Make sure mozilla content is labeled correctly

diff --git a/policy/modules/apps/gnome.if b/policy/modules/apps/gnome.if
index 9b1de026a010e8722ed37f70210aff7222b34655..c57fc1e387bec8c178a358db79fe61662e6289cc 100644 (file)
--- a/policy/modules/apps/gnome.if
+++ b/policy/modules/apps/gnome.if
@@ -1203,7 +1203,6 @@ interface(`gnome_transition_gkeyringd',`
        allow gkeyringd_domain $1:fifo_file rw_inherited_fifo_file_perms;
 ')
 
-
 ########################################
 ## <summary>
 ##     Create gnome content in the user home directory

diff --git a/policy/modules/apps/mozilla.if b/policy/modules/apps/mozilla.if
index e18798252b9ffd0e4bada16d9c5dee2aebf06cf9..d797201d0f7ce3cbd35c16a64ea9afa386054b59 100644 (file)
--- a/policy/modules/apps/mozilla.if
+++ b/policy/modules/apps/mozilla.if
@@ -62,6 +62,8 @@ interface(`mozilla_role',`
                pulseaudio_filetrans_admin_home_content(mozilla_t)
                pulseaudio_filetrans_home_content(mozilla_t)
        ')
+
+       mozilla_filetrans_home_content($2)
 ')
 
 ########################################
@@ -230,6 +232,8 @@ interface(`mozilla_domtrans_plugin',`
        read_files_pattern($1, mozilla_plugin_rw_t, mozilla_plugin_rw_t)
        read_lnk_files_pattern($1, mozilla_plugin_rw_t, mozilla_plugin_rw_t)
        can_exec($1, mozilla_plugin_rw_t)
+
+       mozilla_filetrans_home_content($1)
 ')
 
 ########################################
@@ -390,3 +394,34 @@ interface(`mozilla_plugin_manage_rw_files',`
        allow $1 mozilla_plugin_rw_t:file manage_file_perms;
        allow $1 mozilla_plugin_rw_t:dir rw_dir_perms;
 ')
+
+########################################
+## <summary>
+##     Create mozilla content in the user home directory
+##     with an correct label.
+## </summary>
+## <param name="domain">
+##     <summary>
+##     Domain allowed access.
+##     </summary>
+## </param>
+#
+interface(`mozilla_filetrans_home_content',`
+
+       gen_require(`
+               type mozilla_home_t;
+       ')
+
+       userdom_user_home_dir_filetrans($1, mozilla_home_t, dir, ".galeon")
+       userdom_user_home_dir_filetrans($1, mozilla_home_t, dir, ".java")
+       userdom_user_home_dir_filetrans($1, mozilla_home_t, dir, ".mozilla")
+       userdom_user_home_dir_filetrans($1, mozilla_home_t, dir, ".thunderbird")
+       userdom_user_home_dir_filetrans($1, mozilla_home_t, dir, ".netscape")
+       userdom_user_home_dir_filetrans($1, mozilla_home_t, dir, ".phoenix")
+       userdom_user_home_dir_filetrans($1, mozilla_home_t, dir, ".adobe")
+       userdom_user_home_dir_filetrans($1, mozilla_home_t, dir, ".macromedia")
+       userdom_user_home_dir_filetrans($1, mozilla_home_t, dir, ".gnash")
+       userdom_user_home_dir_filetrans($1, mozilla_home_t, dir, ".gcjwebplugin")
+       userdom_user_home_dir_filetrans($1, mozilla_home_t, dir, ".icedteaplugin")
+')
+

diff --git a/policy/modules/kernel/domain.te b/policy/modules/kernel/domain.te
index facd6a8f5c9cadd052c58085dbadf6719e266d48..b3fbad5293fac2197c67103cb123da4ce69c6217 100644 (file)
--- a/policy/modules/kernel/domain.te
+++ b/policy/modules/kernel/domain.te
@@ -258,6 +258,10 @@ optional_policy(`
        modules_filetrans_named_content(unconfined_domain_type)
 ')
 
+optional_policy(`
+       mozilla_filetrans_home_content(unconfined_domain_type)
+')
+
 optional_policy(`
        networkmanager_filetrans_named_content(unconfined_domain_type)
 ')