|
|
1ec3d1a |
## <summary>Policy for Mozilla and related web browsers</summary>
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
########################################
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Role access for mozilla
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## <param name="role">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Role allowed access
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
## <param name="domain">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## User domain for the role
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
interface(`mozilla_role',`
|
|
|
1ec3d1a |
gen_require(`
|
|
|
1ec3d1a |
type mozilla_t, mozilla_exec_t, mozilla_home_t;
|
|
|
80aa858 |
attribute_role mozilla_roles;
|
|
Chris PeBenito |
9401ae1 |
')
|
|
Chris PeBenito |
9401ae1 |
|
|
|
80aa858 |
roleattribute $1 mozilla_roles;
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
domain_auto_trans($2, mozilla_exec_t, mozilla_t)
|
|
|
1ec3d1a |
# Unrestricted inheritance from the caller.
|
|
|
1ec3d1a |
allow $2 mozilla_t:process { noatsecure siginh rlimitinh };
|
|
|
1ec3d1a |
allow mozilla_t $2:fd use;
|
|
|
1ec3d1a |
allow mozilla_t $2:process { sigchld signull };
|
|
|
1ec3d1a |
allow mozilla_t $2:unix_stream_socket connectto;
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
# Allow the user domain to signal/ps.
|
|
|
1ec3d1a |
ps_process_pattern($2, mozilla_t)
|
|
|
1ec3d1a |
allow $2 mozilla_t:process signal_perms;
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
allow $2 mozilla_t:fd use;
|
|
|
1ec3d1a |
allow $2 mozilla_t:shm { associate getattr };
|
|
|
1ec3d1a |
allow $2 mozilla_t:shm { unix_read unix_write };
|
|
|
1ec3d1a |
allow $2 mozilla_t:unix_stream_socket connectto;
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
# X access, Home files
|
|
|
1ec3d1a |
manage_dirs_pattern($2, mozilla_home_t, mozilla_home_t)
|
|
|
1ec3d1a |
manage_files_pattern($2, mozilla_home_t, mozilla_home_t)
|
|
|
1ec3d1a |
manage_lnk_files_pattern($2, mozilla_home_t, mozilla_home_t)
|
|
|
1ec3d1a |
relabel_dirs_pattern($2, mozilla_home_t, mozilla_home_t)
|
|
|
1ec3d1a |
relabel_files_pattern($2, mozilla_home_t, mozilla_home_t)
|
|
|
1ec3d1a |
relabel_lnk_files_pattern($2, mozilla_home_t, mozilla_home_t)
|
|
|
1ec3d1a |
|
|
|
8b08bfc |
#should be remove then with adding of roleattribute
|
|
|
8b08bfc |
mozilla_run_plugin(mozilla_t, $1)
|
|
|
1ec3d1a |
mozilla_dbus_chat($2)
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
userdom_manage_tmp_role($1, mozilla_t)
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
optional_policy(`
|
|
|
1ec3d1a |
nsplugin_role($1, mozilla_t)
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
optional_policy(`
|
|
|
1ec3d1a |
pulseaudio_role($1, mozilla_t)
|
|
|
1ec3d1a |
pulseaudio_filetrans_admin_home_content(mozilla_t)
|
|
|
1ec3d1a |
pulseaudio_filetrans_home_content(mozilla_t)
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
mozilla_filetrans_home_content($2)
|
|
|
bde701d |
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
########################################
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Read mozilla home directory content
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## <param name="domain">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Domain allowed access.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
interface(`mozilla_read_user_home_files',`
|
|
|
1ec3d1a |
gen_require(`
|
|
|
1ec3d1a |
type mozilla_home_t;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
allow $1 mozilla_home_t:dir list_dir_perms;
|
|
|
1ec3d1a |
allow $1 mozilla_home_t:file read_file_perms;
|
|
|
1ec3d1a |
allow $1 mozilla_home_t:lnk_file read_lnk_file_perms;
|
|
|
1ec3d1a |
userdom_search_user_home_dirs($1)
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
########################################
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Write mozilla home directory content
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## <param name="domain">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Domain allowed access.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
interface(`mozilla_write_user_home_files',`
|
|
|
1ec3d1a |
gen_require(`
|
|
|
1ec3d1a |
type mozilla_home_t;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
write_files_pattern($1, mozilla_home_t, mozilla_home_t)
|
|
|
1ec3d1a |
userdom_search_user_home_dirs($1)
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
########################################
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Dontaudit attempts to read/write mozilla home directory content
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## <param name="domain">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Domain to not audit.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
interface(`mozilla_dontaudit_rw_user_home_files',`
|
|
|
1ec3d1a |
gen_require(`
|
|
|
1ec3d1a |
type mozilla_home_t;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
dontaudit $1 mozilla_home_t:file rw_inherited_file_perms;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
########################################
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Dontaudit attempts to write mozilla home directory content
