- Update policy for mozilla_plugin_t
This commit is contained in:
Dan Walsh
parent
63265668f0
commit
3cacc01467
@ -4846,7 +4846,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
|
|||||||
## </summary>
|
## </summary>
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.te serefpolicy-3.8.8/policy/modules/apps/mozilla.te
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.te serefpolicy-3.8.8/policy/modules/apps/mozilla.te
|
||||||
--- nsaserefpolicy/policy/modules/apps/mozilla.te 2010-07-27 16:06:04.000000000 -0400
|
--- nsaserefpolicy/policy/modules/apps/mozilla.te 2010-07-27 16:06:04.000000000 -0400
|
||||||
+++ serefpolicy-3.8.8/policy/modules/apps/mozilla.te 2010-08-23 17:58:35.000000000 -0400
|
+++ serefpolicy-3.8.8/policy/modules/apps/mozilla.te 2010-08-23 18:10:04.000000000 -0400
|
||||||
@@ -25,6 +25,7 @@
|
@@ -25,6 +25,7 @@
|
||||||
type mozilla_home_t;
|
type mozilla_home_t;
|
||||||
typealias mozilla_home_t alias { user_mozilla_home_t staff_mozilla_home_t sysadm_mozilla_home_t };
|
typealias mozilla_home_t alias { user_mozilla_home_t staff_mozilla_home_t sysadm_mozilla_home_t };
|
||||||
@ -4928,7 +4928,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
|
|||||||
+
|
+
|
||||||
+read_files_pattern(mozilla_plugin_t, mozilla_home_t, mozilla_home_t)
|
+read_files_pattern(mozilla_plugin_t, mozilla_home_t, mozilla_home_t)
|
||||||
+
|
+
|
||||||
+kernel_request_load_module(podsleuth_plugin_t)
|
+kernel_request_load_module(mozilla_plugin_t)
|
||||||
+
|
+
|
||||||
+corecmd_exec_bin(mozilla_plugin_t)
|
+corecmd_exec_bin(mozilla_plugin_t)
|
||||||
+corecmd_exec_shell(mozilla_plugin_t)
|
+corecmd_exec_shell(mozilla_plugin_t)
|
||||||
@ -9734,7 +9734,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesy
|
|||||||
#
|
#
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-3.8.8/policy/modules/kernel/kernel.if
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-3.8.8/policy/modules/kernel/kernel.if
|
||||||
--- nsaserefpolicy/policy/modules/kernel/kernel.if 2010-07-27 16:12:33.000000000 -0400
|
--- nsaserefpolicy/policy/modules/kernel/kernel.if 2010-07-27 16:12:33.000000000 -0400
|
||||||
+++ serefpolicy-3.8.8/policy/modules/kernel/kernel.if 2010-08-23 17:02:01.000000000 -0400
|
+++ serefpolicy-3.8.8/policy/modules/kernel/kernel.if 2010-08-23 18:10:26.000000000 -0400
|
||||||
@@ -698,6 +698,26 @@
|
@@ -698,6 +698,26 @@
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@ -32490,7 +32490,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.if
|
|||||||
## <rolecap/>
|
## <rolecap/>
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te serefpolicy-3.8.8/policy/modules/system/lvm.te
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te serefpolicy-3.8.8/policy/modules/system/lvm.te
|
||||||
--- nsaserefpolicy/policy/modules/system/lvm.te 2010-07-27 16:06:06.000000000 -0400
|
--- nsaserefpolicy/policy/modules/system/lvm.te 2010-07-27 16:06:06.000000000 -0400
|
||||||
+++ serefpolicy-3.8.8/policy/modules/system/lvm.te 2010-07-30 14:06:53.000000000 -0400
|
+++ serefpolicy-3.8.8/policy/modules/system/lvm.te 2010-08-23 18:10:53.000000000 -0400
|
||||||
@@ -141,6 +141,11 @@
|
@@ -141,6 +141,11 @@
