From e311e23a44c7e9c064a1034aea8ae0189fda1859 Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Tue, 1 Jul 2008 13:57:53 +0000
Subject: [PATCH] trunk: Fix httpd_enable_homedirs to actually provide the
 access it is supposed to provide.

---
 Changelog                         |  2 ++
 policy/modules/services/apache.te | 14 +++++++++++++-
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/Changelog b/Changelog
index 8289f4a6..546fc530 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,5 @@
+- Fix httpd_enable_homedirs to actually provide the access it is supposed to
+  provide.
 - Add unused interface/template parameter metadata in XML.
 - Patch to handle postfix data_directory from Vaclav Ovsik.
 - SE-Postgresql policy from KaiGai Kohei.
diff --git a/policy/modules/services/apache.te b/policy/modules/services/apache.te
index 7ab5e643..d9ec8238 100644
--- a/policy/modules/services/apache.te
+++ b/policy/modules/services/apache.te
@@ -1,5 +1,5 @@
 
-policy_module(apache, 1.9.3)
+policy_module(apache, 1.9.4)
 
 #
 # NOTES: 
@@ -394,6 +394,10 @@ tunable_policy(`httpd_enable_ftp_server',`
 	corenet_tcp_bind_ftp_port(httpd_t)
 ')
 
+tunable_policy(`httpd_enable_homedirs',`
+	userdom_read_unpriv_users_home_content_files(httpd_t)
+')
+
 tunable_policy(`httpd_enable_homedirs && use_nfs_home_dirs',`
 	fs_read_nfs_files(httpd_t)
 	fs_read_nfs_symlinks(httpd_t)
@@ -634,6 +638,10 @@ tunable_policy(`httpd_enable_cgi && httpd_unified',`
 	domtrans_pattern(httpd_suexec_t, httpdcontent, httpd_sys_script_t)
 ')
 
+tunable_policy(`httpd_enable_homedirs',`
+	userdom_read_unpriv_users_home_content_files(httpd_suexec_t)
+')
+
 tunable_policy(`httpd_enable_homedirs && use_nfs_home_dirs',`
 	fs_read_nfs_files(httpd_suexec_t)
 	fs_read_nfs_symlinks(httpd_suexec_t)
@@ -688,6 +696,10 @@ ifdef(`distro_redhat',`
 	allow httpd_sys_script_t httpd_log_t:file { getattr append };
 ')
 
+tunable_policy(`httpd_enable_homedirs',`
+	userdom_read_unpriv_users_home_content_files(httpd_sys_script_t)
+')
+
 tunable_policy(`httpd_enable_homedirs && use_nfs_home_dirs',`
 	fs_read_nfs_files(httpd_sys_script_t)
 	fs_read_nfs_symlinks(httpd_sys_script_t)