From: pebenito@ieee.org (Chris PeBenito) Date: Sun, 17 Sep 2017 10:18:40 -0400 Subject: [refpolicy] [PATCH 2/2] mozilla: run Java Web Start applications In-Reply-To: <1505596572.13203.10.camel@trentalancia.com> References: <1505596572.13203.10.camel@trentalancia.com> Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 09/16/2017 05:16 PM, Guido Trentalancia via refpolicy wrote: > Let mozilla manage temporary java content when executing > java (strictly needed to run Java Web Start applications > using the Java Network Launching Protocol (JNLP)). > > Signed-off-by: Guido Trentalancia > --- > policy/modules/contrib/java.if | 20 ++++++++++++++++++++ > policy/modules/contrib/mozilla.te | 2 ++ > 2 files changed, 22 insertions(+) > > --- a/policy/modules/contrib/mozilla.te 2017-09-16 16:21:54.850402273 +0200 > +++ b/policy/modules/contrib/mozilla.te 2017-09-16 17:23:05.863425868 +0200 > @@ -296,6 +296,7 @@ optional_policy(` > optional_policy(` > java_exec(mozilla_t) > java_manage_generic_home_content(mozilla_t) > + java_manage_java_tmp(mozilla_t) > java_home_filetrans_java_home(mozilla_t, dir, ".java") > ') > > @@ -566,6 +567,7 @@ optional_policy(` > optional_policy(` > java_exec(mozilla_plugin_t) > java_manage_generic_home_content(mozilla_plugin_t) > + java_manage_java_tmp(mozilla_plugin_t) > java_home_filetrans_java_home(mozilla_plugin_t, dir, ".java") > ') Can this go into a new tmp file type? > --- a/policy/modules/contrib/java.if 2017-09-16 22:55:35.129019841 +0200 > +++ b/policy/modules/contrib/java.if 2017-09-16 22:55:06.801019957 +0200 > @@ -257,6 +257,26 @@ interface(`java_manage_generic_home_cont > allow $1 java_home_t:file manage_file_perms; > ') > > +###################################### > +## > +## Create, read, write, and delete > +## temporary java content. > +## > +## > +## > +## Domain allowed access. > +## > +## > +# > +interface(`java_manage_java_tmp',` > + gen_require(` > + type java_tmp_t; > + ') > + > + allow $1 java_tmp_t:dir manage_dir_perms; > + allow $1 java_tmp_t:file manage_file_perms; > +') > + > ######################################## > ## > ## Create specified objects in user home > _______________________________________________ > refpolicy mailing list > refpolicy at oss.tresys.com > http://oss.tresys.com/mailman/listinfo/refpolicy > -- Chris PeBenito