Fix dupl transition rules in mozilla.te

2013-01-25 20:24:52 +01:00 · 2013-01-25 20:24:52 +01:00 · a39c31a810
commit a39c31a810
parent 1802bef984
2 changed files with 45 additions and 37 deletions
--- a/policy-rawhide-base.patch
+++ b/policy-rawhide-base.patch
@ -228935,7 +228935,7 @@ index 5dfa44b..938e2ec 100644
 
 optional_policy(`
 diff --git a/policy/modules/system/libraries.fc b/policy/modules/system/libraries.fc
-index 73bb3c0..e6fa600 100644
+index 73bb3c0..bd25d6e 100644
 --- a/policy/modules/system/libraries.fc
 +++ b/policy/modules/system/libraries.fc
@@ -1,3 +1,4 @@
@ -229001,7 +229001,15 @@ index 73bb3c0..e6fa600 100644
 /usr/lib/altivec/libavcodec\.so(\.[^/]*)* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
 /usr/lib/cedega/.+\.so(\.[^/]*)*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
 /usr/lib/dovecot/(.*/)?lib.*\.so.*      --      gen_context(system_u:object_r:lib_t,s0)
-@@ -141,6 +150,8 @@ ifdef(`distro_redhat',`
+@@ -129,6 +138,7 @@ ifdef(`distro_redhat',`
+ /usr/X11R6/lib/libGL\.so.* 		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib/libGL\.so(\.[^/]*)*		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib/catalyst/libGL\.so(\.[^/]*)*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
+/usr/lib/catalyst/.*\.so(\.[^/]*)*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib/libADM5.*\.so(\.[^/]*)*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib/libatiadlxx\.so(\.[^/]*)*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib/win32/.*\.so(\.[^/]*)*		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
+@@ -141,6 +151,8 @@ ifdef(`distro_redhat',`
 /usr/lib/ati-fglrx/.+\.so(\..*)?	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
 /usr/lib/fglrx/.*\.so(\.[^/]*)*		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
 /usr/lib/libjs\.so.*			--	gen_context(system_u:object_r:textrel_shlib_t,s0)
@ -229010,7 +229018,7 @@ index 73bb3c0..e6fa600 100644
 /usr/lib/sse2/libx264\.so(\.[^/]*)* 	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
 /usr/lib(/.*)?/libnvidia.+\.so(\.[^/]*)* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
 /usr/lib(/.*)?/nvidia_drv.*\.so(\.[^/]*)* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -148,12 +159,11 @@ ifdef(`distro_redhat',`
+@@ -148,12 +160,11 @@ ifdef(`distro_redhat',`
 /usr/lib/nvidia-graphics(-[^/]*/)?libGL(core)?\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
 /usr/lib/nvidia-graphics(-[^/]*/)?libnvidia.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
 /usr/lib/nvidia-graphics(-[^/]*/)?libXvMCNVIDIA\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@ -229026,7 +229034,7 @@ index 73bb3c0..e6fa600 100644
 /usr/NX/lib/libXcomp\.so.*		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
 /usr/NX/lib/libjpeg\.so.* 		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
 
-@@ -182,11 +192,13 @@ ifdef(`distro_redhat',`
+@@ -182,11 +193,13 @@ ifdef(`distro_redhat',`
 # Fedora Core packages: gstreamer-plugins, compat-libstdc++, Glide3, libdv
 # 	HelixPlayer, SDL, xorg-x11, xorg-x11-libs, Hermes, valgrind, openoffice.org-libs, httpd - php
 HOME_DIR/.*/plugins/nppdf\.so.* 	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
@ -229040,7 +229048,7 @@ index 73bb3c0..e6fa600 100644
 /usr/lib/libfglrx_gamma\.so.* 		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
 /usr/lib/mozilla/plugins/nppdf\.so 	-- 	gen_context(system_u:object_r:textrel_shlib_t,s0)
 /usr/lib/mozilla/plugins/libvlcplugin\.so --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -241,13 +253,10 @@ HOME_DIR/.*/plugins/nppdf\.so.* 	--	gen_context(system_u:object_r:textrel_shlib_
+@@ -241,13 +254,10 @@ HOME_DIR/.*/plugins/nppdf\.so.* 	--	gen_context(system_u:object_r:textrel_shlib_
 
 # Livna.org packages: xmms-mp3, ffmpeg, xvidcore, xine-lib, gsm, lame
 /usr/lib.*/libmpg123\.so(\.[^/]*)*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
@ -229055,7 +229063,7 @@ index 73bb3c0..e6fa600 100644
 
