[people/stevee/selinux-policy.git] / policy / modules / apps / mozilla.te

policy_module(mozilla, 2.3.3)

########################################
#
# Declarations
#

## <desc>
## <p>
## Allow confined web browsers to read home directory content
## </p>
## </desc>
gen_tunable(mozilla_read_content, false)

type mozilla_t;
type mozilla_exec_t;
typealias mozilla_t alias { user_mozilla_t staff_mozilla_t sysadm_mozilla_t };
typealias mozilla_t alias { auditadm_mozilla_t secadm_mozilla_t };
application_domain(mozilla_t, mozilla_exec_t)
ubac_constrained(mozilla_t)

type mozilla_conf_t;
files_config_file(mozilla_conf_t)

type mozilla_home_t;
typealias mozilla_home_t alias { user_mozilla_home_t staff_mozilla_home_t sysadm_mozilla_home_t };
typealias mozilla_home_t alias { auditadm_mozilla_home_t secadm_mozilla_home_t };
files_poly_member(mozilla_home_t)
userdom_user_home_content(mozilla_home_t)

type mozilla_plugin_t;
type mozilla_plugin_exec_t;
application_domain(mozilla_plugin_t, mozilla_plugin_exec_t)
role system_r types mozilla_plugin_t;

type mozilla_plugin_tmp_t;
userdom_user_tmp_content(mozilla_plugin_tmp_t)
files_tmp_file(mozilla_plugin_tmp_t)
ubac_constrained(mozilla_plugin_tmp_t)

type mozilla_plugin_tmpfs_t;
userdom_user_tmpfs_content(mozilla_plugin_tmpfs_t)
files_tmpfs_file(mozilla_plugin_tmpfs_t)
ubac_constrained(mozilla_plugin_tmpfs_t)

type mozilla_tmp_t;
files_tmp_file(mozilla_tmp_t)
ubac_constrained(mozilla_tmp_t)

type mozilla_tmpfs_t;
typealias mozilla_tmpfs_t alias { user_mozilla_tmpfs_t staff_mozilla_tmpfs_t sysadm_mozilla_tmpfs_t };
typealias mozilla_tmpfs_t alias { auditadm_mozilla_tmpfs_t secadm_mozilla_tmpfs_t };
files_tmpfs_file(mozilla_tmpfs_t)
ubac_constrained(mozilla_tmpfs_t)

########################################
#
# Local policy
#

allow mozilla_t self:capability { sys_nice setgid setuid };
allow mozilla_t self:process { sigkill signal setsched getsched setrlimit };
allow mozilla_t self:fifo_file rw_fifo_file_perms;
allow mozilla_t self:shm { unix_read unix_write read write destroy create };
allow mozilla_t self:sem create_sem_perms;
allow mozilla_t self:socket create_socket_perms;
allow mozilla_t self:unix_stream_socket { listen accept };
# Browse the web, connect to printer
allow mozilla_t self:tcp_socket create_socket_perms;
allow mozilla_t self:netlink_route_socket r_netlink_socket_perms;

# for bash - old mozilla binary
can_exec(mozilla_t, mozilla_exec_t)

# X access, Home files
manage_dirs_pattern(mozilla_t, mozilla_home_t, mozilla_home_t)
manage_files_pattern(mozilla_t, mozilla_home_t, mozilla_home_t)
manage_lnk_files_pattern(mozilla_t, mozilla_home_t, mozilla_home_t)
userdom_search_user_home_dirs(mozilla_t)
userdom_user_home_dir_filetrans(mozilla_t, mozilla_home_t, dir)

# Mozpluggerrc
allow mozilla_t mozilla_conf_t:file read_file_perms;

manage_files_pattern(mozilla_t, mozilla_tmp_t, mozilla_tmp_t)
manage_dirs_pattern(mozilla_t, mozilla_tmp_t, mozilla_tmp_t)
files_tmp_filetrans(mozilla_t, mozilla_tmp_t, { file dir })

manage_files_pattern(mozilla_t, mozilla_tmpfs_t, mozilla_tmpfs_t)
manage_lnk_files_pattern(mozilla_t, mozilla_tmpfs_t, mozilla_tmpfs_t)
manage_fifo_files_pattern(mozilla_t, mozilla_tmpfs_t, mozilla_tmpfs_t)
manage_sock_files_pattern(mozilla_t, mozilla_tmpfs_t, mozilla_tmpfs_t)
fs_tmpfs_filetrans(mozilla_t, mozilla_tmpfs_t, { file lnk_file sock_file fifo_file })

kernel_read_kernel_sysctls(mozilla_t)
kernel_read_network_state(mozilla_t)
# Access /proc, sysctl
kernel_read_system_state(mozilla_t)
kernel_read_net_sysctls(mozilla_t)

# Look for plugins
corecmd_list_bin(mozilla_t)
# for bash - old mozilla binary
corecmd_exec_shell(mozilla_t)
corecmd_exec_bin(mozilla_t)

# Browse the web, connect to printer
corenet_all_recvfrom_unlabeled(mozilla_t)
corenet_all_recvfrom_netlabel(mozilla_t)
corenet_tcp_sendrecv_generic_if(mozilla_t)
corenet_raw_sendrecv_generic_if(mozilla_t)
corenet_tcp_sendrecv_generic_node(mozilla_t)
corenet_raw_sendrecv_generic_node(mozilla_t)
corenet_tcp_sendrecv_http_port(mozilla_t)
corenet_tcp_sendrecv_http_cache_port(mozilla_t)
corenet_tcp_sendrecv_squid_port(mozilla_t)
corenet_tcp_connect_flash_port(mozilla_t)
corenet_tcp_sendrecv_ftp_port(mozilla_t)
corenet_tcp_connect_all_ephemeral_ports(mozilla_t)
corenet_tcp_sendrecv_ipp_port(mozilla_t)
corenet_tcp_connect_http_port(mozilla_t)
corenet_tcp_connect_http_cache_port(mozilla_t)
corenet_tcp_connect_squid_port(mozilla_t)
corenet_tcp_connect_ftp_port(mozilla_t)
corenet_tcp_connect_ipp_port(mozilla_t)
corenet_tcp_connect_generic_port(mozilla_t)
corenet_tcp_connect_soundd_port(mozilla_t)
corenet_sendrecv_http_client_packets(mozilla_t)
corenet_sendrecv_http_cache_client_packets(mozilla_t)
corenet_sendrecv_squid_client_packets(mozilla_t)
corenet_sendrecv_ftp_client_packets(mozilla_t)
corenet_sendrecv_ipp_client_packets(mozilla_t)
corenet_sendrecv_generic_client_packets(mozilla_t)
# Should not need other ports
corenet_dontaudit_tcp_sendrecv_generic_port(mozilla_t)
corenet_dontaudit_tcp_bind_generic_port(mozilla_t)
corenet_tcp_connect_speech_port(mozilla_t)