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -32511,9 +32511,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te
|
|||||||
allow lvm_t self:file rw_file_perms;
|
allow lvm_t self:file rw_file_perms;
|
||||||
allow lvm_t self:fifo_file manage_fifo_file_perms;
|
allow lvm_t self:fifo_file manage_fifo_file_perms;
|
||||||
allow lvm_t self:unix_dgram_socket create_socket_perms;
|
allow lvm_t self:unix_dgram_socket create_socket_perms;
|
||||||
@@ -211,11 +217,13 @@
|
@@ -210,12 +216,15 @@
|
||||||
|
files_etc_filetrans(lvm_t, lvm_metadata_t, file)
|
||||||
files_search_mnt(lvm_t)
|
files_search_mnt(lvm_t)
|
||||||
|
|
||||||
|
+kernel_get_sysvipc_info(lvm_t)
|
||||||
kernel_read_system_state(lvm_t)
|
kernel_read_system_state(lvm_t)
|
||||||
+kernel_read_kernel_sysctls(lvm_t)
|
+kernel_read_kernel_sysctls(lvm_t)
|
||||||
# Read system variables in /proc/sys
|
# Read system variables in /proc/sys
|
||||||
@ -32525,7 +32527,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te
|
|||||||
kernel_search_debugfs(lvm_t)
|
kernel_search_debugfs(lvm_t)
|
||||||
|
|
||||||
corecmd_exec_bin(lvm_t)
|
corecmd_exec_bin(lvm_t)
|
||||||
@@ -242,6 +250,7 @@
|
@@ -242,6 +251,7 @@
|
||||||
dev_dontaudit_getattr_generic_blk_files(lvm_t)
|
dev_dontaudit_getattr_generic_blk_files(lvm_t)
|
||||||
dev_dontaudit_getattr_generic_pipes(lvm_t)
|
dev_dontaudit_getattr_generic_pipes(lvm_t)
|
||||||
dev_create_generic_dirs(lvm_t)
|
dev_create_generic_dirs(lvm_t)
|
||||||
@ -32533,7 +32535,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te
|
|||||||
|
|
||||||
domain_use_interactive_fds(lvm_t)
|
domain_use_interactive_fds(lvm_t)
|
||||||
domain_read_all_domains_state(lvm_t)
|
domain_read_all_domains_state(lvm_t)
|
||||||
@@ -251,8 +260,9 @@
|
@@ -251,8 +261,9 @@
|
||||||
files_read_etc_runtime_files(lvm_t)
|
files_read_etc_runtime_files(lvm_t)
|
||||||
# for when /usr is not mounted:
|
# for when /usr is not mounted:
|
||||||
files_dontaudit_search_isid_type_dirs(lvm_t)
|
files_dontaudit_search_isid_type_dirs(lvm_t)
|
||||||
@ -32544,7 +32546,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te
|
|||||||
fs_search_auto_mountpoints(lvm_t)
|
fs_search_auto_mountpoints(lvm_t)
|
||||||
fs_list_tmpfs(lvm_t)
|
fs_list_tmpfs(lvm_t)
|
||||||
fs_read_tmpfs_symlinks(lvm_t)
|
fs_read_tmpfs_symlinks(lvm_t)
|
||||||
@@ -262,6 +272,7 @@
|
@@ -262,6 +273,7 @@
|
||||||
|
|
||||||
mls_file_read_all_levels(lvm_t)
|
mls_file_read_all_levels(lvm_t)
|
||||||
mls_file_write_to_clearance(lvm_t)
|
mls_file_write_to_clearance(lvm_t)
|
||||||
@ -32552,7 +32554,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te
|
|||||||
|
|
||||||
selinux_get_fs_mount(lvm_t)
|
selinux_get_fs_mount(lvm_t)
|
||||||
selinux_validate_context(lvm_t)
|
selinux_validate_context(lvm_t)
|
||||||
@@ -309,6 +320,11 @@
|
@@ -309,6 +321,11 @@
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -32564,7 +32566,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te
|
|||||||
bootloader_rw_tmp_files(lvm_t)
|
bootloader_rw_tmp_files(lvm_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@@ -329,6 +345,10 @@
|
@@ -329,6 +346,10 @@
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user