From: russell@coker.com.au (Russell Coker)
Date: Sun, 05 Nov 2017 11:43:54 +1100
Subject: [refpolicy] [PATCH 2/2] contrib: let the mozilla and java
	domain read generic SSL certificates
In-Reply-To: <1509848952.10522.10.camel@trentalancia.com>
References: <1509848952.10522.10.camel@trentalancia.com>
Message-ID: <29063738.lCU0cDMKUS@xev>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Sunday, 5 November 2017 3:29:12 AM AEDT Guido Trentalancia via refpolicy 
wrote:
> Let mozilla read generic SSL certificates so that the browser
> can verify them when loading HTTPS web pages.
> 
> Let the java domain read the above mentioned files in the
> standard locations.
> 
> +files_read_etc_files(mozilla_t)

auth_use_nsswitch(mozilla_t)

The above should already cover that.

> +files_read_etc_files(mozilla_plugin_t)

auth_use_nsswitch(mozilla_plugin_t)

The above should cover it.

> diff -pru a/policy/modules/contrib/java.te b/policy/modules/contrib/java.te
> --- a/policy/modules/contrib/java.te	2017-09-29 19:01:55.158455647 +0200
> +++ b/policy/modules/contrib/java.te	2017-11-05 03:12:56.591765740 +0100
> @@ -95,6 +95,7 @@ dev_read_rand(java_domain)
>  dev_dontaudit_append_rand(java_domain)
> 
>  files_read_usr_files(java_domain)
> +files_read_etc_files(java_domain)
>  files_read_etc_runtime_files(java_domain)

auth_use_nsswitch(java_t)

Seems to be covered too.

-- 
My Main Blog         http://etbe.coker.com.au/
My Documents Blog    http://doc.coker.com.au/