]> git.ipfire.org Git - people/stevee/selinux-policy.git/blame - policy/modules/apps/mozilla.te
projects / people / stevee / selinux-policy.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge nsplugin into mozilla_plugin domain
[people/stevee/selinux-policy.git] / policy / modules / apps / mozilla.te
CommitLineData
00528898 1policy_module(mozilla, 2.3.3)
9105f90b 2
00528898
MG		 3########################################
4#
5# Declarations
6#
7
8## <desc>
9## <p>
10## Allow confined web browsers to read home directory content
11## </p>
12## </desc>
13gen_tunable(mozilla_read_content, false)
14
15type mozilla_t;
16type mozilla_exec_t;
17typealias mozilla_t alias { user_mozilla_t staff_mozilla_t sysadm_mozilla_t };
18typealias mozilla_t alias { auditadm_mozilla_t secadm_mozilla_t };
19application_domain(mozilla_t, mozilla_exec_t)
20ubac_constrained(mozilla_t)
21
22type mozilla_conf_t;
23files_config_file(mozilla_conf_t)
24
25type mozilla_home_t;
1a725aa0 26typealias mozilla_home_t alias { user_mozilla_home_t staff_mozilla_home_t sysadm_mozilla_home_t nsplugin_home_t };
00528898
MG		 27typealias mozilla_home_t alias { auditadm_mozilla_home_t secadm_mozilla_home_t };
28files_poly_member(mozilla_home_t)
29userdom_user_home_content(mozilla_home_t)
30
31type mozilla_plugin_t;
32type mozilla_plugin_exec_t;
33application_domain(mozilla_plugin_t, mozilla_plugin_exec_t)
34role system_r types mozilla_plugin_t;
35
36type mozilla_plugin_tmp_t;
37userdom_user_tmp_content(mozilla_plugin_tmp_t)
38files_tmp_file(mozilla_plugin_tmp_t)
39ubac_constrained(mozilla_plugin_tmp_t)
40
41type mozilla_plugin_tmpfs_t;
42userdom_user_tmpfs_content(mozilla_plugin_tmpfs_t)
43files_tmpfs_file(mozilla_plugin_tmpfs_t)
44ubac_constrained(mozilla_plugin_tmpfs_t)
45
1a725aa0
DW		 46type mozilla_plugin_rw_t alias nsplugin_rw_t;
47files_type(mozilla_plugin_rw_t)
48
49type mozilla_plugin_config_t;
50type mozilla_plugin_config_exec_t;
51application_domain(mozilla_plugin_config_t, mozilla_plugin_config_exec_t)
52
00528898
MG		 53type mozilla_tmp_t;
54files_tmp_file(mozilla_tmp_t)
55ubac_constrained(mozilla_tmp_t)
56
57type mozilla_tmpfs_t;
58typealias mozilla_tmpfs_t alias { user_mozilla_tmpfs_t staff_mozilla_tmpfs_t sysadm_mozilla_tmpfs_t };
59typealias mozilla_tmpfs_t alias { auditadm_mozilla_tmpfs_t secadm_mozilla_tmpfs_t };
60files_tmpfs_file(mozilla_tmpfs_t)
61ubac_constrained(mozilla_tmpfs_t)
62
63########################################
64#
65# Local policy
66#
67
68allow mozilla_t self:capability { sys_nice setgid setuid };
69allow mozilla_t self:process { sigkill signal setsched getsched setrlimit };
70allow mozilla_t self:fifo_file rw_fifo_file_perms;
71allow mozilla_t self:shm { unix_read unix_write read write destroy create };
72allow mozilla_t self:sem create_sem_perms;
73allow mozilla_t self:socket create_socket_perms;
74allow mozilla_t self:unix_stream_socket { listen accept };
75# Browse the web, connect to printer
76allow mozilla_t self:tcp_socket create_socket_perms;
77allow mozilla_t self:netlink_route_socket r_netlink_socket_perms;
