separate out the nsplugin typealiases in mozilla.te

[people/stevee/selinux-policy.git] / policy / modules / apps / mozilla.te

diff --git a/policy/modules/apps/mozilla.te b/policy/modules/apps/mozilla.te
index 344f2e479d7ca213b97c1ac5909498d9fef9e41f..04159deebc883d4397b5536017ba492e751df282 100644 (file)
--- a/policy/modules/apps/mozilla.te
+++ b/policy/modules/apps/mozilla.te
@@ -23,7 +23,7 @@ type mozilla_conf_t;
 files_config_file(mozilla_conf_t)
 
 type mozilla_home_t;
-typealias mozilla_home_t alias { user_mozilla_home_t staff_mozilla_home_t sysadm_mozilla_home_t nsplugin_home_t };
+typealias mozilla_home_t alias { user_mozilla_home_t staff_mozilla_home_t sysadm_mozilla_home_t };
 typealias mozilla_home_t alias { auditadm_mozilla_home_t secadm_mozilla_home_t };
 files_poly_member(mozilla_home_t)
 userdom_user_home_content(mozilla_home_t)
@@ -43,7 +43,7 @@ userdom_user_tmpfs_content(mozilla_plugin_tmpfs_t)
 files_tmpfs_file(mozilla_plugin_tmpfs_t)
 ubac_constrained(mozilla_plugin_tmpfs_t)
 
-type mozilla_plugin_rw_t alias nsplugin_rw_t;
+type mozilla_plugin_rw_t;
 files_type(mozilla_plugin_rw_t)
 
 type mozilla_plugin_config_t;
@@ -316,7 +316,9 @@ allow mozilla_plugin_t self:unix_dgram_socket sendto;
 allow mozilla_plugin_t self:unix_stream_socket { connectto create_stream_socket_perms };
 
 can_exec(mozilla_plugin_t, mozilla_home_t)
-read_files_pattern(mozilla_plugin_t, mozilla_home_t, mozilla_home_t)
+manage_dirs_pattern(mozilla_plugin_t, mozilla_home_t, mozilla_home_t)
+manage_files_pattern(mozilla_plugin_t, mozilla_home_t, mozilla_home_t)
+manage_lnk_files_pattern(mozilla_plugin_t, mozilla_home_t, mozilla_home_t)
 
 manage_dirs_pattern(mozilla_plugin_t, mozilla_plugin_tmp_t, mozilla_plugin_tmp_t)
 manage_files_pattern(mozilla_plugin_t, mozilla_plugin_tmp_t, mozilla_plugin_tmp_t)
@@ -497,8 +499,6 @@ allow mozilla_plugin_config_t self:process { setsched signal_perms getsched exec
 allow mozilla_plugin_config_t self:fifo_file rw_file_perms;
 allow mozilla_plugin_config_t self:unix_stream_socket create_stream_socket_perms;
 
-manage_files_pattern(mozilla_plugin_config_t, mozilla_home_t, mozilla_home_t)
-
 dev_search_sysfs(mozilla_plugin_config_t)
 dev_read_urand(mozilla_plugin_config_t)
 dev_dontaudit_read_rand(mozilla_plugin_config_t)
@@ -538,9 +538,19 @@ userdom_search_user_home_content(mozilla_plugin_config_t)
 userdom_read_user_home_content_symlinks(mozilla_plugin_config_t)
 userdom_read_user_home_content_files(mozilla_plugin_config_t)
 userdom_dontaudit_search_admin_dir(mozilla_plugin_config_t)
+userdom_use_inherited_user_ptys(mozilla_plugin_config_t)
 
 domtrans_pattern(mozilla_plugin_config_t, mozilla_plugin_exec_t, mozilla_plugin_t)
 
 optional_policy(`
        xserver_use_user_fonts(mozilla_plugin_config_t)
 ')
+ifdef(`distro_redhat',`
+       typealias mozilla_plugin_t  alias nsplugin_t;
+       typealias mozilla_plugin_exec_t  alias nsplugin_exec_t;
+       typealias mozilla_plugin_rw_t alias nsplugin_rw_t;
+       typealias mozilla_plugin_tmp_t  alias nsplugin_tmp_t;
+       typealias mozilla_home_t alias nsplugin_home_t;
+       typealias mozilla_plugin_config_t  alias nsplugin_config_t;
+       typealias mozilla_plugin_config_exec_t  alias nsplugin_config_exec_t;
+')