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## <param name="domain">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Domain to not audit.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
interface(`mozilla_dontaudit_manage_user_home_files',`
|
|
|
1ec3d1a |
gen_require(`
|
|
|
1ec3d1a |
type mozilla_home_t;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
dontaudit $1 mozilla_home_t:dir manage_dir_perms;
|
|
|
1ec3d1a |
dontaudit $1 mozilla_home_t:file manage_file_perms;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
########################################
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Execute mozilla home directory content.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## <param name="domain">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Domain allowed access.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
interface(`mozilla_exec_user_home_files',`
|
|
|
1ec3d1a |
gen_require(`
|
|
|
1ec3d1a |
type mozilla_home_t;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
can_exec($1, mozilla_home_t)
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
########################################
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Execmod mozilla home directory content.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## <param name="domain">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Domain allowed access.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
interface(`mozilla_execmod_user_home_files',`
|
|
|
1ec3d1a |
gen_require(`
|
|
|
1ec3d1a |
type mozilla_home_t;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
allow $1 mozilla_home_t:file execmod;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
########################################
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Run mozilla in the mozilla domain.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## <param name="domain">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Domain allowed to transition.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
interface(`mozilla_domtrans',`
|
|
|
1ec3d1a |
gen_require(`
|
|
|
1ec3d1a |
type mozilla_t, mozilla_exec_t;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
domtrans_pattern($1, mozilla_exec_t, mozilla_t)
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
########################################
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Execute a domain transition to run mozilla_plugin.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## <param name="domain">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Domain allowed access.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
interface(`mozilla_domtrans_plugin',`
|
|
|
1ec3d1a |
gen_require(`
|
|
|
1ec3d1a |
type mozilla_plugin_t, mozilla_plugin_exec_t;
|
|
|
1ec3d1a |
type mozilla_plugin_config_t, mozilla_plugin_config_exec_t;
|
|
|
1ec3d1a |
type mozilla_plugin_rw_t;
|
|
|
1ec3d1a |
class dbus send_msg;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
domtrans_pattern($1, mozilla_plugin_exec_t, mozilla_plugin_t)
|
|
|
1ec3d1a |
domtrans_pattern($1, mozilla_plugin_config_exec_t, mozilla_plugin_config_t)
|
|
|
1ec3d1a |
allow mozilla_plugin_t $1:process signull;
|
|
|
f9c1bc2 |
dontaudit mozilla_plugin_config_t $1:file read_inherited_file_perms;
|
|
|
1ec3d1a |
allow $1 mozilla_plugin_t:unix_stream_socket { connectto rw_socket_perms };
|
|
|
1ec3d1a |
allow $1 mozilla_plugin_t:fd use;
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
allow mozilla_plugin_t $1:unix_stream_socket rw_socket_perms;
|
|
|
1ec3d1a |
allow mozilla_plugin_t $1:unix_dgram_socket { sendto rw_socket_perms };
|
|
|
1ec3d1a |
allow mozilla_plugin_t $1:shm { rw_shm_perms destroy };
|
|
|
1ec3d1a |
allow mozilla_plugin_t $1:sem create_sem_perms;
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
ps_process_pattern($1, mozilla_plugin_t)
|
|
|
1ec3d1a |
allow $1 mozilla_plugin_t:process signal_perms;
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
list_dirs_pattern($1, mozilla_plugin_rw_t, mozilla_plugin_rw_t)
|
|
|
1ec3d1a |
read_files_pattern($1, mozilla_plugin_rw_t, mozilla_plugin_rw_t)
|
|
|
1ec3d1a |
read_lnk_files_pattern($1, mozilla_plugin_rw_t, mozilla_plugin_rw_t)
|
|
|
1ec3d1a |
can_exec($1, mozilla_plugin_rw_t)
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
allow $1 mozilla_plugin_t:dbus send_msg;
|
|
|
1ec3d1a |
allow mozilla_plugin_t $1:dbus send_msg;
|
|
|
1ec3d1a |
|
|
|
0057dfd |
allow mozilla_plugin_t $1:process signull;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
########################################
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Execute mozilla_plugin in the mozilla_plugin domain, and
|
|
|
1ec3d1a |
## allow the specified role the mozilla_plugin domain.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## <param name="domain">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Domain allowed access
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
## <param name="role">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## The role to be allowed the mozilla_plugin domain.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
interface(`mozilla_run_plugin',`
|
|
|
1ec3d1a |
gen_require(`
|
|
|
1ec3d1a |
type mozilla_plugin_t;
|
|
|
80aa858 |
attribute_role mozilla_plugin_roles, mozilla_plugin_config_roles;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
mozilla_domtrans_plugin($1)
|
|
|
80aa858 |
roleattribute $2 mozilla_plugin_roles;
