
+@@ -573,3 +487,27 @@
 	allow $2 $1_mozilla_t:tcp_socket rw_socket_perms;
 ')
@ -4074,8 +4080,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +typealias mozilla_tmp_t alias user_mozilla_tmp_t;
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mplayer.fc serefpolicy-3.5.8/policy/modules/apps/mplayer.fc
 --- nsaserefpolicy/policy/modules/apps/mplayer.fc	2008-08-07 11:15:03.000000000 -0400
-+++ serefpolicy-3.5.8/policy/modules/apps/mplayer.fc	2008-09-12 10:59:28.000000000 -0400
+++ serefpolicy-3.5.8/policy/modules/apps/mplayer.fc	2008-09-17 07:30:05.000000000 -0400
-@@ -10,4 +10,4 @@
+@@ -1,13 +1,8 @@
 #
 -# /etc
 -#
 -/etc/mplayer(/.*)?		gen_context(system_u:object_r:mplayer_etc_t,s0)
 -
 -#
 # /usr
 #
 /usr/bin/mplayer	--	gen_context(system_u:object_r:mplayer_exec_t,s0)
 /usr/bin/mencoder	--	gen_context(system_u:object_r:mencoder_exec_t,s0)
 /usr/bin/xine		--	gen_context(system_u:object_r:mplayer_exec_t,s0)
@ -4786,8 +4801,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.if serefpolicy-3.5.8/policy/modules/apps/openoffice.if
 --- nsaserefpolicy/policy/modules/apps/openoffice.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.8/policy/modules/apps/openoffice.if	2008-09-12 10:59:28.000000000 -0400
+++ serefpolicy-3.5.8/policy/modules/apps/openoffice.if	2008-09-17 07:25:52.000000000 -0400
-@@ -0,0 +1,102 @@
+@@ -0,0 +1,103 @@
 +## <summary>Openoffice</summary>
 +
 +#######################################
@ -4834,6 +4849,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	#
 +
 +	domtrans_pattern($2, openoffice_exec_t, $1_openoffice_t)
 +	allow $2  $1_openoffice_t:process { signal sigkill };
 +')
 +
 +#######################################
@ -8413,8 +8429,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/guest.te serefpolicy-3.5.8/policy/modules/roles/guest.te
 --- nsaserefpolicy/policy/modules/roles/guest.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.8/policy/modules/roles/guest.te	2008-09-12 10:59:28.000000000 -0400
+++ serefpolicy-3.5.8/policy/modules/roles/guest.te	2008-09-17 07:32:27.000000000 -0400
-@@ -0,0 +1,44 @@
+@@ -0,0 +1,46 @@
 +
 +policy_module(guest, 1.0.0)
 +
@ -8458,6 +8474,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	')
 +	
 +	domtrans_pattern(xguest_mozilla_t, openoffice_exec_t, xguest_openoffice_t)
 +	allow xguest_mozilla_t xguest_openoffice_t:process { signal sigkill };
 +	allow xguest_openoffice_t xguest_mozilla_t:unix_sream_socket connectto;
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/logadm.fc serefpolicy-3.5.8/policy/modules/roles/logadm.fc
 --- nsaserefpolicy/policy/modules/roles/logadm.fc	1969-12-31 19:00:00.000000000 -0500
@ -9966,7 +9984,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 read_files_pattern(amavis_t, amavis_etc_t, amavis_etc_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-3.5.8/policy/modules/services/apache.fc
 --- nsaserefpolicy/policy/modules/services/apache.fc	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.8/policy/modules/services/apache.fc	2008-09-12 10:59:28.000000000 -0400
+++ serefpolicy-3.5.8/policy/modules/services/apache.fc	2008-09-16 15:29:22.000000000 -0400
@@ -1,10 +1,10 @@
 -HOME_DIR/((www)|(web)|(public_html))(/.+)? gen_context(system_u:object_r:httpd_ROLE_content_t,s0)
 +HOME_DIR/((www)|(web)|(public_html)|(public_git))(/.+)? gen_context(system_u:object_r:httpd_user_content_t,s0)
@ -13058,7 +13076,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/lib/misc(/.*)?			gen_context(system_u:object_r:system_crond_var_lib_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-3.5.8/policy/modules/services/cron.if
 --- nsaserefpolicy/policy/modules/services/cron.if	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.8/policy/modules/services/cron.if	2008-09-12 16:29:28.000000000 -0400
+++ serefpolicy-3.5.8/policy/modules/services/cron.if	2008-09-16 14:09:27.000000000 -0400
@@ -35,39 +35,24 @@
 #
 template(`cron_per_role_template',`