78
79# for bash - old mozilla binary
80can_exec(mozilla_t, mozilla_exec_t)
81
82# X access, Home files
83manage_dirs_pattern(mozilla_t, mozilla_home_t, mozilla_home_t)
84manage_files_pattern(mozilla_t, mozilla_home_t, mozilla_home_t)
85manage_lnk_files_pattern(mozilla_t, mozilla_home_t, mozilla_home_t)
86userdom_search_user_home_dirs(mozilla_t)
87userdom_user_home_dir_filetrans(mozilla_t, mozilla_home_t, dir)
88
89# Mozpluggerrc
90allow mozilla_t mozilla_conf_t:file read_file_perms;
91
92manage_files_pattern(mozilla_t, mozilla_tmp_t, mozilla_tmp_t)
93manage_dirs_pattern(mozilla_t, mozilla_tmp_t, mozilla_tmp_t)
94files_tmp_filetrans(mozilla_t, mozilla_tmp_t, { file dir })
95
96manage_files_pattern(mozilla_t, mozilla_tmpfs_t, mozilla_tmpfs_t)
97manage_lnk_files_pattern(mozilla_t, mozilla_tmpfs_t, mozilla_tmpfs_t)
98manage_fifo_files_pattern(mozilla_t, mozilla_tmpfs_t, mozilla_tmpfs_t)
99manage_sock_files_pattern(mozilla_t, mozilla_tmpfs_t, mozilla_tmpfs_t)
100fs_tmpfs_filetrans(mozilla_t, mozilla_tmpfs_t, { file lnk_file sock_file fifo_file })
101
102kernel_read_kernel_sysctls(mozilla_t)
103kernel_read_network_state(mozilla_t)
104# Access /proc, sysctl
105kernel_read_system_state(mozilla_t)
106kernel_read_net_sysctls(mozilla_t)
107
108# Look for plugins
109corecmd_list_bin(mozilla_t)
110# for bash - old mozilla binary
111corecmd_exec_shell(mozilla_t)
112corecmd_exec_bin(mozilla_t)
113
114# Browse the web, connect to printer
296273a7
CP		 115corenet_all_recvfrom_unlabeled(mozilla_t)
116corenet_all_recvfrom_netlabel(mozilla_t)
117corenet_tcp_sendrecv_generic_if(mozilla_t)
118corenet_raw_sendrecv_generic_if(mozilla_t)
c1262146
CP		 119corenet_tcp_sendrecv_generic_node(mozilla_t)
120corenet_raw_sendrecv_generic_node(mozilla_t)
296273a7
CP		 121corenet_tcp_sendrecv_http_port(mozilla_t)
122corenet_tcp_sendrecv_http_cache_port(mozilla_t)
3eaa9939
DW		 123corenet_tcp_sendrecv_squid_port(mozilla_t)
124corenet_tcp_connect_flash_port(mozilla_t)
296273a7 125corenet_tcp_sendrecv_ftp_port(mozilla_t)
e6b51a26 126corenet_tcp_connect_all_ephemeral_ports(mozilla_t)
296273a7
CP		 127corenet_tcp_sendrecv_ipp_port(mozilla_t)
128corenet_tcp_connect_http_port(mozilla_t)
129corenet_tcp_connect_http_cache_port(mozilla_t)
3eaa9939 130corenet_tcp_connect_squid_port(mozilla_t)
296273a7
CP		 131corenet_tcp_connect_ftp_port(mozilla_t)
132corenet_tcp_connect_ipp_port(mozilla_t)
133corenet_tcp_connect_generic_port(mozilla_t)
b77daab0 134corenet_tcp_connect_soundd_port(mozilla_t)
296273a7
CP		 135corenet_sendrecv_http_client_packets(mozilla_t)
136corenet_sendrecv_http_cache_client_packets(mozilla_t)
3eaa9939 137corenet_sendrecv_squid_client_packets(mozilla_t)
296273a7
CP		 138corenet_sendrecv_ftp_client_packets(mozilla_t)
139corenet_sendrecv_ipp_client_packets(mozilla_t)
140corenet_sendrecv_generic_client_packets(mozilla_t)
141# Should not need other ports
142corenet_dontaudit_tcp_sendrecv_generic_port(mozilla_t)
143corenet_dontaudit_tcp_bind_generic_port(mozilla_t)
06625d30 144corenet_tcp_connect_speech_port(mozilla_t)
296273a7
CP		 145
