- Change user and staff roles to work correctly with varied perms

2008-01-04 13:38:45 +00:00 · 2008-01-04 13:38:45 +00:00 · f2ab704886
commit f2ab704886
parent a502c55197
1 changed files with 26 additions and 4 deletions
--- a/policy-20071130.patch
+++ b/policy-20071130.patch
@ -3601,8 +3601,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin
 +/usr/lib/mozilla/plugins-wrapped(/.*)?			gen_context(system_u:object_r:nsplugin_rw_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.if serefpolicy-3.2.5/policy/modules/apps/nsplugin.if
 --- nsaserefpolicy/policy/modules/apps/nsplugin.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.2.5/policy/modules/apps/nsplugin.if	2008-01-03 17:03:53.000000000 -0500
-@@ -0,0 +1,205 @@
+++ serefpolicy-3.2.5/policy/modules/apps/nsplugin.if	2008-01-04 08:37:32.000000000 -0500
+@@ -0,0 +1,227 @@
 +
 +## <summary>policy for nsplugin</summary>
 +
@ -3659,7 +3659,25 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin
 +		type nsplugin_rw_t;
 +	')
 +
-+	read_fils_pattern($1, nsplugin_rw_t, nsplugin_rw_t)
+	read_files_pattern($1, nsplugin_rw_t, nsplugin_rw_t)
+')
+
+########################################
+## <summary>
+##	Exec nsplugin rw files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`nsplugin_rw_exec',`
+	gen_require(`
+		type nsplugin_rw_t;
+	')
+
+	can_exec($1, nsplugin_rw_t)
 +')
 +
 +########################################
@ -3803,10 +3821,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin
 +template(`nsplugin_per_role_template',`
 +	gen_require(`
 +		type nsplugin_t;
+		type nsplugin_rw_t;
 +	')
 +	nsplugin_domtrans($2)
 +	role $3 types nsplugin_t;
-+	nsplugin_read_rw_files($2)
+
+	read_files_pattern($2, , nsplugin_rw_t, nsplugin_rw_t)
+	read_lnk_files_pattern($2, , nsplugin_rw_t, nsplugin_rw_t)
+	can_exec($2, nsplugin_rw_t)
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.te serefpolicy-3.2.5/policy/modules/apps/nsplugin.te
 --- nsaserefpolicy/policy/modules/apps/nsplugin.te	1969-12-31 19:00:00.000000000 -0500