The mozilla definition already includes the mozilla_roles role attribute, but missed including the mozilla_plugin in it.
Also, the mozilla_role() interface should add the mozilla_roles attribute to the calling role, not just the mozilla_t type.
Signed-off-by: Sven Vermeulen <[email protected]>
---
mozilla.if | 3 ++-
mozilla.te | 2 +-
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/mozilla.if b/mozilla.if
index af2ba47..b397fde 100644
--- a/mozilla.if
+++ b/mozilla.if
@@ -18,9 +18,10 @@
interface(`mozilla_role',`
gen_require(`
type mozilla_t, mozilla_exec_t, mozilla_home_t;
+ attribute_role mozilla_roles;
')
- role $1 types mozilla_t;
+ roleattribute $1 mozilla_roles;
domain_auto_trans($2, mozilla_exec_t, mozilla_t)
# Unrestricted inheritance from the caller.
diff --git a/mozilla.te b/mozilla.te
index c4f425d..d3fad85 100644
--- a/mozilla.te
+++ b/mozilla.te
@@ -32,7 +32,7 @@ userdom_user_home_content(mozilla_home_t)
type mozilla_plugin_t;
type mozilla_plugin_exec_t;
application_domain(mozilla_plugin_t, mozilla_plugin_exec_t)
-role system_r types mozilla_plugin_t;
+role mozilla_roles types mozilla_plugin_t;
type mozilla_plugin_tmp_t;
userdom_user_tmp_file(mozilla_plugin_tmp_t)
--
1.7.3.4
On Tue, May 01, 2012 at 10:33:19AM +0200, Sven Vermeulen wrote:
> The mozilla definition already includes the mozilla_roles role attribute, but missed including the mozilla_plugin in it.
> Also, the mozilla_role() interface should add the mozilla_roles attribute to the calling role, not just the mozilla_t type.
>
> Signed-off-by: Sven Vermeulen <[email protected]>
The patch is okay, just the title should've said "[PATCH 1/1]", not 2/2. I
had another patch in the queue but that one is not ready yet for
inclusion...
Wkr,
Sven Vermeulen
On 05/01/12 04:33, Sven Vermeulen wrote:
> The mozilla definition already includes the mozilla_roles role attribute, but missed including the mozilla_plugin in it.
> Also, the mozilla_role() interface should add the mozilla_roles attribute to the calling role, not just the mozilla_t type.
>
> Signed-off-by: Sven Vermeulen <[email protected]>
> ---
> mozilla.if | 3 ++-
> mozilla.te | 2 +-
> 2 files changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/mozilla.if b/mozilla.if
> index af2ba47..b397fde 100644
> --- a/mozilla.if
> +++ b/mozilla.if
> @@ -18,9 +18,10 @@
> interface(`mozilla_role',`
> gen_require(`
> type mozilla_t, mozilla_exec_t, mozilla_home_t;
> + attribute_role mozilla_roles;
> ')
>
> - role $1 types mozilla_t;
> + roleattribute $1 mozilla_roles;
>
> domain_auto_trans($2, mozilla_exec_t, mozilla_t)
> # Unrestricted inheritance from the caller.
> diff --git a/mozilla.te b/mozilla.te
> index c4f425d..d3fad85 100644
> --- a/mozilla.te
> +++ b/mozilla.te
> @@ -32,7 +32,7 @@ userdom_user_home_content(mozilla_home_t)
> type mozilla_plugin_t;
> type mozilla_plugin_exec_t;
> application_domain(mozilla_plugin_t, mozilla_plugin_exec_t)
> -role system_r types mozilla_plugin_t;
> +role mozilla_roles types mozilla_plugin_t;
>
> type mozilla_plugin_tmp_t;
> userdom_user_tmp_file(mozilla_plugin_tmp_t)
Merged.
--
Chris PeBenito
Tresys Technology, LLC
http://www.tresys.com | oss.tresys.com