@ -13362,7 +13380,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ')
 ########################################
-@@ -584,3 +500,44 @@
+@@ -584,3 +500,45 @@
 	dontaudit $1 system_crond_tmp_t:file append;
 ')
@ -13382,6 +13400,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +interface(`cron_dontaudit_write_system_job_tmp_files',`
 +	gen_require(`
 +		type system_crond_tmp_t;
 +		type cron_var_run_t;
 +		type system_crond_var_run_t;
 +	')
 +
@ -20379,8 +20398,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/lib/PolicyKit-public(/.*)?			gen_context(system_u:object_r:polkit_var_lib_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.if serefpolicy-3.5.8/policy/modules/services/polkit.if
 --- nsaserefpolicy/policy/modules/services/polkit.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.8/policy/modules/services/polkit.if	2008-09-12 10:59:28.000000000 -0400
+++ serefpolicy-3.5.8/policy/modules/services/polkit.if	2008-09-16 15:04:25.000000000 -0400
-@@ -0,0 +1,212 @@
+@@ -0,0 +1,213 @@
 +
 +## <summary>policy for polkit_auth</summary>
 +
@ -20484,6 +20503,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	allow polkit_resolve_t $1:dir list_dir_perms;
 +	read_files_pattern(polkit_resolve_t, $1, $1)
 +	read_lnk_files_pattern(polkit_resolve_t, $1, $1)
 +	allow polkit_resolve_t $1:process getattr;
 +')
 +
 +########################################
@ -27459,7 +27479,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 /var/lib/pam_devperm/:0	--	gen_context(system_u:object_r:xdm_var_lib_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.5.8/policy/modules/services/xserver.if
 --- nsaserefpolicy/policy/modules/services/xserver.if	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.8/policy/modules/services/xserver.if	2008-09-12 10:59:29.000000000 -0400
+++ serefpolicy-3.5.8/policy/modules/services/xserver.if	2008-09-17 07:35:23.000000000 -0400
@@ -16,6 +16,7 @@
 	gen_require(`
 		type xkb_var_lib_t, xserver_exec_t, xserver_log_t;
@ -33260,7 +33280,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/root(/.*)?	 	gen_context(system_u:object_r:admin_home_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.5.8/policy/modules/system/userdomain.if
 --- nsaserefpolicy/policy/modules/system/userdomain.if	2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.8/policy/modules/system/userdomain.if	2008-09-16 09:56:01.000000000 -0400
+++ serefpolicy-3.5.8/policy/modules/system/userdomain.if	2008-09-17 07:27:44.000000000 -0400
@@ -28,10 +28,14 @@
 		class context contains;
 	')
@ -34287,7 +34307,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 	typeattribute $1_tty_device_t user_ttynode;
 	##############################
-@@ -1042,12 +1029,24 @@
+@@ -1042,12 +1029,25 @@
 	#
 	# privileged home directory writers
@ -34313,12 +34333,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +		')
 +		optional_policy(`
 +			cups_dbus_chat($1_usertype)
 +			cups_dbus_chat_config($1_usertype)
 +		')
 +	')
 	optional_policy(`
 		loadkeys_run($1_t,$1_r,$1_tty_device_t)
-@@ -1087,14 +1086,16 @@
+@@ -1087,14 +1087,16 @@
 	#
 	authlogin_per_role_template($1, $1_t, $1_r)
@ -34340,7 +34361,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 	logging_dontaudit_send_audit_msgs($1_t)
 	# Need to to this just so screensaver will work. Should be moved to screensaver domain
-@@ -1102,28 +1103,23 @@
+@@ -1102,28 +1104,23 @@
 	selinux_get_enforce_mode($1_t)
 	optional_policy(`
@ -34374,7 +34395,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 	')
 ')
-@@ -1134,8 +1130,7 @@
+@@ -1134,8 +1131,7 @@
 ## </summary>
 ## <desc>
 ##	<p>
@ -34384,7 +34405,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ##	</p>
 ##	<p>
 ##	This template creates a user domain, types, and
-@@ -1167,11 +1162,10 @@
+@@ -1167,11 +1163,10 @@
 	#
 	# port access is audited even if dac would not have allowed it, so dontaudit it here
@ -34397,7 +34418,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 	# cjp: why?