dev_read_urand(mozilla_t)
dev_read_rand(mozilla_t)
dev_write_sound(mozilla_t)
dev_read_sound(mozilla_t)
dev_dontaudit_rw_dri(mozilla_t)
dev_getattr_sysfs_dirs(mozilla_t)

domain_dontaudit_read_all_domains_state(mozilla_t)

files_read_etc_runtime_files(mozilla_t)
files_read_usr_files(mozilla_t)
files_read_etc_files(mozilla_t)
# /var/lib
files_read_var_lib_files(mozilla_t)
# interacting with gstreamer
files_read_var_files(mozilla_t)
files_read_var_symlinks(mozilla_t)
files_dontaudit_getattr_boot_dirs(mozilla_t)

fs_search_auto_mountpoints(mozilla_t)
fs_list_inotifyfs(mozilla_t)
fs_rw_tmpfs_files(mozilla_t)

term_dontaudit_getattr_pty_dirs(mozilla_t)

auth_use_nsswitch(mozilla_t)

logging_send_syslog_msg(mozilla_t)

miscfiles_read_fonts(mozilla_t)
miscfiles_read_localization(mozilla_t)
miscfiles_dontaudit_setattr_fonts_dirs(mozilla_t)

# Browse the web, connect to printer
sysnet_dns_name_resolve(mozilla_t)

userdom_use_inherited_user_ptys(mozilla_t)

xserver_user_x_domain_template(mozilla, mozilla_t, mozilla_tmpfs_t)
xserver_dontaudit_read_xdm_tmp_files(mozilla_t)
xserver_dontaudit_getattr_xdm_tmp_sockets(mozilla_t)

tunable_policy(`allow_execmem',`
	allow mozilla_t self:process { execmem execstack };
')

tunable_policy(`use_nfs_home_dirs',`
	fs_manage_nfs_dirs(mozilla_t)
	fs_manage_nfs_files(mozilla_t)
	fs_manage_nfs_symlinks(mozilla_t)
')

tunable_policy(`use_samba_home_dirs',`
	fs_manage_cifs_dirs(mozilla_t)
	fs_manage_cifs_files(mozilla_t)
	fs_manage_cifs_symlinks(mozilla_t)
')

# Uploads, local html
tunable_policy(`mozilla_read_content && use_nfs_home_dirs',`
	fs_list_auto_mountpoints(mozilla_t)
	files_list_home(mozilla_t)
	fs_read_nfs_files(mozilla_t)
	fs_read_nfs_symlinks(mozilla_t)

',`
	files_dontaudit_list_home(mozilla_t)
	fs_dontaudit_list_auto_mountpoints(mozilla_t)
	fs_dontaudit_read_nfs_files(mozilla_t)
	fs_dontaudit_list_nfs(mozilla_t)
')

tunable_policy(`mozilla_read_content && use_samba_home_dirs',`
	fs_list_auto_mountpoints(mozilla_t)
	files_list_home(mozilla_t)
	fs_read_cifs_files(mozilla_t)
	fs_read_cifs_symlinks(mozilla_t)
',`
	files_dontaudit_list_home(mozilla_t)
	fs_dontaudit_list_auto_mountpoints(mozilla_t)
	fs_dontaudit_read_cifs_files(mozilla_t)
	fs_dontaudit_list_cifs(mozilla_t)
')

tunable_policy(`mozilla_read_content',`
	userdom_list_user_tmp(mozilla_t)
	userdom_read_user_tmp_files(mozilla_t)
	userdom_read_user_tmp_symlinks(mozilla_t)
	userdom_read_user_home_content_files(mozilla_t)
	userdom_read_user_home_content_symlinks(mozilla_t)

	ifndef(`enable_mls',`
		fs_search_removable(mozilla_t)
		fs_read_removable_files(mozilla_t)
		fs_read_removable_symlinks(mozilla_t)
	')
',`
	files_dontaudit_list_tmp(mozilla_t)
	files_dontaudit_list_home(mozilla_t)
	fs_dontaudit_list_removable(mozilla_t)
	fs_dontaudit_read_removable_files(mozilla_t)
	userdom_dontaudit_list_user_tmp(mozilla_t)
	userdom_dontaudit_read_user_tmp_files(mozilla_t)
	userdom_dontaudit_list_user_home_dirs(mozilla_t)
	userdom_dontaudit_read_user_home_content_files(mozilla_t)
')

optional_policy(`
	apache_read_user_scripts(mozilla_t)
	apache_read_user_content(mozilla_t)
')

optional_policy(`
	automount_dontaudit_getattr_tmp_dirs(mozilla_t)
')

optional_policy(`
	cups_read_rw_config(mozilla_t)
	cups_dbus_chat(mozilla_t)
')

optional_policy(`
	dbus_system_bus_client(mozilla_t)
	dbus_session_bus_client(mozilla_t)

	optional_policy(`
		networkmanager_dbus_chat(mozilla_t)
	')
')

optional_policy(`
	gnome_stream_connect_gconf(mozilla_t)
	gnome_manage_config(mozilla_t)
	gnome_manage_gconf_home_files(mozilla_t)
')

optional_policy(`
	java_domtrans(mozilla_t)
')

optional_policy(`
	lpd_domtrans_lpr(mozilla_t)
')

optional_policy(`
	mplayer_domtrans(mozilla_t)
	mplayer_read_user_home_files(mozilla_t)
')

optional_policy(`
	nsplugin_manage_rw(mozilla_t)
	nsplugin_manage_home_files(mozilla_t)
')

optional_policy(`
	pulseaudio_exec(mozilla_t)
	pulseaudio_stream_connect(mozilla_t)
	pulseaudio_manage_home_files(mozilla_t)
')

optional_policy(`
	thunderbird_domtrans(mozilla_t)
')

