- Update policy for mozilla_plugin_t

This commit is contained in:
Dan Walsh 2010-08-23 18:01:46 -04:00
parent 66ec626d23
commit 63265668f0
2 changed files with 36 additions and 8 deletions

View File

@ -4846,7 +4846,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
## </summary>
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.te serefpolicy-3.8.8/policy/modules/apps/mozilla.te
--- nsaserefpolicy/policy/modules/apps/mozilla.te 2010-07-27 16:06:04.000000000 -0400
+++ serefpolicy-3.8.8/policy/modules/apps/mozilla.te 2010-08-23 17:17:34.000000000 -0400
+++ serefpolicy-3.8.8/policy/modules/apps/mozilla.te 2010-08-23 17:58:35.000000000 -0400
@@ -25,6 +25,7 @@
type mozilla_home_t;
typealias mozilla_home_t alias { user_mozilla_home_t staff_mozilla_home_t sysadm_mozilla_home_t };
@ -4910,7 +4910,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
pulseaudio_exec(mozilla_t)
pulseaudio_stream_connect(mozilla_t)
pulseaudio_manage_home_files(mozilla_t)
@@ -266,3 +284,17 @@
@@ -266,3 +284,42 @@
optional_policy(`
thunderbird_domtrans(mozilla_t)
')
@ -4919,15 +4919,40 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
+#
+# mozilla_plugin local policy
+#
+allow mozilla_plugin_t self:process setsched;
+
+allow mozilla_plugin_t self:sem create_sem_perms;
+allow mozilla_plugin_t self:shm create_shm_perms;
+allow mozilla_plugin_t self:fifo_file manage_fifo_file_perms;
+allow mozilla_plugin_t self:unix_stream_socket create_stream_socket_perms;
+
+domain_use_interactive_fds(mozilla_plugin_t)
+read_files_pattern(mozilla_plugin_t, mozilla_home_t, mozilla_home_t)
+
+files_read_etc_files(mozilla_plugin_t)
+kernel_request_load_module(podsleuth_plugin_t)
+
+corecmd_exec_bin(mozilla_plugin_t)
+corecmd_exec_shell(mozilla_plugin_t)
+
+dev_read_urand(mozilla_plugin_t)
+
+domain_use_interactive_fds(mozilla_plugin_t)
+domain_dontaudit_read_all_domains_state(mozilla_plugin_t)
+
+files_read_config_files(mozilla_plugin_t)
+files_read_usr_files(mozilla_plugin_t)
+
+miscfiles_read_localization(mozilla_plugin_t)
+allow mozilla_plugin_t self:process setsched;
+
+allow mozilla_plugin_t self:unix_stream_socket connectto;
+
+optional_policy(`
+ nsplugin_domtrans(mozilla_plugin_t)
+')
+
+optional_policy(`
+ xserver_read_xdm_pid(mozilla_plugin_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mplayer.if serefpolicy-3.8.8/policy/modules/apps/mplayer.if
--- nsaserefpolicy/policy/modules/apps/mplayer.if 2010-07-27 16:06:04.000000000 -0400
+++ serefpolicy-3.8.8/policy/modules/apps/mplayer.if 2010-07-30 14:06:53.000000000 -0400
@ -5026,7 +5051,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin
+/usr/lib(64)?/mozilla/plugins-wrapped(/.*)? gen_context(system_u:object_r:nsplugin_rw_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.if serefpolicy-3.8.8/policy/modules/apps/nsplugin.if
--- nsaserefpolicy/policy/modules/apps/nsplugin.if 1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-3.8.8/policy/modules/apps/nsplugin.if 2010-08-10 07:28:28.000000000 -0400
+++ serefpolicy-3.8.8/policy/modules/apps/nsplugin.if 2010-08-23 17:57:01.000000000 -0400
@@ -0,0 +1,391 @@
+
+## <summary>policy for nsplugin</summary>
@ -5892,7 +5917,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffi
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/podsleuth.te serefpolicy-3.8.8/policy/modules/apps/podsleuth.te
--- nsaserefpolicy/policy/modules/apps/podsleuth.te 2010-07-27 16:06:04.000000000 -0400
+++ serefpolicy-3.8.8/policy/modules/apps/podsleuth.te 2010-08-11 08:27:39.000000000 -0400
+++ serefpolicy-3.8.8/policy/modules/apps/podsleuth.te 2010-08-23 17:51:56.000000000 -0400
@@ -27,7 +27,7 @@
# podsleuth local policy
#
@ -27737,7 +27762,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.8.8/policy/modules/services/xserver.if
--- nsaserefpolicy/policy/modules/services/xserver.if 2010-07-27 16:06:06.000000000 -0400
+++ serefpolicy-3.8.8/policy/modules/services/xserver.if 2010-07-30 14:06:53.000000000 -0400
+++ serefpolicy-3.8.8/policy/modules/services/xserver.if 2010-08-23 17:59:07.000000000 -0400
@@ -19,9 +19,10 @@
interface(`xserver_restricted_role',`
gen_require(`

View File

@ -20,7 +20,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.8.8
Release: 18%{?dist}
Release: 19%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@ -469,6 +469,9 @@ exit 0
%endif
%changelog
* Mon Aug 23 2010 Dan Walsh <dwalsh@redhat.com> 3.8.8-19
- Update policy for mozilla_plugin_t
* Mon Aug 23 2010 Dan Walsh <dwalsh@redhat.com> 3.8.8-18
- Allow clamscan to read proc_t
- Allow mount_t to write to debufs_t dir