146dev_read_urand(mozilla_t)
147dev_read_rand(mozilla_t)
148dev_write_sound(mozilla_t)
149dev_read_sound(mozilla_t)
150dev_dontaudit_rw_dri(mozilla_t)
151dev_getattr_sysfs_dirs(mozilla_t)
152
b77daab0
CP		 153domain_dontaudit_read_all_domains_state(mozilla_t)
154
296273a7
CP		 155files_read_etc_runtime_files(mozilla_t)
156files_read_usr_files(mozilla_t)
157files_read_etc_files(mozilla_t)
158# /var/lib
159files_read_var_lib_files(mozilla_t)
160# interacting with gstreamer
161files_read_var_files(mozilla_t)
162files_read_var_symlinks(mozilla_t)
163files_dontaudit_getattr_boot_dirs(mozilla_t)
164
165fs_search_auto_mountpoints(mozilla_t)
166fs_list_inotifyfs(mozilla_t)
167fs_rw_tmpfs_files(mozilla_t)
168
169term_dontaudit_getattr_pty_dirs(mozilla_t)
170
b03af87d
DW		 171auth_use_nsswitch(mozilla_t)
172
296273a7
CP		 173logging_send_syslog_msg(mozilla_t)
174
175miscfiles_read_fonts(mozilla_t)
176miscfiles_read_localization(mozilla_t)
3c1e8ff6 177miscfiles_dontaudit_setattr_fonts_dirs(mozilla_t)
296273a7
CP		 178
179# Browse the web, connect to printer
180sysnet_dns_name_resolve(mozilla_t)
181
af2d8802 182userdom_use_inherited_user_ptys(mozilla_t)
296273a7
CP		 183
184xserver_user_x_domain_template(mozilla, mozilla_t, mozilla_tmpfs_t)
185xserver_dontaudit_read_xdm_tmp_files(mozilla_t)
186xserver_dontaudit_getattr_xdm_tmp_sockets(mozilla_t)
187
4a093096 188tunable_policy(`allow_execstack',`
189 allow mozilla_t self:process execstack;
190')
191
192tunable_policy(`deny_execmem',`',`
193 allow mozilla_t self:process execmem;
296273a7
CP		 194')
195
ed2ac112 196userdom_home_manager(mozilla_t)
296273a7
CP		 197
198# Uploads, local html
199tunable_policy(`mozilla_read_content && use_nfs_home_dirs',`
200 fs_list_auto_mountpoints(mozilla_t)
201 files_list_home(mozilla_t)
202 fs_read_nfs_files(mozilla_t)
203 fs_read_nfs_symlinks(mozilla_t)
204
205',`
206 files_dontaudit_list_home(mozilla_t)
207 fs_dontaudit_list_auto_mountpoints(mozilla_t)
208 fs_dontaudit_read_nfs_files(mozilla_t)
209 fs_dontaudit_list_nfs(mozilla_t)
210')
211
212tunable_policy(`mozilla_read_content && use_samba_home_dirs',`
213 fs_list_auto_mountpoints(mozilla_t)
214 files_list_home(mozilla_t)
215 fs_read_cifs_files(mozilla_t)
216 fs_read_cifs_symlinks(mozilla_t)
217',`
218 files_dontaudit_list_home(mozilla_t)
219 fs_dontaudit_list_auto_mountpoints(mozilla_t)
220 fs_dontaudit_read_cifs_files(mozilla_t)
221 fs_dontaudit_list_cifs(mozilla_t)
222')
223
224tunable_policy(`mozilla_read_content',`
225 userdom_list_user_tmp(mozilla_t)
226 userdom_read_user_tmp_files(mozilla_t)
227 userdom_read_user_tmp_symlinks(mozilla_t)
228 userdom_read_user_home_content_files(mozilla_t)
229 userdom_read_user_home_content_symlinks(mozilla_t)
230
b598c442 231 ifndef(`enable_mls',`
296273a7
CP		 232 fs_search_removable(mozilla_t)
233 fs_read_removable_files(mozilla_t)
234 fs_read_removable_symlinks(mozilla_t)
235 ')
236',`
237 files_dontaudit_list_tmp(mozilla_t)
238 files_dontaudit_list_home(mozilla_t)
239 fs_dontaudit_list_removable(mozilla_t)
240 fs_dontaudit_read_removable_files(mozilla_t)
