Mozilla patch from Dan Walsh.
This commit is contained in:
Chris PeBenito
parent
36ded4bd36
commit
b77daab0ed
|
|
@ -45,6 +45,12 @@ interface(`mozilla_role',`
|
|||
relabel_dirs_pattern($2, mozilla_home_t, mozilla_home_t)
|
||||
relabel_files_pattern($2, mozilla_home_t, mozilla_home_t)
|
||||
relabel_lnk_files_pattern($2, mozilla_home_t, mozilla_home_t)
|
||||
|
||||
mozilla_dbus_chat($2)
|
||||
|
||||
optional_policy(`
|
||||
pulseaudio_role($1, mozilla_t)
|
||||
')
|
||||
')
|
||||
|
||||
########################################
|
||||
|
|
@ -64,6 +70,7 @@ interface(`mozilla_read_user_home_files',`
|
|||
|
||||
allow $1 mozilla_home_t:dir list_dir_perms;
|
||||
allow $1 mozilla_home_t:file read_file_perms;
|
||||
allow $1 mozilla_home_t:lnk_file read_lnk_file_perms;
|
||||
userdom_search_user_home_dirs($1)
|
||||
')
|
||||
|
||||
|
|
@ -86,6 +93,43 @@ interface(`mozilla_write_user_home_files',`
|
|||
userdom_search_user_home_dirs($1)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Dontaudit attempts to read/write mozilla home directory content
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`mozilla_dontaudit_rw_user_home_files',`
|
||||
gen_require(`
|
||||
type mozilla_home_t;
|
||||
')
|
||||
|
||||
dontaudit $1 mozilla_home_t:file rw_file_perms;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Dontaudit attempts to write mozilla home directory content
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`mozilla_dontaudit_manage_user_home_files',`
|
||||
gen_require(`
|
||||
type mozilla_home_t;
|
||||
')
|
||||
|
||||
dontaudit $1 mozilla_home_t:dir manage_dir_perms;
|
||||
dontaudit $1 mozilla_home_t:file manage_file_perms;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Run mozilla in the mozilla domain.
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(mozilla, 2.1.0)
|
||||
policy_module(mozilla, 2.1.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -59,6 +59,7 @@ manage_dirs_pattern(mozilla_t, mozilla_home_t, mozilla_home_t)
|
|||
manage_files_pattern(mozilla_t, mozilla_home_t, mozilla_home_t)
|
||||
manage_lnk_files_pattern(mozilla_t, mozilla_home_t, mozilla_home_t)
|
||||
userdom_search_user_home_dirs(mozilla_t)
|
||||
userdom_user_home_dir_filetrans(mozilla_t, mozilla_home_t, dir)
|
||||
|
||||
# Mozpluggerrc
|
||||
allow mozilla_t mozilla_conf_t:file read_file_perms;
|
||||
|
|
@ -97,6 +98,7 @@ corenet_tcp_connect_http_cache_port(mozilla_t)
|
|||
corenet_tcp_connect_ftp_port(mozilla_t)
|
||||
corenet_tcp_connect_ipp_port(mozilla_t)
|
||||
corenet_tcp_connect_generic_port(mozilla_t)
|
||||
corenet_tcp_connect_soundd_port(mozilla_t)
|
||||
corenet_sendrecv_http_client_packets(mozilla_t)
|
||||
corenet_sendrecv_http_cache_client_packets(mozilla_t)
|
||||
corenet_sendrecv_ftp_client_packets(mozilla_t)
|
||||
|
|
@ -114,6 +116,8 @@ dev_read_sound(mozilla_t)
|
|||
dev_dontaudit_rw_dri(mozilla_t)
|
||||
dev_getattr_sysfs_dirs(mozilla_t)
|
||||
|
||||
domain_dontaudit_read_all_domains_state(mozilla_t)
|
||||
|
||||
files_read_etc_runtime_files(mozilla_t)
|
||||
files_read_usr_files(mozilla_t)
|
||||
files_read_etc_files(mozilla_t)
|
||||
|
|
@ -231,6 +235,10 @@ optional_policy(`
|
|||
optional_policy(`
|
||||
dbus_system_bus_client(mozilla_t)
|
||||
dbus_session_bus_client(mozilla_t)
|
||||
|
||||
optional_policy(`
|
||||
networkmanager_dbus_chat(mozilla_t)
|
||||
')
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
|
|
|||
Loading…
Reference in New Issue