* [PATCH] s/mozilla/webbrowser/g
@ 2019-01-12 5:19 Russell Coker
2019-01-12 7:33 ` Jason Zaman
0 siblings, 1 reply; 5+ messages in thread
From: Russell Coker @ 2019-01-12 5:19 UTC (permalink / raw)
To: selinux-refpolicy
This patch as requested renames mozilla to webbrowser and adds appropriate
typealias rules.
Index: refpolicy-2.20180701/policy/modules/apps/mozilla.te
===================================================================
--- refpolicy-2.20180701.orig/policy/modules/apps/mozilla.te
+++ refpolicy-2.20180701/policy/modules/apps/mozilla.te
@@ -7,335 +7,346 @@ policy_module(mozilla, 2.14.1)
## <desc>
## <p>
-## Determine whether mozilla can
+## Determine whether web browser can
## make its stack executable.
## </p>
## </desc>
-gen_tunable(mozilla_execstack, false)
+gen_tunable(webbrowser_execstack, false)
-attribute_role mozilla_roles;
-attribute_role mozilla_plugin_roles;
-attribute_role mozilla_plugin_config_roles;
+attribute_role webbrowser_roles;
+attribute_role webbrowser_plugin_roles;
+attribute_role webbrowser_plugin_config_roles;
-type mozilla_t;
-type mozilla_exec_t;
-typealias mozilla_t alias { user_mozilla_t staff_mozilla_t sysadm_mozilla_t };
-typealias mozilla_t alias { auditadm_mozilla_t secadm_mozilla_t };
-userdom_user_application_domain(mozilla_t, mozilla_exec_t)
-role mozilla_roles types mozilla_t;
+type webbrowser_t;
+type webbrowser_exec_t;
+typealias webbrowser_t alias { user_mozilla_t staff_mozilla_t sysadm_mozilla_t };
+typealias webbrowser_t alias { auditadm_mozilla_t secadm_mozilla_t mozilla_t };
+typealias webbrowser_exec_t alias { mozilla_exec_t };
+userdom_user_application_domain(webbrowser_t, webbrowser_exec_t)
+role webbrowser_roles types webbrowser_t;
optional_policy(`
- wm_application_domain(mozilla_t, mozilla_exec_t)
+ wm_application_domain(webbrowser_t, webbrowser_exec_t)
')
-type mozilla_home_t;
-typealias mozilla_home_t alias { user_mozilla_home_t staff_mozilla_home_t sysadm_mozilla_home_t };
-typealias mozilla_home_t alias { auditadm_mozilla_home_t secadm_mozilla_home_t };
-userdom_user_home_content(mozilla_home_t)
+type webbrowser_home_t;
+typealias webbrowser_home_t alias { user_mozilla_home_t staff_mozilla_home_t sysadm_mozilla_home_t };
+typealias webbrowser_home_t alias { auditadm_mozilla_home_t secadm_mozilla_home_t mozilla_home_t };
+userdom_user_home_content(webbrowser_home_t)
-type mozilla_plugin_t;
-type mozilla_plugin_exec_t;
-userdom_user_application_domain(mozilla_plugin_t, mozilla_plugin_exec_t)
-role mozilla_plugin_roles types mozilla_plugin_t;
+type webbrowser_plugin_t;
+type webbrowser_plugin_exec_t;
+typealias webbrowser_plugin_t alias { mozilla_plugin_t };
+typealias webbrowser_plugin_exec_t alias { mozilla_plugin_exec_t };
+userdom_user_application_domain(webbrowser_plugin_t, webbrowser_plugin_exec_t)
+role webbrowser_plugin_roles types webbrowser_plugin_t;
-type mozilla_plugin_home_t;
-userdom_user_home_content(mozilla_plugin_home_t)
+type webbrowser_plugin_home_t;
+typealias webbrowser_plugin_home_t alias { mozilla_plugin_home_t };
+userdom_user_home_content(webbrowser_plugin_home_t)
-type mozilla_plugin_tmp_t;
-userdom_user_tmp_file(mozilla_plugin_tmp_t)
+type webbrowser_plugin_tmp_t;
+typealias webbrowser_plugin_tmp_t alias { mozilla_plugin_tmp_t };
+userdom_user_tmp_file(webbrowser_plugin_tmp_t)
-type mozilla_plugin_tmpfs_t;
-userdom_user_tmpfs_file(mozilla_plugin_tmpfs_t)
+type webbrowser_plugin_tmpfs_t;
+typealias webbrowser_plugin_tmpfs_t alias { mozilla_plugin_tmpfs_t };
+userdom_user_tmpfs_file(webbrowser_plugin_tmpfs_t)
optional_policy(`
- pulseaudio_tmpfs_content(mozilla_plugin_tmpfs_t)
+ pulseaudio_tmpfs_content(webbrowser_plugin_tmpfs_t)
')
-type mozilla_plugin_rw_t;
-files_type(mozilla_plugin_rw_t)
+type webbrowser_plugin_rw_t;
+typealias webbrowser_plugin_rw_t alias { mozilla_plugin_rw_t };
+files_type(webbrowser_plugin_rw_t)
-type mozilla_plugin_config_t;
-type mozilla_plugin_config_exec_t;
-userdom_user_application_domain(mozilla_plugin_config_t, mozilla_plugin_config_exec_t)
-role mozilla_plugin_config_roles types mozilla_plugin_config_t;
+type webbrowser_plugin_config_t;
+typealias webbrowser_plugin_config_t alias { mozilla_plugin_config_t };
+type webbrowser_plugin_config_exec_t;
+typealias webbrowser_plugin_config_exec_t alias { mozilla_plugin_config_exec_t };
+userdom_user_application_domain(webbrowser_plugin_config_t, webbrowser_plugin_config_exec_t)
+role webbrowser_plugin_config_roles types webbrowser_plugin_config_t;
-type mozilla_tmp_t;
-userdom_user_tmp_file(mozilla_tmp_t)
+type webbrowser_tmp_t;
+typealias webbrowser_tmp_t alias { mozilla_tmp_t };
+userdom_user_tmp_file(webbrowser_tmp_t)
-type mozilla_tmpfs_t;
-typealias mozilla_tmpfs_t alias { user_mozilla_tmpfs_t staff_mozilla_tmpfs_t sysadm_mozilla_tmpfs_t };
-typealias mozilla_tmpfs_t alias { auditadm_mozilla_tmpfs_t secadm_mozilla_tmpfs_t };
-userdom_user_tmpfs_file(mozilla_tmpfs_t)
+type webbrowser_tmpfs_t;
+typealias webbrowser_tmpfs_t alias { mozilla_tmpfs_t };
+typealias webbrowser_tmpfs_t alias { user_mozilla_tmpfs_t staff_mozilla_tmpfs_t sysadm_mozilla_tmpfs_t };
+typealias webbrowser_tmpfs_t alias { auditadm_mozilla_tmpfs_t secadm_mozilla_tmpfs_t };
+userdom_user_tmpfs_file(webbrowser_tmpfs_t)
optional_policy(`
- pulseaudio_tmpfs_content(mozilla_tmpfs_t)
+ pulseaudio_tmpfs_content(webbrowser_tmpfs_t)
')
-type mozilla_xdg_cache_t;
-xdg_cache_content(mozilla_xdg_cache_t)
+type webbrowser_xdg_cache_t;
+xdg_cache_content(webbrowser_xdg_cache_t)
########################################
#
# Local policy
#
-allow mozilla_t self:capability { setgid setuid sys_nice };
-allow mozilla_t self:process { sigkill signal setsched getsched setrlimit };
-allow mozilla_t self:fifo_file rw_fifo_file_perms;
-allow mozilla_t self:shm create_shm_perms;
-allow mozilla_t self:sem create_sem_perms;
-allow mozilla_t self:socket create_socket_perms;
-allow mozilla_t self:unix_stream_socket { accept listen };
-
-allow mozilla_t mozilla_plugin_t:unix_stream_socket rw_socket_perms;
-allow mozilla_t mozilla_plugin_t:fd use;
-
-allow mozilla_t { mozilla_home_t mozilla_plugin_home_t }:dir manage_dir_perms;
-allow mozilla_t { mozilla_home_t mozilla_plugin_home_t }:file { manage_file_perms map };
-allow mozilla_t mozilla_home_t:lnk_file manage_lnk_file_perms;
-userdom_user_home_dir_filetrans(mozilla_t, mozilla_home_t, dir, ".galeon")
-userdom_user_home_dir_filetrans(mozilla_t, mozilla_home_t, dir, ".mozilla")
-userdom_user_home_dir_filetrans(mozilla_t, mozilla_home_t, dir, ".netscape")
-userdom_user_home_dir_filetrans(mozilla_t, mozilla_home_t, dir, ".phoenix")
-
-filetrans_pattern(mozilla_t, mozilla_home_t, mozilla_plugin_home_t, dir, "plugins")
-
-manage_files_pattern(mozilla_t, mozilla_tmp_t, mozilla_tmp_t)
-manage_lnk_files_pattern(mozilla_t, mozilla_tmp_t, mozilla_tmp_t)
-manage_dirs_pattern(mozilla_t, mozilla_tmp_t, mozilla_tmp_t)
-allow mozilla_t mozilla_tmp_t:file map;
-files_tmp_filetrans(mozilla_t, mozilla_tmp_t, { file dir })
-
-manage_files_pattern(mozilla_t, mozilla_tmpfs_t, mozilla_tmpfs_t)
-manage_lnk_files_pattern(mozilla_t, mozilla_tmpfs_t, mozilla_tmpfs_t)
-manage_fifo_files_pattern(mozilla_t, mozilla_tmpfs_t, mozilla_tmpfs_t)
