From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Sat, 16 Apr 2011 14:30:51 +0200
Subject: [refpolicy] [PATCH 05/15] Allow mozilla/firefox to manage
 tempfiles
In-Reply-To: <4D89F14D.5070500@tresys.com>
References: <20110309211121.GA4682@siphos.be>
 <4D89F14D.5070500@tresys.com>
Message-ID: <20110416123051.GA13024@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Wed, Mar 23, 2011 at 09:10:37AM -0400, Christopher J. PeBenito wrote:
> On 03/09/11 16:11, Sven Vermeulen wrote:
> > +type mozilla_tmp_t;
> > +files_tmp_file(mozilla_tmp_t)
> > +ubac_contrained(mozilla_tmp_t)
> > +
> >  ########################################
> >  #
> >  # Local policy
> > @@ -68,6 +72,10 @@ manage_fifo_files_pattern(mozilla_t, mozilla_tmpfs_t, mozilla_tmpfs_t)
> >  manage_sock_files_pattern(mozilla_t, mozilla_tmpfs_t, mozilla_tmpfs_t)
> >  fs_tmpfs_filetrans(mozilla_t, mozilla_tmpfs_t, { file lnk_file sock_file fifo_file })
> >  
> > +manage_files_pattern(mozilla_t, mozilla_tmp_t, mozilla_tmp_t)
> > +manage_dirs_pattern(mozilla_t, mozilla_tmp_t, mozilla_tmp_t)
> > +files_tmp_filetrans(mozilla_t, mozilla_tmp_t, { file dir } )
> > +
> >  kernel_read_kernel_sysctls(mozilla_t)
> >  kernel_read_network_state(mozilla_t)
> >  # Access /proc, sysctl

The mozilla_tmp_t is used by firefox to create
/tmp/plugtmp/plugin-crossdomain.xml (for instance while viewing Youtube
streams).

> > @@ -142,6 +150,8 @@ miscfiles_dontaudit_setattr_fonts_dirs(mozilla_t)
> >  sysnet_dns_name_resolve(mozilla_t)
> >  
> >  userdom_use_user_ptys(mozilla_t)
> > +userdom_manage_user_tmp_files(mozilla_t)
> > +userdom_manage_user_tmp_sockets(mozilla_t)
> 
> Do you have more info on these?  Such as what files and sockets are
> being managed?

These ones I have not been able to hit immediately, but I'll run a while
without to see if I can get the information back.

Wkr,
	Sven Vermeulen