Allow mozilla_plugin_t to manage mozilla_home_t, needed by Flash

author Miroslav Grepl <mgrepl@redhat.com>

Mon, 5 Dec 2011 12:06:06 +0000 (13:06 +0100)

committer Miroslav Grepl <mgrepl@redhat.com>

Mon, 5 Dec 2011 12:06:06 +0000 (13:06 +0100)
author Miroslav Grepl <mgrepl@redhat.com>
Mon, 5 Dec 2011 12:06:06 +0000 (13:06 +0100)
committer Miroslav Grepl <mgrepl@redhat.com>
Mon, 5 Dec 2011 12:06:06 +0000 (13:06 +0100)
diff --git a/policy/modules/apps/mozilla.te b/policy/modules/apps/mozilla.te

index a5a3dd98a8f0e6d8db11238d38b3d1bd442fa5d9..fc7a18ed27fded949cfdd1d584689f4c56586fa8 100644 (file)
--- a/policy/modules/apps/mozilla.te
+++ b/policy/modules/apps/mozilla.te
@@ -316,7 +316,9 @@ allow mozilla_plugin_t self:unix_dgram_socket sendto;
  allow mozilla_plugin_t self:unix_stream_socket { connectto create_stream_socket_perms };
  
  can_exec(mozilla_plugin_t, mozilla_home_t)
-read_files_pattern(mozilla_plugin_t, mozilla_home_t, mozilla_home_t)
+manage_dirs_pattern(mozilla_plugin_config_t, mozilla_home_t, mozilla_home_t)
+manage_files_pattern(mozilla_plugin_config_t, mozilla_home_t, mozilla_home_t)
+manage_lnk_files_pattern(mozilla_plugin_config_t, mozilla_home_t, mozilla_home_t)
  
  manage_dirs_pattern(mozilla_plugin_t, mozilla_plugin_tmp_t, mozilla_plugin_tmp_t)
  manage_files_pattern(mozilla_plugin_t, mozilla_plugin_tmp_t, mozilla_plugin_tmp_t)
@@ -497,8 +499,6 @@ allow mozilla_plugin_config_t self:process { setsched signal_perms getsched exec
  allow mozilla_plugin_config_t self:fifo_file rw_file_perms;
  allow mozilla_plugin_config_t self:unix_stream_socket create_stream_socket_perms;
  
-manage_files_pattern(mozilla_plugin_config_t, mozilla_home_t, mozilla_home_t)
-
  dev_search_sysfs(mozilla_plugin_config_t)
  dev_read_urand(mozilla_plugin_config_t)
  dev_dontaudit_read_rand(mozilla_plugin_config_t)
author	Miroslav Grepl <mgrepl@redhat.com>
	Mon, 5 Dec 2011 12:06:06 +0000 (13:06 +0100)
committer	Miroslav Grepl <mgrepl@redhat.com>
	Mon, 5 Dec 2011 12:06:06 +0000 (13:06 +0100)