selinux-policy/strict/macros/program/mozilla_macros.te

#
# Macros for mozilla/mozilla (or other browser) domains.
#

#
# Authors:  Stephen Smalley <sds@epoch.ncsc.mil> and Timothy Fraser 
#

#
# mozilla_domain(domain_prefix)
#
# Define a derived domain for the mozilla/mozilla program when executed by
# a user domain.  
#
# The type declaration for the executable type for this program is
# provided separately in domains/program/mozilla.te. 
#
define(`mozilla_domain',`
x_client_domain($1, mozilla, `, web_client_domain, privlog, transitionbool')

# Configuration
home_domain($1, mozilla)

# Allow mozilla to browse files
file_browse_domain($1_mozilla_t)

allow $1_mozilla_t sound_device_t:chr_file rw_file_perms;

# Unrestricted inheritance from the caller.
allow $1_t $1_mozilla_t:process { noatsecure siginh rlimitinh };
allow $1_mozilla_t $1_t:process signull;

# Set resource limits and scheduling info.
allow $1_mozilla_t self:process { setrlimit setsched };

allow $1_mozilla_t usr_t:{ lnk_file file } { getattr read };
allow $1_mozilla_t var_lib_t:file { getattr read };
allow $1_mozilla_t { random_device_t urandom_device_t }:chr_file { getattr ioctl read };
allow $1_mozilla_t self:socket create_socket_perms;
allow $1_mozilla_t self:file { getattr read };

# for bash
allow $1_mozilla_t device_t:dir r_dir_perms;
allow $1_mozilla_t devpts_t:dir r_dir_perms;
allow $1_mozilla_t proc_t:file { getattr read };
r_dir_file($1_mozilla_t, proc_net_t)

allow $1_mozilla_t { var_t var_lib_t }:dir search;

# interacting with gstreamer
r_dir_file($1_mozilla_t, var_t)

# Write files to tmp
tmp_domain($1_mozilla)

# Execute downloaded programs.
can_exec($1_mozilla_t, $1_mozilla_tmp_t)

# Use printer
ifdef(`lpr.te', `
domain_auto_trans($1_mozilla_t, lpr_exec_t, $1_lpr_t)

# Print document
allow $1_lpr_t $1_mozilla_tmp_t:file rw_file_perms;

# Suppress history.fop denial
dontaudit $1_lpr_t $1_mozilla_home_t:file { read write };

dontaudit $1_lpr_t $1_mozilla_t:tcp_socket { read write };
dontaudit $1_lpr_t $1_mozilla_t:unix_stream_socket { read write };
')

# ORBit sockets
file_type_auto_trans($1_mozilla_t, $1_tmp_t, $1_mozilla_tmp_t)
can_unix_connect($1_t, $1_mozilla_t)
allow $1_t $1_mozilla_tmp_t:sock_file write;
allow $1_mozilla_t $1_tmp_t:file { read write lock };
allow $1_mozilla_t $1_tmp_t:sock_file { read write };
dontaudit $1_mozilla_t $1_tmp_t:dir setattr;

# Allow mozilla to read user home content
if (mozilla_readhome || mozilla_writehome) {
r_dir_file($1_mozilla_t, $1_home_t)
} else {
dontaudit $1_mozilla_t $1_home_t:dir setattr;
dontaudit $1_mozilla_t $1_home_t:file setattr;
}

if (mozilla_writehome) {
file_type_auto_trans($1_mozilla_t, $1_home_t, $1_mozilla_home_t)
allow $1_mozilla_t $1_home_t:dir setattr;
allow $1_mozilla_t $1_home_t:{ file lnk_file } rw_file_perms;
} dnl end if writehome

allow $1_mozilla_t $1_t:unix_stream_socket connectto;
allow $1_mozilla_t sysctl_net_t:dir search;
allow $1_mozilla_t sysctl_t:dir search;
ifdef(`cups.te', `
allow $1_mozilla_t cupsd_etc_t:dir search;
allow $1_mozilla_t cupsd_rw_etc_t:file { getattr read };
')
allow $1_mozilla_t $1_t:tcp_socket { read write };

allow $1_mozilla_t mozilla_conf_t:file r_file_perms;
dontaudit $1_mozilla_t port_type:tcp_socket name_bind;
dontaudit $1_mozilla_t dri_device_t:chr_file rw_file_perms;
# Mozilla tries to delete .fonts.cache-1
dontaudit $1_mozilla_t $1_home_t:file unlink;
allow $1_mozilla_t self:sem create_sem_perms;

# Java plugin
ifdef(`java.te', `
javaplugin_domain($1_mozilla, $1)
')

# Mplayer plugin
ifdef(`mplayer.te', `
domain_auto_trans($1_mozilla_t, mplayer_exec_t, $1_mplayer_t)

# Read mozilla content in /tmp
r_dir_file($1_mplayer_t, $1_mozilla_tmp_t);

# FIXME: why does it need this?
dontaudit $1_mplayer_t $1_mozilla_home_t:file write;
allow $1_mplayer_t $1_mozilla_t:unix_stream_socket { read write };
')dnl end if mplayer.te  

if (allow_execmem) {
allow $1_mozilla_t self:process { execmem };
}
if (allow_execmod) {
allow $1_mozilla_t texrel_shlib_t:file execmod;
}
dbusd_client(system, $1_mozilla)

')dnl end mozilla macro