-manage_sock_files_pattern(mozilla_t, mozilla_tmpfs_t, mozilla_tmpfs_t)
-fs_tmpfs_filetrans(mozilla_t, mozilla_tmpfs_t, { file lnk_file sock_file fifo_file })
-allow mozilla_t mozilla_plugin_tmpfs_t:file map;
-
-allow mozilla_t mozilla_plugin_rw_t:dir list_dir_perms;
-allow mozilla_t mozilla_plugin_rw_t:file read_file_perms;
-allow mozilla_t mozilla_plugin_rw_t:lnk_file read_lnk_file_perms;
-
-stream_connect_pattern(mozilla_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t, mozilla_plugin_t)
-
-manage_files_pattern(mozilla_t, mozilla_xdg_cache_t, mozilla_xdg_cache_t)
-manage_dirs_pattern(mozilla_t, mozilla_xdg_cache_t, mozilla_xdg_cache_t)
-xdg_cache_filetrans(mozilla_t, mozilla_xdg_cache_t, dir, "mozilla")
-
-can_exec(mozilla_t, { mozilla_exec_t mozilla_plugin_rw_t mozilla_plugin_home_t })
-
-kernel_read_kernel_sysctls(mozilla_t)
-kernel_read_network_state(mozilla_t)
-kernel_read_system_state(mozilla_t)
-kernel_read_net_sysctls(mozilla_t)
-
-corecmd_list_bin(mozilla_t)
-corecmd_exec_shell(mozilla_t)
-corecmd_exec_bin(mozilla_t)
-
-corenet_all_recvfrom_unlabeled(mozilla_t)
-corenet_all_recvfrom_netlabel(mozilla_t)
-corenet_tcp_sendrecv_generic_if(mozilla_t)
-corenet_tcp_sendrecv_generic_node(mozilla_t)
-
-corenet_sendrecv_http_client_packets(mozilla_t)
-corenet_tcp_connect_http_port(mozilla_t)
-corenet_tcp_sendrecv_http_port(mozilla_t)
-
-corenet_sendrecv_http_cache_client_packets(mozilla_t)
-corenet_tcp_connect_http_cache_port(mozilla_t)
-corenet_tcp_sendrecv_http_cache_port(mozilla_t)
-
-corenet_sendrecv_squid_client_packets(mozilla_t)
-corenet_tcp_connect_squid_port(mozilla_t)
-corenet_tcp_sendrecv_squid_port(mozilla_t)
-
-corenet_sendrecv_ftp_client_packets(mozilla_t)
-corenet_tcp_connect_ftp_port(mozilla_t)
-corenet_tcp_sendrecv_ftp_port(mozilla_t)
-
-corenet_sendrecv_ipp_client_packets(mozilla_t)
-corenet_tcp_connect_ipp_port(mozilla_t)
-corenet_tcp_sendrecv_ipp_port(mozilla_t)
-
-corenet_sendrecv_soundd_client_packets(mozilla_t)
-corenet_tcp_connect_soundd_port(mozilla_t)
-corenet_tcp_sendrecv_soundd_port(mozilla_t)
-
-corenet_sendrecv_speech_client_packets(mozilla_t)
-corenet_tcp_connect_speech_port(mozilla_t)
-corenet_tcp_sendrecv_speech_port(mozilla_t)
-
-dev_getattr_sysfs_dirs(mozilla_t)
-dev_read_sysfs(mozilla_t)
-dev_read_sound(mozilla_t)
-dev_read_rand(mozilla_t)
-dev_read_urand(mozilla_t)
-dev_rw_dri(mozilla_t)
-dev_write_sound(mozilla_t)
-
-domain_dontaudit_read_all_domains_state(mozilla_t)
-
-files_read_etc_runtime_files(mozilla_t)
-files_map_usr_files(mozilla_t)
-files_read_usr_files(mozilla_t)
-files_read_var_files(mozilla_t)
-files_read_var_lib_files(mozilla_t)
-files_read_var_symlinks(mozilla_t)
-files_dontaudit_getattr_boot_dirs(mozilla_t)
-
-fs_getattr_all_fs(mozilla_t)
-fs_search_auto_mountpoints(mozilla_t)
-fs_list_inotifyfs(mozilla_t)
-fs_rw_tmpfs_files(mozilla_t)
-
-term_dontaudit_getattr_pty_dirs(mozilla_t)
-
-auth_use_nsswitch(mozilla_t)
-
-logging_send_syslog_msg(mozilla_t)
-
-miscfiles_read_fonts(mozilla_t)
-miscfiles_read_generic_certs(mozilla_t)
-miscfiles_read_localization(mozilla_t)
-miscfiles_dontaudit_setattr_fonts_dirs(mozilla_t)
-miscfiles_dontaudit_setattr_fonts_cache_dirs(mozilla_t)
-
-userdom_use_user_ptys(mozilla_t)
-
-userdom_manage_user_tmp_dirs(mozilla_t)
-userdom_manage_user_tmp_files(mozilla_t)
-userdom_map_user_tmp_files(mozilla_t)
-
-userdom_user_content_access_template(mozilla, { mozilla_t mozilla_plugin_t })
-userdom_user_home_dir_filetrans_user_home_content(mozilla_t, { dir file })
-
-userdom_write_user_tmp_sockets(mozilla_t)
-
-mozilla_run_plugin(mozilla_t, mozilla_roles)
-mozilla_run_plugin_config(mozilla_t, mozilla_roles)
-
-xdg_read_config_files(mozilla_t)
-xdg_read_data_files(mozilla_t)
-xdg_manage_downloads(mozilla_t)
-
-xserver_rw_mesa_shader_cache(mozilla_t)
-xserver_user_x_domain_template(mozilla, mozilla_t, mozilla_tmpfs_t)
-xserver_dontaudit_read_xdm_tmp_files(mozilla_t)
-xserver_dontaudit_getattr_xdm_tmp_sockets(mozilla_t)
+allow webbrowser_t self:capability { setgid setuid sys_nice };
+allow webbrowser_t self:process { sigkill signal setsched getsched setrlimit };
+allow webbrowser_t self:fifo_file rw_fifo_file_perms;
+allow webbrowser_t self:shm create_shm_perms;
+allow webbrowser_t self:sem create_sem_perms;
+allow webbrowser_t self:socket create_socket_perms;
+allow webbrowser_t self:unix_stream_socket { accept listen };
+
+allow webbrowser_t webbrowser_plugin_t:unix_stream_socket rw_socket_perms;
+allow webbrowser_t webbrowser_plugin_t:fd use;
+
+allow webbrowser_t { webbrowser_home_t webbrowser_plugin_home_t }:dir manage_dir_perms;
+allow webbrowser_t { webbrowser_home_t webbrowser_plugin_home_t }:file { manage_file_perms map };
+allow webbrowser_t webbrowser_home_t:lnk_file manage_lnk_file_perms;
+userdom_user_home_dir_filetrans(webbrowser_t, webbrowser_home_t, dir, ".galeon")
+userdom_user_home_dir_filetrans(webbrowser_t, webbrowser_home_t, dir, ".mozilla")
+userdom_user_home_dir_filetrans(webbrowser_t, webbrowser_home_t, dir, ".netscape")
+userdom_user_home_dir_filetrans(webbrowser_t, webbrowser_home_t, dir, ".phoenix")
+
+filetrans_pattern(webbrowser_t, webbrowser_home_t, webbrowser_plugin_home_t, dir, "plugins")
+
+manage_files_pattern(webbrowser_t, webbrowser_tmp_t, webbrowser_tmp_t)
+manage_lnk_files_pattern(webbrowser_t, webbrowser_tmp_t, webbrowser_tmp_t)
+manage_dirs_pattern(webbrowser_t, webbrowser_tmp_t, webbrowser_tmp_t)
+allow webbrowser_t webbrowser_tmp_t:file map;
+files_tmp_filetrans(webbrowser_t, webbrowser_tmp_t, { file dir })
+
+manage_files_pattern(webbrowser_t, webbrowser_tmpfs_t, webbrowser_tmpfs_t)
+manage_lnk_files_pattern(webbrowser_t, webbrowser_tmpfs_t, webbrowser_tmpfs_t)
+manage_fifo_files_pattern(webbrowser_t, webbrowser_tmpfs_t, webbrowser_tmpfs_t)
+manage_sock_files_pattern(webbrowser_t, webbrowser_tmpfs_t, webbrowser_tmpfs_t)
+fs_tmpfs_filetrans(webbrowser_t, webbrowser_tmpfs_t, { file lnk_file sock_file fifo_file })
+allow webbrowser_t webbrowser_plugin_tmpfs_t:file map;
+
+allow webbrowser_t webbrowser_plugin_rw_t:dir list_dir_perms;
+allow webbrowser_t webbrowser_plugin_rw_t:file read_file_perms;
+allow webbrowser_t webbrowser_plugin_rw_t:lnk_file read_lnk_file_perms;
+
+stream_connect_pattern(webbrowser_t, webbrowser_plugin_tmpfs_t, webbrowser_plugin_tmpfs_t, webbrowser_plugin_t)
+
+manage_files_pattern(webbrowser_t, webbrowser_xdg_cache_t, webbrowser_xdg_cache_t)
+manage_dirs_pattern(webbrowser_t, webbrowser_xdg_cache_t, webbrowser_xdg_cache_t)
+xdg_cache_filetrans(webbrowser_t, webbrowser_xdg_cache_t, dir, "mozilla")
+
+can_exec(webbrowser_t, { webbrowser_exec_t webbrowser_plugin_rw_t webbrowser_plugin_home_t })
+
+kernel_read_kernel_sysctls(webbrowser_t)
+kernel_read_network_state(webbrowser_t)
+kernel_read_system_state(webbrowser_t)
+kernel_read_net_sysctls(webbrowser_t)
+
+corecmd_list_bin(webbrowser_t)
+corecmd_exec_shell(webbrowser_t)
+corecmd_exec_bin(webbrowser_t)
+
+corenet_all_recvfrom_unlabeled(webbrowser_t)
+corenet_all_recvfrom_netlabel(webbrowser_t)
+corenet_tcp_sendrecv_generic_if(webbrowser_t)
+corenet_tcp_sendrecv_generic_node(webbrowser_t)
+
+corenet_sendrecv_http_client_packets(webbrowser_t)
+corenet_tcp_connect_http_port(webbrowser_t)
+corenet_tcp_sendrecv_http_port(webbrowser_t)
