From d29486d4cf32ebbf4047bda6ca7c2a57d47d6d57 Mon Sep 17 00:00:00 2001
From: Jason Zaman <jason@perfinion.com>
Date: Thu, 14 Dec 2017 02:15:35 +0800
Subject: [PATCH] userdomain: Allow public content access

All are allowed read access to readonly files.
unpriv and admin users are allowed rw access to public rw files.
---
 policy/modules/system/userdomain.if | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
index 11b15dbbf..a284067af 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -868,6 +868,7 @@ template(`userdom_login_user_template', `
 	miscfiles_read_man_pages($1_t)
 	# map is needed for man-dbs apropos program
 	miscfiles_map_man_cache($1_t)
+	miscfiles_read_public_files($1_t)
 	# for running TeX programs
 	miscfiles_read_tetex_data($1_t)
 	miscfiles_exec_tetex_data($1_t)
@@ -1067,6 +1068,8 @@ template(`userdom_unpriv_user_template', `
 
 	files_exec_usr_files($1_t)
 
+	miscfiles_manage_public_files($1_t)
+
 	tunable_policy(`user_dmesg',`
 		kernel_read_ring_buffer($1_t)
 	',`