trunk: Fix httpd_enable_homedirs to actually provide the access it is supposed to provide.

Changelog

@@ -1,3 +1,5 @@
+- Fix httpd_enable_homedirs to actually provide the access it is supposed to
+  provide.
 - Add unused interface/template parameter metadata in XML.
 - Patch to handle postfix data_directory from Vaclav Ovsik.
 - SE-Postgresql policy from KaiGai Kohei.

policy/modules/services/apache.te

@@ -1,5 +1,5 @@
 
-policy_module(apache, 1.9.3)
+policy_module(apache, 1.9.4)
 
 #
 # NOTES: 
@@ -394,6 +394,10 @@ tunable_policy(`httpd_enable_ftp_server',`
 	corenet_tcp_bind_ftp_port(httpd_t)
 ')
 
+tunable_policy(`httpd_enable_homedirs',`
+	userdom_read_unpriv_users_home_content_files(httpd_t)
+')
+
 tunable_policy(`httpd_enable_homedirs && use_nfs_home_dirs',`
 	fs_read_nfs_files(httpd_t)
 	fs_read_nfs_symlinks(httpd_t)
@@ -634,6 +638,10 @@ tunable_policy(`httpd_enable_cgi && httpd_unified',`
 	domtrans_pattern(httpd_suexec_t, httpdcontent, httpd_sys_script_t)
 ')
 
+tunable_policy(`httpd_enable_homedirs',`
+	userdom_read_unpriv_users_home_content_files(httpd_suexec_t)
+')
+
 tunable_policy(`httpd_enable_homedirs && use_nfs_home_dirs',`
 	fs_read_nfs_files(httpd_suexec_t)
 	fs_read_nfs_symlinks(httpd_suexec_t)
@@ -688,6 +696,10 @@ ifdef(`distro_redhat',`
 	allow httpd_sys_script_t httpd_log_t:file { getattr append };
 ')
 
+tunable_policy(`httpd_enable_homedirs',`
+	userdom_read_unpriv_users_home_content_files(httpd_sys_script_t)
+')
+
 tunable_policy(`httpd_enable_homedirs && use_nfs_home_dirs',`
 	fs_read_nfs_files(httpd_sys_script_t)
 	fs_read_nfs_symlinks(httpd_sys_script_t)