rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix dupl transition rules in mozilla.te

Browse Source
This commit is contained in:
Miroslav Grepl 2013-01-25 20:24:52 +01:00
parent 1802bef984
commit a39c31a810
2 changed files with 45 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
policy-rawhide-base.patch
View File

@ -228935,7 +228935,7 @@ index 5dfa44b..938e2ec 100644
optional_policy(` optional_policy(`
diff --git a/policy/modules/system/libraries.fc b/policy/modules/system/libraries.fc diff --git a/policy/modules/system/libraries.fc b/policy/modules/system/libraries.fc
index 73bb3c0..e6fa600 100644 index 73bb3c0..bd25d6e 100644
--- a/policy/modules/system/libraries.fc --- a/policy/modules/system/libraries.fc
+++ b/policy/modules/system/libraries.fc +++ b/policy/modules/system/libraries.fc
@@ -1,3 +1,4 @@ @@ -1,3 +1,4 @@
@ -229001,7 +229001,15 @@ index 73bb3c0..e6fa600 100644
/usr/lib/altivec/libavcodec\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib/altivec/libavcodec\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib/cedega/.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib/cedega/.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib/dovecot/(.*/)?lib.*\.so.* -- gen_context(system_u:object_r:lib_t,s0) /usr/lib/dovecot/(.*/)?lib.*\.so.* -- gen_context(system_u:object_r:lib_t,s0)
@@ -141,6 +150,8 @@ ifdef(`distro_redhat',` @@ -129,6 +138,7 @@ ifdef(`distro_redhat',`
/usr/X11R6/lib/libGL\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib/libGL\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib/catalyst/libGL\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+/usr/lib/catalyst/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib/libADM5.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib/libatiadlxx\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib/win32/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -141,6 +151,8 @@ ifdef(`distro_redhat',`
/usr/lib/ati-fglrx/.+\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib/ati-fglrx/.+\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib/fglrx/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib/fglrx/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib/libjs\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib/libjs\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@ -229010,7 +229018,7 @@ index 73bb3c0..e6fa600 100644
/usr/lib/sse2/libx264\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib/sse2/libx264\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(/.*)?/libnvidia.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib(/.*)?/libnvidia.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(/.*)?/nvidia_drv.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib(/.*)?/nvidia_drv.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -148,12 +159,11 @@ ifdef(`distro_redhat',` @@ -148,12 +160,11 @@ ifdef(`distro_redhat',`
/usr/lib/nvidia-graphics(-[^/]*/)?libGL(core)?\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib/nvidia-graphics(-[^/]*/)?libGL(core)?\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib/nvidia-graphics(-[^/]*/)?libnvidia.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib/nvidia-graphics(-[^/]*/)?libnvidia.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib/nvidia-graphics(-[^/]*/)?libXvMCNVIDIA\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib/nvidia-graphics(-[^/]*/)?libXvMCNVIDIA\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@ -229026,7 +229034,7 @@ index 73bb3c0..e6fa600 100644
