Chris PeBenito 31b7c0
#
Chris PeBenito 31b7c0
# Thunderbird
Chris PeBenito 31b7c0
#
Chris PeBenito 31b7c0
# Author: Ivan Gyurdiev <ivg2@cornell.edu>
Chris PeBenito 31b7c0
#
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
#######################################
Chris PeBenito 31b7c0
# thunderbird_domain(role_prefix)
Chris PeBenito 31b7c0
#
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
# FIXME: Rules were removed to centralize policy in a gnome_app macro
Chris PeBenito 31b7c0
# A similar thing might be necessary for mozilla compiled without GNOME
Chris PeBenito 31b7c0
# support (is this possible?).
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
define(`thunderbird_domain', `
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
# Type for program
Chris PeBenito 31b7c0
type $1_thunderbird_t, domain, nscd_client_domain;
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
# Transition from user type
Chris PeBenito 31b7c0
if (! disable_thunderbird_trans) {
Chris PeBenito 31b7c0
domain_auto_trans($1_t, thunderbird_exec_t, $1_thunderbird_t)
Chris PeBenito 31b7c0
}
Chris PeBenito 31b7c0
role $1_r types $1_thunderbird_t;
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
# FIXME: Why does it try to do that?
Chris PeBenito 31b7c0
dontaudit $1_thunderbird_t evolution_exec_t:file { getattr execute };
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
# Why is thunderbird looking in .mozilla ?
Chris PeBenito 31b7c0
# FIXME: there are legitimate uses of invoking the browser - about -> release notes
Chris PeBenito 31b7c0
dontaudit $1_thunderbird_t $1_mozilla_home_t:dir search;
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
# .kde/....gtkrc
Chris PeBenito 31b7c0
# FIXME: support properly 
Chris PeBenito 31b7c0
dontaudit $1_thunderbird_t $1_home_t:file { getattr read };
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
# X, mail common stuff
Chris PeBenito 31b7c0
x_client_domain($1_thunderbird, $1)
Chris PeBenito 31b7c0
mail_client_domain($1_thunderbird, $1)
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
allow $1_thunderbird_t self:process signull;
Chris PeBenito 31b7c0
allow $1_thunderbird_t fs_t:filesystem getattr;
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
# GNOME support
Chris PeBenito 31b7c0
ifdef(`gnome.te', `
Chris PeBenito 31b7c0
gnome_application($1_thunderbird, $1)
Chris PeBenito 31b7c0
gnome_file_dialog($1_thunderbird, $1)
Chris PeBenito 31b7c0
allow $1_thunderbird_t $1_gnome_settings_t:file { read write };
Chris PeBenito 31b7c0
')
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
# Access ~/.thunderbird
Chris PeBenito 31b7c0
home_domain($1, thunderbird)
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
# RSS feeds
Chris PeBenito 31b7c0
can_network_client_tcp($1_thunderbird_t, http_port_t) 
Chris PeBenito 31b7c0
allow $1_thunderbird_t http_port_t:tcp_socket name_connect;
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
allow $1_thunderbird_t self:process { execheap execmem execstack };
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
')