+
+corenet_sendrecv_http_cache_client_packets(webbrowser_t)
+corenet_tcp_connect_http_cache_port(webbrowser_t)
+corenet_tcp_sendrecv_http_cache_port(webbrowser_t)
+
+corenet_sendrecv_squid_client_packets(webbrowser_t)
+corenet_tcp_connect_squid_port(webbrowser_t)
+corenet_tcp_sendrecv_squid_port(webbrowser_t)
+
+corenet_sendrecv_ftp_client_packets(webbrowser_t)
+corenet_tcp_connect_ftp_port(webbrowser_t)
+corenet_tcp_sendrecv_ftp_port(webbrowser_t)
+
+corenet_sendrecv_ipp_client_packets(webbrowser_t)
+corenet_tcp_connect_ipp_port(webbrowser_t)
+corenet_tcp_sendrecv_ipp_port(webbrowser_t)
+
+corenet_sendrecv_soundd_client_packets(webbrowser_t)
+corenet_tcp_connect_soundd_port(webbrowser_t)
+corenet_tcp_sendrecv_soundd_port(webbrowser_t)
+
+corenet_sendrecv_speech_client_packets(webbrowser_t)
+corenet_tcp_connect_speech_port(webbrowser_t)
+corenet_tcp_sendrecv_speech_port(webbrowser_t)
+
+dev_getattr_sysfs_dirs(webbrowser_t)
+dev_read_sysfs(webbrowser_t)
+dev_read_sound(webbrowser_t)
+dev_read_rand(webbrowser_t)
+dev_read_urand(webbrowser_t)
+dev_rw_dri(webbrowser_t)
+dev_write_sound(webbrowser_t)
+
+domain_dontaudit_read_all_domains_state(webbrowser_t)
+
+files_read_etc_runtime_files(webbrowser_t)
+files_map_usr_files(webbrowser_t)
+files_read_usr_files(webbrowser_t)
+files_read_var_files(webbrowser_t)
+files_read_var_lib_files(webbrowser_t)
+files_read_var_symlinks(webbrowser_t)
+files_dontaudit_getattr_boot_dirs(webbrowser_t)
+
+fs_getattr_all_fs(webbrowser_t)
+fs_search_auto_mountpoints(webbrowser_t)
+fs_list_inotifyfs(webbrowser_t)
+fs_rw_tmpfs_files(webbrowser_t)
+
+term_dontaudit_getattr_pty_dirs(webbrowser_t)
+
+auth_use_nsswitch(webbrowser_t)
+
+logging_send_syslog_msg(webbrowser_t)
+
+miscfiles_read_fonts(webbrowser_t)
+miscfiles_read_generic_certs(webbrowser_t)
+miscfiles_read_localization(webbrowser_t)
+miscfiles_dontaudit_setattr_fonts_dirs(webbrowser_t)
+miscfiles_dontaudit_setattr_fonts_cache_dirs(webbrowser_t)
+
+userdom_use_user_ptys(webbrowser_t)
+
+userdom_manage_user_tmp_dirs(webbrowser_t)
+userdom_manage_user_tmp_files(webbrowser_t)
+userdom_map_user_tmp_files(webbrowser_t)
+
+userdom_user_content_access_template(webbrowser, { webbrowser_t webbrowser_plugin_t })
+userdom_user_home_dir_filetrans_user_home_content(webbrowser_t, { dir file })
+
+userdom_write_user_tmp_sockets(webbrowser_t)
+
+webbrowser_run_plugin(webbrowser_t, webbrowser_roles)
+webbrowser_run_plugin_config(webbrowser_t, webbrowser_roles)
+
+xdg_read_config_files(webbrowser_t)
+xdg_read_data_files(webbrowser_t)
+xdg_manage_downloads(webbrowser_t)
+
+xserver_rw_mesa_shader_cache(webbrowser_t)
+xserver_user_x_domain_template(webbrowser, webbrowser_t, webbrowser_tmpfs_t)
+xserver_dontaudit_read_xdm_tmp_files(webbrowser_t)
+xserver_dontaudit_getattr_xdm_tmp_sockets(webbrowser_t)
ifndef(`enable_mls',`
- fs_list_dos(mozilla_t)
- fs_read_dos_files(mozilla_t)
+ fs_list_dos(webbrowser_t)
+ fs_read_dos_files(webbrowser_t)
- fs_search_removable(mozilla_t)
- fs_read_removable_files(mozilla_t)
- fs_read_removable_symlinks(mozilla_t)
+ fs_search_removable(webbrowser_t)
+ fs_read_removable_files(webbrowser_t)
+ fs_read_removable_symlinks(webbrowser_t)
- fs_read_iso9660_files(mozilla_t)
+ fs_read_iso9660_files(webbrowser_t)
')
tunable_policy(`allow_execmem',`
- allow mozilla_t self:process execmem;
+ allow webbrowser_t self:process execmem;
')
-tunable_policy(`mozilla_execstack',`
- allow mozilla_t self:process { execmem execstack };
+tunable_policy(`webbrowser_execstack',`
+ allow webbrowser_t self:process { execmem execstack };
')
tunable_policy(`use_nfs_home_dirs',`
- fs_manage_nfs_dirs(mozilla_t)
- fs_manage_nfs_files(mozilla_t)
- fs_manage_nfs_symlinks(mozilla_t)
+ fs_manage_nfs_dirs(webbrowser_t)
+ fs_manage_nfs_files(webbrowser_t)
+ fs_manage_nfs_symlinks(webbrowser_t)
')
tunable_policy(`use_samba_home_dirs',`
- fs_manage_cifs_dirs(mozilla_t)
- fs_manage_cifs_files(mozilla_t)
- fs_manage_cifs_symlinks(mozilla_t)
+ fs_manage_cifs_dirs(webbrowser_t)
+ fs_manage_cifs_files(webbrowser_t)
+ fs_manage_cifs_symlinks(webbrowser_t)
')
optional_policy(`
- alsa_read_config(mozilla_t)
- alsa_read_home_files(mozilla_t)
+ alsa_read_config(webbrowser_t)
+ alsa_read_home_files(webbrowser_t)
')
optional_policy(`
- apache_read_user_scripts(mozilla_t)
- apache_read_user_content(mozilla_t)
+ apache_read_user_scripts(webbrowser_t)
+ apache_read_user_content(webbrowser_t)
')
optional_policy(`
- automount_dontaudit_getattr_tmp_dirs(mozilla_t)
+ automount_dontaudit_getattr_tmp_dirs(webbrowser_t)
')
optional_policy(`
- cups_read_rw_config(mozilla_t)
- cups_stream_connect(mozilla_t)
+ cups_read_rw_config(webbrowser_t)
+ cups_stream_connect(webbrowser_t)
')
optional_policy(`
- dbus_all_session_bus_client(mozilla_t)
- dbus_connect_all_session_bus(mozilla_t)
- dbus_system_bus_client(mozilla_t)
+ dbus_all_session_bus_client(webbrowser_t)
+ dbus_connect_all_session_bus(webbrowser_t)
+ dbus_system_bus_client(webbrowser_t)
optional_policy(`
- cups_dbus_chat(mozilla_t)
+ cups_dbus_chat(webbrowser_t)
')
optional_policy(`
- mozilla_dbus_chat_plugin(mozilla_t)
+ webbrowser_dbus_chat_plugin(webbrowser_t)
')
optional_policy(`
- networkmanager_dbus_chat(mozilla_t)
+ networkmanager_dbus_chat(webbrowser_t)
')
')
optional_policy(`
- evolution_domtrans(mozilla_t)
+ evolution_domtrans(webbrowser_t)
')
optional_policy(`
- gnome_stream_connect_gconf(mozilla_t)
- gnome_manage_generic_gconf_home_content(mozilla_t)
- gnome_home_filetrans_gconf_home(mozilla_t, dir, ".gconf")
- gnome_home_filetrans_gconf_home(mozilla_t, dir, ".gconfd")
- gnome_manage_generic_home_content(mozilla_t)
- gnome_home_filetrans_gnome_home(mozilla_t, dir, ".gnome")
- gnome_home_filetrans_gnome_home(mozilla_t, dir, ".gnome2")
- gnome_home_filetrans_gnome_home(mozilla_t, dir, ".gnome2_private")
+ gnome_stream_connect_gconf(webbrowser_t)
+ gnome_manage_generic_gconf_home_content(webbrowser_t)
+ gnome_home_filetrans_gconf_home(webbrowser_t, dir, ".gconf")
+ gnome_home_filetrans_gconf_home(webbrowser_t, dir, ".gconfd")
+ gnome_manage_generic_home_content(webbrowser_t)
+ gnome_home_filetrans_gnome_home(webbrowser_t, dir, ".gnome")
+ gnome_home_filetrans_gnome_home(webbrowser_t, dir, ".gnome2")
+ gnome_home_filetrans_gnome_home(webbrowser_t, dir, ".gnome2_private")
')
optional_policy(`
- java_exec(mozilla_t)
- java_manage_generic_home_content(mozilla_t)
- java_manage_java_tmp(mozilla_t)
- java_home_filetrans_java_home(mozilla_t, dir, ".java")
+ java_exec(webbrowser_t)
+ java_manage_generic_home_content(webbrowser_t)
+ java_manage_java_tmp(webbrowser_t)
+ java_home_filetrans_java_home(webbrowser_t, dir, ".java")
')
optional_policy(`
- lpd_run_lpr(mozilla_t, mozilla_roles)
+ lpd_run_lpr(webbrowser_t, webbrowser_roles)
')
optional_policy(`
- mplayer_exec(mozilla_t)
- mplayer_manage_generic_home_content(mozilla_t)
- mplayer_home_filetrans_mplayer_home(mozilla_t, dir, ".mplayer")
+ mplayer_exec(webbrowser_t)
+ mplayer_manage_generic_home_content(webbrowser_t)
+ mplayer_home_filetrans_mplayer_home(webbrowser_t, dir, ".mplayer")
')
optional_policy(`
- ooffice_domtrans(mozilla_t)
- ooffice_rw_tmp_files(mozilla_t)
+ ooffice_domtrans(webbrowser_t)
+ ooffice_rw_tmp_files(webbrowser_t)
')