241 userdom_dontaudit_list_user_tmp(mozilla_t)
242 userdom_dontaudit_read_user_tmp_files(mozilla_t)
243 userdom_dontaudit_list_user_home_dirs(mozilla_t)
244 userdom_dontaudit_read_user_home_content_files(mozilla_t)
245')
246
296273a7
CP		 247optional_policy(`
248 apache_read_user_scripts(mozilla_t)
249 apache_read_user_content(mozilla_t)
250')
251
252optional_policy(`
253 automount_dontaudit_getattr_tmp_dirs(mozilla_t)
254')
255
256optional_policy(`
257 cups_read_rw_config(mozilla_t)
258 cups_dbus_chat(mozilla_t)
259')
260
261optional_policy(`
262 dbus_system_bus_client(mozilla_t)
263 dbus_session_bus_client(mozilla_t)
b77daab0
CP		 264
265 optional_policy(`
266 networkmanager_dbus_chat(mozilla_t)
267 ')
296273a7
CP		 268')
269
270optional_policy(`
271 gnome_stream_connect_gconf(mozilla_t)
06625d30 272 gnome_manage_config(mozilla_t)
3eaa9939 273 gnome_manage_gconf_home_files(mozilla_t)
296273a7
CP		 274')
275
276optional_policy(`
277 java_domtrans(mozilla_t)
278')
279
280optional_policy(`
281 lpd_domtrans_lpr(mozilla_t)
282')
283
284optional_policy(`
285 mplayer_domtrans(mozilla_t)
286 mplayer_read_user_home_files(mozilla_t)
287')
288
3c1e8ff6
CP		 289optional_policy(`
290 pulseaudio_exec(mozilla_t)
291 pulseaudio_stream_connect(mozilla_t)
292 pulseaudio_manage_home_files(mozilla_t)
293')
294
296273a7
CP		 295optional_policy(`
296 thunderbird_domtrans(mozilla_t)
297')
3eaa9939
DW		 298
299########################################
300#
301# mozilla_plugin local policy
302#
e12b7e14 303
995bdbb1 304dontaudit mozilla_plugin_t self:capability sys_nice;
e12b7e14 305
f5b49a5e 306allow mozilla_plugin_t self:process { setsched signal_perms execmem };
4e6b3f6d 307allow mozilla_plugin_t self:netlink_route_socket r_netlink_socket_perms;
095debe0 308allow mozilla_plugin_t self:tcp_socket create_stream_socket_perms;
4e6b3f6d 309allow mozilla_plugin_t self:udp_socket create_socket_perms;
803cc59a 310allow mozilla_plugin_t self:netlink_kobject_uevent_socket create_socket_perms;
3eaa9939
DW		 311
312allow mozilla_plugin_t self:sem create_sem_perms;
313allow mozilla_plugin_t self:shm create_shm_perms;
314allow mozilla_plugin_t self:fifo_file manage_fifo_file_perms;
1021bec5 315allow mozilla_plugin_t self:unix_dgram_socket sendto;
3eaa9939
DW		 316allow mozilla_plugin_t self:unix_stream_socket { connectto create_stream_socket_perms };
317
7cfb9354 318can_exec(mozilla_plugin_t, mozilla_home_t)
4e6b3f6d 319read_files_pattern(mozilla_plugin_t, mozilla_home_t, mozilla_home_t)
3eaa9939 320
ef98a374
DW		 321manage_dirs_pattern(mozilla_plugin_t, mozilla_plugin_tmp_t, mozilla_plugin_tmp_t)
322manage_files_pattern(mozilla_plugin_t, mozilla_plugin_tmp_t, mozilla_plugin_tmp_t)
095debe0 323manage_fifo_files_pattern(mozilla_plugin_t, mozilla_plugin_tmp_t, mozilla_plugin_tmp_t)
1021bec5
DG		 324manage_sock_files_pattern(mozilla_plugin_t, mozilla_plugin_tmp_t, mozilla_plugin_tmp_t)
325files_tmp_filetrans(mozilla_plugin_t, mozilla_plugin_tmp_t, { dir file fifo_file sock_file })