 # Jai, Sun Microsystems (Jpackage SPRM)
 /usr/lib/libmlib_jai\.so		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -269,20 +278,19 @@ HOME_DIR/.mozilla/plugins/nprhapengine\.so.* --	gen_context(system_u:object_r:te
+@@ -269,20 +279,19 @@ HOME_DIR/.mozilla/plugins/nprhapengine\.so.* --	gen_context(system_u:object_r:te
 
 # Java, Sun Microsystems (JPackage SRPM)
 /usr/(.*/)?jre.*/.*\.so(\.[^/]*)*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
@ -229086,7 +229094,7 @@ index 73bb3c0..e6fa600 100644
 
 /usr/(.*/)?intellinux/SPPlugins/ADMPlugin\.apl -- gen_context(system_u:object_r:textrel_shlib_t,s0)
 
-@@ -299,17 +307,151 @@ HOME_DIR/.mozilla/plugins/nprhapengine\.so.* --	gen_context(system_u:object_r:te
+@@ -299,17 +308,151 @@ HOME_DIR/.mozilla/plugins/nprhapengine\.so.* --	gen_context(system_u:object_r:te
 #
 /var/cache/ldconfig(/.*)?			gen_context(system_u:object_r:ldconfig_cache_t,s0)
 
--- a/policy-rawhide-contrib.patch
+++ b/policy-rawhide-contrib.patch
@ -35888,7 +35888,7 @@ index 6194b80..84438b1 100644
 ')
 +
 diff --git a/mozilla.te b/mozilla.te
-index 6a306ee..01a5114 100644
+index 6a306ee..c4829d1 100644
 --- a/mozilla.te
 +++ b/mozilla.te
@@ -1,4 +1,4 @@
@ -36148,11 +36148,11 @@ index 6a306ee..01a5114 100644
 miscfiles_dontaudit_setattr_fonts_dirs(mozilla_t)
 
 -userdom_use_user_ptys(mozilla_t)
-
-userdom_manage_user_tmp_dirs(mozilla_t)
-userdom_manage_user_tmp_files(mozilla_t)
 +userdom_use_inherited_user_ptys(mozilla_t)
 
+-userdom_manage_user_tmp_dirs(mozilla_t)
+-userdom_manage_user_tmp_files(mozilla_t)
+-
 -userdom_manage_user_home_content_dirs(mozilla_t)
 -userdom_manage_user_home_content_files(mozilla_t)
 -userdom_user_home_dir_filetrans_user_home_content(mozilla_t, { dir file })
@ -36403,18 +36403,18 @@ index 6a306ee..01a5114 100644
 allow mozilla_plugin_t mozilla_plugin_rw_t:dir list_dir_perms;
 -allow mozilla_plugin_t mozilla_plugin_rw_t:file read_file_perms;
 -allow mozilla_plugin_t mozilla_plugin_rw_t:lnk_file read_lnk_file_perms;
-
-dgram_send_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t, mozilla_t)
-stream_connect_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t, mozilla_t)
 +read_lnk_files_pattern(mozilla_plugin_t, mozilla_plugin_rw_t, mozilla_plugin_rw_t)
 +read_files_pattern(mozilla_plugin_t, mozilla_plugin_rw_t, mozilla_plugin_rw_t)
 
+-dgram_send_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t, mozilla_t)
+-stream_connect_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t, mozilla_t)
+-
 -can_exec(mozilla_plugin_t, { mozilla_exec_t mozilla_plugin_home_t mozilla_plugin_tmp_t })
 +can_exec(mozilla_plugin_t, mozilla_exec_t)
 
 kernel_read_all_sysctls(mozilla_plugin_t)
 kernel_read_system_state(mozilla_plugin_t)
-@@ -366,155 +372,110 @@ kernel_dontaudit_getattr_core_if(mozilla_plugin_t)
+@@ -366,155 +372,111 @@ kernel_dontaudit_getattr_core_if(mozilla_plugin_t)
 
 corecmd_exec_bin(mozilla_plugin_t)
 corecmd_exec_shell(mozilla_plugin_t)
@ -36612,6 +36612,7 @@ index 6a306ee..01a5114 100644
 +userdom_read_user_home_content_symlinks(mozilla_plugin_t)
 +userdom_read_home_certs(mozilla_plugin_t)
 +userdom_read_home_audio_files(mozilla_plugin_t)
+userdom_exec_user_tmp_files(mozilla_plugin_t)
 
