From 75c8a691ee7c861ffa293a9ebd86c3c829da108e Mon Sep 17 00:00:00 2001
From: Jeremy Solt <jsolt@tresys.com>
Date: Mon, 22 Mar 2010 11:34:54 -0400
Subject: [PATCH] gitosis read/manage lib interfaces from Dan Walsh

Only giving manage_files_pattern for gitosis_manage_lib_files
---
 policy/modules/apps/gitosis.if | 41 ++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)

diff --git a/policy/modules/apps/gitosis.if b/policy/modules/apps/gitosis.if
index d9d222dc..a4f34916 100644
--- a/policy/modules/apps/gitosis.if
+++ b/policy/modules/apps/gitosis.if
@@ -43,3 +43,44 @@ interface(`gitosis_run',`
 	role $2 types gitosis_t;
 ')
 
+#######################################
+## <summary>
+##	Allow the specified domain to read
+##	gitosis lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`gitosis_read_lib_files',`
+	gen_require(`
+		type gitosis_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	read_files_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
+	read_lnk_files_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
+	list_dirs_pattern(%1, gitosis_var_lib_t, gitosis_var_lib_t)
+')
+
+######################################
+## <summary>
+##	Allow the specified domain to manage
+##	gitosis lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`gitosis_manage_lib_files',`
+	gen_require(`
+		type gitosis_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	manage_files_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
+')