326userdom_user_tmp_filetrans(mozilla_plugin_t, mozilla_plugin_tmp_t, { dir file fifo_file sock_file })
ddd1ccaa 327can_exec(mozilla_plugin_t, mozilla_plugin_tmp_t)
ef98a374 328
f5b49a5e
DW		 329manage_files_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t)
330manage_lnk_files_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t)
331manage_fifo_files_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t)
332manage_sock_files_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t)
333fs_tmpfs_filetrans(mozilla_plugin_t, mozilla_plugin_tmpfs_t, { file lnk_file sock_file fifo_file })
334
1a725aa0
DW		 335allow mozilla_plugin_t mozilla_plugin_rw_t:dir list_dir_perms;
336read_lnk_files_pattern(mozilla_plugin_t, mozilla_plugin_rw_t, mozilla_plugin_rw_t)
337read_files_pattern(mozilla_plugin_t, mozilla_plugin_rw_t, mozilla_plugin_rw_t)
338
0b8f4cfe
DW		 339can_exec(mozilla_plugin_t, mozilla_exec_t)
340
3eaa9939
DW		 341kernel_read_kernel_sysctls(mozilla_plugin_t)
342kernel_read_system_state(mozilla_plugin_t)
59650fa8 343kernel_read_network_state(mozilla_plugin_t)
3eaa9939
DW		 344kernel_request_load_module(mozilla_plugin_t)
345
346corecmd_exec_bin(mozilla_plugin_t)
347corecmd_exec_shell(mozilla_plugin_t)
348
2ad0c1a6 349corenet_tcp_connect_generic_port(mozilla_plugin_t)
b45aaab9
DW		 350corenet_tcp_connect_flash_port(mozilla_plugin_t)
351corenet_tcp_connect_streaming_port(mozilla_plugin_t)
352corenet_tcp_connect_pulseaudio_port(mozilla_plugin_t)
353corenet_tcp_connect_http_port(mozilla_plugin_t)
354corenet_tcp_connect_http_cache_port(mozilla_plugin_t)
355corenet_tcp_connect_squid_port(mozilla_plugin_t)
356corenet_tcp_connect_ipp_port(mozilla_plugin_t)
61beb367 357corenet_tcp_connect_mmcc_port(mozilla_plugin_t)
b45aaab9 358corenet_tcp_connect_speech_port(mozilla_plugin_t)
1af3b1e8 359corenet_tcp_connect_streaming_port(mozilla_plugin_t)
cd98bfa7
MG		 360corenet_tcp_connect_ftp_port(mozilla_plugin_t)
361corenet_tcp_connect_all_ephemeral_ports(mozilla_plugin_t)
6cbe7690
MG		 362corenet_tcp_bind_generic_node(mozilla_plugin_t)
363corenet_udp_bind_generic_node(mozilla_plugin_t)
b45aaab9 364
095debe0 365dev_read_rand(mozilla_plugin_t)
3eaa9939 366dev_read_urand(mozilla_plugin_t)
f5b49a5e 367dev_read_video_dev(mozilla_plugin_t)
b45aaab9 368dev_write_video_dev(mozilla_plugin_t)
f5b49a5e 369dev_read_sysfs(mozilla_plugin_t)
0b8f4cfe
DW		 370dev_read_sound(mozilla_plugin_t)
371dev_write_sound(mozilla_plugin_t)
61beb367
MG		 372# for nvidia driver
373dev_rw_xserver_misc(mozilla_plugin_t)
4e6b3f6d 374dev_dontaudit_rw_dri(mozilla_plugin_t)
3eaa9939
DW		 375
376domain_use_interactive_fds(mozilla_plugin_t)
377domain_dontaudit_read_all_domains_state(mozilla_plugin_t)
378
379files_read_config_files(mozilla_plugin_t)
380files_read_usr_files(mozilla_plugin_t)
095debe0 381files_list_mnt(mozilla_plugin_t)
3eaa9939 382
e160b2c6 383fs_getattr_all_fs(mozilla_plugin_t)
b598c442 384fs_list_dos(mozilla_plugin_t)
095debe0 385fs_read_dos_files(mozilla_plugin_t)
ef98a374 386
751ec039
DW		 387application_dontaudit_signull(mozilla_plugin_t)
388
9ba3eded
MG		 389auth_use_nsswitch(mozilla_plugin_t)
