From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Wed, 23 Mar 2011 09:08:49 -0400
Subject: [refpolicy] [PATCH 06/15] Add firefox file contexts for binary
 installations
In-Reply-To: <20110309211238.GA4704@siphos.be>
References: <20110309211238.GA4704@siphos.be>
Message-ID: <4D89F0E1.2080300@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 03/09/11 16:12, Sven Vermeulen wrote:
> Binary installations of firefox provide binaries in /opt/firefox by default. 
> 
> Also, binary can be in /usr/bin (but most often this is a script that calls
> the binary in /opt/firefox). In both cases, this needs to be marked as
> mozilla_exec_t too.

I suspect that these are Gentoo-specific.  If so, they should be in
distro_gentoo blocks.

> Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
> ---
>  policy/modules/apps/mozilla.fc |   10 ++++++++++
>  1 files changed, 10 insertions(+), 0 deletions(-)
> 
> diff --git a/policy/modules/apps/mozilla.fc b/policy/modules/apps/mozilla.fc
> index 93ac529..ad59444 100644
> --- a/policy/modules/apps/mozilla.fc
> +++ b/policy/modules/apps/mozilla.fc
> @@ -7,6 +7,7 @@ HOME_DIR/\.phoenix(/.*)?		gen_context(system_u:object_r:mozilla_home_t,s0)
>  #
>  # /bin
>  #
> +/usr/bin/firefox(-bin)?		--	gen_context(system_u:object_r:mozilla_exec_t,s0)
>  /usr/bin/netscape		--	gen_context(system_u:object_r:mozilla_exec_t,s0)
>  /usr/bin/mozilla		--	gen_context(system_u:object_r:mozilla_exec_t,s0)
>  /usr/bin/mozilla-snapshot	--	gen_context(system_u:object_r:mozilla_exec_t,s0)
> @@ -27,3 +28,12 @@ HOME_DIR/\.phoenix(/.*)?		gen_context(system_u:object_r:mozilla_home_t,s0)
>  /usr/lib(64)?/[^/]*firefox[^/]*/firefox-bin -- gen_context(system_u:object_r:mozilla_exec_t,s0)
>  /usr/lib/[^/]*firefox[^/]*/firefox --	gen_context(system_u:object_r:mozilla_exec_t,s0)
>  /usr/lib64/[^/]*firefox[^/]*/firefox -- gen_context(system_u:object_r:mozilla_exec_t,s0)
> +
> +#
> +# /opt
> +#
> +/opt/firefox/libxul\.so		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
> +/opt/firefox/firefox		--	gen_context(system_u:object_r:mozilla_exec_t,s0)
> +/opt/firefox/run-mozilla\.sh	--	gen_context(system_u:object_r:mozilla_exec_t,s0)
> +/opt/firefox/firefox-bin	--	gen_context(system_u:object_r:mozilla_exec_t,s0)
> +/opt/firefox/plugin-container	--	gen_context(system_u:object_r:mozilla_exec_t,s0)


-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com