Allow confined users to use mozilla_plugin_rw_t

author Dan Walsh <dwalsh@redhat.com>

Fri, 2 Dec 2011 19:02:18 +0000 (14:02 -0500)

committer Dan Walsh <dwalsh@redhat.com>

Fri, 2 Dec 2011 19:02:18 +0000 (14:02 -0500)
author Dan Walsh <dwalsh@redhat.com>
Fri, 2 Dec 2011 19:02:18 +0000 (14:02 -0500)
committer Dan Walsh <dwalsh@redhat.com>
Fri, 2 Dec 2011 19:02:18 +0000 (14:02 -0500)
diff --git a/policy/modules/apps/mozilla.if b/policy/modules/apps/mozilla.if

index aa15d05df0e1eb1798bf0039e30b0d40917a09a2..e18798252b9ffd0e4bada16d9c5dee2aebf06cf9 100644 (file)
--- a/policy/modules/apps/mozilla.if
+++ b/policy/modules/apps/mozilla.if
@@ -209,6 +209,7 @@ interface(`mozilla_domtrans_plugin',`
         gen_require(`
                 type mozilla_plugin_t, mozilla_plugin_exec_t;
                 type mozilla_plugin_config_t, mozilla_plugin_config_exec_t;
+               type mozilla_plugin_rw_t;
                 class dbus send_msg;
         ')
  
@@ -224,6 +225,11 @@ interface(`mozilla_domtrans_plugin',`
  
         ps_process_pattern($1, mozilla_plugin_t)
         allow $1 mozilla_plugin_t:process signal_perms;
+
+       list_dirs_pattern($1, mozilla_plugin_rw_t, mozilla_plugin_rw_t)
+       read_files_pattern($1, mozilla_plugin_rw_t, mozilla_plugin_rw_t)
+       read_lnk_files_pattern($1, mozilla_plugin_rw_t, mozilla_plugin_rw_t)
+       can_exec($1, mozilla_plugin_rw_t)
  ')
  
  ########################################
author	Dan Walsh <dwalsh@redhat.com>
	Fri, 2 Dec 2011 19:02:18 +0000 (14:02 -0500)
committer	Dan Walsh <dwalsh@redhat.com>
	Fri, 2 Dec 2011 19:02:18 +0000 (14:02 -0500)