2017-09-12 22:07:26

by Mira Ressel

[permalink] [raw]
Subject: [refpolicy] [PATCH 1/2] alsa: alsactl needs to map its configuration

The code is in alsactl/init_parse.c; there's no fallback.
---
alsa.te | 1 +
1 file changed, 1 insertion(+)

diff --git a/alsa.te b/alsa.te
index 025dcd0..2c48046 100644
--- a/alsa.te
+++ b/alsa.te
@@ -53,6 +53,7 @@ allow alsa_t alsa_home_t:file read_file_perms;
list_dirs_pattern(alsa_t, alsa_etc_t, alsa_etc_t)
read_files_pattern(alsa_t, alsa_etc_t, alsa_etc_t)
read_lnk_files_pattern(alsa_t, alsa_etc_t, alsa_etc_t)
+allow alsa_t alsa_etc_t:file map;

can_exec(alsa_t, alsa_exec_t)

--
2.14.1


2017-09-12 22:07:27

by Mira Ressel

[permalink] [raw]
Subject: [refpolicy] [PATCH 2/2] mozilla: Add neccessary map permissions

The mozilla_home_t access is needed for sqlite (ff won't even start up
without it), while the mozilla_tmp_t mapping appears to be related to
the handling of addons.
---
mozilla.te | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/mozilla.te b/mozilla.te
index 5cba449..68248f8 100644
--- a/mozilla.te
+++ b/mozilla.te
@@ -88,7 +88,7 @@ allow mozilla_t mozilla_plugin_t:unix_stream_socket rw_socket_perms;
allow mozilla_t mozilla_plugin_t:fd use;

allow mozilla_t { mozilla_home_t mozilla_plugin_home_t }:dir manage_dir_perms;
-allow mozilla_t { mozilla_home_t mozilla_plugin_home_t }:file manage_file_perms;
+allow mozilla_t { mozilla_home_t mozilla_plugin_home_t }:file { manage_file_perms map };
allow mozilla_t mozilla_home_t:lnk_file manage_lnk_file_perms;
userdom_user_home_dir_filetrans(mozilla_t, mozilla_home_t, dir, ".galeon")
userdom_user_home_dir_filetrans(mozilla_t, mozilla_home_t, dir, ".mozilla")
@@ -100,6 +100,7 @@ filetrans_pattern(mozilla_t, mozilla_home_t, mozilla_plugin_home_t, dir, "plugin
manage_files_pattern(mozilla_t, mozilla_tmp_t, mozilla_tmp_t)
manage_lnk_files_pattern(mozilla_t, mozilla_tmp_t, mozilla_tmp_t)
manage_dirs_pattern(mozilla_t, mozilla_tmp_t, mozilla_tmp_t)
+allow mozilla_t mozilla_tmp_t:file map;
files_tmp_filetrans(mozilla_t, mozilla_tmp_t, { file dir })

manage_files_pattern(mozilla_t, mozilla_tmpfs_t, mozilla_tmpfs_t)
--
2.14.1

2017-09-12 23:18:14

by Chris PeBenito

[permalink] [raw]
Subject: [refpolicy] [PATCH 1/2] alsa: alsactl needs to map its configuration

On 09/12/2017 06:07 PM, Luis Ressel via refpolicy wrote:
> The code is in alsactl/init_parse.c; there's no fallback.
> ---
> alsa.te | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/alsa.te b/alsa.te
> index 025dcd0..2c48046 100644
> --- a/alsa.te
> +++ b/alsa.te
> @@ -53,6 +53,7 @@ allow alsa_t alsa_home_t:file read_file_perms;
> list_dirs_pattern(alsa_t, alsa_etc_t, alsa_etc_t)
> read_files_pattern(alsa_t, alsa_etc_t, alsa_etc_t)
> read_lnk_files_pattern(alsa_t, alsa_etc_t, alsa_etc_t)
> +allow alsa_t alsa_etc_t:file map;
>
> can_exec(alsa_t, alsa_exec_t)

Merged.

--
Chris PeBenito

2017-09-12 23:18:22

by Chris PeBenito

[permalink] [raw]
Subject: [refpolicy] [PATCH 2/2] mozilla: Add neccessary map permissions

On 09/12/2017 06:07 PM, Luis Ressel via refpolicy wrote:
> The mozilla_home_t access is needed for sqlite (ff won't even start up
> without it), while the mozilla_tmp_t mapping appears to be related to
> the handling of addons.
> ---
> mozilla.te | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/mozilla.te b/mozilla.te
> index 5cba449..68248f8 100644
> --- a/mozilla.te
> +++ b/mozilla.te
> @@ -88,7 +88,7 @@ allow mozilla_t mozilla_plugin_t:unix_stream_socket rw_socket_perms;
> allow mozilla_t mozilla_plugin_t:fd use;
>
> allow mozilla_t { mozilla_home_t mozilla_plugin_home_t }:dir manage_dir_perms;
> -allow mozilla_t { mozilla_home_t mozilla_plugin_home_t }:file manage_file_perms;
> +allow mozilla_t { mozilla_home_t mozilla_plugin_home_t }:file { manage_file_perms map };
> allow mozilla_t mozilla_home_t:lnk_file manage_lnk_file_perms;
> userdom_user_home_dir_filetrans(mozilla_t, mozilla_home_t, dir, ".galeon")
> userdom_user_home_dir_filetrans(mozilla_t, mozilla_home_t, dir, ".mozilla")
> @@ -100,6 +100,7 @@ filetrans_pattern(mozilla_t, mozilla_home_t, mozilla_plugin_home_t, dir, "plugin
> manage_files_pattern(mozilla_t, mozilla_tmp_t, mozilla_tmp_t)
> manage_lnk_files_pattern(mozilla_t, mozilla_tmp_t, mozilla_tmp_t)
> manage_dirs_pattern(mozilla_t, mozilla_tmp_t, mozilla_tmp_t)
> +allow mozilla_t mozilla_tmp_t:file map;
> files_tmp_filetrans(mozilla_t, mozilla_tmp_t, { file dir })
>
> manage_files_pattern(mozilla_t, mozilla_tmpfs_t, mozilla_tmpfs_t)

Merged.

--
Chris PeBenito