optional_policy(`
- pulseaudio_run(mozilla_t, mozilla_roles)
+ pulseaudio_run(webbrowser_t, webbrowser_roles)
')
optional_policy(`
- thunderbird_domtrans(mozilla_t)
+ thunderbird_domtrans(webbrowser_t)
')
########################################
@@ -343,282 +354,282 @@ optional_policy(`
# Plugin local policy
#
-dontaudit mozilla_plugin_t self:capability { ipc_lock sys_nice sys_ptrace sys_tty_config };
-allow mozilla_plugin_t self:process { setpgid getsched setsched signal_perms setrlimit };
-allow mozilla_plugin_t self:fifo_file manage_fifo_file_perms;
-allow mozilla_plugin_t self:netlink_kobject_uevent_socket create_socket_perms;
-allow mozilla_plugin_t self:sem create_sem_perms;
-allow mozilla_plugin_t self:shm create_shm_perms;
-allow mozilla_plugin_t self:tcp_socket { accept listen };
-allow mozilla_plugin_t self:unix_stream_socket { accept connectto listen };
-
-allow mozilla_plugin_t mozilla_t:unix_stream_socket rw_socket_perms;
-allow mozilla_plugin_t mozilla_t:unix_dgram_socket rw_socket_perms;
-allow mozilla_plugin_t mozilla_t:shm { rw_shm_perms destroy };
-allow mozilla_plugin_t mozilla_t:sem create_sem_perms;
-
-manage_dirs_pattern(mozilla_plugin_t, { mozilla_home_t mozilla_plugin_home_t }, { mozilla_home_t mozilla_plugin_home_t })
-manage_files_pattern(mozilla_plugin_t, { mozilla_home_t mozilla_plugin_home_t }, mozilla_plugin_home_t)
-manage_lnk_files_pattern(mozilla_plugin_t, { mozilla_home_t mozilla_plugin_home_t }, mozilla_plugin_home_t)
-allow mozilla_plugin_t mozilla_home_t:file map;
-
-userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_home_t, dir, ".galeon")
-userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_home_t, dir, ".mozilla")
-userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_home_t, dir, ".netscape")
-userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_home_t, dir, ".phoenix")
-
-userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_plugin_home_t, dir, ".adobe")
-userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_plugin_home_t, dir, ".macromedia")
-userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_plugin_home_t, dir, ".gnash")
-userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_plugin_home_t, dir, ".gcjwebplugin")
-userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_plugin_home_t, dir, ".icedteaplugin")
-userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_plugin_home_t, dir, ".spicec")
-userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_plugin_home_t, dir, ".ICAClient")
-userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_plugin_home_t, dir, "zimbrauserdata")
-
-filetrans_pattern(mozilla_plugin_t, mozilla_home_t, mozilla_plugin_home_t, dir, "plugins")
-
-manage_dirs_pattern(mozilla_plugin_t, mozilla_plugin_tmp_t, mozilla_plugin_tmp_t)
-manage_files_pattern(mozilla_plugin_t, mozilla_plugin_tmp_t, mozilla_plugin_tmp_t)
-manage_fifo_files_pattern(mozilla_plugin_t, mozilla_plugin_tmp_t, mozilla_plugin_tmp_t)
-files_tmp_filetrans(mozilla_plugin_t, mozilla_plugin_tmp_t, { dir file fifo_file })
-userdom_user_tmp_filetrans(mozilla_plugin_t, mozilla_plugin_tmp_t, { dir file fifo_file })
-
-allow mozilla_plugin_t mozilla_tmp_t:file rw_file_perms;
-
-manage_files_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t)
-manage_lnk_files_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t)
-manage_fifo_files_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t)
-manage_sock_files_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t)
-fs_tmpfs_filetrans(mozilla_plugin_t, mozilla_plugin_tmpfs_t, { file lnk_file sock_file fifo_file })
-
-allow mozilla_plugin_t mozilla_plugin_rw_t:dir list_dir_perms;
-allow mozilla_plugin_t mozilla_plugin_rw_t:file read_file_perms;
-allow mozilla_plugin_t mozilla_plugin_rw_t:lnk_file read_lnk_file_perms;
-
-dgram_send_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t, mozilla_t)
-stream_connect_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t, mozilla_t)
-
-can_exec(mozilla_plugin_t, { mozilla_exec_t mozilla_plugin_home_t mozilla_plugin_tmp_t })
-
-kernel_read_all_sysctls(mozilla_plugin_t)
-kernel_read_system_state(mozilla_plugin_t)
-kernel_read_network_state(mozilla_plugin_t)
-kernel_request_load_module(mozilla_plugin_t)
-kernel_dontaudit_getattr_core_if(mozilla_plugin_t)
-
-corecmd_exec_bin(mozilla_plugin_t)
-corecmd_exec_shell(mozilla_plugin_t)
-
-corenet_all_recvfrom_netlabel(mozilla_plugin_t)
-corenet_all_recvfrom_unlabeled(mozilla_plugin_t)
-corenet_tcp_sendrecv_generic_if(mozilla_plugin_t)
-corenet_tcp_sendrecv_generic_node(mozilla_plugin_t)
-
-corenet_sendrecv_asterisk_client_packets(mozilla_plugin_t)
-corenet_tcp_connect_asterisk_port(mozilla_plugin_t)
-corenet_tcp_sendrecv_asterisk_port(mozilla_plugin_t)
-
-corenet_sendrecv_ftp_client_packets(mozilla_plugin_t)
-corenet_tcp_connect_ftp_port(mozilla_plugin_t)
-corenet_tcp_sendrecv_ftp_port(mozilla_plugin_t)
-
-corenet_sendrecv_gatekeeper_client_packets(mozilla_plugin_t)
-corenet_tcp_connect_gatekeeper_port(mozilla_plugin_t)
-corenet_tcp_sendrecv_gatekeeper_port(mozilla_plugin_t)
-
-corenet_sendrecv_http_client_packets(mozilla_plugin_t)
-corenet_tcp_connect_http_port(mozilla_plugin_t)
-corenet_tcp_sendrecv_http_port(mozilla_plugin_t)
-
-corenet_sendrecv_http_cache_client_packets(mozilla_plugin_t)
-corenet_tcp_connect_http_cache_port(mozilla_plugin_t)
-corenet_tcp_sendrecv_http_cache_port(mozilla_plugin_t)
-
-corenet_sendrecv_ipp_client_packets(mozilla_plugin_t)
-corenet_tcp_connect_ipp_port(mozilla_plugin_t)
-corenet_tcp_sendrecv_ipp_port(mozilla_plugin_t)
-
-corenet_sendrecv_ircd_client_packets(mozilla_plugin_t)
-corenet_tcp_connect_ircd_port(mozilla_plugin_t)
-corenet_tcp_sendrecv_ircd_port(mozilla_plugin_t)
-
-corenet_sendrecv_jabber_client_client_packets(mozilla_plugin_t)
-corenet_tcp_connect_jabber_client_port(mozilla_plugin_t)
-corenet_tcp_sendrecv_jabber_client_port(mozilla_plugin_t)
-
-corenet_sendrecv_mmcc_client_packets(mozilla_plugin_t)
-corenet_tcp_connect_mmcc_port(mozilla_plugin_t)
-corenet_tcp_sendrecv_mmcc_port(mozilla_plugin_t)
-
-corenet_sendrecv_monopd_client_packets(mozilla_plugin_t)
-corenet_tcp_connect_monopd_port(mozilla_plugin_t)
-corenet_tcp_sendrecv_monopd_port(mozilla_plugin_t)
-
-corenet_sendrecv_soundd_client_packets(mozilla_plugin_t)
-corenet_tcp_connect_soundd_port(mozilla_plugin_t)
-corenet_tcp_sendrecv_soundd_port(mozilla_plugin_t)
-
-corenet_sendrecv_speech_client_packets(mozilla_plugin_t)
-corenet_tcp_connect_speech_port(mozilla_plugin_t)
-corenet_tcp_sendrecv_speech_port(mozilla_plugin_t)
-
-corenet_sendrecv_squid_client_packets(mozilla_plugin_t)
-corenet_tcp_connect_squid_port(mozilla_plugin_t)
-corenet_tcp_sendrecv_squid_port(mozilla_plugin_t)
-
-corenet_sendrecv_vnc_client_packets(mozilla_plugin_t)
-corenet_tcp_connect_vnc_port(mozilla_plugin_t)
-corenet_tcp_sendrecv_vnc_port(mozilla_plugin_t)
-
-dev_read_generic_usb_dev(mozilla_plugin_t)
-dev_read_rand(mozilla_plugin_t)
-dev_read_realtime_clock(mozilla_plugin_t)
-dev_read_sound(mozilla_plugin_t)
-dev_read_sysfs(mozilla_plugin_t)
-dev_read_urand(mozilla_plugin_t)
-dev_read_video_dev(mozilla_plugin_t)
-dev_write_sound(mozilla_plugin_t)
-dev_write_video_dev(mozilla_plugin_t)
-dev_rw_dri(mozilla_plugin_t)
