Blame SOURCES/fapolicyd-java2.patch

4255d0
From 32a47ce0557c9b38ee59acec97d8f5bd01b4751d Mon Sep 17 00:00:00 2001
4255d0
From: Steve Grubb <sgrubb@redhat.com>
4255d0
Date: Tue, 10 Nov 2020 11:47:37 -0500
4255d0
Subject: [PATCH] Pickup more languages in /usr/share
4255d0
4255d0
It turns out that there is a lot of languages placing code for execution
4255d0
in /usr/share. This patch widens the filter so that more file extensions
4255d0
are included in the trust database. Without this, access to pki-ca.jar,
4255d0
for example, is denied access.
4255d0
---
4255d0
 src/library/rpm-backend.c | 31 +++++++++++++++++++++++++++++++
4255d0
 1 file changed, 31 insertions(+)
4255d0
4255d0
diff --git a/src/library/rpm-backend.c b/src/library/rpm-backend.c
4255d0
index 25f867a..6ce8a2d 100644
4255d0
--- a/src/library/rpm-backend.c
4255d0
+++ b/src/library/rpm-backend.c
4255d0
@@ -183,6 +183,7 @@ static int drop_path(const char *file_name)
4255d0
 			// Drop anything in /usr/share that's
4255d0
 			// not python, javascript, or has a libexec dir
4255d0
 			if (file_name[6] == 'h' ) {
4255d0
+				// These are roughly ordered by quantity
4255d0
 				if (fnmatch("*.py?",
4255d0
 						 file_name, 0) == 0)
4255d0
 					return 0;
4255d0
@@ -192,9 +193,39 @@ static int drop_path(const char *file_name)
4255d0
 				else if (fnmatch("*/libexec/*",
4255d0
 						file_name, 0) == 0)
4255d0
 					return 0;
4255d0
+				else if (fnmatch("*.rb",
4255d0
+						 file_name, 0) == 0)
4255d0
+					return 0;
4255d0
+				else if (fnmatch("*.pl",
4255d0
+						 file_name, 0) == 0)
4255d0
+					return 0;
4255d0
+				else if (fnmatch("*.stp",
4255d0
+						 file_name, 0) == 0)
4255d0
+					return 0;
4255d0
 				else if (fnmatch("*.js",
4255d0
 						 file_name, 0) == 0)
4255d0
 					return 0;
4255d0
+				else if (fnmatch("*.jar",
4255d0
+						 file_name, 0) == 0)
4255d0
+					return 0;
4255d0
+				else if (fnmatch("*.m4",
4255d0
+						 file_name, 0) == 0)
4255d0
+					return 0;
4255d0
+				else if (fnmatch("*.php",
4255d0
+						 file_name, 0) == 0)
4255d0
+					return 0;
4255d0
+				else if (fnmatch("*.el",
4255d0
+						 file_name, 0) == 0)
4255d0
+					return 0;
4255d0
+				else if (fnmatch("*.pm",
4255d0
+						 file_name, 0) == 0)
4255d0
+					return 0;
4255d0
+				else if (fnmatch("*.lua",
4255d0
+						 file_name, 0) == 0)
4255d0
+					return 0;
4255d0
+				else if (fnmatch("*.java",
4255d0
+						 file_name, 0) == 0)
4255d0
+					return 0;
4255d0
 				return 1;
4255d0
 			// Akmod need scripts in /usr/src/kernel
4255d0
 			} else if (file_name[6] == 'r' ) {