From: guido@trentalancia.com (Guido Trentalancia)
Date: Tue, 20 Jun 2017 21:10:28 +0200
Subject: [refpolicy] [PATCH] java: let javaws execute binaries and the shell
Message-ID: <1497985828.4769.19.camel@trentalancia.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Let Java Web Start (domain java_t) execute generic binaries
and the shell.

Signed-off-by: Guido Trentalancia <guido@trentalancia.com>
---
 policy/modules/contrib/java.te |    3 +++
 1 file changed, 3 insertions(+)

--- a/policy/modules/contrib/java.te	2017-05-23 21:34:17.369592081 +0200
+++ b/policy/modules/contrib/java.te	2017-06-20 21:07:46.988046583 +0200
@@ -133,6 +133,9 @@ tunable_policy(`allow_java_execstack',`
 auth_use_nsswitch(java_t)
 
 corecmd_search_bin(java_t)
+# Java Web Start (javaws) executes generic binaries and the shell
+corecmd_exec_bin(java_t)
+corecmd_exec_shell(java_t)
 
 dev_read_sysfs(java_t)