Rearrange mozilla tmp rules.

2011-05-04 09:15:28 -04:00 · 2011-05-04 09:15:28 -04:00 · 72b54e5f98
parent f28f89acb8
commit 72b54e5f98
1 changed files with 10 additions and 10 deletions
--- a/policy/modules/apps/mozilla.te
+++ b/policy/modules/apps/mozilla.te
@ -27,18 +27,18 @@ typealias mozilla_home_t alias { user_mozilla_home_t staff_mozilla_home_t sysadm
 typealias mozilla_home_t alias { auditadm_mozilla_home_t secadm_mozilla_home_t };
 userdom_user_home_content(mozilla_home_t)

-type mozilla_tmpfs_t;
-typealias mozilla_tmpfs_t alias { user_mozilla_tmpfs_t staff_mozilla_tmpfs_t sysadm_mozilla_tmpfs_t };
-typealias mozilla_tmpfs_t alias { auditadm_mozilla_tmpfs_t secadm_mozilla_tmpfs_t };
-files_tmpfs_file(mozilla_tmpfs_t)
-ubac_constrained(mozilla_tmpfs_t)
-
 type mozilla_tmp_t;
 typealias mozilla_tmp_t alias { user_mozilla_tmp_t staff_mozilla_tmp_t sysadm_mozilla_tmp_t };
 typealias mozilla_tmp_t alias { auditadm_mozilla_t secadm_mozilla_t };
 files_tmp_file(mozilla_tmp_t)
 ubac_constrained(mozilla_tmp_t)

+type mozilla_tmpfs_t;
+typealias mozilla_tmpfs_t alias { user_mozilla_tmpfs_t staff_mozilla_tmpfs_t sysadm_mozilla_tmpfs_t };
+typealias mozilla_tmpfs_t alias { auditadm_mozilla_tmpfs_t secadm_mozilla_tmpfs_t };
+files_tmpfs_file(mozilla_tmpfs_t)
+ubac_constrained(mozilla_tmpfs_t)
+
 ########################################
 #
 # Local policy
@ -68,16 +68,16 @@ userdom_user_home_dir_filetrans(mozilla_t, mozilla_home_t, dir)
 # Mozpluggerrc
 allow mozilla_t mozilla_conf_t:file read_file_perms;

+manage_files_pattern(mozilla_t, mozilla_tmp_t, mozilla_tmp_t)
+manage_dirs_pattern(mozilla_t, mozilla_tmp_t, mozilla_tmp_t)
+files_tmp_filetrans(mozilla_t, mozilla_tmp_t, { file dir })
+
 manage_files_pattern(mozilla_t, mozilla_tmpfs_t, mozilla_tmpfs_t)
 manage_lnk_files_pattern(mozilla_t, mozilla_tmpfs_t, mozilla_tmpfs_t)
 manage_fifo_files_pattern(mozilla_t, mozilla_tmpfs_t, mozilla_tmpfs_t)
 manage_sock_files_pattern(mozilla_t, mozilla_tmpfs_t, mozilla_tmpfs_t)
 fs_tmpfs_filetrans(mozilla_t, mozilla_tmpfs_t, { file lnk_file sock_file fifo_file })

-manage_files_pattern(mozilla_t, mozilla_tmp_t, mozilla_tmp_t)
-manage_dirs_pattern(mozilla_t, mozilla_tmp_t, mozilla_tmp_t)
-files_tmp_filetrans(mozilla_t, mozilla_tmp_t, { file dir })
-
 kernel_read_kernel_sysctls(mozilla_t)
 kernel_read_network_state(mozilla_t)
 # Access /proc, sysctl