From: pebenito@ieee.org (Chris PeBenito)
Date: Mon, 15 May 2017 18:22:14 -0400
Subject: [refpolicy] [PATCH] openoffice: open files retrieved using
 mozilla
In-Reply-To: <1494690957.7940.1.camel@trentalancia.net>
References: <1494690957.7940.1.camel@trentalancia.net>
Message-ID: <1411b600-2bf9-14f1-f835-cd4bde404fed@ieee.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 05/13/2017 11:55 AM, Guido Trentalancia via refpolicy wrote:
> Let openoffice open files retrieved from the network using mozilla.
>
> Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
> ---
>  policy/modules/contrib/mozilla.if    |   18 ++++++++++++++++++
>  policy/modules/contrib/openoffice.te |    1 +
>  2 files changed, 19 insertions(+)
>
> --- a/policy/modules/contrib/mozilla.if	2015-10-19 01:13:41.000000000 +0200
> +++ b/policy/modules/contrib/mozilla.if	2017-05-13 17:51:56.986097970 +0200
> @@ -288,6 +288,24 @@ interface(`mozilla_execmod_user_plugin_h
>  	allow $1 mozilla_plugin_home_t:file execmod;
>  ')
>
> +#######################################
> +## <summary>
> +##	Read temporary mozilla files.
> +## </summary>
> +## <param name="domain">
> +##	<summary>
> +##	Domain allowed access.
> +##	</summary>
> +## </param>
> +#
> +interface(`mozilla_read_tmp_files',`
> +	gen_require(`
> +		type mozilla_tmp_t;
> +	')
> +
> +	read_files_pattern($1, mozilla_tmp_t, mozilla_tmp_t)
> +')
> +
>  ########################################
>  ## <summary>
>  ##	Run mozilla in the mozilla domain.
> --- a/policy/modules/contrib/openoffice.te	2017-04-21 22:51:02.574611335 +0200
> +++ b/policy/modules/contrib/openoffice.te	2017-05-13 17:40:58.553100662 +0200
> @@ -128,6 +152,7 @@ optional_policy(`
>
>  optional_policy(`
>  	mozilla_domtrans(ooffice_t)
> +	mozilla_read_tmp_files(ooffice_t)
>  ')
>
>  optional_policy(`

Merged, though I moved the interface implementation.


-- 
Chris PeBenito