########################################
#
# mozilla_plugin local policy
#

dontaudit mozilla_plugin_t self:capability sys_nice;

allow mozilla_plugin_t self:process { setsched signal_perms execmem };
allow mozilla_plugin_t self:netlink_route_socket r_netlink_socket_perms;
allow mozilla_plugin_t self:tcp_socket create_stream_socket_perms;
allow mozilla_plugin_t self:udp_socket create_socket_perms;
allow mozilla_plugin_t self:netlink_kobject_uevent_socket create_socket_perms;

allow mozilla_plugin_t self:sem create_sem_perms;
allow mozilla_plugin_t self:shm create_shm_perms;
allow mozilla_plugin_t self:fifo_file manage_fifo_file_perms;
allow mozilla_plugin_t self:unix_dgram_socket sendto;
allow mozilla_plugin_t self:unix_stream_socket { connectto create_stream_socket_perms };

can_exec(mozilla_plugin_t, mozilla_home_t)
read_files_pattern(mozilla_plugin_t, mozilla_home_t, mozilla_home_t)

manage_dirs_pattern(mozilla_plugin_t, mozilla_plugin_tmp_t, mozilla_plugin_tmp_t)
manage_files_pattern(mozilla_plugin_t, mozilla_plugin_tmp_t, mozilla_plugin_tmp_t)
manage_fifo_files_pattern(mozilla_plugin_t, mozilla_plugin_tmp_t, mozilla_plugin_tmp_t)
manage_sock_files_pattern(mozilla_plugin_t, mozilla_plugin_tmp_t, mozilla_plugin_tmp_t)
files_tmp_filetrans(mozilla_plugin_t, mozilla_plugin_tmp_t, { dir file fifo_file sock_file })
userdom_user_tmp_filetrans(mozilla_plugin_t, mozilla_plugin_tmp_t, { dir file fifo_file sock_file })
can_exec(mozilla_plugin_t, mozilla_plugin_tmp_t)

manage_files_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t)
manage_lnk_files_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t)
manage_fifo_files_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t)
manage_sock_files_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t)
fs_tmpfs_filetrans(mozilla_plugin_t, mozilla_plugin_tmpfs_t, { file lnk_file sock_file fifo_file })

can_exec(mozilla_plugin_t, mozilla_exec_t)

kernel_read_kernel_sysctls(mozilla_plugin_t)
kernel_read_system_state(mozilla_plugin_t)
kernel_read_network_state(mozilla_plugin_t)
kernel_request_load_module(mozilla_plugin_t)

corecmd_exec_bin(mozilla_plugin_t)
corecmd_exec_shell(mozilla_plugin_t)

corenet_tcp_connect_generic_port(mozilla_plugin_t)
corenet_tcp_connect_flash_port(mozilla_plugin_t)
corenet_tcp_connect_streaming_port(mozilla_plugin_t)
corenet_tcp_connect_pulseaudio_port(mozilla_plugin_t)
corenet_tcp_connect_http_port(mozilla_plugin_t)
corenet_tcp_connect_http_cache_port(mozilla_plugin_t)
corenet_tcp_connect_squid_port(mozilla_plugin_t)
corenet_tcp_connect_ipp_port(mozilla_plugin_t)
corenet_tcp_connect_mmcc_port(mozilla_plugin_t)
corenet_tcp_connect_speech_port(mozilla_plugin_t)
corenet_tcp_connect_streaming_port(mozilla_plugin_t)
corenet_tcp_bind_generic_node(mozilla_plugin_t)
corenet_udp_bind_generic_node(mozilla_plugin_t)

dev_read_rand(mozilla_plugin_t)
dev_read_urand(mozilla_plugin_t)
dev_read_video_dev(mozilla_plugin_t)
dev_write_video_dev(mozilla_plugin_t)
dev_read_sysfs(mozilla_plugin_t)
dev_read_sound(mozilla_plugin_t)
dev_write_sound(mozilla_plugin_t)
# for nvidia driver
dev_rw_xserver_misc(mozilla_plugin_t)
dev_dontaudit_rw_dri(mozilla_plugin_t)

domain_use_interactive_fds(mozilla_plugin_t)
domain_dontaudit_read_all_domains_state(mozilla_plugin_t)

files_read_config_files(mozilla_plugin_t)
files_read_usr_files(mozilla_plugin_t)
files_list_mnt(mozilla_plugin_t)

fs_getattr_all_fs(mozilla_plugin_t)
fs_list_dos(mozilla_plugin_t)
fs_read_dos_files(mozilla_plugin_t)

application_dontaudit_signull(mozilla_plugin_t)

auth_use_nsswitch(mozilla_plugin_t)

logging_send_syslog_msg(mozilla_plugin_t)

miscfiles_read_localization(mozilla_plugin_t)
miscfiles_read_fonts(mozilla_plugin_t)
miscfiles_read_generic_certs(mozilla_plugin_t)
miscfiles_dontaudit_setattr_fonts_dirs(mozilla_plugin_t)
miscfiles_dontaudit_setattr_fonts_cache_dirs(mozilla_plugin_t)

sysnet_dns_name_resolve(mozilla_plugin_t)

term_getattr_all_ttys(mozilla_plugin_t)
term_getattr_all_ptys(mozilla_plugin_t)

userdom_rw_user_tmpfs_files(mozilla_plugin_t)
userdom_delete_user_tmpfs_files(mozilla_plugin_t)
userdom_dontaudit_use_user_terminals(mozilla_plugin_t)
userdom_manage_user_tmp_sockets(mozilla_plugin_t)
userdom_manage_user_tmp_dirs(mozilla_plugin_t)
userdom_read_user_tmp_files(mozilla_plugin_t)
userdom_read_user_tmp_symlinks(mozilla_plugin_t)
userdom_stream_connect(mozilla_plugin_t)
userdom_dontaudit_rw_user_tmp_pipes(mozilla_plugin_t)

userdom_read_user_home_content_files(mozilla_plugin_t)
userdom_read_user_home_content_symlinks(mozilla_plugin_t)
userdom_read_home_certs(mozilla_plugin_t)
userdom_dontaudit_write_home_certs(mozilla_plugin_t)

tunable_policy(`allow_execmem',`
	allow mozilla_plugin_t self:process { execmem execstack };
')

tunable_policy(`allow_execstack',`
	allow mozilla_plugin_t self:process { execstack };
')