/usr/NX/lib/libXcomp\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/NX/lib/libXcomp\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/NX/lib/libjpeg\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/NX/lib/libjpeg\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -182,11 +192,13 @@ ifdef(`distro_redhat',` @@ -182,11 +193,13 @@ ifdef(`distro_redhat',`
# Fedora Core packages: gstreamer-plugins, compat-libstdc++, Glide3, libdv # Fedora Core packages: gstreamer-plugins, compat-libstdc++, Glide3, libdv
# HelixPlayer, SDL, xorg-x11, xorg-x11-libs, Hermes, valgrind, openoffice.org-libs, httpd - php # HelixPlayer, SDL, xorg-x11, xorg-x11-libs, Hermes, valgrind, openoffice.org-libs, httpd - php
HOME_DIR/.*/plugins/nppdf\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) HOME_DIR/.*/plugins/nppdf\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@ -229040,7 +229048,7 @@ index 73bb3c0..e6fa600 100644
/usr/lib/libfglrx_gamma\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib/libfglrx_gamma\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib/mozilla/plugins/nppdf\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib/mozilla/plugins/nppdf\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib/mozilla/plugins/libvlcplugin\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib/mozilla/plugins/libvlcplugin\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -241,13 +253,10 @@ HOME_DIR/.*/plugins/nppdf\.so.* -- gen_context(system_u:object_r:textrel_shlib_ @@ -241,13 +254,10 @@ HOME_DIR/.*/plugins/nppdf\.so.* -- gen_context(system_u:object_r:textrel_shlib_
# Livna.org packages: xmms-mp3, ffmpeg, xvidcore, xine-lib, gsm, lame # Livna.org packages: xmms-mp3, ffmpeg, xvidcore, xine-lib, gsm, lame
/usr/lib.*/libmpg123\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib.*/libmpg123\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@ -229055,7 +229063,7 @@ index 73bb3c0..e6fa600 100644
# Jai, Sun Microsystems (Jpackage SPRM) # Jai, Sun Microsystems (Jpackage SPRM)
/usr/lib/libmlib_jai\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib/libmlib_jai\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -269,20 +278,19 @@ HOME_DIR/.mozilla/plugins/nprhapengine\.so.* -- gen_context(system_u:object_r:te @@ -269,20 +279,19 @@ HOME_DIR/.mozilla/plugins/nprhapengine\.so.* -- gen_context(system_u:object_r:te
# Java, Sun Microsystems (JPackage SRPM) # Java, Sun Microsystems (JPackage SRPM)
/usr/(.*/)?jre.*/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/(.*/)?jre.*/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@ -229086,7 +229094,7 @@ index 73bb3c0..e6fa600 100644
/usr/(.*/)?intellinux/SPPlugins/ADMPlugin\.apl -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/(.*/)?intellinux/SPPlugins/ADMPlugin\.apl -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -299,17 +307,151 @@ HOME_DIR/.mozilla/plugins/nprhapengine\.so.* -- gen_context(system_u:object_r:te @@ -299,17 +308,151 @@ HOME_DIR/.mozilla/plugins/nprhapengine\.so.* -- gen_context(system_u:object_r:te
# #
/var/cache/ldconfig(/.*)? gen_context(system_u:object_r:ldconfig_cache_t,s0) /var/cache/ldconfig(/.*)? gen_context(system_u:object_r:ldconfig_cache_t,s0)

60
policy-rawhide-contrib.patch
View File

@ -35888,7 +35888,7 @@ index 6194b80..84438b1 100644
') ')
+ +
diff --git a/mozilla.te b/mozilla.te diff --git a/mozilla.te b/mozilla.te
index 6a306ee..01a5114 100644 index 6a306ee..c4829d1 100644
--- a/mozilla.te --- a/mozilla.te
+++ b/mozilla.te +++ b/mozilla.te
@@ -1,4 +1,4 @@ @@ -1,4 +1,4 @@
@ -36148,11 +36148,11 @@ index 6a306ee..01a5114 100644
miscfiles_dontaudit_setattr_fonts_dirs(mozilla_t) miscfiles_dontaudit_setattr_fonts_dirs(mozilla_t)
