From 5bd265060219ab6ecb2e1ead1b5c15438409f2cd Mon Sep 17 00:00:00 2001
From: bauen1 <j2468h@gmail.com>
Date: Sun, 10 May 2020 08:47:34 +0200
Subject: [PATCH 1/3] dirmngr: allow to probe for tor

dirmngr will test if tor is running, even if it isn't and this check
fails dirmngr will fail to retrieve any keys, this is the default (see
https://www.gnupg.org/documentation/manuals/gnupg/Dirmngr-Options.html
for --use-tor)

Signed-off-by: bauen1 <j2468h@gmail.com>
---
 policy/modules/services/dirmngr.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/policy/modules/services/dirmngr.te b/policy/modules/services/dirmngr.te
index 52b10f7d0..f09699838 100644
--- a/policy/modules/services/dirmngr.te
+++ b/policy/modules/services/dirmngr.te
@@ -72,6 +72,7 @@ sysnet_dns_name_resolve(dirmngr_t)
 
 corenet_tcp_connect_http_port(dirmngr_t)
 corenet_tcp_connect_pgpkeyserver_port(dirmngr_t)
+corenet_tcp_connect_tor_port(dirmngr_t)
 corenet_udp_bind_generic_node(dirmngr_t)
 
 files_read_etc_files(dirmngr_t)

From a356bce2d4de3c94626ae49691ddd024384bcf33 Mon Sep 17 00:00:00 2001
From: bauen1 <j2468h@gmail.com>
Date: Sun, 10 May 2020 14:34:35 +0200
Subject: [PATCH 2/3] dirmngr: also requires access to /dev/urandom

Signed-off-by: bauen1 <j2468h@gmail.com>
---
 policy/modules/services/dirmngr.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/policy/modules/services/dirmngr.te b/policy/modules/services/dirmngr.te
index f09699838..0a13be193 100644
--- a/policy/modules/services/dirmngr.te
+++ b/policy/modules/services/dirmngr.te
@@ -67,6 +67,7 @@ files_pid_filetrans(dirmngr_t, dirmngr_runtime_t, { dir file })
 kernel_read_crypto_sysctls(dirmngr_t)
 
 dev_read_rand(dirmngr_t)
+dev_read_urand(dirmngr_t)
 
 sysnet_dns_name_resolve(dirmngr_t)
 

From 3cdae47364f98f1654ceaa8fce4d6d82456aefc5 Mon Sep 17 00:00:00 2001
From: bauen1 <j2468h@gmail.com>
Date: Sun, 10 May 2020 14:06:36 +0200
Subject: [PATCH 3/3] dirmngr: ~/.gnupg/crls.d might not exist

Signed-off-by: bauen1 <j2468h@gmail.com>
---
 policy/modules/services/dirmngr.te | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/policy/modules/services/dirmngr.te b/policy/modules/services/dirmngr.te
index 0a13be193..70acdfbae 100644
--- a/policy/modules/services/dirmngr.te
+++ b/policy/modules/services/dirmngr.te
@@ -43,8 +43,8 @@ allow dirmngr_t dirmngr_conf_t:dir list_dir_perms;
 allow dirmngr_t dirmngr_conf_t:file read_file_perms;
 allow dirmngr_t dirmngr_conf_t:lnk_file read_lnk_file_perms;
 
-allow dirmngr_t dirmngr_home_t:dir list_dir_perms;
-allow dirmngr_t dirmngr_home_t:file read_file_perms;
+manage_files_pattern(dirmngr_t, dirmngr_home_t, dirmngr_home_t)
+allow dirmngr_t dirmngr_home_t:dir { create_dir_perms add_entry_dir_perms list_dir_perms };
 
 manage_dirs_pattern(dirmngr_t, dirmngr_log_t, dirmngr_log_t)
 append_files_pattern(dirmngr_t, dirmngr_log_t, dirmngr_log_t)