tunable_policy(`use_nfs_home_dirs',`
	fs_manage_nfs_dirs(mozilla_plugin_t)
	fs_manage_nfs_files(mozilla_plugin_t)
	fs_manage_nfs_symlinks(mozilla_plugin_t)
')

tunable_policy(`use_samba_home_dirs',`
	fs_manage_cifs_dirs(mozilla_plugin_t)
	fs_manage_cifs_files(mozilla_plugin_t)
	fs_manage_cifs_symlinks(mozilla_plugin_t)
')

optional_policy(`
	alsa_read_rw_config(mozilla_plugin_t)
	alsa_read_home_files(mozilla_plugin_t)
')

optional_policy(`
	dbus_system_bus_client(mozilla_plugin_t)
	dbus_session_bus_client(mozilla_plugin_t)
	dbus_read_lib_files(mozilla_plugin_t)
')

optional_policy(`
    git_dontaudit_read_session_content_files(mozilla_plugin_t)
')


optional_policy(`
	gnome_manage_config(mozilla_plugin_t)
	gnome_read_usr_config(mozilla_plugin_t)
')

optional_policy(`
	java_exec(mozilla_plugin_t)
')

optional_policy(`
	mplayer_exec(mozilla_plugin_t)
	mplayer_read_user_home_files(mozilla_plugin_t)
')

optional_policy(`
	nsplugin_domtrans(mozilla_plugin_t)
	nsplugin_rw_exec(mozilla_plugin_t)
	nsplugin_manage_home_dirs(mozilla_plugin_t)
	nsplugin_manage_home_files(mozilla_plugin_t)
	nsplugin_user_home_dir_filetrans(mozilla_plugin_t, dir)
	nsplugin_user_home_filetrans(mozilla_plugin_t, file)
	nsplugin_read_rw_files(mozilla_plugin_t);
	nsplugin_signal(mozilla_plugin_t)
')

optional_policy(`
	pulseaudio_exec(mozilla_plugin_t)
	pulseaudio_stream_connect(mozilla_plugin_t)
	pulseaudio_setattr_home_dir(mozilla_plugin_t)
	pulseaudio_manage_home_files(mozilla_plugin_t)
	pulseaudio_manage_home_symlinks(mozilla_plugin_t)
')

optional_policy(`
	pcscd_stream_connect(mozilla_plugin_t)
')

optional_policy(`
	rtkit_scheduled(mozilla_plugin_t)
')

optional_policy(`
	udev_read_db(mozilla_plugin_t)
')

