From: guido@trentalancia.net (Guido Trentalancia)
Date: Wed, 07 Dec 2016 23:06:19 +0100
Subject: [refpolicy] [PATCH v2] mozilla: allow reading generic SSL
	certificates
In-Reply-To: <1481129401.3300.3.camel@trentalancia.net>
References: <1481129401.3300.3.camel@trentalancia.net>
Message-ID: <1481148379.9718.0.camel@trentalancia.net>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Allow reading the system-wide and user-specific certificates
from the mozilla domain and not just from the mozilla_plugin
domain.

Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
---
 policy/modules/contrib/mozilla.te |    3 +++
 1 file changed, 3 insertions(+)

diff -pruN refpolicy-git-07122016-orig/policy/modules/contrib/mozilla.te refpolicy-git-07122016/policy/modules/contrib/mozilla.te
--- refpolicy-git-07122016-orig/policy/modules/contrib/mozilla.te	2016-12-07 13:39:50.051911134 +0100
+++ refpolicy-git-07122016/policy/modules/contrib/mozilla.te	2016-12-07 22:57:55.013144918 +0100
@@ -181,9 +181,12 @@ auth_use_nsswitch(mozilla_t)
 logging_send_syslog_msg(mozilla_t)
 
 miscfiles_read_fonts(mozilla_t)
+miscfiles_read_generic_certs(mozilla_t)
 miscfiles_read_localization(mozilla_t)
 miscfiles_dontaudit_setattr_fonts_dirs(mozilla_t)
 
+userdom_read_user_certs(mozilla_t)
+
 userdom_use_user_ptys(mozilla_t)
 
 userdom_manage_user_tmp_dirs(mozilla_t)