[selinux-policy] - Update policy for mozilla_plugin_t

Daniel J Walsh dwalsh at fedoraproject.org
Mon Aug 23 22:01:50 UTC 2010 

commit 63265668f0eb36a4723159414d4d033a99e6f428
Author: Dan Walsh <dwalsh at redhat.com>
Date:   Mon Aug 23 18:01:46 2010 -0400

    - Update policy for mozilla_plugin_t

 policy-F14.patch    |   37 +++++++++++++++++++++++++++++++------
 selinux-policy.spec |    5 ++++-
 2 files changed, 35 insertions(+), 7 deletions(-)
---
diff --git a/policy-F14.patch b/policy-F14.patch
index a8e99be..c1a4af3 100644
--- a/policy-F14.patch
+++ b/policy-F14.patch
@@ -4846,7 +4846,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
  ## </summary>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.te serefpolicy-3.8.8/policy/modules/apps/mozilla.te
 --- nsaserefpolicy/policy/modules/apps/mozilla.te	2010-07-27 16:06:04.000000000 -0400
-+++ serefpolicy-3.8.8/policy/modules/apps/mozilla.te	2010-08-23 17:17:34.000000000 -0400
++++ serefpolicy-3.8.8/policy/modules/apps/mozilla.te	2010-08-23 17:58:35.000000000 -0400
 @@ -25,6 +25,7 @@
  type mozilla_home_t;
  typealias mozilla_home_t alias { user_mozilla_home_t staff_mozilla_home_t sysadm_mozilla_home_t };
@@ -4910,7 +4910,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
  	pulseaudio_exec(mozilla_t)
  	pulseaudio_stream_connect(mozilla_t)
  	pulseaudio_manage_home_files(mozilla_t)
-@@ -266,3 +284,17 @@
+@@ -266,3 +284,42 @@
  optional_policy(`
  	thunderbird_domtrans(mozilla_t)
  ')
@@ -4919,15 +4919,40 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
 +#
 +# mozilla_plugin local policy
 +#
++allow mozilla_plugin_t self:process setsched;
 +
++allow mozilla_plugin_t self:sem create_sem_perms;
++allow mozilla_plugin_t self:shm create_shm_perms;
 +allow mozilla_plugin_t self:fifo_file manage_fifo_file_perms;
 +allow mozilla_plugin_t self:unix_stream_socket create_stream_socket_perms;
 +
++read_files_pattern(mozilla_plugin_t, mozilla_home_t, mozilla_home_t)
++
++kernel_request_load_module(podsleuth_plugin_t)
++
++corecmd_exec_bin(mozilla_plugin_t)
++corecmd_exec_shell(mozilla_plugin_t)
++
++dev_read_urand(mozilla_plugin_t)
++
 +domain_use_interactive_fds(mozilla_plugin_t)
++domain_dontaudit_read_all_domains_state(mozilla_plugin_t)
 +
-+files_read_etc_files(mozilla_plugin_t)
++files_read_config_files(mozilla_plugin_t)
++files_read_usr_files(mozilla_plugin_t)
 +
 +miscfiles_read_localization(mozilla_plugin_t)
++allow mozilla_plugin_t self:process setsched;
++
++allow mozilla_plugin_t self:unix_stream_socket connectto;
++
++optional_policy(`
++	nsplugin_domtrans(mozilla_plugin_t)
++')
++
++optional_policy(`
++	xserver_read_xdm_pid(mozilla_plugin_t)
++')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mplayer.if serefpolicy-3.8.8/policy/modules/apps/mplayer.if
 --- nsaserefpolicy/policy/modules/apps/mplayer.if	2010-07-27 16:06:04.000000000 -0400
 +++ serefpolicy-3.8.8/policy/modules/apps/mplayer.if	2010-07-30 14:06:53.000000000 -0400
@@ -5026,7 +5051,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin
 +/usr/lib(64)?/mozilla/plugins-wrapped(/.*)?			gen_context(system_u:object_r:nsplugin_rw_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.if serefpolicy-3.8.8/policy/modules/apps/nsplugin.if
 --- nsaserefpolicy/policy/modules/apps/nsplugin.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.8/policy/modules/apps/nsplugin.if	2010-08-10 07:28:28.000000000 -0400
++++ serefpolicy-3.8.8/policy/modules/apps/nsplugin.if	2010-08-23 17:57:01.000000000 -0400
 @@ -0,0 +1,391 @@
 +
 +## <summary>policy for nsplugin</summary>
@@ -5892,7 +5917,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffi
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/podsleuth.te serefpolicy-3.8.8/policy/modules/apps/podsleuth.te
 --- nsaserefpolicy/policy/modules/apps/podsleuth.te	2010-07-27 16:06:04.000000000 -0400
-+++ serefpolicy-3.8.8/policy/modules/apps/podsleuth.te	2010-08-11 08:27:39.000000000 -0400
++++ serefpolicy-3.8.8/policy/modules/apps/podsleuth.te	2010-08-23 17:51:56.000000000 -0400
 @@ -27,7 +27,7 @@
  # podsleuth local policy
  #
@@ -27737,7 +27762,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.8.8/policy/modules/services/xserver.if
 --- nsaserefpolicy/policy/modules/services/xserver.if	2010-07-27 16:06:06.000000000 -0400
-+++ serefpolicy-3.8.8/policy/modules/services/xserver.if	2010-07-30 14:06:53.000000000 -0400
++++ serefpolicy-3.8.8/policy/modules/services/xserver.if	2010-08-23 17:59:07.000000000 -0400
 @@ -19,9 +19,10 @@
  interface(`xserver_restricted_role',`
  	gen_require(`
diff --git a/selinux-policy.spec b/selinux-policy.spec
index b22ba70..266ac1d 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.8.8
-Release: 18%{?dist}
+Release: 19%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -469,6 +469,9 @@ exit 0
 %endif
 
 %changelog
+* Mon Aug 23 2010 Dan Walsh <dwalsh at redhat.com> 3.8.8-19
+- Update policy for mozilla_plugin_t
+
 * Mon Aug 23 2010 Dan Walsh <dwalsh at redhat.com> 3.8.8-18
 - Allow clamscan to read proc_t
 - Allow mount_t to write to debufs_t dir

More information about the scm-commits mailing list