optional_policy(`
	xserver_read_xdm_pid(mozilla_plugin_t)
	xserver_stream_connect(mozilla_plugin_t)
	xserver_use_user_fonts(mozilla_plugin_t)
	xserver_read_user_iceauth(mozilla_plugin_t)
	xserver_read_user_xauth(mozilla_plugin_t)
	xserver_append_xdm_home_files(mozilla_plugin_t);
')
Commit	Line	Data
23f9cd7b	1	policy_module(mozilla, 2.3.3)
9105f90b CP	2
	3	########################################
	4	#
	5	# Declarations
	6	#
	7
56e1b3d2 CP	8	## <desc>
56e1b3d2 CP	9	## <p>
b598c442	10	## Allow confined web browsers to read home directory content
56e1b3d2 CP	11	## </p>
56e1b3d2 CP	12	## </desc>
0bfccda4	13	gen_tunable(mozilla_read_content, false)
56e1b3d2	14
296273a7 CP	15	type mozilla_t;
	16	type mozilla_exec_t;
	17	typealias mozilla_t alias { user_mozilla_t staff_mozilla_t sysadm_mozilla_t };
	18	typealias mozilla_t alias { auditadm_mozilla_t secadm_mozilla_t };
	19	application_domain(mozilla_t, mozilla_exec_t)
	20	ubac_constrained(mozilla_t)
	21
9105f90b CP	22	type mozilla_conf_t;
	23	files_config_file(mozilla_conf_t)
	24
296273a7 CP	25	type mozilla_home_t;
	26	typealias mozilla_home_t alias { user_mozilla_home_t staff_mozilla_home_t sysadm_mozilla_home_t };
	27	typealias mozilla_home_t alias { auditadm_mozilla_home_t secadm_mozilla_home_t };
3eaa9939	28	files_poly_member(mozilla_home_t)
296273a7 CP	29	userdom_user_home_content(mozilla_home_t)
296273a7 CP	30
b598c442 CP	31	type mozilla_plugin_t;
	32	type mozilla_plugin_exec_t;
	33	application_domain(mozilla_plugin_t, mozilla_plugin_exec_t)
	34	role system_r types mozilla_plugin_t;
	35
	36	type mozilla_plugin_tmp_t;
05c05ff9	37	userdom_user_tmp_content(mozilla_plugin_tmp_t)
b598c442 CP	38	files_tmp_file(mozilla_plugin_tmp_t)
	39	ubac_constrained(mozilla_plugin_tmp_t)
	40
	41	type mozilla_plugin_tmpfs_t;
05c05ff9	42	userdom_user_tmpfs_content(mozilla_plugin_tmpfs_t)
b598c442 CP	43	files_tmpfs_file(mozilla_plugin_tmpfs_t)
	44	ubac_constrained(mozilla_plugin_tmpfs_t)
	45
f28f89ac	46	type mozilla_tmp_t;
f28f89ac SV	47	files_tmp_file(mozilla_tmp_t)
	48	ubac_constrained(mozilla_tmp_t)
	49
296273a7 CP	50	type mozilla_tmpfs_t;
	51	typealias mozilla_tmpfs_t alias { user_mozilla_tmpfs_t staff_mozilla_tmpfs_t sysadm_mozilla_tmpfs_t };
	52	typealias mozilla_tmpfs_t alias { auditadm_mozilla_tmpfs_t secadm_mozilla_tmpfs_t };
	53	files_tmpfs_file(mozilla_tmpfs_t)
	54	ubac_constrained(mozilla_tmpfs_t)
	55
	56	########################################
	57	#
	58	# Local policy
	59	#
	60
	61	allow mozilla_t self:capability { sys_nice setgid setuid };
	62	allow mozilla_t self:process { sigkill signal setsched getsched setrlimit };
	63	allow mozilla_t self:fifo_file rw_fifo_file_perms;
	64	allow mozilla_t self:shm { unix_read unix_write read write destroy create };
	65	allow mozilla_t self:sem create_sem_perms;
	66	allow mozilla_t self:socket create_socket_perms;
	67	allow mozilla_t self:unix_stream_socket { listen accept };
	68	# Browse the web, connect to printer
	69	allow mozilla_t self:tcp_socket create_socket_perms;
	70	allow mozilla_t self:netlink_route_socket r_netlink_socket_perms;
	71
	72	# for bash - old mozilla binary
	73	can_exec(mozilla_t, mozilla_exec_t)
	74
	75	# X access, Home files
	76	manage_dirs_pattern(mozilla_t, mozilla_home_t, mozilla_home_t)
	77	manage_files_pattern(mozilla_t, mozilla_home_t, mozilla_home_t)
	78	manage_lnk_files_pattern(mozilla_t, mozilla_home_t, mozilla_home_t)
	79	userdom_search_user_home_dirs(mozilla_t)
b77daab0	80	userdom_user_home_dir_filetrans(mozilla_t, mozilla_home_t, dir)
296273a7 CP	81
	82	# Mozpluggerrc
	83	allow mozilla_t mozilla_conf_t:file read_file_perms;
	84
72b54e5f CP	85	manage_files_pattern(mozilla_t, mozilla_tmp_t, mozilla_tmp_t)
	86	manage_dirs_pattern(mozilla_t, mozilla_tmp_t, mozilla_tmp_t)
	87	files_tmp_filetrans(mozilla_t, mozilla_tmp_t, { file dir })
	88
296273a7 CP	89	manage_files_pattern(mozilla_t, mozilla_tmpfs_t, mozilla_tmpfs_t)
	90	manage_lnk_files_pattern(mozilla_t, mozilla_tmpfs_t, mozilla_tmpfs_t)
	91	manage_fifo_files_pattern(mozilla_t, mozilla_tmpfs_t, mozilla_tmpfs_t)
	92	manage_sock_files_pattern(mozilla_t, mozilla_tmpfs_t, mozilla_tmpfs_t)
	93	fs_tmpfs_filetrans(mozilla_t, mozilla_tmpfs_t, { file lnk_file sock_file fifo_file })
	94
	95	kernel_read_kernel_sysctls(mozilla_t)
	96	kernel_read_network_state(mozilla_t)
	97	# Access /proc, sysctl
	98	kernel_read_system_state(mozilla_t)
	99	kernel_read_net_sysctls(mozilla_t)
	100
b77daab0	101	# Look for plugins
296273a7 CP	102	corecmd_list_bin(mozilla_t)
	103	# for bash - old mozilla binary
	104	corecmd_exec_shell(mozilla_t)
	105	corecmd_exec_bin(mozilla_t)
	106
	107	# Browse the web, connect to printer
	108	corenet_all_recvfrom_unlabeled(mozilla_t)
	109	corenet_all_recvfrom_netlabel(mozilla_t)
	110	corenet_tcp_sendrecv_generic_if(mozilla_t)
	111	corenet_raw_sendrecv_generic_if(mozilla_t)
c1262146 CP	112	corenet_tcp_sendrecv_generic_node(mozilla_t)
c1262146 CP	113	corenet_raw_sendrecv_generic_node(mozilla_t)
296273a7 CP	114	corenet_tcp_sendrecv_http_port(mozilla_t)
296273a7 CP	115	corenet_tcp_sendrecv_http_cache_port(mozilla_t)
