From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Wed, 9 Mar 2011 22:12:38 +0100
Subject: [refpolicy] [PATCH 06/15] Add firefox file contexts for binary
	installations
Message-ID: <20110309211238.GA4704@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Binary installations of firefox provide binaries in /opt/firefox by default. 

Also, binary can be in /usr/bin (but most often this is a script that calls
the binary in /opt/firefox). In both cases, this needs to be marked as
mozilla_exec_t too.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 policy/modules/apps/mozilla.fc |   10 ++++++++++
 1 files changed, 10 insertions(+), 0 deletions(-)

diff --git a/policy/modules/apps/mozilla.fc b/policy/modules/apps/mozilla.fc
index 93ac529..ad59444 100644
--- a/policy/modules/apps/mozilla.fc
+++ b/policy/modules/apps/mozilla.fc
@@ -7,6 +7,7 @@ HOME_DIR/\.phoenix(/.*)?		gen_context(system_u:object_r:mozilla_home_t,s0)
 #
 # /bin
 #
+/usr/bin/firefox(-bin)?		--	gen_context(system_u:object_r:mozilla_exec_t,s0)
 /usr/bin/netscape		--	gen_context(system_u:object_r:mozilla_exec_t,s0)
 /usr/bin/mozilla		--	gen_context(system_u:object_r:mozilla_exec_t,s0)
 /usr/bin/mozilla-snapshot	--	gen_context(system_u:object_r:mozilla_exec_t,s0)
@@ -27,3 +28,12 @@ HOME_DIR/\.phoenix(/.*)?		gen_context(system_u:object_r:mozilla_home_t,s0)
 /usr/lib(64)?/[^/]*firefox[^/]*/firefox-bin -- gen_context(system_u:object_r:mozilla_exec_t,s0)
 /usr/lib/[^/]*firefox[^/]*/firefox --	gen_context(system_u:object_r:mozilla_exec_t,s0)
 /usr/lib64/[^/]*firefox[^/]*/firefox -- gen_context(system_u:object_r:mozilla_exec_t,s0)
+
+#
+# /opt
+#
+/opt/firefox/libxul\.so		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
+/opt/firefox/firefox		--	gen_context(system_u:object_r:mozilla_exec_t,s0)
+/opt/firefox/run-mozilla\.sh	--	gen_context(system_u:object_r:mozilla_exec_t,s0)
+/opt/firefox/firefox-bin	--	gen_context(system_u:object_r:mozilla_exec_t,s0)
+/opt/firefox/plugin-container	--	gen_context(system_u:object_r:mozilla_exec_t,s0)
-- 
1.7.3.4