 	files_read_kernel_symbol_table($1_t)
-@@ -1189,36 +1183,49 @@
+@@ -1189,36 +1184,49 @@
 		')
 	')
@ -34460,7 +34481,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 	')
 ')
-@@ -1295,8 +1302,6 @@
+@@ -1295,8 +1303,6 @@
 	# Manipulate other users crontab.
 	allow $1_t self:passwd crontab;
@ -34469,7 +34490,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 	kernel_read_software_raid_state($1_t)
 	kernel_getattr_core_if($1_t)
 	kernel_getattr_message_if($1_t)
-@@ -1318,8 +1323,6 @@
+@@ -1318,8 +1324,6 @@
 	dev_getattr_generic_blk_files($1_t)
 	dev_getattr_generic_chr_files($1_t)
@ -34478,7 +34499,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 	# Allow MAKEDEV to work
 	dev_create_all_blk_files($1_t)
 	dev_create_all_chr_files($1_t)
-@@ -1374,13 +1377,6 @@
+@@ -1374,13 +1378,6 @@
 	# But presently necessary for installing the file_contexts file.
 	seutil_manage_bin_policy($1_t)
@ -34492,7 +34513,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 	optional_policy(`
 		postgresql_unconfined($1_t)
 	')
-@@ -1432,6 +1428,7 @@
+@@ -1432,6 +1429,7 @@
 	dev_relabel_all_dev_nodes($1)
 	files_create_boot_flag($1)
@ -34500,7 +34521,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 	# Necessary for managing /boot/efi
 	fs_manage_dos_files($1)
-@@ -1461,10 +1458,6 @@
+@@ -1461,10 +1459,6 @@
 	seutil_run_semanage($1,$2,$3)
 	seutil_run_setfiles($1, $2, $3)
@ -34511,7 +34532,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 	optional_policy(`
 		aide_run($1,$2, $3)
 	')
-@@ -1484,6 +1477,14 @@
+@@ -1484,6 +1478,14 @@
 	optional_policy(`
 		netlabel_run_mgmt($1,$2, $3)
 	')
@ -34526,7 +34547,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ')
 ########################################
-@@ -1741,11 +1742,15 @@
+@@ -1741,11 +1743,15 @@
 #
 template(`userdom_user_home_content',`
 	gen_require(`
@ -34545,7 +34566,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ')
 ########################################
-@@ -1841,11 +1846,11 @@
+@@ -1841,11 +1847,11 @@
 #
 template(`userdom_search_user_home_dirs',`
 	gen_require(`
@ -34559,7 +34580,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ')
 ########################################
-@@ -1875,11 +1880,11 @@
+@@ -1875,11 +1881,11 @@
 #
 template(`userdom_list_user_home_dirs',`
 	gen_require(`
@ -34573,7 +34594,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ')
 ########################################
-@@ -1923,12 +1928,12 @@
+@@ -1923,12 +1929,12 @@
 #
 template(`userdom_user_home_domtrans',`
 	gen_require(`
@ -34589,7 +34610,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ')
 ########################################
-@@ -1958,10 +1963,11 @@
+@@ -1958,10 +1964,11 @@
 #
 template(`userdom_dontaudit_list_user_home_dirs',`
 	gen_require(`
@ -34603,7 +34624,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ')
 ########################################
-@@ -1993,11 +1999,47 @@
+@@ -1993,11 +2000,47 @@
 #
 template(`userdom_manage_user_home_content_dirs',`
 	gen_require(`
@ -34653,7 +34674,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ')
 ########################################
-@@ -2029,10 +2071,10 @@
+@@ -2029,10 +2072,10 @@
 #
 template(`userdom_dontaudit_setattr_user_home_content_files',`
 	gen_require(`
@ -34666,7 +34687,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ')
 ########################################
-@@ -2062,11 +2104,11 @@
+@@ -2062,11 +2105,11 @@
 #
 template(`userdom_read_user_home_content_files',`
 	gen_require(`
@ -34680,7 +34701,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ')
 ########################################
-@@ -2096,11 +2138,11 @@
+@@ -2096,11 +2139,11 @@
 #
 template(`userdom_dontaudit_read_user_home_content_files',`
 	gen_require(`
@ -34695,7 +34716,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ')
 ########################################
-@@ -2130,10 +2172,14 @@
+@@ -2130,10 +2173,14 @@
 #
 template(`userdom_dontaudit_write_user_home_content_files',`
 	gen_require(`
@ -34712,7 +34733,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ')
 ########################################
-@@ -2163,11 +2209,11 @@
+@@ -2163,11 +2210,11 @@
 #
 template(`userdom_read_user_home_content_symlinks',`
 	gen_require(`
@ -34726,7 +34747,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ')
 ########################################