3eaa9939 DW	116	corenet_tcp_sendrecv_squid_port(mozilla_t)
3eaa9939 DW	117	corenet_tcp_connect_flash_port(mozilla_t)
296273a7	118	corenet_tcp_sendrecv_ftp_port(mozilla_t)
e6b51a26	119	corenet_tcp_connect_all_ephemeral_ports(mozilla_t)
296273a7 CP	120	corenet_tcp_sendrecv_ipp_port(mozilla_t)
	121	corenet_tcp_connect_http_port(mozilla_t)
	122	corenet_tcp_connect_http_cache_port(mozilla_t)
3eaa9939	123	corenet_tcp_connect_squid_port(mozilla_t)
296273a7 CP	124	corenet_tcp_connect_ftp_port(mozilla_t)
	125	corenet_tcp_connect_ipp_port(mozilla_t)
	126	corenet_tcp_connect_generic_port(mozilla_t)
b77daab0	127	corenet_tcp_connect_soundd_port(mozilla_t)
296273a7 CP	128	corenet_sendrecv_http_client_packets(mozilla_t)
296273a7 CP	129	corenet_sendrecv_http_cache_client_packets(mozilla_t)
3eaa9939	130	corenet_sendrecv_squid_client_packets(mozilla_t)
296273a7 CP	131	corenet_sendrecv_ftp_client_packets(mozilla_t)
	132	corenet_sendrecv_ipp_client_packets(mozilla_t)
	133	corenet_sendrecv_generic_client_packets(mozilla_t)
	134	# Should not need other ports
	135	corenet_dontaudit_tcp_sendrecv_generic_port(mozilla_t)
	136	corenet_dontaudit_tcp_bind_generic_port(mozilla_t)
06625d30	137	corenet_tcp_connect_speech_port(mozilla_t)
296273a7 CP	138
	139	dev_read_urand(mozilla_t)
	140	dev_read_rand(mozilla_t)
	141	dev_write_sound(mozilla_t)
	142	dev_read_sound(mozilla_t)
	143	dev_dontaudit_rw_dri(mozilla_t)
	144	dev_getattr_sysfs_dirs(mozilla_t)
	145
b77daab0 CP	146	domain_dontaudit_read_all_domains_state(mozilla_t)
b77daab0 CP	147
296273a7 CP	148	files_read_etc_runtime_files(mozilla_t)
	149	files_read_usr_files(mozilla_t)
	150	files_read_etc_files(mozilla_t)
	151	# /var/lib
	152	files_read_var_lib_files(mozilla_t)
	153	# interacting with gstreamer
	154	files_read_var_files(mozilla_t)
	155	files_read_var_symlinks(mozilla_t)
	156	files_dontaudit_getattr_boot_dirs(mozilla_t)
	157
	158	fs_search_auto_mountpoints(mozilla_t)
	159	fs_list_inotifyfs(mozilla_t)
	160	fs_rw_tmpfs_files(mozilla_t)
	161
	162	term_dontaudit_getattr_pty_dirs(mozilla_t)
	163
b03af87d DW	164	auth_use_nsswitch(mozilla_t)
b03af87d DW	165
296273a7 CP	166	logging_send_syslog_msg(mozilla_t)
	167
	168	miscfiles_read_fonts(mozilla_t)
	169	miscfiles_read_localization(mozilla_t)
3c1e8ff6	170	miscfiles_dontaudit_setattr_fonts_dirs(mozilla_t)
296273a7 CP	171
	172	# Browse the web, connect to printer
	173	sysnet_dns_name_resolve(mozilla_t)
	174
af2d8802	175	userdom_use_inherited_user_ptys(mozilla_t)
296273a7 CP	176
	177	xserver_user_x_domain_template(mozilla, mozilla_t, mozilla_tmpfs_t)
	178	xserver_dontaudit_read_xdm_tmp_files(mozilla_t)
	179	xserver_dontaudit_getattr_xdm_tmp_sockets(mozilla_t)
	180
	181	tunable_policy(`allow_execmem',`
	182	allow mozilla_t self:process { execmem execstack };
	183	')
	184
	185	tunable_policy(`use_nfs_home_dirs',`
	186	fs_manage_nfs_dirs(mozilla_t)
	187	fs_manage_nfs_files(mozilla_t)
	188	fs_manage_nfs_symlinks(mozilla_t)
	189	')
	190
	191	tunable_policy(`use_samba_home_dirs',`
	192	fs_manage_cifs_dirs(mozilla_t)
	193	fs_manage_cifs_files(mozilla_t)
	194	fs_manage_cifs_symlinks(mozilla_t)
	195	')
	196
	197	# Uploads, local html
	198	tunable_policy(`mozilla_read_content && use_nfs_home_dirs',`
	199	fs_list_auto_mountpoints(mozilla_t)
	200	files_list_home(mozilla_t)
	201	fs_read_nfs_files(mozilla_t)
	202	fs_read_nfs_symlinks(mozilla_t)
	203
	204	',`
	205	files_dontaudit_list_home(mozilla_t)
	206	fs_dontaudit_list_auto_mountpoints(mozilla_t)
	207	fs_dontaudit_read_nfs_files(mozilla_t)
	208	fs_dontaudit_list_nfs(mozilla_t)
	209	')
	210
	211	tunable_policy(`mozilla_read_content && use_samba_home_dirs',`
	212	fs_list_auto_mountpoints(mozilla_t)
	213	files_list_home(mozilla_t)
	214	fs_read_cifs_files(mozilla_t)
	215	fs_read_cifs_symlinks(mozilla_t)
	216	',`
	217	files_dontaudit_list_home(mozilla_t)
	218	fs_dontaudit_list_auto_mountpoints(mozilla_t)
	219	fs_dontaudit_read_cifs_files(mozilla_t)
	220	fs_dontaudit_list_cifs(mozilla_t)
	221	')
	222
	223	tunable_policy(`mozilla_read_content',`
	224	userdom_list_user_tmp(mozilla_t)
	225	userdom_read_user_tmp_files(mozilla_t)
	226	userdom_read_user_tmp_symlinks(mozilla_t)
	227	userdom_read_user_home_content_files(mozilla_t)
	228	userdom_read_user_home_content_symlinks(mozilla_t)
	229
b598c442	230	ifndef(`enable_mls',`
296273a7 CP	231	fs_search_removable(mozilla_t)
	232	fs_read_removable_files(mozilla_t)
	233	fs_read_removable_symlinks(mozilla_t)
	234	')
	235	',`
	236	files_dontaudit_list_tmp(mozilla_t)
	237	files_dontaudit_list_home(mozilla_t)
	238	fs_dontaudit_list_removable(mozilla_t)
	239	fs_dontaudit_read_removable_files(mozilla_t)
	240	userdom_dontaudit_list_user_tmp(mozilla_t)
	241	userdom_dontaudit_read_user_tmp_files(mozilla_t)
	242	userdom_dontaudit_list_user_home_dirs(mozilla_t)
	243	userdom_dontaudit_read_user_home_content_files(mozilla_t)
	244	')
	245
296273a7 CP	246	optional_policy(`
	247	apache_read_user_scripts(mozilla_t)
	248	apache_read_user_content(mozilla_t)
	249	')
	250
	251	optional_policy(`
	252	automount_dontaudit_getattr_tmp_dirs(mozilla_t)