|
|
|
80aa858 |
roleattribute $2 mozilla_plugin_config_roles;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
#######################################
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Execute qemu unconfined programs in the role.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## <param name="role">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## The role to allow the mozilla_plugin domain.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
## <rolecap/>
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
interface(`mozilla_role_plugin',`
|
|
|
1ec3d1a |
gen_require(`
|
|
|
80aa858 |
attribute_role mozilla_plugin_roles, mozilla_plugin_config_roles;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
a9ea446 |
roleattribute $1 mozilla_plugin_roles;
|
|
|
a9ea446 |
roleattribute $1 mozilla_plugin_config_roles;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
########################################
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Send and receive messages from
|
|
|
1ec3d1a |
## mozilla over dbus.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## <param name="domain">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Domain allowed access.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
interface(`mozilla_dbus_chat',`
|
|
|
1ec3d1a |
gen_require(`
|
|
|
1ec3d1a |
type mozilla_t;
|
|
|
1ec3d1a |
class dbus send_msg;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
allow $1 mozilla_t:dbus send_msg;
|
|
|
1ec3d1a |
allow mozilla_t $1:dbus send_msg;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
########################################
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## read/write mozilla per user tcp_socket
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## <param name="domain">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Domain allowed access.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
interface(`mozilla_rw_tcp_sockets',`
|
|
|
1ec3d1a |
gen_require(`
|
|
|
1ec3d1a |
type mozilla_t;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
allow $1 mozilla_t:tcp_socket rw_socket_perms;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
#######################################
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Read mozilla_plugin tmpfs files
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## <param name="domain">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Domain allowed access
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
interface(`mozilla_plugin_read_tmpfs_files',`
|
|
|
1ec3d1a |
gen_require(`
|
|
|
1ec3d1a |
type mozilla_plugin_tmpfs_t;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
allow $1 mozilla_plugin_tmpfs_t:file read_file_perms;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
########################################
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Delete mozilla_plugin tmpfs files
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## <param name="domain">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Domain allowed access
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
interface(`mozilla_plugin_delete_tmpfs_files',`
|
|
|
1ec3d1a |
gen_require(`
|
|
|
1ec3d1a |
type mozilla_plugin_tmpfs_t;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
allow $1 mozilla_plugin_tmpfs_t:file delete_file_perms;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
########################################
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Dontaudit read/write to a mozilla_plugin leaks
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## <param name="domain">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Domain to not audit.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
interface(`mozilla_plugin_dontaudit_leaks',`
|
|
|
1ec3d1a |
gen_require(`
|
|
|
1ec3d1a |
type mozilla_plugin_t;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
dontaudit $1 mozilla_plugin_t:unix_stream_socket { read write };
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
#######################################
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Dontaudit read/write to a mozilla_plugin tmp files.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## <param name="domain">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Domain to not audit.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
interface(`mozilla_plugin_dontaudit_rw_tmp_files',`
|
|
|
1ec3d1a |
gen_require(`
|
|
|
1ec3d1a |
type mozilla_plugin_tmp_t;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
dontaudit $1 mozilla_plugin_tmp_t:file { read write };
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
########################################
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Create, read, write, and delete
|
|
|
1ec3d1a |
## mozilla_plugin rw files.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## <param name="domain">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Domain allowed access.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
interface(`mozilla_plugin_manage_rw_files',`
|
|
|
1ec3d1a |
gen_require(`
|
|
|
1ec3d1a |
type mozilla_plugin_rw_t;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
allow $1 mozilla_plugin_rw_t:file manage_file_perms;
|
|
|
1ec3d1a |
allow $1 mozilla_plugin_rw_t:dir rw_dir_perms;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
