From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Fri, 4 May 2012 11:13:59 -0400
Subject: [refpolicy] [PATCH 2/2] Support mozilla_roles
In-Reply-To: <20120501083319.GK32060@siphos.be>
References: <20120501083319.GK32060@siphos.be>
Message-ID: <4FA3F237.2060005@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 05/01/12 04:33, Sven Vermeulen wrote:
> The mozilla definition already includes the mozilla_roles role attribute, but missed including the mozilla_plugin in it.
> Also, the mozilla_role() interface should add the mozilla_roles attribute to the calling role, not just the mozilla_t type.
> 
> Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
> ---
>  mozilla.if |    3 ++-
>  mozilla.te |    2 +-
>  2 files changed, 3 insertions(+), 2 deletions(-)
> 
> diff --git a/mozilla.if b/mozilla.if
> index af2ba47..b397fde 100644
> --- a/mozilla.if
> +++ b/mozilla.if
> @@ -18,9 +18,10 @@
>  interface(`mozilla_role',`
>  	gen_require(`
>  		type mozilla_t, mozilla_exec_t, mozilla_home_t;
> +		attribute_role mozilla_roles;
>  	')
>  
> -	role $1 types mozilla_t;
> +	roleattribute $1 mozilla_roles;
>  
>  	domain_auto_trans($2, mozilla_exec_t, mozilla_t)
>  	# Unrestricted inheritance from the caller.
> diff --git a/mozilla.te b/mozilla.te
> index c4f425d..d3fad85 100644
> --- a/mozilla.te
> +++ b/mozilla.te
> @@ -32,7 +32,7 @@ userdom_user_home_content(mozilla_home_t)
>  type mozilla_plugin_t;
>  type mozilla_plugin_exec_t;
>  application_domain(mozilla_plugin_t, mozilla_plugin_exec_t)
> -role system_r types mozilla_plugin_t;
> +role mozilla_roles types mozilla_plugin_t;
>  
>  type mozilla_plugin_tmp_t;
>  userdom_user_tmp_file(mozilla_plugin_tmp_t)

Merged.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com