 -tunable_policy(`use_nfs_home_dirs',`
 -	fs_manage_nfs_dirs(mozilla_plugin_t)
@ -36629,7 +36630,7 @@ index 6a306ee..01a5114 100644
 ')
 
 optional_policy(`
-@@ -523,36 +484,43 @@ optional_policy(`
+@@ -523,36 +485,43 @@ optional_policy(`
 ')
 
 optional_policy(`
@ -36687,7 +36688,7 @@ index 6a306ee..01a5114 100644
 ')
 
 optional_policy(`
-@@ -560,7 +528,7 @@ optional_policy(`
+@@ -560,7 +529,7 @@ optional_policy(`
 ')
 
 optional_policy(`
@ -36696,7 +36697,7 @@ index 6a306ee..01a5114 100644
 ')
 
 optional_policy(`
-@@ -568,108 +536,103 @@ optional_policy(`
+@@ -568,108 +537,104 @@ optional_policy(`
 ')
 
 optional_policy(`
@ -36811,32 +36812,26 @@ index 6a306ee..01a5114 100644
 +userdom_dontaudit_write_all_user_tmp_content_files(mozilla_plugin_config_t)
 
 -userdom_use_user_ptys(mozilla_plugin_config_t)
+-
+-mozilla_run_plugin(mozilla_plugin_config_t, mozilla_plugin_config_roles)
 +domtrans_pattern(mozilla_plugin_config_t, mozilla_plugin_exec_t, mozilla_plugin_t)
 
-mozilla_run_plugin(mozilla_plugin_config_t, mozilla_plugin_config_roles)
-
 -tunable_policy(`allow_execmem',`
 -	allow mozilla_plugin_config_t self:process execmem;
-')
-
+optional_policy(`
+	gnome_dontaudit_rw_inherited_config(mozilla_plugin_config_t)
+ ')
+ 
 -tunable_policy(`mozilla_execstack',`
 -	allow mozilla_plugin_config_t self:process { execmem execstack };
 +optional_policy(`
-+	gnome_dontaudit_rw_inherited_config(mozilla_plugin_config_t)
+	xserver_use_user_fonts(mozilla_plugin_config_t)
 ')
 
 -tunable_policy(`use_nfs_home_dirs',`
 -	fs_manage_nfs_dirs(mozilla_plugin_config_t)
 -	fs_manage_nfs_files(mozilla_plugin_config_t)
 -	fs_manage_nfs_symlinks(mozilla_plugin_config_t)
-+optional_policy(`
-+	xserver_use_user_fonts(mozilla_plugin_config_t)
- ')
- 
-tunable_policy(`use_samba_home_dirs',`
-	fs_manage_cifs_dirs(mozilla_plugin_config_t)
-	fs_manage_cifs_files(mozilla_plugin_config_t)
-	fs_manage_cifs_symlinks(mozilla_plugin_config_t)
 +ifdef(`distro_redhat',`
 +	typealias mozilla_plugin_t  alias nsplugin_t;
 +	typealias mozilla_plugin_exec_t  alias nsplugin_exec_t;
@ -36846,15 +36841,20 @@ index 6a306ee..01a5114 100644
 +	typealias mozilla_plugin_config_t  alias nsplugin_config_t;
 +	typealias mozilla_plugin_config_exec_t  alias nsplugin_config_exec_t;
 ')
-
-optional_policy(`
-	automount_dontaudit_getattr_tmp_dirs(mozilla_plugin_config_t)
-+userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_home_t, { dir file })
-+userdom_user_home_dir_filetrans_pattern(mozilla_plugin_t, file)
+ 
+-tunable_policy(`use_samba_home_dirs',`
+-	fs_manage_cifs_dirs(mozilla_plugin_config_t)
+-	fs_manage_cifs_files(mozilla_plugin_config_t)
+-	fs_manage_cifs_symlinks(mozilla_plugin_config_t)
+-')
 +tunable_policy(`mozilla_plugin_enable_homedirs',`
 +	userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_home_t, { dir file })
 +', `
-+   userdom_user_home_dir_filetrans_pattern(mozilla_plugin_t, dir)
+ 
+-optional_policy(`
+-	automount_dontaudit_getattr_tmp_dirs(mozilla_plugin_config_t)
+	userdom_user_home_dir_filetrans_pattern(mozilla_plugin_t, file)
+  	userdom_user_home_dir_filetrans_pattern(mozilla_plugin_t, dir)
 ')
 
 -optional_policy(`