gpg patch from dan.

gpg sends sigstop and signull

Reads usb devices

Can encrypts users content in /tmp and the homedir, as well as on NFS and cifs

policy/modules/apps/gpg.if

@@ -30,7 +30,7 @@ interface(`gpg_role',`
 
 	# allow ps to show gpg
 	ps_process_pattern($2, gpg_t)
-	allow $2 gpg_t:process { signal sigkill };
+	allow $2 gpg_t:process { signull sigstop signal sigkill };
 
 	# communicate with the user 
 	allow gpg_helper_t $2:fd use;

policy/modules/apps/gpg.te

@@ -1,5 +1,5 @@
 
-policy_module(gpg, 2.1.0)
+policy_module(gpg, 2.1.1)
 
 ########################################
 #
@@ -92,6 +92,7 @@ corenet_sendrecv_all_client_packets(gpg_t)
 
 dev_read_rand(gpg_t)
 dev_read_urand(gpg_t)
+dev_read_generic_usb_dev(gpg_t)
 
 fs_getattr_xattr_fs(gpg_t)
 
@@ -145,13 +146,18 @@ files_read_etc_files(gpg_helper_t)
 auth_use_nsswitch(gpg_helper_t)
 
 userdom_use_user_terminals(gpg_helper_t)
+# sign/encrypt user files
+userdom_manage_user_tmp_files(gpg_t)
+userdom_manage_user_home_content_files(gpg_t)
 
 tunable_policy(`use_nfs_home_dirs',`
-	fs_dontaudit_rw_nfs_files(gpg_helper_t)
+	fs_manage_nfs_dirs(gpg_t)
+	fs_manage_nfs_files(gpg_t)
 ')
 
 tunable_policy(`use_samba_home_dirs',`
-	fs_dontaudit_rw_cifs_files(gpg_helper_t)
+	fs_manage_cifs_dirs(gpg_t)
+	fs_manage_cifs_files(gpg_t)
 ')
 
 optional_policy(`