commit: 5daa9a0ca0dd357ea6b06fa3cadd6a4bd5f772c4
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Thu Apr 12 11:38:04 2018 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sun Apr 22 11:53:59 2018 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=5daa9a0c
mozilla: allow map usr, home, tmp files
policy/modules/contrib/mozilla.te | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/policy/modules/contrib/mozilla.te
b/policy/modules/contrib/mozilla.te
index d7a7be05..b17ab878 100644
--- a/policy/modules/contrib/mozilla.te
+++ b/policy/modules/contrib/mozilla.te
@@ -113,6 +113,7 @@ manage_lnk_files_pattern(mozilla_t, mozilla_tmpfs_t,
mozilla_tmpfs_t)
manage_fifo_files_pattern(mozilla_t, mozilla_tmpfs_t, mozilla_tmpfs_t)
manage_sock_files_pattern(mozilla_t, mozilla_tmpfs_t, mozilla_tmpfs_t)
fs_tmpfs_filetrans(mozilla_t, mozilla_tmpfs_t, { file lnk_file sock_file
fifo_file })
+allow mozilla_t mozilla_plugin_tmpfs_t:file map;
allow mozilla_t mozilla_plugin_rw_t:dir list_dir_perms;
allow mozilla_t mozilla_plugin_rw_t:file read_file_perms;
@@ -324,6 +325,7 @@ allow mozilla_plugin_t mozilla_t:sem create_sem_perms;
manage_dirs_pattern(mozilla_plugin_t, { mozilla_home_t mozilla_plugin_home_t
}, { mozilla_home_t mozilla_plugin_home_t })
manage_files_pattern(mozilla_plugin_t, { mozilla_home_t mozilla_plugin_home_t
}, mozilla_plugin_home_t)
manage_lnk_files_pattern(mozilla_plugin_t, { mozilla_home_t
mozilla_plugin_home_t }, mozilla_plugin_home_t)
+allow mozilla_plugin_t mozilla_home_t:file map;
userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_home_t, dir,
".galeon")
userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_home_t, dir,
".mozilla")
@@ -338,6 +340,8 @@ manage_fifo_files_pattern(mozilla_plugin_t,
mozilla_plugin_tmp_t, mozilla_plugin
files_tmp_filetrans(mozilla_plugin_t, mozilla_plugin_tmp_t, { dir file
fifo_file })
userdom_user_tmp_filetrans(mozilla_plugin_t, mozilla_plugin_tmp_t, { dir file
fifo_file })
+allow mozilla_plugin_t mozilla_tmp_t:file rw_file_perms;
+
manage_files_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t,
mozilla_plugin_tmpfs_t)
manage_lnk_files_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t,
mozilla_plugin_tmpfs_t)
manage_fifo_files_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t,
mozilla_plugin_tmpfs_t)
@@ -444,6 +448,7 @@ domain_dontaudit_read_all_domains_state(mozilla_plugin_t)
files_list_mnt(mozilla_plugin_t)
files_read_config_files(mozilla_plugin_t)
files_read_usr_files(mozilla_plugin_t)
+files_map_usr_files(mozilla_plugin_t)
fs_getattr_all_fs(mozilla_plugin_t)
# fs_read_hugetlbfs_files(mozilla_plugin_t)