-@@ -2197,11 +2243,11 @@
+@@ -2197,11 +2244,11 @@
 #
 template(`userdom_exec_user_home_content_files',`
 	gen_require(`
@ -34740,7 +34761,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ')
 ########################################
-@@ -2231,10 +2277,10 @@
+@@ -2231,10 +2278,10 @@
 #
 template(`userdom_dontaudit_exec_user_home_content_files',`
 	gen_require(`
@ -34753,7 +34774,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ')
 ########################################
-@@ -2266,12 +2312,12 @@
+@@ -2266,12 +2313,12 @@
 #
 template(`userdom_manage_user_home_content_files',`
 	gen_require(`
@ -34769,7 +34790,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ')
 ########################################
-@@ -2303,10 +2349,10 @@
+@@ -2303,10 +2350,10 @@
 #
 template(`userdom_dontaudit_manage_user_home_content_dirs',`
 	gen_require(`
@ -34782,7 +34803,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ')
 ########################################
-@@ -2338,12 +2384,12 @@
+@@ -2338,12 +2385,12 @@
 #
 template(`userdom_manage_user_home_content_symlinks',`
 	gen_require(`
@ -34798,7 +34819,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ')
 ########################################
-@@ -2375,12 +2421,12 @@
+@@ -2375,12 +2422,12 @@
 #
 template(`userdom_manage_user_home_content_pipes',`
 	gen_require(`
@ -34814,7 +34835,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ')
 ########################################
-@@ -2412,12 +2458,12 @@
+@@ -2412,12 +2459,12 @@
 #
 template(`userdom_manage_user_home_content_sockets',`
 	gen_require(`
@ -34830,7 +34851,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ')
 ########################################
-@@ -2462,11 +2508,11 @@
+@@ -2462,11 +2509,11 @@
 #
 template(`userdom_user_home_dir_filetrans',`
 	gen_require(`
@ -34844,7 +34865,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ')
 ########################################
-@@ -2511,11 +2557,11 @@
+@@ -2511,11 +2558,11 @@
 #
 template(`userdom_user_home_content_filetrans',`
 	gen_require(`
@ -34858,7 +34879,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ')
 ########################################
-@@ -2555,11 +2601,11 @@
+@@ -2555,11 +2602,11 @@
 #
 template(`userdom_user_home_dir_filetrans_user_home_content',`
 	gen_require(`
@ -34872,7 +34893,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ')
 ########################################
-@@ -2589,11 +2635,11 @@
+@@ -2589,11 +2636,11 @@
 #
 template(`userdom_write_user_tmp_sockets',`
 	gen_require(`
@ -34886,7 +34907,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ')
 ########################################
-@@ -2623,11 +2669,11 @@
+@@ -2623,11 +2670,11 @@
 #
 template(`userdom_list_user_tmp',`
 	gen_require(`
@ -34900,7 +34921,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ')
 ########################################
-@@ -2659,10 +2705,10 @@
+@@ -2659,10 +2706,10 @@
 #
 template(`userdom_dontaudit_list_user_tmp',`
 	gen_require(`
@ -34913,7 +34934,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ')
 ########################################
-@@ -2694,10 +2740,10 @@
+@@ -2694,10 +2741,10 @@
 #
 template(`userdom_dontaudit_manage_user_tmp_dirs',`
 	gen_require(`
@ -34926,7 +34947,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ')
 ########################################
-@@ -2727,12 +2773,12 @@
+@@ -2727,12 +2774,12 @@
 #
 template(`userdom_read_user_tmp_files',`
 	gen_require(`
@ -34942,7 +34963,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ')
 ########################################
-@@ -2764,10 +2810,10 @@
+@@ -2764,10 +2811,10 @@
 #
 template(`userdom_dontaudit_read_user_tmp_files',`
 	gen_require(`
@ -34955,7 +34976,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ')
 ########################################
-@@ -2799,10 +2845,10 @@
+@@ -2799,10 +2846,10 @@
 #
 template(`userdom_dontaudit_append_user_tmp_files',`
 	gen_require(`
@ -34968,7 +34989,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ')
 ########################################
-@@ -2832,12 +2878,12 @@
+@@ -2832,12 +2879,12 @@
 #
 template(`userdom_rw_user_tmp_files',`
 	gen_require(`
@ -34984,7 +35005,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ')
 ########################################
-@@ -2869,10 +2915,10 @@
+@@ -2869,10 +2916,10 @@