390
6cbe7690
MG		 391logging_send_syslog_msg(mozilla_plugin_t)
392
3eaa9939 393miscfiles_read_localization(mozilla_plugin_t)
f5b49a5e 394miscfiles_read_fonts(mozilla_plugin_t)
81ac3780 395miscfiles_read_generic_certs(mozilla_plugin_t)
d889c6bb 396miscfiles_dontaudit_setattr_fonts_dirs(mozilla_plugin_t)
b9af7893 397miscfiles_dontaudit_setattr_fonts_cache_dirs(mozilla_plugin_t)
3eaa9939 398
79bff2bb
DW		 399sysnet_dns_name_resolve(mozilla_plugin_t)
400
3eaa9939
DW		 401term_getattr_all_ttys(mozilla_plugin_t)
402term_getattr_all_ptys(mozilla_plugin_t)
403
ef98a374 404userdom_rw_user_tmpfs_files(mozilla_plugin_t)
5212892e 405userdom_delete_user_tmpfs_files(mozilla_plugin_t)
57ce3836 406userdom_dontaudit_use_user_terminals(mozilla_plugin_t)
ddd1ccaa 407userdom_manage_user_tmp_sockets(mozilla_plugin_t)
d1c6ba20 408userdom_manage_user_tmp_dirs(mozilla_plugin_t)
4e6b3f6d
DW		 409userdom_read_user_tmp_files(mozilla_plugin_t)
410userdom_read_user_tmp_symlinks(mozilla_plugin_t)
e3b5785f
MG		 411userdom_stream_connect(mozilla_plugin_t)
412userdom_dontaudit_rw_user_tmp_pipes(mozilla_plugin_t)
413
5212892e 414userdom_read_user_home_content_files(mozilla_plugin_t)
4e6b3f6d 415userdom_read_user_home_content_symlinks(mozilla_plugin_t)
da61030d 416userdom_read_home_certs(mozilla_plugin_t)
f06e4c22 417userdom_dontaudit_write_home_certs(mozilla_plugin_t)
c83e3b91 418userdom_read_home_audio_files(mozilla_plugin_t)
f5b49a5e 419
4a093096 420tunable_policy(`deny_execmem',`', `
421 allow mozilla_plugin_t self:process execmem;
d79b5476
DW		 422')
423
424tunable_policy(`allow_execstack',`
4a093096 425 allow mozilla_plugin_t self:process execstack;
d79b5476
DW		 426')
427
ed2ac112 428userdom_home_manager(mozilla_plugin_t)
0b8f4cfe 429
f5b49a5e 430optional_policy(`
b598c442
CP		 431 alsa_read_rw_config(mozilla_plugin_t)
432 alsa_read_home_files(mozilla_plugin_t)
1021bec5
DG		 433')
434
435optional_policy(`
6cbe7690 436 dbus_system_bus_client(mozilla_plugin_t)
4e6b3f6d 437 dbus_session_bus_client(mozilla_plugin_t)
f5b49a5e
DW		 438 dbus_read_lib_files(mozilla_plugin_t)
439')
6cbe7690
MG		 440
441optional_policy(`
e3b5785f 442 git_dontaudit_read_session_content_files(mozilla_plugin_t)
6cbe7690 443')
f5b49a5e 444
e3b5785f 445
f5b49a5e 446optional_policy(`
79bff2bb 447 gnome_manage_config(mozilla_plugin_t)
e9b18e23 448 gnome_read_usr_config(mozilla_plugin_t)
f5b49a5e 449')
ef98a374 450
095debe0
DW		 451optional_policy(`
452 java_exec(mozilla_plugin_t)
453')
454
67f46f2d
DW		 455optional_policy(`
456 mplayer_exec(mozilla_plugin_t)
457 mplayer_read_user_home_files(mozilla_plugin_t)
458')
459
f5b49a5e 460optional_policy(`
b45aaab9
DW		 461 pulseaudio_exec(mozilla_plugin_t)
462 pulseaudio_stream_connect(mozilla_plugin_t)
79bff2bb 463 pulseaudio_setattr_home_dir(mozilla_plugin_t)
b45aaab9 464 pulseaudio_manage_home_files(mozilla_plugin_t)
1021bec5 465 pulseaudio_manage_home_symlinks(mozilla_plugin_t)
3eaa9939
DW		 466')
467
c7abc020
MG		 468optional_policy(`
469 pcscd_stream_connect(mozilla_plugin_t)
470')
471
1021bec5
DG		 472optional_policy(`
