From 74cf2139e04b2a9c5fdd064eea57ee856460f184 Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Mon, 12 Dec 2011 13:31:04 -0500 Subject: [PATCH] Make sure mozilla content is labeled correctly --- policy/modules/apps/gnome.if | 1 - policy/modules/apps/mozilla.if | 35 +++++++++++++++++++++++++++++++++ policy/modules/kernel/domain.te | 4 ++++ 3 files changed, 39 insertions(+), 1 deletion(-) diff --git a/policy/modules/apps/gnome.if b/policy/modules/apps/gnome.if index 9b1de026..c57fc1e3 100644 --- a/policy/modules/apps/gnome.if +++ b/policy/modules/apps/gnome.if @@ -1203,7 +1203,6 @@ interface(`gnome_transition_gkeyringd',` allow gkeyringd_domain $1:fifo_file rw_inherited_fifo_file_perms; ') - ######################################## ## ## Create gnome content in the user home directory diff --git a/policy/modules/apps/mozilla.if b/policy/modules/apps/mozilla.if index e1879825..d797201d 100644 --- a/policy/modules/apps/mozilla.if +++ b/policy/modules/apps/mozilla.if @@ -62,6 +62,8 @@ interface(`mozilla_role',` pulseaudio_filetrans_admin_home_content(mozilla_t) pulseaudio_filetrans_home_content(mozilla_t) ') + + mozilla_filetrans_home_content($2) ') ######################################## @@ -230,6 +232,8 @@ interface(`mozilla_domtrans_plugin',` read_files_pattern($1, mozilla_plugin_rw_t, mozilla_plugin_rw_t) read_lnk_files_pattern($1, mozilla_plugin_rw_t, mozilla_plugin_rw_t) can_exec($1, mozilla_plugin_rw_t) + + mozilla_filetrans_home_content($1) ') ######################################## @@ -390,3 +394,34 @@ interface(`mozilla_plugin_manage_rw_files',` allow $1 mozilla_plugin_rw_t:file manage_file_perms; allow $1 mozilla_plugin_rw_t:dir rw_dir_perms; ') + +######################################## +## +## Create mozilla content in the user home directory +## with an correct label. +## +## +## +## Domain allowed access. +## +## +# +interface(`mozilla_filetrans_home_content',` + + gen_require(` + type mozilla_home_t; + ') + + userdom_user_home_dir_filetrans($1, mozilla_home_t, dir, ".galeon") + userdom_user_home_dir_filetrans($1, mozilla_home_t, dir, ".java") + userdom_user_home_dir_filetrans($1, mozilla_home_t, dir, ".mozilla") + userdom_user_home_dir_filetrans($1, mozilla_home_t, dir, ".thunderbird") + userdom_user_home_dir_filetrans($1, mozilla_home_t, dir, ".netscape") + userdom_user_home_dir_filetrans($1, mozilla_home_t, dir, ".phoenix") + userdom_user_home_dir_filetrans($1, mozilla_home_t, dir, ".adobe") + userdom_user_home_dir_filetrans($1, mozilla_home_t, dir, ".macromedia") + userdom_user_home_dir_filetrans($1, mozilla_home_t, dir, ".gnash") + userdom_user_home_dir_filetrans($1, mozilla_home_t, dir, ".gcjwebplugin") + userdom_user_home_dir_filetrans($1, mozilla_home_t, dir, ".icedteaplugin") +') + diff --git a/policy/modules/kernel/domain.te b/policy/modules/kernel/domain.te index facd6a8f..b3fbad52 100644 --- a/policy/modules/kernel/domain.te +++ b/policy/modules/kernel/domain.te @@ -258,6 +258,10 @@ optional_policy(` modules_filetrans_named_content(unconfined_domain_type) ') +optional_policy(` + mozilla_filetrans_home_content(unconfined_domain_type) +') + optional_policy(` networkmanager_filetrans_named_content(unconfined_domain_type) ') -- 2.47.3