########################################
|
|
|
1ec3d1a |
## <summary>
|
|
|
3a45cf8 |
## read mozilla_plugin rw files.
|
|
|
3a45cf8 |
## </summary>
|
|
|
3a45cf8 |
## <param name="domain">
|
|
|
3a45cf8 |
## <summary>
|
|
|
3a45cf8 |
## Domain allowed access.
|
|
|
3a45cf8 |
## </summary>
|
|
|
3a45cf8 |
## </param>
|
|
|
3a45cf8 |
#
|
|
|
3a45cf8 |
interface(`mozilla_plugin_read_rw_files',`
|
|
|
3a45cf8 |
gen_require(`
|
|
|
3a45cf8 |
type mozilla_plugin_rw_t;
|
|
|
3a45cf8 |
')
|
|
|
3a45cf8 |
|
|
|
3a45cf8 |
read_files_pattern($1, mozilla_plugin_rw_t, mozilla_plugin_rw_t)
|
|
|
3a45cf8 |
')
|
|
|
3a45cf8 |
|
|
|
3a45cf8 |
########################################
|
|
|
3a45cf8 |
## <summary>
|
|
|
1ec3d1a |
## Create mozilla content in the user home directory
|
|
|
1ec3d1a |
## with an correct label.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## <param name="domain">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Domain allowed access.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
interface(`mozilla_filetrans_home_content',`
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
gen_require(`
|
|
|
1ec3d1a |
type mozilla_home_t;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
userdom_user_home_dir_filetrans($1, mozilla_home_t, dir, ".galeon")
|
|
|
1ec3d1a |
userdom_user_home_dir_filetrans($1, mozilla_home_t, dir, ".java")
|
|
|
1ec3d1a |
userdom_user_home_dir_filetrans($1, mozilla_home_t, dir, ".mozilla")
|
|
|
1ec3d1a |
userdom_user_home_dir_filetrans($1, mozilla_home_t, dir, ".thunderbird")
|
|
|
1ec3d1a |
userdom_user_home_dir_filetrans($1, mozilla_home_t, dir, ".netscape")
|
|
|
1ec3d1a |
userdom_user_home_dir_filetrans($1, mozilla_home_t, dir, ".phoenix")
|
|
|
1ec3d1a |
userdom_user_home_dir_filetrans($1, mozilla_home_t, dir, ".adobe")
|
|
|
1ec3d1a |
userdom_user_home_dir_filetrans($1, mozilla_home_t, dir, ".macromedia")
|
|
|
1ec3d1a |
userdom_user_home_dir_filetrans($1, mozilla_home_t, dir, ".gnash")
|
|
|
1ec3d1a |
userdom_user_home_dir_filetrans($1, mozilla_home_t, dir, ".gcjwebplugin")
|
|
|
1ec3d1a |
userdom_user_home_dir_filetrans($1, mozilla_home_t, dir, ".icedteaplugin")
|
|
|
1ec3d1a |
userdom_user_home_dir_filetrans($1, mozilla_home_t, dir, ".spicec")
|
|
|
cb85c12 |
userdom_user_home_dir_filetrans($1, mozilla_home_t, dir, ".ICAClient")
|
|
|
cb85c12 |
userdom_user_home_dir_filetrans($1, mozilla_home_t, dir, "zimbrauserdata")
|
|
|
2720d0b |
userdom_user_home_dir_filetrans($1, mozilla_home_t, dir, ".lyx")
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|