-dev_rw_xserver_misc(mozilla_plugin_t)
-
-dev_dontaudit_getattr_generic_files(mozilla_plugin_t)
-dev_dontaudit_getattr_generic_pipes(mozilla_plugin_t)
-dev_dontaudit_getattr_all_blk_files(mozilla_plugin_t)
-dev_dontaudit_getattr_all_chr_files(mozilla_plugin_t)
-
-domain_use_interactive_fds(mozilla_plugin_t)
-domain_dontaudit_read_all_domains_state(mozilla_plugin_t)
-
-files_exec_usr_files(mozilla_plugin_t)
-files_list_mnt(mozilla_plugin_t)
-files_read_config_files(mozilla_plugin_t)
-files_read_usr_files(mozilla_plugin_t)
-files_map_usr_files(mozilla_plugin_t)
-
-fs_getattr_all_fs(mozilla_plugin_t)
-# fs_read_hugetlbfs_files(mozilla_plugin_t)
-fs_search_auto_mountpoints(mozilla_plugin_t)
-
-term_getattr_all_ttys(mozilla_plugin_t)
-term_getattr_all_ptys(mozilla_plugin_t)
-
-application_exec(mozilla_plugin_t)
-
-auth_use_nsswitch(mozilla_plugin_t)
-
-libs_exec_ld_so(mozilla_plugin_t)
-libs_exec_lib_files(mozilla_plugin_t)
-
-logging_send_syslog_msg(mozilla_plugin_t)
-
-miscfiles_read_localization(mozilla_plugin_t)
-miscfiles_read_fonts(mozilla_plugin_t)
-miscfiles_read_generic_certs(mozilla_plugin_t)
-miscfiles_dontaudit_setattr_fonts_dirs(mozilla_plugin_t)
-miscfiles_dontaudit_setattr_fonts_cache_dirs(mozilla_plugin_t)
-
-userdom_manage_user_tmp_dirs(mozilla_plugin_t)
-userdom_manage_user_tmp_files(mozilla_plugin_t)
-userdom_map_user_tmp_files(mozilla_plugin_t)
+dontaudit webbrowser_plugin_t self:capability { ipc_lock sys_nice sys_ptrace sys_tty_config };
+allow webbrowser_plugin_t self:process { setpgid getsched setsched signal_perms setrlimit };
+allow webbrowser_plugin_t self:fifo_file manage_fifo_file_perms;
+allow webbrowser_plugin_t self:netlink_kobject_uevent_socket create_socket_perms;
+allow webbrowser_plugin_t self:sem create_sem_perms;
+allow webbrowser_plugin_t self:shm create_shm_perms;
+allow webbrowser_plugin_t self:tcp_socket { accept listen };
+allow webbrowser_plugin_t self:unix_stream_socket { accept connectto listen };
+
+allow webbrowser_plugin_t webbrowser_t:unix_stream_socket rw_socket_perms;
+allow webbrowser_plugin_t webbrowser_t:unix_dgram_socket rw_socket_perms;
+allow webbrowser_plugin_t webbrowser_t:shm { rw_shm_perms destroy };
+allow webbrowser_plugin_t webbrowser_t:sem create_sem_perms;
+
+manage_dirs_pattern(webbrowser_plugin_t, { webbrowser_home_t webbrowser_plugin_home_t }, { webbrowser_home_t webbrowser_plugin_home_t })
+manage_files_pattern(webbrowser_plugin_t, { webbrowser_home_t webbrowser_plugin_home_t }, webbrowser_plugin_home_t)
+manage_lnk_files_pattern(webbrowser_plugin_t, { webbrowser_home_t webbrowser_plugin_home_t }, webbrowser_plugin_home_t)
+allow webbrowser_plugin_t webbrowser_home_t:file map;
+
+userdom_user_home_dir_filetrans(webbrowser_plugin_t, webbrowser_home_t, dir, ".galeon")
+userdom_user_home_dir_filetrans(webbrowser_plugin_t, webbrowser_home_t, dir, ".mozilla")
+userdom_user_home_dir_filetrans(webbrowser_plugin_t, webbrowser_home_t, dir, ".netscape")
+userdom_user_home_dir_filetrans(webbrowser_plugin_t, webbrowser_home_t, dir, ".phoenix")
+
+userdom_user_home_dir_filetrans(webbrowser_plugin_t, webbrowser_plugin_home_t, dir, ".adobe")
+userdom_user_home_dir_filetrans(webbrowser_plugin_t, webbrowser_plugin_home_t, dir, ".macromedia")
+userdom_user_home_dir_filetrans(webbrowser_plugin_t, webbrowser_plugin_home_t, dir, ".gnash")
+userdom_user_home_dir_filetrans(webbrowser_plugin_t, webbrowser_plugin_home_t, dir, ".gcjwebplugin")
+userdom_user_home_dir_filetrans(webbrowser_plugin_t, webbrowser_plugin_home_t, dir, ".icedteaplugin")
+userdom_user_home_dir_filetrans(webbrowser_plugin_t, webbrowser_plugin_home_t, dir, ".spicec")
+userdom_user_home_dir_filetrans(webbrowser_plugin_t, webbrowser_plugin_home_t, dir, ".ICAClient")
+userdom_user_home_dir_filetrans(webbrowser_plugin_t, webbrowser_plugin_home_t, dir, "zimbrauserdata")
+
+filetrans_pattern(webbrowser_plugin_t, webbrowser_home_t, webbrowser_plugin_home_t, dir, "plugins")
+
+manage_dirs_pattern(webbrowser_plugin_t, webbrowser_plugin_tmp_t, webbrowser_plugin_tmp_t)
+manage_files_pattern(webbrowser_plugin_t, webbrowser_plugin_tmp_t, webbrowser_plugin_tmp_t)
+manage_fifo_files_pattern(webbrowser_plugin_t, webbrowser_plugin_tmp_t, webbrowser_plugin_tmp_t)
+files_tmp_filetrans(webbrowser_plugin_t, webbrowser_plugin_tmp_t, { dir file fifo_file })
+userdom_user_tmp_filetrans(webbrowser_plugin_t, webbrowser_plugin_tmp_t, { dir file fifo_file })
+
+allow webbrowser_plugin_t webbrowser_tmp_t:file rw_file_perms;
+
+manage_files_pattern(webbrowser_plugin_t, webbrowser_plugin_tmpfs_t, webbrowser_plugin_tmpfs_t)
+manage_lnk_files_pattern(webbrowser_plugin_t, webbrowser_plugin_tmpfs_t, webbrowser_plugin_tmpfs_t)
+manage_fifo_files_pattern(webbrowser_plugin_t, webbrowser_plugin_tmpfs_t, webbrowser_plugin_tmpfs_t)
+manage_sock_files_pattern(webbrowser_plugin_t, webbrowser_plugin_tmpfs_t, webbrowser_plugin_tmpfs_t)
+fs_tmpfs_filetrans(webbrowser_plugin_t, webbrowser_plugin_tmpfs_t, { file lnk_file sock_file fifo_file })
+
+allow webbrowser_plugin_t webbrowser_plugin_rw_t:dir list_dir_perms;
+allow webbrowser_plugin_t webbrowser_plugin_rw_t:file read_file_perms;
+allow webbrowser_plugin_t webbrowser_plugin_rw_t:lnk_file read_lnk_file_perms;
+
+dgram_send_pattern(webbrowser_plugin_t, webbrowser_plugin_tmpfs_t, webbrowser_plugin_tmpfs_t, webbrowser_t)
+stream_connect_pattern(webbrowser_plugin_t, webbrowser_plugin_tmpfs_t, webbrowser_plugin_tmpfs_t, webbrowser_t)
+
+can_exec(webbrowser_plugin_t, { webbrowser_exec_t webbrowser_plugin_home_t webbrowser_plugin_tmp_t })
+
+kernel_read_all_sysctls(webbrowser_plugin_t)
+kernel_read_system_state(webbrowser_plugin_t)
+kernel_read_network_state(webbrowser_plugin_t)
+kernel_request_load_module(webbrowser_plugin_t)
+kernel_dontaudit_getattr_core_if(webbrowser_plugin_t)
+
+corecmd_exec_bin(webbrowser_plugin_t)
+corecmd_exec_shell(webbrowser_plugin_t)
+
+corenet_all_recvfrom_netlabel(webbrowser_plugin_t)
+corenet_all_recvfrom_unlabeled(webbrowser_plugin_t)
+corenet_tcp_sendrecv_generic_if(webbrowser_plugin_t)
+corenet_tcp_sendrecv_generic_node(webbrowser_plugin_t)
+
+corenet_sendrecv_asterisk_client_packets(webbrowser_plugin_t)
+corenet_tcp_connect_asterisk_port(webbrowser_plugin_t)
+corenet_tcp_sendrecv_asterisk_port(webbrowser_plugin_t)
+
+corenet_sendrecv_ftp_client_packets(webbrowser_plugin_t)
+corenet_tcp_connect_ftp_port(webbrowser_plugin_t)
+corenet_tcp_sendrecv_ftp_port(webbrowser_plugin_t)
+
+corenet_sendrecv_gatekeeper_client_packets(webbrowser_plugin_t)
+corenet_tcp_connect_gatekeeper_port(webbrowser_plugin_t)
+corenet_tcp_sendrecv_gatekeeper_port(webbrowser_plugin_t)
+
+corenet_sendrecv_http_client_packets(webbrowser_plugin_t)
+corenet_tcp_connect_http_port(webbrowser_plugin_t)
+corenet_tcp_sendrecv_http_port(webbrowser_plugin_t)
+
+corenet_sendrecv_http_cache_client_packets(webbrowser_plugin_t)
+corenet_tcp_connect_http_cache_port(webbrowser_plugin_t)
+corenet_tcp_sendrecv_http_cache_port(webbrowser_plugin_t)
+
+corenet_sendrecv_ipp_client_packets(webbrowser_plugin_t)
+corenet_tcp_connect_ipp_port(webbrowser_plugin_t)
+corenet_tcp_sendrecv_ipp_port(webbrowser_plugin_t)
+
+corenet_sendrecv_ircd_client_packets(webbrowser_plugin_t)
