|
Chris PeBenito |
2705f9 |
#
|
|
Chris PeBenito |
2705f9 |
# Thunderbird
|
|
Chris PeBenito |
2705f9 |
#
|
|
Chris PeBenito |
2705f9 |
# Author: Ivan Gyurdiev <ivg2@cornell.edu>
|
|
Chris PeBenito |
2705f9 |
#
|
|
Chris PeBenito |
2705f9 |
|
|
Chris PeBenito |
2705f9 |
#######################################
|
|
Chris PeBenito |
2705f9 |
# thunderbird_domain(role_prefix)
|
|
Chris PeBenito |
2705f9 |
#
|
|
Chris PeBenito |
2705f9 |
|
|
Chris PeBenito |
2705f9 |
# FIXME: Rules were removed to centralize policy in a gnome_app macro
|
|
Chris PeBenito |
2705f9 |
# A similar thing might be necessary for mozilla compiled without GNOME
|
|
Chris PeBenito |
2705f9 |
# support (is this possible?).
|
|
Chris PeBenito |
2705f9 |
|
|
Chris PeBenito |
2705f9 |
define(`thunderbird_domain', `
|
|
Chris PeBenito |
2705f9 |
|
|
Chris PeBenito |
2705f9 |
# Type for program
|
|
Chris PeBenito |
2705f9 |
type $1_thunderbird_t, domain, nscd_client_domain;
|
|
Chris PeBenito |
2705f9 |
|
|
Chris PeBenito |
2705f9 |
# Transition from user type
|
|
Chris PeBenito |
2705f9 |
if (! disable_thunderbird_trans) {
|
|
Chris PeBenito |
2705f9 |
domain_auto_trans($1_t, thunderbird_exec_t, $1_thunderbird_t)
|
|
Chris PeBenito |
2705f9 |
}
|
|
Chris PeBenito |
2705f9 |
role $1_r types $1_thunderbird_t;
|
|
Chris PeBenito |
2705f9 |
|
|
Chris PeBenito |
2705f9 |
# FIXME: Why does it try to do that?
|
|
Chris PeBenito |
2705f9 |
dontaudit $1_thunderbird_t evolution_exec_t:file { getattr execute };
|
|
Chris PeBenito |
2705f9 |
|
|
Chris PeBenito |
2705f9 |
# Why is thunderbird looking in .mozilla ?
|
|
Chris PeBenito |
2705f9 |
# FIXME: there are legitimate uses of invoking the browser - about -> release notes
|
|
Chris PeBenito |
2705f9 |
dontaudit $1_thunderbird_t $1_mozilla_home_t:dir search;
|
|
Chris PeBenito |
2705f9 |
|
|
Chris PeBenito |
2705f9 |
# .kde/....gtkrc
|
|
Chris PeBenito |
2705f9 |
# FIXME: support properly
|
|
Chris PeBenito |
2705f9 |
dontaudit $1_thunderbird_t $1_home_t:file { getattr read };
|
|
Chris PeBenito |
2705f9 |
|
|
Chris PeBenito |
2705f9 |
# X, mail common stuff
|
|
Chris PeBenito |
2705f9 |
x_client_domain($1_thunderbird, $1)
|
|
Chris PeBenito |
2705f9 |
mail_client_domain($1_thunderbird, $1)
|
|
Chris PeBenito |
2705f9 |
|
|
Chris PeBenito |
2705f9 |
allow $1_thunderbird_t fs_t:filesystem getattr;
|
|
Chris PeBenito |
2705f9 |
|
|
Chris PeBenito |
2705f9 |
# GNOME support
|
|
Chris PeBenito |
2705f9 |
ifdef(`gnome.te', `
|
|
Chris PeBenito |
2705f9 |
gnome_application($1_thunderbird, $1)
|
|
Chris PeBenito |
2705f9 |
gnome_file_dialog($1_thunderbird, $1)
|
|
Chris PeBenito |
2705f9 |
allow $1_thunderbird_t $1_gnome_settings_t:file { read write };
|
|
Chris PeBenito |
2705f9 |
')
|
|
Chris PeBenito |
2705f9 |
|
|
Chris PeBenito |
2705f9 |
# Access ~/.thunderbird
|
|
Chris PeBenito |
2705f9 |
home_domain($1, thunderbird)
|
|
Chris PeBenito |
2705f9 |
|
|
Chris PeBenito |
2705f9 |
# RSS feeds
|
|
Chris PeBenito |
2705f9 |
can_network_client_tcp($1_thunderbird_t, http_port_t)
|
|
Chris PeBenito |
2705f9 |
allow $1_thunderbird_t http_port_t:tcp_socket name_connect;
|
|
Chris PeBenito |
2705f9 |
|
|
Chris PeBenito |
2705f9 |
allow $1_thunderbird_t self:process { execheap execstack };
|
|
Chris PeBenito |
2705f9 |
if (allow_execmem) {
|
|
Chris PeBenito |
2705f9 |
allow $1_thunderbird_t self:process execmem;
|
|
Chris PeBenito |
2705f9 |
}
|
|
Chris PeBenito |
2705f9 |
|
|
Chris PeBenito |
2705f9 |
')
|