From: guido@trentalancia.com (Guido Trentalancia) Date: Sat, 16 Sep 2017 23:16:12 +0200 Subject: [refpolicy] [PATCH 2/2] mozilla: run Java Web Start applications Message-ID: <1505596572.13203.10.camel@trentalancia.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Let mozilla manage temporary java content when executing java (strictly needed to run Java Web Start applications using the Java Network Launching Protocol (JNLP)). Signed-off-by: Guido Trentalancia --- policy/modules/contrib/java.if | 20 ++++++++++++++++++++ policy/modules/contrib/mozilla.te | 2 ++ 2 files changed, 22 insertions(+) --- a/policy/modules/contrib/mozilla.te 2017-09-16 16:21:54.850402273 +0200 +++ b/policy/modules/contrib/mozilla.te 2017-09-16 17:23:05.863425868 +0200 @@ -296,6 +296,7 @@ optional_policy(` optional_policy(` java_exec(mozilla_t) java_manage_generic_home_content(mozilla_t) + java_manage_java_tmp(mozilla_t) java_home_filetrans_java_home(mozilla_t, dir, ".java") ') @@ -566,6 +567,7 @@ optional_policy(` optional_policy(` java_exec(mozilla_plugin_t) java_manage_generic_home_content(mozilla_plugin_t) + java_manage_java_tmp(mozilla_plugin_t) java_home_filetrans_java_home(mozilla_plugin_t, dir, ".java") ') --- a/policy/modules/contrib/java.if 2017-09-16 22:55:35.129019841 +0200 +++ b/policy/modules/contrib/java.if 2017-09-16 22:55:06.801019957 +0200 @@ -257,6 +257,26 @@ interface(`java_manage_generic_home_cont allow $1 java_home_t:file manage_file_perms; ') +###################################### +## +## Create, read, write, and delete +## temporary java content. +## +## +## +## Domain allowed access. +## +## +# +interface(`java_manage_java_tmp',` + gen_require(` + type java_tmp_t; + ') + + allow $1 java_tmp_t:dir manage_dir_perms; + allow $1 java_tmp_t:file manage_file_perms; +') + ######################################## ## ## Create specified objects in user home