	253	')
	254
	255	optional_policy(`
	256	cups_read_rw_config(mozilla_t)
	257	cups_dbus_chat(mozilla_t)
	258	')
	259
	260	optional_policy(`
	261	dbus_system_bus_client(mozilla_t)
	262	dbus_session_bus_client(mozilla_t)
b77daab0 CP	263
	264	optional_policy(`
	265	networkmanager_dbus_chat(mozilla_t)
	266	')
296273a7 CP	267	')
	268
	269	optional_policy(`
	270	gnome_stream_connect_gconf(mozilla_t)
06625d30	271	gnome_manage_config(mozilla_t)
3eaa9939	272	gnome_manage_gconf_home_files(mozilla_t)
296273a7 CP	273	')
	274
	275	optional_policy(`
	276	java_domtrans(mozilla_t)
	277	')
	278
	279	optional_policy(`
	280	lpd_domtrans_lpr(mozilla_t)
	281	')
	282
	283	optional_policy(`
	284	mplayer_domtrans(mozilla_t)
	285	mplayer_read_user_home_files(mozilla_t)
	286	')
	287
3eaa9939 DW	288	optional_policy(`
	289	nsplugin_manage_rw(mozilla_t)
	290	nsplugin_manage_home_files(mozilla_t)
	291	')
	292
3c1e8ff6 CP	293	optional_policy(`
	294	pulseaudio_exec(mozilla_t)
	295	pulseaudio_stream_connect(mozilla_t)
	296	pulseaudio_manage_home_files(mozilla_t)
	297	')
	298
296273a7 CP	299	optional_policy(`
	300	thunderbird_domtrans(mozilla_t)
	301	')
3eaa9939 DW	302
	303	########################################
	304	#
	305	# mozilla_plugin local policy
	306	#
e12b7e14	307
995bdbb1	308	dontaudit mozilla_plugin_t self:capability sys_nice;
e12b7e14	309
f5b49a5e	310	allow mozilla_plugin_t self:process { setsched signal_perms execmem };
4e6b3f6d	311	allow mozilla_plugin_t self:netlink_route_socket r_netlink_socket_perms;
095debe0	312	allow mozilla_plugin_t self:tcp_socket create_stream_socket_perms;
4e6b3f6d	313	allow mozilla_plugin_t self:udp_socket create_socket_perms;
803cc59a	314	allow mozilla_plugin_t self:netlink_kobject_uevent_socket create_socket_perms;
3eaa9939 DW	315
	316	allow mozilla_plugin_t self:sem create_sem_perms;
	317	allow mozilla_plugin_t self:shm create_shm_perms;
	318	allow mozilla_plugin_t self:fifo_file manage_fifo_file_perms;
1021bec5	319	allow mozilla_plugin_t self:unix_dgram_socket sendto;
3eaa9939 DW	320	allow mozilla_plugin_t self:unix_stream_socket { connectto create_stream_socket_perms };
3eaa9939 DW	321
7cfb9354	322	can_exec(mozilla_plugin_t, mozilla_home_t)
4e6b3f6d	323	read_files_pattern(mozilla_plugin_t, mozilla_home_t, mozilla_home_t)
3eaa9939	324
ef98a374 DW	325	manage_dirs_pattern(mozilla_plugin_t, mozilla_plugin_tmp_t, mozilla_plugin_tmp_t)
ef98a374 DW	326	manage_files_pattern(mozilla_plugin_t, mozilla_plugin_tmp_t, mozilla_plugin_tmp_t)
095debe0	327	manage_fifo_files_pattern(mozilla_plugin_t, mozilla_plugin_tmp_t, mozilla_plugin_tmp_t)
1021bec5 DG	328	manage_sock_files_pattern(mozilla_plugin_t, mozilla_plugin_tmp_t, mozilla_plugin_tmp_t)
	329	files_tmp_filetrans(mozilla_plugin_t, mozilla_plugin_tmp_t, { dir file fifo_file sock_file })
	330	userdom_user_tmp_filetrans(mozilla_plugin_t, mozilla_plugin_tmp_t, { dir file fifo_file sock_file })
ddd1ccaa	331	can_exec(mozilla_plugin_t, mozilla_plugin_tmp_t)
ef98a374	332
f5b49a5e DW	333	manage_files_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t)
	334	manage_lnk_files_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t)
	335	manage_fifo_files_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t)
	336	manage_sock_files_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t)
	337	fs_tmpfs_filetrans(mozilla_plugin_t, mozilla_plugin_tmpfs_t, { file lnk_file sock_file fifo_file })
	338
0b8f4cfe DW	339	can_exec(mozilla_plugin_t, mozilla_exec_t)
0b8f4cfe DW	340
3eaa9939 DW	341	kernel_read_kernel_sysctls(mozilla_plugin_t)
3eaa9939 DW	342	kernel_read_system_state(mozilla_plugin_t)
59650fa8	343	kernel_read_network_state(mozilla_plugin_t)
3eaa9939 DW	344	kernel_request_load_module(mozilla_plugin_t)
	345
	346	corecmd_exec_bin(mozilla_plugin_t)
	347	corecmd_exec_shell(mozilla_plugin_t)
	348
2ad0c1a6	349	corenet_tcp_connect_generic_port(mozilla_plugin_t)
b45aaab9 DW	350	corenet_tcp_connect_flash_port(mozilla_plugin_t)
	351	corenet_tcp_connect_streaming_port(mozilla_plugin_t)
	352	corenet_tcp_connect_pulseaudio_port(mozilla_plugin_t)
	353	corenet_tcp_connect_http_port(mozilla_plugin_t)
	354	corenet_tcp_connect_http_cache_port(mozilla_plugin_t)
	355	corenet_tcp_connect_squid_port(mozilla_plugin_t)
	356	corenet_tcp_connect_ipp_port(mozilla_plugin_t)
61beb367	357	corenet_tcp_connect_mmcc_port(mozilla_plugin_t)
b45aaab9	358	corenet_tcp_connect_speech_port(mozilla_plugin_t)
1af3b1e8	359	corenet_tcp_connect_streaming_port(mozilla_plugin_t)
6cbe7690 MG	360	corenet_tcp_bind_generic_node(mozilla_plugin_t)
6cbe7690 MG	361	corenet_udp_bind_generic_node(mozilla_plugin_t)
b45aaab9	362
095debe0	363	dev_read_rand(mozilla_plugin_t)
3eaa9939	364	dev_read_urand(mozilla_plugin_t)
f5b49a5e	365	dev_read_video_dev(mozilla_plugin_t)
b45aaab9	366	dev_write_video_dev(mozilla_plugin_t)
f5b49a5e	367	dev_read_sysfs(mozilla_plugin_t)
0b8f4cfe DW	368	dev_read_sound(mozilla_plugin_t)
0b8f4cfe DW	369	dev_write_sound(mozilla_plugin_t)
61beb367 MG	370	# for nvidia driver
61beb367 MG	371	dev_rw_xserver_misc(mozilla_plugin_t)
