Add policy for mediawiki

policy/modules/apps/mediawiki.fc

@@ -0,0 +1,10 @@
+
+/usr/lib(64)?/mediawiki/math/texvc	--	gen_context(system_u:object_r:httpd_mediawiki_script_exec_t,s0)	
+/usr/lib(64)?/mediawiki/math/texvc_tex --      gen_context(system_u:object_r:httpd_mediawiki_script_exec_t,s0)
+/usr/lib(64)?/mediawiki/math/texvc_tes --      gen_context(system_u:object_r:httpd_mediawiki_script_exec_t,s0)
+
+/var/www/wiki(/.*)?		  gen_context(system_u:object_r:httpd_mediawiki_rw_content_t,s0)
+
+/var/www/wiki/.*\.php    --           gen_context(system_u:object_r:httpd_mediawiki_content_t,s0)
+
+/usr/share/mediawiki(/.*)?	  gen_context(system_u:object_r:httpd_mediawiki_content_t,s0)

policy/modules/apps/mediawiki.if

@@ -0,0 +1,40 @@
+## <summary>Mediawiki policy</summary>
+
+#######################################
+## <summary>
+##      Allow the specified domain to read
+##      mediawiki tmp files.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+interface(`mediawiki_read_tmp_files',`
+        gen_require(`
+                type httpd_mediawiki_tmp_t;
+        ')
+
+        files_search_tmp($1)
+        read_files_pattern($1, httpd_mediawiki_tmp_t, httpd_mediawiki_tmp_t)
+	read_lnk_files_pattern($1, httpd_mediawiki_tmp_t, httpd_mediawiki_tmp_t)
+')
+
+#######################################
+## <summary>
+##      Delete mediawiki tmp files.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+interface(`mediawiki_delete_tmp_files',`
+        gen_require(`
+                type httpd_mediawiki_tmp_t;
+        ')
+
+        delete_files_pattern($1, httpd_mediawiki_tmp_t, httpd_mediawiki_tmp_t)
+')

policy/modules/apps/mediawiki.te

@@ -0,0 +1,35 @@
+
+policy_module(mediawiki, 1.0)
+
+########################################
+#
+# Declarations
+#
+
+apache_content_template(mediawiki)
+
+type httpd_mediawiki_tmp_t;
+files_tmp_file(httpd_mediawiki_tmp_t)
+
+permissive httpd_mediawiki_script_t;
+
+########################################
+#
+# mediawiki local policy
+#
+
+manage_dirs_pattern(httpd_mediawiki_script_t, httpd_mediawiki_tmp_t, httpd_mediawiki_tmp_t)
+manage_files_pattern(httpd_mediawiki_script_t, httpd_mediawiki_tmp_t, httpd_mediawiki_tmp_t)
+manage_lnk_files_pattern(httpd_mediawiki_script_t, httpd_mediawiki_tmp_t, httpd_mediawiki_tmp_t)
+files_tmp_filetrans(httpd_mediawiki_script_t, httpd_mediawiki_tmp_t, { file dir lnk_file })
+
+files_search_var_lib(httpd_mediawiki_script_t)
+
+userdom_read_user_tmp_files(httpd_mediawiki_script_t)
+
+miscfiles_read_tetex_data(httpd_mediawiki_script_t)
+
+optional_policy(`
+	apache_dontaudit_rw_tmp_files(httpd_mediawiki_script_t)
+')
+

policy/modules/kernel/corecommands.fc

@@ -273,6 +273,7 @@ ifdef(`distro_gentoo',`
 /usr/share/shorewall-lite(/.*)? 	gen_context(system_u:object_r:bin_t,s0)
 /usr/share/shorewall6-lite(/.*)?	gen_context(system_u:object_r:bin_t,s0)
 /usr/share/spamassassin/sa-update\.cron gen_context(system_u:object_r:bin_t,s0)
+/usr/share/texmf/texconfig/tcfmgr --	gen_context(system_u:object_r:bin_t,s0)
 /usr/share/turboprint/lib(/.*)?	--	gen_context(system_u:object_r:bin_t,s0)
 /usr/share/vhostmd/scripts(/.*)?	gen_context(system_u:object_r:bin_t,s0)
 

policy/modules/services/apache.te

@@ -717,6 +717,11 @@ optional_policy(`
 	mailman_read_archive(httpd_t)
 ')
 
+optional_policy(`
+	mediawiki_read_tmp_files(httpd_t)
+	mediawiki_delete_tmp_files(httpd_t)
+')
+
 optional_policy(`
 	# Allow httpd to work with mysql
 	mysql_read_config(httpd_t)