Allow mozilla_plugin to manage all gnome config files
Allow nsplugin_t to read lnk files in nsplugin_rw_t New labeling for packagekit scripts to bin_t Allow mount_t to delete etc_t Allow fsdaemon_t to read usr_t files
This commit is contained in:
parent
4e6b3f6dd9
commit
79bff2bb38
@ -346,6 +346,8 @@ fs_getattr_tmpfs(mozilla_plugin_t)
|
||||
miscfiles_read_localization(mozilla_plugin_t)
|
||||
miscfiles_read_fonts(mozilla_plugin_t)
|
||||
|
||||
sysnet_dns_name_resolve(mozilla_plugin_t)
|
||||
|
||||
term_getattr_all_ttys(mozilla_plugin_t)
|
||||
term_getattr_all_ptys(mozilla_plugin_t)
|
||||
|
||||
@ -371,7 +373,7 @@ optional_policy(`
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
gnome_manage_home_config(mozilla_plugin_t)
|
||||
gnome_manage_config(mozilla_plugin_t)
|
||||
gnome_setattr_home_config(mozilla_plugin_t)
|
||||
')
|
||||
|
||||
@ -380,11 +382,12 @@ optional_policy(`
|
||||
nsplugin_rw_exec(mozilla_plugin_t)
|
||||
nsplugin_manage_home_dirs(mozilla_plugin_t)
|
||||
nsplugin_manage_home_files(mozilla_plugin_t)
|
||||
nsplugin_user_home_dir_filetrans(mozilla_plugin_t)
|
||||
nsplugin_user_home_dir_filetrans(mozilla_plugin_t, dir)
|
||||
nsplugin_signal(mozilla_plugin_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
pulseaudio_setattr_home_dir(mozilla_plugin_t)
|
||||
pulseaudio_rw_home_files(mozilla_plugin_t)
|
||||
')
|
||||
|
||||
|
@ -63,8 +63,8 @@ allow nsplugin_t self:msgq create_msgq_perms;
|
||||
allow nsplugin_t self:unix_stream_socket { connectto create_stream_socket_perms };
|
||||
allow nsplugin_t self:unix_dgram_socket create_socket_perms;
|
||||
allow nsplugin_t nsplugin_rw_t:dir list_dir_perms;
|
||||
read_lnk_files_pattern(nsplugin_config_t, nsplugin_rw_t, nsplugin_rw_t)
|
||||
read_files_pattern(nsplugin_config_t, nsplugin_rw_t, nsplugin_rw_t)
|
||||
read_lnk_files_pattern(nsplugin_t, nsplugin_rw_t, nsplugin_rw_t)
|
||||
read_files_pattern(nsplugin_t, nsplugin_rw_t, nsplugin_rw_t)
|
||||
|
||||
tunable_policy(`allow_nsplugin_execmem',`
|
||||
allow nsplugin_t self:process { execstack execmem };
|
||||
|
@ -74,6 +74,8 @@ ifdef(`distro_redhat',`
|
||||
|
||||
/etc/netplug\.d(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||
|
||||
/etc/PackageKit/events(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||
|
||||
/etc/pm/power\.d(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||
/etc/pm/sleep\.d(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||
|
||||
|
@ -72,6 +72,7 @@ files_exec_etc_files(fsdaemon_t)
|
||||
files_read_etc_runtime_files(fsdaemon_t)
|
||||
# for config
|
||||
files_read_etc_files(fsdaemon_t)
|
||||
files_read_usr_files(fsdaemon_t)
|
||||
|
||||
fs_getattr_all_fs(fsdaemon_t)
|
||||
fs_search_auto_mountpoints(fsdaemon_t)
|
||||
|
@ -112,16 +112,17 @@ files_search_all(mount_t)
|
||||
files_read_etc_files(mount_t)
|
||||
files_manage_etc_runtime_files(mount_t)
|
||||
files_etc_filetrans_etc_runtime(mount_t, file)
|
||||
# for when /etc/mtab loses its type
|
||||
files_delete_etc_files(mount_t)
|
||||
files_mounton_all_mountpoints(mount_t)
|
||||
# ntfs-3g checks whether the mountpoint is writable before mounting
|
||||
files_write_all_mountpoints(mount_t)
|
||||
files_unmount_rootfs(mount_t)
|
||||
|
||||
# These rules need to be generalized. Only admin, initrc should have it:
|
||||
files_relabel_all_file_type_fs(mount_t)
|
||||
files_mount_all_file_type_fs(mount_t)
|
||||
files_unmount_all_file_type_fs(mount_t)
|
||||
# for when /etc/mtab loses its type
|
||||
# cjp: this seems wrong, the type should probably be etc
|
||||
files_read_isid_type_files(mount_t)
|
||||
# For reading cert files
|
||||
files_read_usr_files(mount_t)
|
||||
|
Loading…
Reference in New Issue
Block a user