 #
 template(`userdom_dontaudit_manage_user_tmp_files',`
 	gen_require(`
@ -34997,7 +35018,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ')
 ########################################
-@@ -2904,12 +2950,12 @@
+@@ -2904,12 +2951,12 @@
 #
 template(`userdom_read_user_tmp_symlinks',`
 	gen_require(`
@ -35013,7 +35034,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ')
 ########################################
-@@ -2941,11 +2987,11 @@
+@@ -2941,11 +2988,11 @@
 #
 template(`userdom_manage_user_tmp_dirs',`
 	gen_require(`
@ -35027,7 +35048,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ')
 ########################################
-@@ -2977,11 +3023,11 @@
+@@ -2977,11 +3024,11 @@
 #
 template(`userdom_manage_user_tmp_files',`
 	gen_require(`
@ -35041,7 +35062,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ')
 ########################################
-@@ -3013,11 +3059,11 @@
+@@ -3013,11 +3060,11 @@
 #
 template(`userdom_manage_user_tmp_symlinks',`
 	gen_require(`
@ -35055,7 +35076,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ')
 ########################################
-@@ -3049,11 +3095,11 @@
+@@ -3049,11 +3096,11 @@
 #
 template(`userdom_manage_user_tmp_pipes',`
 	gen_require(`
@ -35069,7 +35090,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ')
 ########################################
-@@ -3085,11 +3131,11 @@
+@@ -3085,11 +3132,11 @@
 #
 template(`userdom_manage_user_tmp_sockets',`
 	gen_require(`
@ -35083,7 +35104,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ')
 ########################################
-@@ -3134,10 +3180,10 @@
+@@ -3134,10 +3181,10 @@
 #
 template(`userdom_user_tmp_filetrans',`
 	gen_require(`
@ -35096,7 +35117,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 	files_search_tmp($2)
 ')
-@@ -3178,19 +3224,19 @@
+@@ -3178,19 +3225,19 @@
 #
 template(`userdom_tmp_filetrans_user_tmp',`
 	gen_require(`
@ -35120,7 +35141,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ##	</p>
 ##	<p>
 ##	This is a templated interface, and should only
-@@ -4616,11 +4662,11 @@
+@@ -4616,11 +4663,11 @@
 #
 interface(`userdom_search_all_users_home_dirs',`
 	gen_require(`
@ -35134,7 +35155,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ')
 ########################################
-@@ -4640,6 +4686,14 @@
+@@ -4640,6 +4687,14 @@
 	files_list_home($1)
 	allow $1 home_dir_type:dir list_dir_perms;
@ -35149,7 +35170,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ')
 ########################################
-@@ -4677,6 +4731,8 @@
+@@ -4677,6 +4732,8 @@
 	')
 	dontaudit $1 { home_dir_type home_type }:dir search_dir_perms;
@ -35158,7 +35179,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ')
 ########################################
-@@ -4721,6 +4777,25 @@
+@@ -4721,6 +4778,25 @@
 ########################################
 ## <summary>
@ -35184,7 +35205,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ##	Create, read, write, and delete all files
 ##	in all users home directories.
 ## </summary>
-@@ -4946,7 +5021,7 @@
+@@ -4946,7 +5022,7 @@
 ########################################
 ## <summary>
@ -35193,7 +35214,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -5318,7 +5393,7 @@
+@@ -5318,7 +5394,7 @@
 ########################################
 ## <summary>
@ -35202,7 +35223,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -5326,18 +5401,17 @@
+@@ -5326,18 +5402,17 @@
 ##	</summary>
 ## </param>
 #
@ -35225,7 +35246,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -5345,17 +5419,17 @@
+@@ -5345,17 +5420,17 @@
 ##	</summary>
 ## </param>
 #
@ -35247,7 +35268,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -5363,18 +5437,18 @@
+@@ -5363,18 +5438,18 @@
 ##	</summary>
 ## </param>
 #
@ -35271,7 +35292,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -5382,17 +5456,54 @@
+@@ -5382,17 +5457,54 @@
 ##	</summary>
 ## </param>
 #
@ -35330,7 +35351,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -5483,6 +5594,42 @@
+@@ -5483,6 +5595,42 @@
 ########################################
 ## <summary>
@ -35373,7 +35394,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ##	Send a dbus message to all user domains.
 ## </summary>
 ## <param name="domain">
-@@ -5513,3 +5660,524 @@
+@@ -5513,3 +5661,524 @@
 interface(`userdom_unconfined',`
 	refpolicywarn(`$0($*) has been deprecated.')
 ')