-userdom_use_user_ptys(mozilla_t) -userdom_use_user_ptys(mozilla_t)
-
-userdom_manage_user_tmp_dirs(mozilla_t)
-userdom_manage_user_tmp_files(mozilla_t)
+userdom_use_inherited_user_ptys(mozilla_t) +userdom_use_inherited_user_ptys(mozilla_t)
-userdom_manage_user_tmp_dirs(mozilla_t)
-userdom_manage_user_tmp_files(mozilla_t)
-
-userdom_manage_user_home_content_dirs(mozilla_t) -userdom_manage_user_home_content_dirs(mozilla_t)
-userdom_manage_user_home_content_files(mozilla_t) -userdom_manage_user_home_content_files(mozilla_t)
-userdom_user_home_dir_filetrans_user_home_content(mozilla_t, { dir file }) -userdom_user_home_dir_filetrans_user_home_content(mozilla_t, { dir file })
@ -36403,18 +36403,18 @@ index 6a306ee..01a5114 100644
allow mozilla_plugin_t mozilla_plugin_rw_t:dir list_dir_perms; allow mozilla_plugin_t mozilla_plugin_rw_t:dir list_dir_perms;
-allow mozilla_plugin_t mozilla_plugin_rw_t:file read_file_perms; -allow mozilla_plugin_t mozilla_plugin_rw_t:file read_file_perms;
-allow mozilla_plugin_t mozilla_plugin_rw_t:lnk_file read_lnk_file_perms; -allow mozilla_plugin_t mozilla_plugin_rw_t:lnk_file read_lnk_file_perms;
-
-dgram_send_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t, mozilla_t)
-stream_connect_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t, mozilla_t)
+read_lnk_files_pattern(mozilla_plugin_t, mozilla_plugin_rw_t, mozilla_plugin_rw_t) +read_lnk_files_pattern(mozilla_plugin_t, mozilla_plugin_rw_t, mozilla_plugin_rw_t)
+read_files_pattern(mozilla_plugin_t, mozilla_plugin_rw_t, mozilla_plugin_rw_t) +read_files_pattern(mozilla_plugin_t, mozilla_plugin_rw_t, mozilla_plugin_rw_t)
-dgram_send_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t, mozilla_t)
-stream_connect_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t, mozilla_t)
-
-can_exec(mozilla_plugin_t, { mozilla_exec_t mozilla_plugin_home_t mozilla_plugin_tmp_t }) -can_exec(mozilla_plugin_t, { mozilla_exec_t mozilla_plugin_home_t mozilla_plugin_tmp_t })
+can_exec(mozilla_plugin_t, mozilla_exec_t) +can_exec(mozilla_plugin_t, mozilla_exec_t)
kernel_read_all_sysctls(mozilla_plugin_t) kernel_read_all_sysctls(mozilla_plugin_t)
kernel_read_system_state(mozilla_plugin_t) kernel_read_system_state(mozilla_plugin_t)
@@ -366,155 +372,110 @@ kernel_dontaudit_getattr_core_if(mozilla_plugin_t) @@ -366,155 +372,111 @@ kernel_dontaudit_getattr_core_if(mozilla_plugin_t)
corecmd_exec_bin(mozilla_plugin_t) corecmd_exec_bin(mozilla_plugin_t)
corecmd_exec_shell(mozilla_plugin_t) corecmd_exec_shell(mozilla_plugin_t)
@ -36612,6 +36612,7 @@ index 6a306ee..01a5114 100644
+userdom_read_user_home_content_symlinks(mozilla_plugin_t) +userdom_read_user_home_content_symlinks(mozilla_plugin_t)
+userdom_read_home_certs(mozilla_plugin_t) +userdom_read_home_certs(mozilla_plugin_t)
+userdom_read_home_audio_files(mozilla_plugin_t) +userdom_read_home_audio_files(mozilla_plugin_t)
+userdom_exec_user_tmp_files(mozilla_plugin_t)
-tunable_policy(`use_nfs_home_dirs',` -tunable_policy(`use_nfs_home_dirs',`
- fs_manage_nfs_dirs(mozilla_plugin_t) - fs_manage_nfs_dirs(mozilla_plugin_t)
@ -36629,7 +36630,7 @@ index 6a306ee..01a5114 100644
') ')
optional_policy(` optional_policy(`
@@ -523,36 +484,43 @@ optional_policy(` @@ -523,36 +485,43 @@ optional_policy(`
') ')
optional_policy(` optional_policy(`
@ -36687,7 +36688,7 @@ index 6a306ee..01a5114 100644
') ')
optional_policy(` optional_policy(`
@@ -560,7 +528,7 @@ optional_policy(` @@ -560,7 +529,7 @@ optional_policy(`
') ')
optional_policy(` optional_policy(`
@ -36696,7 +36697,7 @@ index 6a306ee..01a5114 100644
') ')
optional_policy(` optional_policy(`