+corenet_tcp_connect_ircd_port(webbrowser_plugin_t)
+corenet_tcp_sendrecv_ircd_port(webbrowser_plugin_t)
+
+corenet_sendrecv_jabber_client_client_packets(webbrowser_plugin_t)
+corenet_tcp_connect_jabber_client_port(webbrowser_plugin_t)
+corenet_tcp_sendrecv_jabber_client_port(webbrowser_plugin_t)
+
+corenet_sendrecv_mmcc_client_packets(webbrowser_plugin_t)
+corenet_tcp_connect_mmcc_port(webbrowser_plugin_t)
+corenet_tcp_sendrecv_mmcc_port(webbrowser_plugin_t)
+
+corenet_sendrecv_monopd_client_packets(webbrowser_plugin_t)
+corenet_tcp_connect_monopd_port(webbrowser_plugin_t)
+corenet_tcp_sendrecv_monopd_port(webbrowser_plugin_t)
+
+corenet_sendrecv_soundd_client_packets(webbrowser_plugin_t)
+corenet_tcp_connect_soundd_port(webbrowser_plugin_t)
+corenet_tcp_sendrecv_soundd_port(webbrowser_plugin_t)
+
+corenet_sendrecv_speech_client_packets(webbrowser_plugin_t)
+corenet_tcp_connect_speech_port(webbrowser_plugin_t)
+corenet_tcp_sendrecv_speech_port(webbrowser_plugin_t)
+
+corenet_sendrecv_squid_client_packets(webbrowser_plugin_t)
+corenet_tcp_connect_squid_port(webbrowser_plugin_t)
+corenet_tcp_sendrecv_squid_port(webbrowser_plugin_t)
+
+corenet_sendrecv_vnc_client_packets(webbrowser_plugin_t)
+corenet_tcp_connect_vnc_port(webbrowser_plugin_t)
+corenet_tcp_sendrecv_vnc_port(webbrowser_plugin_t)
+
+dev_read_generic_usb_dev(webbrowser_plugin_t)
+dev_read_rand(webbrowser_plugin_t)
+dev_read_realtime_clock(webbrowser_plugin_t)
+dev_read_sound(webbrowser_plugin_t)
+dev_read_sysfs(webbrowser_plugin_t)
+dev_read_urand(webbrowser_plugin_t)
+dev_read_video_dev(webbrowser_plugin_t)
+dev_write_sound(webbrowser_plugin_t)
+dev_write_video_dev(webbrowser_plugin_t)
+dev_rw_dri(webbrowser_plugin_t)
+dev_rw_xserver_misc(webbrowser_plugin_t)
+
+dev_dontaudit_getattr_generic_files(webbrowser_plugin_t)
+dev_dontaudit_getattr_generic_pipes(webbrowser_plugin_t)
+dev_dontaudit_getattr_all_blk_files(webbrowser_plugin_t)
+dev_dontaudit_getattr_all_chr_files(webbrowser_plugin_t)
+
+domain_use_interactive_fds(webbrowser_plugin_t)
+domain_dontaudit_read_all_domains_state(webbrowser_plugin_t)
+
+files_exec_usr_files(webbrowser_plugin_t)
+files_list_mnt(webbrowser_plugin_t)
+files_read_config_files(webbrowser_plugin_t)
+files_read_usr_files(webbrowser_plugin_t)
+files_map_usr_files(webbrowser_plugin_t)
+
+fs_getattr_all_fs(webbrowser_plugin_t)
+# fs_read_hugetlbfs_files(webbrowser_plugin_t)
+fs_search_auto_mountpoints(webbrowser_plugin_t)
+
+term_getattr_all_ttys(webbrowser_plugin_t)
+term_getattr_all_ptys(webbrowser_plugin_t)
+
+application_exec(webbrowser_plugin_t)
+
+auth_use_nsswitch(webbrowser_plugin_t)
+
+libs_exec_ld_so(webbrowser_plugin_t)
+libs_exec_lib_files(webbrowser_plugin_t)
+
+logging_send_syslog_msg(webbrowser_plugin_t)
+
+miscfiles_read_localization(webbrowser_plugin_t)
+miscfiles_read_fonts(webbrowser_plugin_t)
+miscfiles_read_generic_certs(webbrowser_plugin_t)
+miscfiles_dontaudit_setattr_fonts_dirs(webbrowser_plugin_t)
+miscfiles_dontaudit_setattr_fonts_cache_dirs(webbrowser_plugin_t)
+
+userdom_manage_user_tmp_dirs(webbrowser_plugin_t)
+userdom_manage_user_tmp_files(webbrowser_plugin_t)
+userdom_map_user_tmp_files(webbrowser_plugin_t)
-userdom_user_home_dir_filetrans_user_home_content(mozilla_plugin_t, { dir file })
+userdom_user_home_dir_filetrans_user_home_content(webbrowser_plugin_t, { dir file })
-userdom_write_user_tmp_sockets(mozilla_plugin_t)
+userdom_write_user_tmp_sockets(webbrowser_plugin_t)
-userdom_dontaudit_use_user_terminals(mozilla_plugin_t)
+userdom_dontaudit_use_user_terminals(webbrowser_plugin_t)
-xdg_read_config_files(mozilla_plugin_t)
+xdg_read_config_files(webbrowser_plugin_t)
ifndef(`enable_mls',`
- fs_list_dos(mozilla_plugin_t)
- fs_read_dos_files(mozilla_plugin_t)
+ fs_list_dos(webbrowser_plugin_t)
+ fs_read_dos_files(webbrowser_plugin_t)
- fs_search_removable(mozilla_plugin_t)
- fs_read_removable_files(mozilla_plugin_t)
- fs_read_removable_symlinks(mozilla_plugin_t)
+ fs_search_removable(webbrowser_plugin_t)
+ fs_read_removable_files(webbrowser_plugin_t)
+ fs_read_removable_symlinks(webbrowser_plugin_t)
- fs_read_iso9660_files(mozilla_plugin_t)
+ fs_read_iso9660_files(webbrowser_plugin_t)
')
tunable_policy(`allow_execmem',`
- allow mozilla_plugin_t self:process execmem;
+ allow webbrowser_plugin_t self:process execmem;
')
-tunable_policy(`mozilla_execstack',`
- allow mozilla_plugin_t self:process { execmem execstack };
+tunable_policy(`webbrowser_execstack',`
+ allow webbrowser_plugin_t self:process { execmem execstack };
')
tunable_policy(`use_nfs_home_dirs',`
- fs_manage_nfs_dirs(mozilla_plugin_t)
- fs_manage_nfs_files(mozilla_plugin_t)
- fs_manage_nfs_symlinks(mozilla_plugin_t)
+ fs_manage_nfs_dirs(webbrowser_plugin_t)
+ fs_manage_nfs_files(webbrowser_plugin_t)
+ fs_manage_nfs_symlinks(webbrowser_plugin_t)
')
tunable_policy(`use_samba_home_dirs',`
- fs_manage_cifs_dirs(mozilla_plugin_t)
- fs_manage_cifs_files(mozilla_plugin_t)
- fs_manage_cifs_symlinks(mozilla_plugin_t)
+ fs_manage_cifs_dirs(webbrowser_plugin_t)
+ fs_manage_cifs_files(webbrowser_plugin_t)
+ fs_manage_cifs_symlinks(webbrowser_plugin_t)
')
optional_policy(`
- alsa_read_config(mozilla_plugin_t)
- alsa_read_home_files(mozilla_plugin_t)
+ alsa_read_config(webbrowser_plugin_t)
+ alsa_read_home_files(webbrowser_plugin_t)
')
optional_policy(`
- automount_dontaudit_getattr_tmp_dirs(mozilla_plugin_t)
+ automount_dontaudit_getattr_tmp_dirs(webbrowser_plugin_t)
')
optional_policy(`
- dbus_all_session_bus_client(mozilla_plugin_t)
- dbus_connect_all_session_bus(mozilla_plugin_t)
- dbus_system_bus_client(mozilla_plugin_t)
+ dbus_all_session_bus_client(webbrowser_plugin_t)
+ dbus_connect_all_session_bus(webbrowser_plugin_t)
+ dbus_system_bus_client(webbrowser_plugin_t)
')
optional_policy(`
- gnome_manage_generic_home_content(mozilla_plugin_t)
- gnome_home_filetrans_gnome_home(mozilla_plugin_t, dir, ".gnome")
- gnome_home_filetrans_gnome_home(mozilla_plugin_t, dir, ".gnome2")
- gnome_home_filetrans_gnome_home(mozilla_plugin_t, dir, ".gnome2_private")
+ gnome_manage_generic_home_content(webbrowser_plugin_t)
+ gnome_home_filetrans_gnome_home(webbrowser_plugin_t, dir, ".gnome")
+ gnome_home_filetrans_gnome_home(webbrowser_plugin_t, dir, ".gnome2")
+ gnome_home_filetrans_gnome_home(webbrowser_plugin_t, dir, ".gnome2_private")
')
optional_policy(`
- java_exec(mozilla_plugin_t)
- java_manage_generic_home_content(mozilla_plugin_t)
- java_manage_java_tmp(mozilla_plugin_t)
- java_home_filetrans_java_home(mozilla_plugin_t, dir, ".java")
+ java_exec(webbrowser_plugin_t)
+ java_manage_generic_home_content(webbrowser_plugin_t)
+ java_manage_java_tmp(webbrowser_plugin_t)
+ java_home_filetrans_java_home(webbrowser_plugin_t, dir, ".java")
')
optional_policy(`
- lpd_run_lpr(mozilla_plugin_t, mozilla_plugin_roles)
+ lpd_run_lpr(webbrowser_plugin_t, webbrowser_plugin_roles)
')
optional_policy(`
- mplayer_exec(mozilla_plugin_t)
- mplayer_manage_generic_home_content(mozilla_plugin_t)
- mplayer_home_filetrans_mplayer_home(mozilla_plugin_t, dir, ".mplayer")
+ mplayer_exec(webbrowser_plugin_t)
+ mplayer_manage_generic_home_content(webbrowser_plugin_t)
+ mplayer_home_filetrans_mplayer_home(webbrowser_plugin_t, dir, ".mplayer")
')
optional_policy(`
