From 06625d302c8020efc72c93889957804c8af9ad58 Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Jul 27 2009 13:11:12 +0000 Subject: mozilla patch from dan. --- diff --git a/policy/modules/apps/mozilla.fc b/policy/modules/apps/mozilla.fc index b6f0924..4df06a0 100644 --- a/policy/modules/apps/mozilla.fc +++ b/policy/modules/apps/mozilla.fc @@ -15,11 +15,6 @@ HOME_DIR/\.phoenix(/.*)? gen_context(system_u:object_r:mozilla_home_t,s0) /usr/bin/mozilla-bin-[0-9].* -- gen_context(system_u:object_r:mozilla_exec_t,s0) # -# /etc -# -/etc/mozpluggerrc -- gen_context(system_u:object_r:mozilla_conf_t,s0) - -# # /lib # /usr/lib(64)?/galeon/galeon -- gen_context(system_u:object_r:mozilla_exec_t,s0) @@ -29,3 +24,5 @@ HOME_DIR/\.phoenix(/.*)? gen_context(system_u:object_r:mozilla_home_t,s0) /usr/lib(64)?/mozilla[^/]*/mozilla-.* -- gen_context(system_u:object_r:mozilla_exec_t,s0) /usr/lib(64)?/firefox[^/]*/mozilla-.* -- gen_context(system_u:object_r:mozilla_exec_t,s0) /usr/lib(64)?/[^/]*firefox[^/]*/firefox-bin -- gen_context(system_u:object_r:mozilla_exec_t,s0) +/usr/lib/[^/]*firefox[^/]*/firefox -- gen_context(system_u:object_r:mozilla_exec_t,s0) +/usr/lib64/[^/]*firefox[^/]*/firefox -- gen_context(system_u:object_r:mozilla_exec_t,s0) diff --git a/policy/modules/apps/mozilla.if b/policy/modules/apps/mozilla.if index 3811a40..53c0e82 100644 --- a/policy/modules/apps/mozilla.if +++ b/policy/modules/apps/mozilla.if @@ -82,8 +82,7 @@ interface(`mozilla_write_user_home_files',` type mozilla_home_t; ') - allow $1 mozilla_home_t:dir list_dir_perms; - allow $1 mozilla_home_t:file write; + write_files_pattern($1, mozilla_home_t, mozilla_home_t) userdom_search_user_home_dirs($1) ') diff --git a/policy/modules/apps/mozilla.te b/policy/modules/apps/mozilla.te index db466cb..21a5bd2 100644 --- a/policy/modules/apps/mozilla.te +++ b/policy/modules/apps/mozilla.te @@ -1,5 +1,5 @@ -policy_module(mozilla, 2.0.2) +policy_module(mozilla, 2.0.3) ######################################## # @@ -105,6 +105,7 @@ corenet_sendrecv_generic_client_packets(mozilla_t) # Should not need other ports corenet_dontaudit_tcp_sendrecv_generic_port(mozilla_t) corenet_dontaudit_tcp_bind_generic_port(mozilla_t) +corenet_tcp_connect_speech_port(mozilla_t) dev_read_urand(mozilla_t) dev_read_rand(mozilla_t) @@ -234,6 +235,7 @@ optional_policy(` optional_policy(` gnome_stream_connect_gconf(mozilla_t) + gnome_manage_config(mozilla_t) ') optional_policy(` diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in index 7b70b70..67620d0 100644 --- a/policy/modules/kernel/corenetwork.te.in +++ b/policy/modules/kernel/corenetwork.te.in @@ -1,5 +1,5 @@ -policy_module(corenetwork, 1.11.12) +policy_module(corenetwork, 1.11.13) ######################################## # @@ -175,6 +175,7 @@ network_port(snmp, udp,161,s0, udp,162,s0, tcp,199,s0) type socks_port_t, port_type; dnl network_port(socks) # no defined portcon network_port(soundd, tcp,8000,s0, tcp,9433,s0, tcp, 16001, s0) network_port(spamd, tcp,783,s0) +network_port(speech, tcp,8036,s0) network_port(squid, udp,3401,s0, tcp,3401,s0, udp,4827,s0, tcp,4827,s0) # snmp and htcp network_port(ssh, tcp,22,s0) type stunnel_port_t, port_type; dnl network_port(stunnel) # no defined portcon in current strict