Fix gnome_setattr_config_home
Allow exec of sandbox_file_type by calling apps Fix typos
This commit is contained in:
		
							parent
							
								
									3034a8d941
								
							
						
					
					
						commit
						5ef740e54b
					
				| @ -256,25 +256,6 @@ template(`gnome_read_config',` | ||||
| 	read_lnk_files_pattern($1, gnome_home_type, gnome_home_type) | ||||
| ') | ||||
| 
 | ||||
| ######################################## | ||||
| ## <summary> | ||||
| ##	Set attributes of Gnome config dirs. | ||||
| ## </summary> | ||||
| ## <param name="domain"> | ||||
| ##	<summary> | ||||
| ##	Domain allowed access. | ||||
| ##	</summary> | ||||
| ## </param> | ||||
| # | ||||
| interface(`gnome_setattr_config_dirs',` | ||||
| 	gen_require(` | ||||
| 		type gnome_home_t; | ||||
| 	') | ||||
| 
 | ||||
| 	setattr_dirs_pattern($1, gnome_home_t, gnome_home_t) | ||||
| 	files_search_home($1) | ||||
| ') | ||||
| 
 | ||||
| ######################################## | ||||
| ## <summary> | ||||
| ##	Create objects in a Gnome gconf home directory | ||||
| @ -506,6 +487,25 @@ template(`gnome_list_home_config',` | ||||
| 	allow $1 config_home_t:dir list_dir_perms; | ||||
| ') | ||||
| 
 | ||||
| ######################################## | ||||
| ## <summary> | ||||
| ##	Set attributes of gnome homedir content (.config) | ||||
| ## </summary> | ||||
| ## <param name="domain"> | ||||
| ##	<summary> | ||||
| ##	Domain allowed access. | ||||
| ##	</summary> | ||||
| ## </param> | ||||
| # | ||||
| template(`gnome_setattr_home_config',` | ||||
| 	gen_require(` | ||||
| 		type config_home_t; | ||||
| 	') | ||||
| 
 | ||||
| 	setattr_dirs_pattern($1, config_home_t, config_home_t) | ||||
| 	userdom_search_user_home_dirs($1) | ||||
| ') | ||||
| 
 | ||||
| ######################################## | ||||
| ## <summary> | ||||
| ##	read gnome homedir content (.config) | ||||
|  | ||||
| @ -358,7 +358,7 @@ optional_policy(` | ||||
| 
 | ||||
| optional_policy(` | ||||
| 	gnome_manage_home_config(mozilla_plugin_t) | ||||
| 	gnome_setattr_config_dirs(mozilla_plugin_t) | ||||
| 	gnome_setattr_home_config(mozilla_plugin_t) | ||||
| ') | ||||
| 
 | ||||
| optional_policy(` | ||||
|  | ||||
| @ -219,6 +219,7 @@ interface(`pulseaudio_read_home_files',` | ||||
| 
 | ||||
| 	userdom_search_user_home_dirs($1) | ||||
| 	read_files_pattern($1, pulseaudio_home_t, pulseaudio_home_t) | ||||
| 	read_lnk_files_pattern($1, pulseaudio_home_t, pulseaudio_home_t) | ||||
| ') | ||||
| 
 | ||||
| ######################################## | ||||
| @ -237,6 +238,7 @@ interface(`pulseaudio_rw_home_files',` | ||||
| 	') | ||||
| 
 | ||||
| 	rw_files_pattern($1, pulseaudio_home_t, pulseaudio_home_t) | ||||
| 	read_lnk_files_pattern($1, pulseaudio_home_t, pulseaudio_home_t) | ||||
| 	userdom_search_user_home_dirs($1) | ||||
| ') | ||||
| 
 | ||||
|  | ||||
| @ -54,6 +54,7 @@ interface(`sandbox_transition',` | ||||
| 	allow $1 sandbox_tmpfs_type:file manage_file_perms; | ||||
| 	dontaudit $1 sandbox_tmpfs_type:file manage_file_perms; | ||||
| 
 | ||||
| 	can_exec($1, sandbox_file_type) | ||||
| 	manage_files_pattern($1, sandbox_file_type, sandbox_file_type); | ||||
| 	manage_dirs_pattern($1, sandbox_file_type, sandbox_file_type); | ||||
| 	manage_sock_files_pattern($1, sandbox_file_type, sandbox_file_type); | ||||
|  | ||||
| @ -70,8 +70,6 @@ dev_read_urand(telepathy_msn_t) | ||||
| files_read_etc_files(telepathy_msn_t) | ||||
| files_read_usr_files(telepathy_msn_t) | ||||
| 
 | ||||
| kernel_read_system_state(telepathy_msn_t) | ||||
| 
 | ||||
| auth_use_nsswitch(telepathy_msn_t) | ||||
| 
 | ||||
| libs_exec_ldconfig(telepathy_msn_t) | ||||
| @ -263,8 +261,6 @@ dev_read_urand(telepathy_sunshine_t) | ||||
| files_read_etc_files(telepathy_sunshine_t) | ||||
| files_read_usr_files(telepathy_sunshine_t) | ||||
| 
 | ||||
| kernel_read_system_state(telepathy_sunshine_t) | ||||
| 
 | ||||
| optional_policy(` | ||||
|         xserver_read_xdm_pid(telepathy_sunshine_t) | ||||
|         xserver_stream_connect(telepathy_sunshine_t) | ||||
| @ -290,6 +286,8 @@ corenet_tcp_sendrecv_generic_if(telepathy_domain) | ||||
| corenet_tcp_sendrecv_generic_node(telepathy_domain) | ||||
| corenet_udp_bind_generic_node(telepathy_domain) | ||||
| 
 | ||||
| kernel_read_system_state(telepathy_domain) | ||||
| 
 | ||||
| fs_search_auto_mountpoints(telepathy_domain) | ||||
| 
 | ||||
| miscfiles_read_localization(telepathy_domain) | ||||
|  | ||||
| @ -252,7 +252,7 @@ selinux_validate_context(krb5kdc_t) | ||||
| 
 | ||||
| logging_send_syslog_msg(krb5kdc_t) | ||||
| 
 | ||||
| miscfiles_read_geniric_certs(krb5kdc_t) | ||||
| miscfiles_read_generic_certs(krb5kdc_t) | ||||
| miscfiles_read_localization(krb5kdc_t) | ||||
| 
 | ||||
| seutil_read_file_contexts(krb5kdc_t) | ||||
|  | ||||
| @ -3,4 +3,4 @@ | ||||
| 
 | ||||
| /var/lib/passenger(/.*)?           gen_context(system_u:object_r:passenger_var_lib_t,s0) | ||||
| 
 | ||||
| /var/run/passenger(/.*)?           gen_context(system_u:object_r:passenger_state_t,s0) | ||||
| /var/run/passenger(/.*)?           gen_context(system_u:object_r:passenger_var_run_t,s0) | ||||
|  | ||||
		Loading…
	
		Reference in New Issue
	
	Block a user