From 84940a099576b327380a9b319f611bdddc79ff06 Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Fri, 14 May 2010 10:40:59 -0400 Subject: [PATCH] Java patch from Dan Walsh. Additional java context unconfined_Java apps needs to execmod any file since we do not know where the jave content will be labeled We want unconfined java apps to transition to rpm when they execute rpm_exec_t. To maintain proper labeling. --- policy/modules/apps/java.fc | 4 ++++ policy/modules/apps/java.te | 10 +++++++++- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/policy/modules/apps/java.fc b/policy/modules/apps/java.fc index f91c9a5a..86c17687 100644 --- a/policy/modules/apps/java.fc +++ b/policy/modules/apps/java.fc @@ -32,3 +32,7 @@ /usr/local/matlab.*/bin.*/MATLAB.* -- gen_context(system_u:object_r:java_exec_t,s0) /usr/matlab.*/bin.*/MATLAB.* -- gen_context(system_u:object_r:java_exec_t,s0) + +ifdef(`distro_redhat',` +/usr/java/eclipse[^/]*/eclipse -- gen_context(system_u:object_r:java_exec_t,s0) +') diff --git a/policy/modules/apps/java.te b/policy/modules/apps/java.te index 21f16650..76861e38 100644 --- a/policy/modules/apps/java.te +++ b/policy/modules/apps/java.te @@ -1,5 +1,5 @@ -policy_module(java, 2.2.1) +policy_module(java, 2.2.2) ######################################## # @@ -147,6 +147,14 @@ optional_policy(` init_dbus_chat_script(unconfined_java_t) + files_execmod_all_files(unconfined_java_t) + + init_dbus_chat_script(unconfined_java_t) + unconfined_domain_noaudit(unconfined_java_t) unconfined_dbus_chat(unconfined_java_t) + + optional_policy(` + rpm_domtrans(unconfined_java_t) + ') ')