- pcscd_stream_connect(mozilla_plugin_t)
+ pcscd_stream_connect(webbrowser_plugin_t)
')
optional_policy(`
- pulseaudio_run(mozilla_plugin_t, mozilla_plugin_roles)
+ pulseaudio_run(webbrowser_plugin_t, webbrowser_plugin_roles)
')
optional_policy(`
- udev_read_db(mozilla_plugin_t)
+ udev_read_db(webbrowser_plugin_t)
')
optional_policy(`
- xserver_read_user_xauth(mozilla_plugin_t)
- xserver_read_xdm_pid(mozilla_plugin_t)
- xserver_stream_connect(mozilla_plugin_t)
- xserver_use_user_fonts(mozilla_plugin_t)
- xserver_dontaudit_read_xdm_tmp_files(mozilla_plugin_t)
+ xserver_read_user_xauth(webbrowser_plugin_t)
+ xserver_read_xdm_pid(webbrowser_plugin_t)
+ xserver_stream_connect(webbrowser_plugin_t)
+ xserver_use_user_fonts(webbrowser_plugin_t)
+ xserver_dontaudit_read_xdm_tmp_files(webbrowser_plugin_t)
')
########################################
@@ -626,96 +637,96 @@ optional_policy(`
# Plugin config local policy
#
-allow mozilla_plugin_config_t self:capability { dac_override dac_read_search setgid setuid sys_nice };
-allow mozilla_plugin_config_t self:process { setsched signal_perms getsched };
-allow mozilla_plugin_config_t self:fifo_file rw_fifo_file_perms;
-allow mozilla_plugin_config_t self:unix_stream_socket create_stream_socket_perms;
+allow webbrowser_plugin_config_t self:capability { dac_override dac_read_search setgid setuid sys_nice };
+allow webbrowser_plugin_config_t self:process { setsched signal_perms getsched };
+allow webbrowser_plugin_config_t self:fifo_file rw_fifo_file_perms;
+allow webbrowser_plugin_config_t self:unix_stream_socket create_stream_socket_perms;
-allow mozilla_plugin_config_t mozilla_plugin_rw_t:dir manage_dir_perms;
-allow mozilla_plugin_config_t mozilla_plugin_rw_t:file manage_file_perms;
-allow mozilla_plugin_config_t mozilla_plugin_rw_t:lnk_file manage_lnk_file_perms;
+allow webbrowser_plugin_config_t webbrowser_plugin_rw_t:dir manage_dir_perms;
+allow webbrowser_plugin_config_t webbrowser_plugin_rw_t:file manage_file_perms;
+allow webbrowser_plugin_config_t webbrowser_plugin_rw_t:lnk_file manage_lnk_file_perms;
-manage_dirs_pattern(mozilla_plugin_config_t, { mozilla_home_t mozilla_plugin_home_t }, { mozilla_home_t mozilla_plugin_home_t })
-manage_files_pattern(mozilla_plugin_config_t, { mozilla_home_t mozilla_plugin_home_t }, mozilla_plugin_home_t)
-manage_lnk_files_pattern(mozilla_plugin_config_t, { mozilla_home_t mozilla_plugin_home_t }, mozilla_plugin_home_t)
+manage_dirs_pattern(webbrowser_plugin_config_t, { webbrowser_home_t webbrowser_plugin_home_t }, { webbrowser_home_t webbrowser_plugin_home_t })
+manage_files_pattern(webbrowser_plugin_config_t, { webbrowser_home_t webbrowser_plugin_home_t }, webbrowser_plugin_home_t)
+manage_lnk_files_pattern(webbrowser_plugin_config_t, { webbrowser_home_t webbrowser_plugin_home_t }, webbrowser_plugin_home_t)
-userdom_user_home_dir_filetrans(mozilla_plugin_config_t, mozilla_home_t, dir, ".galeon")
-userdom_user_home_dir_filetrans(mozilla_plugin_config_t, mozilla_home_t, dir, ".mozilla")
-userdom_user_home_dir_filetrans(mozilla_plugin_config_t, mozilla_home_t, dir, ".netscape")
-userdom_user_home_dir_filetrans(mozilla_plugin_config_t, mozilla_home_t, dir, ".phoenix")
+userdom_user_home_dir_filetrans(webbrowser_plugin_config_t, webbrowser_home_t, dir, ".galeon")
+userdom_user_home_dir_filetrans(webbrowser_plugin_config_t, webbrowser_home_t, dir, ".mozilla")
+userdom_user_home_dir_filetrans(webbrowser_plugin_config_t, webbrowser_home_t, dir, ".netscape")
+userdom_user_home_dir_filetrans(webbrowser_plugin_config_t, webbrowser_home_t, dir, ".phoenix")
-userdom_user_home_dir_filetrans(mozilla_plugin_config_t, mozilla_plugin_home_t, dir, ".adobe")
-userdom_user_home_dir_filetrans(mozilla_plugin_config_t, mozilla_plugin_home_t, dir, ".macromedia")
-userdom_user_home_dir_filetrans(mozilla_plugin_config_t, mozilla_plugin_home_t, dir, ".gnash")
-userdom_user_home_dir_filetrans(mozilla_plugin_config_t, mozilla_plugin_home_t, dir, ".gcjwebplugin")
-userdom_user_home_dir_filetrans(mozilla_plugin_config_t, mozilla_plugin_home_t, dir, ".icedteaplugin")
-userdom_user_home_dir_filetrans(mozilla_plugin_config_t, mozilla_plugin_home_t, dir, ".spicec")
-userdom_user_home_dir_filetrans(mozilla_plugin_config_t, mozilla_plugin_home_t, dir, ".ICAClient")
-userdom_user_home_dir_filetrans(mozilla_plugin_config_t, mozilla_plugin_home_t, dir, "zimbrauserdata")
+userdom_user_home_dir_filetrans(webbrowser_plugin_config_t, webbrowser_plugin_home_t, dir, ".adobe")
+userdom_user_home_dir_filetrans(webbrowser_plugin_config_t, webbrowser_plugin_home_t, dir, ".macromedia")
+userdom_user_home_dir_filetrans(webbrowser_plugin_config_t, webbrowser_plugin_home_t, dir, ".gnash")
+userdom_user_home_dir_filetrans(webbrowser_plugin_config_t, webbrowser_plugin_home_t, dir, ".gcjwebplugin")
+userdom_user_home_dir_filetrans(webbrowser_plugin_config_t, webbrowser_plugin_home_t, dir, ".icedteaplugin")
+userdom_user_home_dir_filetrans(webbrowser_plugin_config_t, webbrowser_plugin_home_t, dir, ".spicec")
+userdom_user_home_dir_filetrans(webbrowser_plugin_config_t, webbrowser_plugin_home_t, dir, ".ICAClient")
+userdom_user_home_dir_filetrans(webbrowser_plugin_config_t, webbrowser_plugin_home_t, dir, "zimbrauserdata")
-filetrans_pattern(mozilla_plugin_config_t, mozilla_home_t, mozilla_plugin_home_t, dir, "plugins")
+filetrans_pattern(webbrowser_plugin_config_t, webbrowser_home_t, webbrowser_plugin_home_t, dir, "plugins")
-can_exec(mozilla_plugin_config_t, { mozilla_plugin_rw_t mozilla_plugin_home_t })
+can_exec(webbrowser_plugin_config_t, { webbrowser_plugin_rw_t webbrowser_plugin_home_t })
-ps_process_pattern(mozilla_plugin_config_t, mozilla_plugin_t)
+ps_process_pattern(webbrowser_plugin_config_t, webbrowser_plugin_t)
-kernel_read_system_state(mozilla_plugin_config_t)
-kernel_request_load_module(mozilla_plugin_config_t)
+kernel_read_system_state(webbrowser_plugin_config_t)
+kernel_request_load_module(webbrowser_plugin_config_t)
-corecmd_exec_bin(mozilla_plugin_config_t)
-corecmd_exec_shell(mozilla_plugin_config_t)
+corecmd_exec_bin(webbrowser_plugin_config_t)
+corecmd_exec_shell(webbrowser_plugin_config_t)
-dev_read_urand(mozilla_plugin_config_t)
-dev_rw_dri(mozilla_plugin_config_t)
-dev_search_sysfs(mozilla_plugin_config_t)
-dev_dontaudit_read_rand(mozilla_plugin_config_t)
+dev_read_urand(webbrowser_plugin_config_t)
+dev_rw_dri(webbrowser_plugin_config_t)
+dev_search_sysfs(webbrowser_plugin_config_t)
+dev_dontaudit_read_rand(webbrowser_plugin_config_t)
-domain_use_interactive_fds(mozilla_plugin_config_t)
+domain_use_interactive_fds(webbrowser_plugin_config_t)
-files_list_tmp(mozilla_plugin_config_t)
-files_read_usr_files(mozilla_plugin_config_t)
-files_dontaudit_search_home(mozilla_plugin_config_t)
+files_list_tmp(webbrowser_plugin_config_t)
+files_read_usr_files(webbrowser_plugin_config_t)
+files_dontaudit_search_home(webbrowser_plugin_config_t)
-fs_getattr_all_fs(mozilla_plugin_config_t)
-fs_search_auto_mountpoints(mozilla_plugin_config_t)
-fs_list_inotifyfs(mozilla_plugin_config_t)
+fs_getattr_all_fs(webbrowser_plugin_config_t)
+fs_search_auto_mountpoints(webbrowser_plugin_config_t)
+fs_list_inotifyfs(webbrowser_plugin_config_t)
-auth_use_nsswitch(mozilla_plugin_config_t)
