[selinux-policy: 2169/3172] mozilla patch from dan.

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 22:12:43 UTC 2010 

commit 06625d302c8020efc72c93889957804c8af9ad58
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Mon Jul 27 09:11:12 2009 -0400

    mozilla patch from dan.

 policy/modules/apps/mozilla.fc          |    7 ++-----
 policy/modules/apps/mozilla.if          |    3 +--
 policy/modules/apps/mozilla.te          |    4 +++-
 policy/modules/kernel/corenetwork.te.in |    3 ++-
 4 files changed, 8 insertions(+), 9 deletions(-)
---
diff --git a/policy/modules/apps/mozilla.fc b/policy/modules/apps/mozilla.fc
index b6f0924..4df06a0 100644
--- a/policy/modules/apps/mozilla.fc
+++ b/policy/modules/apps/mozilla.fc
@@ -15,11 +15,6 @@ HOME_DIR/\.phoenix(/.*)?		gen_context(system_u:object_r:mozilla_home_t,s0)
 /usr/bin/mozilla-bin-[0-9].*	--	gen_context(system_u:object_r:mozilla_exec_t,s0)
 
 #
-# /etc
-#
-/etc/mozpluggerrc 		--	gen_context(system_u:object_r:mozilla_conf_t,s0)
-
-#
 # /lib
 #
 /usr/lib(64)?/galeon/galeon 	--	gen_context(system_u:object_r:mozilla_exec_t,s0)
@@ -29,3 +24,5 @@ HOME_DIR/\.phoenix(/.*)?		gen_context(system_u:object_r:mozilla_home_t,s0)
 /usr/lib(64)?/mozilla[^/]*/mozilla-.* -- gen_context(system_u:object_r:mozilla_exec_t,s0)
 /usr/lib(64)?/firefox[^/]*/mozilla-.* -- gen_context(system_u:object_r:mozilla_exec_t,s0)
 /usr/lib(64)?/[^/]*firefox[^/]*/firefox-bin -- gen_context(system_u:object_r:mozilla_exec_t,s0)
+/usr/lib/[^/]*firefox[^/]*/firefox --	gen_context(system_u:object_r:mozilla_exec_t,s0)
+/usr/lib64/[^/]*firefox[^/]*/firefox -- gen_context(system_u:object_r:mozilla_exec_t,s0)
diff --git a/policy/modules/apps/mozilla.if b/policy/modules/apps/mozilla.if
index 3811a40..53c0e82 100644
--- a/policy/modules/apps/mozilla.if
+++ b/policy/modules/apps/mozilla.if
@@ -82,8 +82,7 @@ interface(`mozilla_write_user_home_files',`
 		type mozilla_home_t;
 	')
 
-	allow $1 mozilla_home_t:dir list_dir_perms;
-	allow $1 mozilla_home_t:file write;
+	write_files_pattern($1, mozilla_home_t, mozilla_home_t)
 	userdom_search_user_home_dirs($1)
 ')
 
diff --git a/policy/modules/apps/mozilla.te b/policy/modules/apps/mozilla.te
index db466cb..21a5bd2 100644
--- a/policy/modules/apps/mozilla.te
+++ b/policy/modules/apps/mozilla.te
@@ -1,5 +1,5 @@
 
-policy_module(mozilla, 2.0.2)
+policy_module(mozilla, 2.0.3)
 
 ########################################
 #
@@ -105,6 +105,7 @@ corenet_sendrecv_generic_client_packets(mozilla_t)
 # Should not need other ports
 corenet_dontaudit_tcp_sendrecv_generic_port(mozilla_t)
 corenet_dontaudit_tcp_bind_generic_port(mozilla_t)
+corenet_tcp_connect_speech_port(mozilla_t)
 
 dev_read_urand(mozilla_t)
 dev_read_rand(mozilla_t)
@@ -234,6 +235,7 @@ optional_policy(`
 
 optional_policy(`
 	gnome_stream_connect_gconf(mozilla_t)
+	gnome_manage_config(mozilla_t)
 ')
 
 optional_policy(`
diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in
index 7b70b70..67620d0 100644
--- a/policy/modules/kernel/corenetwork.te.in
+++ b/policy/modules/kernel/corenetwork.te.in
@@ -1,5 +1,5 @@
 
-policy_module(corenetwork, 1.11.12)
+policy_module(corenetwork, 1.11.13)
 
 ########################################
 #
@@ -175,6 +175,7 @@ network_port(snmp, udp,161,s0, udp,162,s0, tcp,199,s0)
 type socks_port_t, port_type; dnl network_port(socks) # no defined portcon
 network_port(soundd, tcp,8000,s0, tcp,9433,s0, tcp, 16001, s0)
 network_port(spamd, tcp,783,s0)
+network_port(speech, tcp,8036,s0)
 network_port(squid, udp,3401,s0, tcp,3401,s0, udp,4827,s0, tcp,4827,s0) # snmp and htcp
 network_port(ssh, tcp,22,s0)
 type stunnel_port_t, port_type; dnl network_port(stunnel) # no defined portcon in current strict

More information about the scm-commits mailing list