4e6b3f6d	372	dev_dontaudit_rw_dri(mozilla_plugin_t)
3eaa9939 DW	373
	374	domain_use_interactive_fds(mozilla_plugin_t)
	375	domain_dontaudit_read_all_domains_state(mozilla_plugin_t)
	376
	377	files_read_config_files(mozilla_plugin_t)
	378	files_read_usr_files(mozilla_plugin_t)
095debe0	379	files_list_mnt(mozilla_plugin_t)
3eaa9939	380
e160b2c6	381	fs_getattr_all_fs(mozilla_plugin_t)
b598c442	382	fs_list_dos(mozilla_plugin_t)
095debe0	383	fs_read_dos_files(mozilla_plugin_t)
ef98a374	384
751ec039 DW	385	application_dontaudit_signull(mozilla_plugin_t)
751ec039 DW	386
9ba3eded MG	387	auth_use_nsswitch(mozilla_plugin_t)
9ba3eded MG	388
6cbe7690 MG	389	logging_send_syslog_msg(mozilla_plugin_t)
6cbe7690 MG	390
3eaa9939	391	miscfiles_read_localization(mozilla_plugin_t)
f5b49a5e	392	miscfiles_read_fonts(mozilla_plugin_t)
81ac3780	393	miscfiles_read_generic_certs(mozilla_plugin_t)
d889c6bb	394	miscfiles_dontaudit_setattr_fonts_dirs(mozilla_plugin_t)
b9af7893	395	miscfiles_dontaudit_setattr_fonts_cache_dirs(mozilla_plugin_t)
3eaa9939	396
79bff2bb DW	397	sysnet_dns_name_resolve(mozilla_plugin_t)
79bff2bb DW	398
3eaa9939 DW	399	term_getattr_all_ttys(mozilla_plugin_t)
	400	term_getattr_all_ptys(mozilla_plugin_t)
	401
ef98a374	402	userdom_rw_user_tmpfs_files(mozilla_plugin_t)
5212892e	403	userdom_delete_user_tmpfs_files(mozilla_plugin_t)
57ce3836	404	userdom_dontaudit_use_user_terminals(mozilla_plugin_t)
ddd1ccaa	405	userdom_manage_user_tmp_sockets(mozilla_plugin_t)
d1c6ba20	406	userdom_manage_user_tmp_dirs(mozilla_plugin_t)
4e6b3f6d DW	407	userdom_read_user_tmp_files(mozilla_plugin_t)
4e6b3f6d DW	408	userdom_read_user_tmp_symlinks(mozilla_plugin_t)
e3b5785f MG	409	userdom_stream_connect(mozilla_plugin_t)
	410	userdom_dontaudit_rw_user_tmp_pipes(mozilla_plugin_t)
	411
5212892e	412	userdom_read_user_home_content_files(mozilla_plugin_t)
4e6b3f6d	413	userdom_read_user_home_content_symlinks(mozilla_plugin_t)
da61030d	414	userdom_read_home_certs(mozilla_plugin_t)
f06e4c22	415	userdom_dontaudit_write_home_certs(mozilla_plugin_t)
f5b49a5e	416
d79b5476 DW	417	tunable_policy(`allow_execmem',`
	418	allow mozilla_plugin_t self:process { execmem execstack };
	419	')
	420
	421	tunable_policy(`allow_execstack',`
	422	allow mozilla_plugin_t self:process { execstack };
	423	')
	424
b598c442 CP	425	tunable_policy(`use_nfs_home_dirs',`
	426	fs_manage_nfs_dirs(mozilla_plugin_t)
	427	fs_manage_nfs_files(mozilla_plugin_t)
	428	fs_manage_nfs_symlinks(mozilla_plugin_t)
	429	')
	430
	431	tunable_policy(`use_samba_home_dirs',`
	432	fs_manage_cifs_dirs(mozilla_plugin_t)
	433	fs_manage_cifs_files(mozilla_plugin_t)
	434	fs_manage_cifs_symlinks(mozilla_plugin_t)
0b8f4cfe DW	435	')
0b8f4cfe DW	436
f5b49a5e	437	optional_policy(`
b598c442 CP	438	alsa_read_rw_config(mozilla_plugin_t)
b598c442 CP	439	alsa_read_home_files(mozilla_plugin_t)
1021bec5 DG	440	')
	441
	442	optional_policy(`
6cbe7690	443	dbus_system_bus_client(mozilla_plugin_t)
4e6b3f6d	444	dbus_session_bus_client(mozilla_plugin_t)
f5b49a5e DW	445	dbus_read_lib_files(mozilla_plugin_t)
f5b49a5e DW	446	')
6cbe7690 MG	447
6cbe7690 MG	448	optional_policy(`
e3b5785f	449	git_dontaudit_read_session_content_files(mozilla_plugin_t)
6cbe7690	450	')
f5b49a5e	451
e3b5785f	452
f5b49a5e	453	optional_policy(`
79bff2bb	454	gnome_manage_config(mozilla_plugin_t)
e9b18e23	455	gnome_read_usr_config(mozilla_plugin_t)
f5b49a5e	456	')
ef98a374	457
095debe0 DW	458	optional_policy(`
	459	java_exec(mozilla_plugin_t)
	460	')
	461
67f46f2d DW	462	optional_policy(`
	463	mplayer_exec(mozilla_plugin_t)
	464	mplayer_read_user_home_files(mozilla_plugin_t)
	465	')
	466
3eaa9939 DW	467	optional_policy(`
	468	nsplugin_domtrans(mozilla_plugin_t)
	469	nsplugin_rw_exec(mozilla_plugin_t)
da073333	470	nsplugin_manage_home_dirs(mozilla_plugin_t)
f5b49a5e	471	nsplugin_manage_home_files(mozilla_plugin_t)
79bff2bb	472	nsplugin_user_home_dir_filetrans(mozilla_plugin_t, dir)
3962a28b	473	nsplugin_user_home_filetrans(mozilla_plugin_t, file)
9c306697	474	nsplugin_read_rw_files(mozilla_plugin_t);
6ed3f15e	475	nsplugin_signal(mozilla_plugin_t)
f5b49a5e DW	476	')
	477
	478	optional_policy(`
b45aaab9 DW	479	pulseaudio_exec(mozilla_plugin_t)
b45aaab9 DW	480	pulseaudio_stream_connect(mozilla_plugin_t)
79bff2bb	481	pulseaudio_setattr_home_dir(mozilla_plugin_t)
b45aaab9	482	pulseaudio_manage_home_files(mozilla_plugin_t)
1021bec5	483	pulseaudio_manage_home_symlinks(mozilla_plugin_t)
3eaa9939 DW	484	')
3eaa9939 DW	485
c7abc020 MG	486	optional_policy(`
	487	pcscd_stream_connect(mozilla_plugin_t)
	488	')
	489
1021bec5 DG	490	optional_policy(`
	491	rtkit_scheduled(mozilla_plugin_t)
	492	')
	493
	494	optional_policy(`
	495	udev_read_db(mozilla_plugin_t)
	496	')
	497
3eaa9939 DW	498	optional_policy(`
	499	xserver_read_xdm_pid(mozilla_plugin_t)
	500	xserver_stream_connect(mozilla_plugin_t)
0b8f4cfe	501	xserver_use_user_fonts(mozilla_plugin_t)
ddd1ccaa	502	xserver_read_user_iceauth(mozilla_plugin_t)
97ec2391	503	xserver_read_user_xauth(mozilla_plugin_t)
9c306697	504	xserver_append_xdm_home_files(mozilla_plugin_t);
3eaa9939	505	')
36da87c2	506