rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- Change user and staff roles to work correctly with varied perms

Browse Source
This commit is contained in:
Daniel J Walsh 2008-01-04 13:38:45 +00:00
parent a502c55197
commit f2ab704886
1 changed files with 26 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
policy-20071130.patch
View File

@ -3601,8 +3601,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin
+/usr/lib/mozilla/plugins-wrapped(/.*)? gen_context(system_u:object_r:nsplugin_rw_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.if serefpolicy-3.2.5/policy/modules/apps/nsplugin.if
--- nsaserefpolicy/policy/modules/apps/nsplugin.if 1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-3.2.5/policy/modules/apps/nsplugin.if 2008-01-03 17:03:53.000000000 -0500
@@ -0,0 +1,205 @@
+++ serefpolicy-3.2.5/policy/modules/apps/nsplugin.if 2008-01-04 08:37:32.000000000 -0500
@@ -0,0 +1,227 @@
+
+## <summary>policy for nsplugin</summary>
+
@ -3659,7 +3659,25 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin
+ type nsplugin_rw_t;
+ ')
+
+ read_fils_pattern($1, nsplugin_rw_t, nsplugin_rw_t)
+ read_files_pattern($1, nsplugin_rw_t, nsplugin_rw_t)
+')
+
+########################################
+## <summary>
+## Exec nsplugin rw files.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`nsplugin_rw_exec',`
+ gen_require(`
+ type nsplugin_rw_t;
+ ')
+
+ can_exec($1, nsplugin_rw_t)
+')
+
+########################################
@ -3803,10 +3821,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin
+template(`nsplugin_per_role_template',`
+ gen_require(`
+ type nsplugin_t;
+ type nsplugin_rw_t;
+ ')
+ nsplugin_domtrans($2)
+ role $3 types nsplugin_t;
+ nsplugin_read_rw_files($2)
+
+ read_files_pattern($2, , nsplugin_rw_t, nsplugin_rw_t)
+ read_lnk_files_pattern($2, , nsplugin_rw_t, nsplugin_rw_t)
+ can_exec($2, nsplugin_rw_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.te serefpolicy-3.2.5/policy/modules/apps/nsplugin.te
--- nsaserefpolicy/policy/modules/apps/nsplugin.te 1969-12-31 19:00:00.000000000 -0500