Allow boinc projects to execute java

policy/modules/services/boinc.te

@@ -27,6 +27,9 @@ role system_r types boinc_project_t;
 
 permissive boinc_project_t;
 
+type boinc_project_tmp_t;
+files_tmp_file(boinc_project_tmp_t)
+
 type boinc_project_var_lib_t;
 files_type(boinc_project_var_lib_t)
 
@@ -120,6 +123,10 @@ allow boinc_project_t self:process { execmem execstack };
 
 allow boinc_project_t self:fifo_file rw_fifo_file_perms;
 
+manage_dirs_pattern(boinc_project_t, boinc_project_tmp_t, boinc_project_tmp_t)
+manage_files_pattern(boinc_project_t, boinc_project_tmp_t, boinc_project_tmp_t)
+files_tmp_filetrans(boinc_project_t, boinc_project_tmp_t, { dir file })
+
 allow boinc_project_t boinc_project_var_lib_t:file entrypoint;
 exec_files_pattern(boinc_project_t, boinc_project_var_lib_t,  boinc_project_var_lib_t)
 manage_dirs_pattern(boinc_project_t, boinc_project_var_lib_t,  boinc_project_var_lib_t)
@@ -144,10 +151,16 @@ corecmd_exec_shell(boinc_project_t)
 
 corenet_tcp_connect_boinc_port(boinc_project_t)
 
+dev_read_rand(boinc_project_t)
 dev_read_urand(boinc_project_t)
+dev_read_sysfs(boinc_project_t)
 dev_rw_xserver_misc(boinc_project_t)
 
 files_read_etc_files(boinc_project_t)
 
+miscfiles_read_fonts(boinc_project_t)
 miscfiles_read_localization(boinc_project_t)
 
+optional_policy(`
+    java_exec(boinc_project_t)
+')