473 rtkit_scheduled(mozilla_plugin_t)
474')
475
476optional_policy(`
477 udev_read_db(mozilla_plugin_t)
478')
479
3eaa9939
DW		 480optional_policy(`
481 xserver_read_xdm_pid(mozilla_plugin_t)
482 xserver_stream_connect(mozilla_plugin_t)
0b8f4cfe 483 xserver_use_user_fonts(mozilla_plugin_t)
ddd1ccaa 484 xserver_read_user_iceauth(mozilla_plugin_t)
97ec2391 485 xserver_read_user_xauth(mozilla_plugin_t)
9c306697 486 xserver_append_xdm_home_files(mozilla_plugin_t);
3eaa9939 487')
36da87c2 488
1a725aa0
DW		 489########################################
490#
491# mozilla_plugin_config local policy
492#
493
494allow mozilla_plugin_config_t self:capability { dac_override dac_read_search sys_nice setuid setgid };
495allow mozilla_plugin_config_t self:process { setsched signal_perms getsched execmem };
496
497allow mozilla_plugin_config_t self:fifo_file rw_file_perms;
498allow mozilla_plugin_config_t self:unix_stream_socket create_stream_socket_perms;
499
500manage_files_pattern(mozilla_plugin_config_t, mozilla_home_t, mozilla_home_t)
501
502dev_search_sysfs(mozilla_plugin_config_t)
503dev_read_urand(mozilla_plugin_config_t)
504dev_dontaudit_read_rand(mozilla_plugin_config_t)
505dev_dontaudit_rw_dri(mozilla_plugin_config_t)
506
507fs_search_auto_mountpoints(mozilla_plugin_config_t)
508fs_list_inotifyfs(mozilla_plugin_config_t)
509
510can_exec(mozilla_plugin_config_t, mozilla_plugin_rw_t)
511manage_dirs_pattern(mozilla_plugin_config_t, mozilla_plugin_rw_t, mozilla_plugin_rw_t)
512manage_files_pattern(mozilla_plugin_config_t, mozilla_plugin_rw_t, mozilla_plugin_rw_t)
513manage_lnk_files_pattern(mozilla_plugin_config_t, mozilla_plugin_rw_t, mozilla_plugin_rw_t)
514
515manage_dirs_pattern(mozilla_plugin_config_t, mozilla_plugin_home_t, mozilla_plugin_home_t)
516manage_files_pattern(mozilla_plugin_config_t, mozilla_plugin_home_t, mozilla_plugin_home_t)
517manage_lnk_files_pattern(mozilla_plugin_config_t, mozilla_plugin_home_t, mozilla_plugin_home_t)
518
519corecmd_exec_bin(mozilla_plugin_config_t)
520corecmd_exec_shell(mozilla_plugin_config_t)
521
522kernel_read_system_state(mozilla_plugin_config_t)
523kernel_request_load_module(mozilla_plugin_config_t)
524
525domain_use_interactive_fds(mozilla_plugin_config_t)
526
527files_read_etc_files(mozilla_plugin_config_t)
528files_read_usr_files(mozilla_plugin_config_t)
529files_dontaudit_search_home(mozilla_plugin_config_t)
530files_list_tmp(mozilla_plugin_config_t)
531
532auth_use_nsswitch(mozilla_plugin_config_t)
533
534miscfiles_read_localization(mozilla_plugin_config_t)
535miscfiles_read_fonts(mozilla_plugin_config_t)
536
537userdom_search_user_home_content(mozilla_plugin_config_t)
538userdom_read_user_home_content_symlinks(mozilla_plugin_config_t)
539userdom_read_user_home_content_files(mozilla_plugin_config_t)
540userdom_dontaudit_search_admin_dir(mozilla_plugin_config_t)
541
542domtrans_pattern(mozilla_plugin_config_t, mozilla_plugin_exec_t, mozilla_plugin_t)
543
544optional_policy(`
545 xserver_use_user_fonts(mozilla_plugin_config_t)
546')
The IPFire selinux policy.