From: dominick.grift@gmail.com (Dominick Grift) Date: Sun, 14 Oct 2012 22:17:35 +0200 Subject: [refpolicy] [PATCH] Label ~/\.adobe(/.*)? as mozilla_home_t for flash In-Reply-To: <1350244316-11712-1-git-send-email-debian@mikapflueger.de> References: <1350244316-11712-1-git-send-email-debian@mikapflueger.de> Message-ID: <1350245855.9829.8.camel@d30.localdomain> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com I actually revisited the mozilla plugin and i am thinking about how to deal with plugins like flash and their userdom user home content. I am not yet sure if mozilla_home_t is the optimal type for this and if it is worth having a private type for it mozilla home type of files are sensitive in a sense. consider your password stored in mozilla etc. i am not sure whether flash home content justifies having a private type and if so if it is a good idea to label it mozilla home t if we label it mozilla home t and some app needs access to flash then it automatically has access to mozilla content and i am not sure if this is desired We now have the named file transition functionality so we can allow mozila access to generic user home content without problem and still have its sensitive content protected with the mozilla home type I would like the opinion of others on this issue it is worth to label flash content in home? and if so what would be a better idea: 1. to classify it mozilla home content or classify it something else? On Sun, 2012-10-14 at 21:51 +0200, Mika Pfl?ger wrote: > From: Russel Coker > > --- > mozilla.fc | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/mozilla.fc b/mozilla.fc > index 3a73e74..271928b 100644 > --- a/mozilla.fc > +++ b/mozilla.fc > @@ -1,3 +1,4 @@ > +HOME_DIR/\.adobe(/.*)? gen_context(system_u:object_r:mozilla_home_t,s0) > HOME_DIR/\.config/chromium(/.*)? gen_context(system_u:object_r:mozilla_home_t,s0) > HOME_DIR/\.galeon(/.*)? gen_context(system_u:object_r:mozilla_home_t,s0) > HOME_DIR/\.java(/.*)? gen_context(system_u:object_r:mozilla_home_t,s0)