@@ -568,108 +536,103 @@ optional_policy(` @@ -568,108 +537,104 @@ optional_policy(`
') ')
optional_policy(` optional_policy(`
@ -36811,32 +36812,26 @@ index 6a306ee..01a5114 100644
+userdom_dontaudit_write_all_user_tmp_content_files(mozilla_plugin_config_t) +userdom_dontaudit_write_all_user_tmp_content_files(mozilla_plugin_config_t)
-userdom_use_user_ptys(mozilla_plugin_config_t) -userdom_use_user_ptys(mozilla_plugin_config_t)
-
-mozilla_run_plugin(mozilla_plugin_config_t, mozilla_plugin_config_roles)
+domtrans_pattern(mozilla_plugin_config_t, mozilla_plugin_exec_t, mozilla_plugin_t) +domtrans_pattern(mozilla_plugin_config_t, mozilla_plugin_exec_t, mozilla_plugin_t)
-mozilla_run_plugin(mozilla_plugin_config_t, mozilla_plugin_config_roles)
-
-tunable_policy(`allow_execmem',` -tunable_policy(`allow_execmem',`
- allow mozilla_plugin_config_t self:process execmem; - allow mozilla_plugin_config_t self:process execmem;
-') +optional_policy(`
- + gnome_dontaudit_rw_inherited_config(mozilla_plugin_config_t)
')
-tunable_policy(`mozilla_execstack',` -tunable_policy(`mozilla_execstack',`
- allow mozilla_plugin_config_t self:process { execmem execstack }; - allow mozilla_plugin_config_t self:process { execmem execstack };
+optional_policy(` +optional_policy(`
+ gnome_dontaudit_rw_inherited_config(mozilla_plugin_config_t) + xserver_use_user_fonts(mozilla_plugin_config_t)
') ')
-tunable_policy(`use_nfs_home_dirs',` -tunable_policy(`use_nfs_home_dirs',`
- fs_manage_nfs_dirs(mozilla_plugin_config_t) - fs_manage_nfs_dirs(mozilla_plugin_config_t)
- fs_manage_nfs_files(mozilla_plugin_config_t) - fs_manage_nfs_files(mozilla_plugin_config_t)
- fs_manage_nfs_symlinks(mozilla_plugin_config_t) - fs_manage_nfs_symlinks(mozilla_plugin_config_t)
+optional_policy(`
+ xserver_use_user_fonts(mozilla_plugin_config_t)
')
-tunable_policy(`use_samba_home_dirs',`
- fs_manage_cifs_dirs(mozilla_plugin_config_t)
- fs_manage_cifs_files(mozilla_plugin_config_t)
- fs_manage_cifs_symlinks(mozilla_plugin_config_t)
+ifdef(`distro_redhat',` +ifdef(`distro_redhat',`
+ typealias mozilla_plugin_t alias nsplugin_t; + typealias mozilla_plugin_t alias nsplugin_t;
+ typealias mozilla_plugin_exec_t alias nsplugin_exec_t; + typealias mozilla_plugin_exec_t alias nsplugin_exec_t;
@ -36846,15 +36841,20 @@ index 6a306ee..01a5114 100644
+ typealias mozilla_plugin_config_t alias nsplugin_config_t; + typealias mozilla_plugin_config_t alias nsplugin_config_t;
+ typealias mozilla_plugin_config_exec_t alias nsplugin_config_exec_t; + typealias mozilla_plugin_config_exec_t alias nsplugin_config_exec_t;
') ')
-
-optional_policy(` -tunable_policy(`use_samba_home_dirs',`
- automount_dontaudit_getattr_tmp_dirs(mozilla_plugin_config_t) - fs_manage_cifs_dirs(mozilla_plugin_config_t)
+userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_home_t, { dir file }) - fs_manage_cifs_files(mozilla_plugin_config_t)
+userdom_user_home_dir_filetrans_pattern(mozilla_plugin_t, file) - fs_manage_cifs_symlinks(mozilla_plugin_config_t)
-')
+tunable_policy(`mozilla_plugin_enable_homedirs',` +tunable_policy(`mozilla_plugin_enable_homedirs',`
+ userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_home_t, { dir file }) + userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_home_t, { dir file })
+', ` +', `
+ userdom_user_home_dir_filetrans_pattern(mozilla_plugin_t, dir)
-optional_policy(`
- automount_dontaudit_getattr_tmp_dirs(mozilla_plugin_config_t)
+ userdom_user_home_dir_filetrans_pattern(mozilla_plugin_t, file)
+ userdom_user_home_dir_filetrans_pattern(mozilla_plugin_t, dir)
') ')
-optional_policy(` -optional_policy(`