From: guido@trentalancia.net (Guido Trentalancia)
Date: Fri, 14 Apr 2017 12:04:54 +0200
Subject: [refpolicy] [PATCH v2 1/10] java: enable interactive use
In-Reply-To: <CAJ2a_Df1RvyCGOr=3pThwmaA_+f8FjRFj8jojj9UMu50wzk23w@mail.gmail.com>
References: <1492125863.14193.39.camel@trentalancia.net>
	<CAJ2a_Df1RvyCGOr=3pThwmaA_+f8FjRFj8jojj9UMu50wzk23w@mail.gmail.com>
Message-ID: <1492164294.9216.1.camel@trentalancia.net>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

This patch is required for java to print messages to
the user terminals (interactive java applications use).

Thanks to Christian G?ttsche for pointing out an
obsolete corecommands interface.

Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
---
 policy/modules/contrib/java.te |    7 +++++++
 1 file changed, 7 insertions(+)

--- refpolicy-2.20170204-orig/policy/modules/contrib/java.te	2017-02-04 19:30:39.000000000 +0100
+++ refpolicy-2.20170204/policy/modules/contrib/java.te	2017-04-09 16:24:20.039657686 +0200
@@ -132,6 +132,13 @@ tunable_policy(`allow_java_execstack',`
 
 auth_use_nsswitch(java_t)
 
+corecmd_search_bin(java_t)
+
+locallogin_use_fds(java_t)
+
+userdom_read_user_tmp_files(java_t)
+userdom_use_user_ttys(java_t)
+
 optional_policy(`
 	xserver_user_x_domain_template(java, java_t, java_tmpfs_t)
 ')