RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

java: reduce the scope of the pattern in for java entry points 

The following pattern seems to match much more than intended:

    /usr/(.*/)?bin/java[^-]*

According to the commit which introduced it
(0190325c18),
the aim was to match java1.4, java5, java6, and not java-config nor
java-check-environment. The issue is that the pattern also matches
sub-directories such as:

    /usr/share/my-application/bin/java/myfile

Prevent this by adding / in the character blacklist of the pattern.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
This commit is contained in:
Nicolas Iooss 2019-08-21 21:41:11 +02:00
parent 230262368b
commit 3d97e06a8d
No known key found for this signature in database
GPG Key ID: C191415F340DAAA0
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
policy/modules/apps/java.fc
View File

@ -5,7 +5,7 @@ HOME_DIR/\.java(/.*)? gen_context(system_u:object_r:java_home_t,s0)
/opt/local/matlab.*/bin.*/MATLAB.* -- gen_context(system_u:object_r:java_exec_t,s0)
/opt/matlab.*/bin.*/MATLAB.* -- gen_context(system_u:object_r:java_exec_t,s0)
/usr/(.*/)?bin/java[^-]* -- gen_context(system_u:object_r:java_exec_t,s0)
/usr/(.*/)?bin/java[^/-]* -- gen_context(system_u:object_r:java_exec_t,s0)
/usr/bin/fastjar -- gen_context(system_u:object_r:java_exec_t,s0)
/usr/bin/frysk -- gen_context(system_u:object_r:java_exec_t,s0)
/usr/bin/gappletviewer -- gen_context(system_u:object_r:java_exec_t,s0)