+auth_use_nsswitch(webbrowser_plugin_config_t)
-miscfiles_read_localization(mozilla_plugin_config_t)
-miscfiles_read_fonts(mozilla_plugin_config_t)
+miscfiles_read_localization(webbrowser_plugin_config_t)
+miscfiles_read_fonts(webbrowser_plugin_config_t)
-userdom_read_user_home_content_symlinks(mozilla_plugin_config_t)
-userdom_read_user_home_content_files(mozilla_plugin_config_t)
+userdom_read_user_home_content_symlinks(webbrowser_plugin_config_t)
+userdom_read_user_home_content_files(webbrowser_plugin_config_t)
-userdom_use_user_ptys(mozilla_plugin_config_t)
+userdom_use_user_ptys(webbrowser_plugin_config_t)
-mozilla_run_plugin(mozilla_plugin_config_t, mozilla_plugin_config_roles)
+webbrowser_run_plugin(webbrowser_plugin_config_t, webbrowser_plugin_config_roles)
tunable_policy(`allow_execmem',`
- allow mozilla_plugin_config_t self:process execmem;
+ allow webbrowser_plugin_config_t self:process execmem;
')
-tunable_policy(`mozilla_execstack',`
- allow mozilla_plugin_config_t self:process { execmem execstack };
+tunable_policy(`webbrowser_execstack',`
+ allow webbrowser_plugin_config_t self:process { execmem execstack };
')
tunable_policy(`use_nfs_home_dirs',`
- fs_manage_nfs_dirs(mozilla_plugin_config_t)
- fs_manage_nfs_files(mozilla_plugin_config_t)
- fs_manage_nfs_symlinks(mozilla_plugin_config_t)
+ fs_manage_nfs_dirs(webbrowser_plugin_config_t)
+ fs_manage_nfs_files(webbrowser_plugin_config_t)
+ fs_manage_nfs_symlinks(webbrowser_plugin_config_t)
')
tunable_policy(`use_samba_home_dirs',`
- fs_manage_cifs_dirs(mozilla_plugin_config_t)
- fs_manage_cifs_files(mozilla_plugin_config_t)
- fs_manage_cifs_symlinks(mozilla_plugin_config_t)
+ fs_manage_cifs_dirs(webbrowser_plugin_config_t)
+ fs_manage_cifs_files(webbrowser_plugin_config_t)
+ fs_manage_cifs_symlinks(webbrowser_plugin_config_t)
')
optional_policy(`
- automount_dontaudit_getattr_tmp_dirs(mozilla_plugin_config_t)
+ automount_dontaudit_getattr_tmp_dirs(webbrowser_plugin_config_t)
')
optional_policy(`
- xserver_use_user_fonts(mozilla_plugin_config_t)
+ xserver_use_user_fonts(webbrowser_plugin_config_t)
')
Index: refpolicy-2.20180701/policy/modules/apps/mozilla.fc
===================================================================
--- refpolicy-2.20180701.orig/policy/modules/apps/mozilla.fc
+++ refpolicy-2.20180701/policy/modules/apps/mozilla.fc
@@ -1,42 +1,42 @@
-HOME_DIR/\.cache/mozilla(/.*)? gen_context(system_u:object_r:mozilla_xdg_cache_t,s0)
-HOME_DIR/\.galeon(/.*)? gen_context(system_u:object_r:mozilla_home_t,s0)
-HOME_DIR/\.mozilla(/.*)? gen_context(system_u:object_r:mozilla_home_t,s0)
-HOME_DIR/\.mozilla/plugins(/.*)? gen_context(system_u:object_r:mozilla_plugin_home_t,s0)
-HOME_DIR/\.netscape(/.*)? gen_context(system_u:object_r:mozilla_home_t,s0)
-HOME_DIR/\.phoenix(/.*)? gen_context(system_u:object_r:mozilla_home_t,s0)
-HOME_DIR/\.vimperator.* gen_context(system_u:object_r:mozilla_home_t,s0)
+HOME_DIR/\.cache/mozilla(/.*)? gen_context(system_u:object_r:webbrowser_xdg_cache_t,s0)
+HOME_DIR/\.galeon(/.*)? gen_context(system_u:object_r:webbrowser_home_t,s0)
+HOME_DIR/\.mozilla(/.*)? gen_context(system_u:object_r:webbrowser_home_t,s0)
+HOME_DIR/\.mozilla/plugins(/.*)? gen_context(system_u:object_r:webbrowser_plugin_home_t,s0)
+HOME_DIR/\.netscape(/.*)? gen_context(system_u:object_r:webbrowser_home_t,s0)
+HOME_DIR/\.phoenix(/.*)? gen_context(system_u:object_r:webbrowser_home_t,s0)
+HOME_DIR/\.vimperator.* gen_context(system_u:object_r:webbrowser_home_t,s0)
-HOME_DIR/\.adobe(/.*)? gen_context(system_u:object_r:mozilla_plugin_home_t,s0)
-HOME_DIR/\.macromedia(/.*)? gen_context(system_u:object_r:mozilla_plugin_home_t,s0)
-HOME_DIR/\.gnash(/.*)? gen_context(system_u:object_r:mozilla_plugin_home_t,s0)
-HOME_DIR/\.gcjwebplugin(/.*)? gen_context(system_u:object_r:mozilla_plugin_home_t,s0)
-HOME_DIR/\.icedteaplugin(/.*)? gen_context(system_u:object_r:mozilla_plugin_home_t,s0)
-HOME_DIR/\.spicec(/.*)? gen_context(system_u:object_r:mozilla_plugin_home_t,s0)
-HOME_DIR/\.ICAClient(/.*)? gen_context(system_u:object_r:mozilla_plugin_home_t,s0)
-HOME_DIR/zimbrauserdata(/.*)? gen_context(system_u:object_r:mozilla_plugin_home_t,s0)
+HOME_DIR/\.adobe(/.*)? gen_context(system_u:object_r:webbrowser_plugin_home_t,s0)
+HOME_DIR/\.macromedia(/.*)? gen_context(system_u:object_r:webbrowser_plugin_home_t,s0)
+HOME_DIR/\.gnash(/.*)? gen_context(system_u:object_r:webbrowser_plugin_home_t,s0)
+HOME_DIR/\.gcjwebplugin(/.*)? gen_context(system_u:object_r:webbrowser_plugin_home_t,s0)
+HOME_DIR/\.icedteaplugin(/.*)? gen_context(system_u:object_r:webbrowser_plugin_home_t,s0)
+HOME_DIR/\.spicec(/.*)? gen_context(system_u:object_r:webbrowser_plugin_home_t,s0)
+HOME_DIR/\.ICAClient(/.*)? gen_context(system_u:object_r:webbrowser_plugin_home_t,s0)
+HOME_DIR/zimbrauserdata(/.*)? gen_context(system_u:object_r:webbrowser_plugin_home_t,s0)
-/usr/bin/epiphany -- gen_context(system_u:object_r:mozilla_exec_t,s0)
-/usr/bin/epiphany-bin -- gen_context(system_u:object_r:mozilla_exec_t,s0)
-/usr/bin/mozilla -- gen_context(system_u:object_r:mozilla_exec_t,s0)
-/usr/bin/mozilla-snapshot -- gen_context(system_u:object_r:mozilla_exec_t,s0)
-/usr/bin/mozilla-[0-9].* -- gen_context(system_u:object_r:mozilla_exec_t,s0)
-/usr/bin/mozilla-bin-[0-9].* -- gen_context(system_u:object_r:mozilla_exec_t,s0)
-/usr/bin/netscape -- gen_context(system_u:object_r:mozilla_exec_t,s0)
-/usr/bin/nspluginscan -- gen_context(system_u:object_r:mozilla_plugin_exec_t,s0)
-/usr/bin/nspluginviewer -- gen_context(system_u:object_r:mozilla_plugin_exec_t,s0)
+/usr/bin/epiphany -- gen_context(system_u:object_r:webbrowser_exec_t,s0)
+/usr/bin/epiphany-bin -- gen_context(system_u:object_r:webbrowser_exec_t,s0)
+/usr/bin/mozilla -- gen_context(system_u:object_r:webbrowser_exec_t,s0)
+/usr/bin/mozilla-snapshot -- gen_context(system_u:object_r:webbrowser_exec_t,s0)
+/usr/bin/mozilla-[0-9].* -- gen_context(system_u:object_r:webbrowser_exec_t,s0)
+/usr/bin/mozilla-bin-[0-9].* -- gen_context(system_u:object_r:webbrowser_exec_t,s0)
+/usr/bin/netscape -- gen_context(system_u:object_r:webbrowser_exec_t,s0)
+/usr/bin/nspluginscan -- gen_context(system_u:object_r:webbrowser_plugin_exec_t,s0)
+/usr/bin/nspluginviewer -- gen_context(system_u:object_r:webbrowser_plugin_exec_t,s0)
-/usr/lib/[^/]*firefox[^/]*/firefox -- gen_context(system_u:object_r:mozilla_exec_t,s0)
-/usr/lib/[^/]*firefox[^/]*/firefox-bin -- gen_context(system_u:object_r:mozilla_exec_t,s0)
-/usr/lib/firefox[^/]*/firefox-.* -- gen_context(system_u:object_r:mozilla_exec_t,s0)
-/usr/lib/firefox[^/]*/mozilla-.* -- gen_context(system_u:object_r:mozilla_exec_t,s0)
-/usr/lib/galeon/galeon -- gen_context(system_u:object_r:mozilla_exec_t,s0)
-/usr/lib/iceweasel/iceweasel -- gen_context(system_u:object_r:mozilla_exec_t,s0)
-/usr/lib/iceweasel/plugin-container -- gen_context(system_u:object_r:mozilla_plugin_exec_t,s0)
-/usr/lib/mozilla[^/]*/reg.+ -- gen_context(system_u:object_r:mozilla_exec_t,s0)
-/usr/lib/mozilla[^/]*/mozilla-.* -- gen_context(system_u:object_r:mozilla_exec_t,s0)
-/usr/lib/mozilla/plugins-wrapped(/.*)? gen_context(system_u:object_r:mozilla_plugin_rw_t,s0)
-/usr/lib/netscape/base-4/wrapper -- gen_context(system_u:object_r:mozilla_exec_t,s0)
-/usr/lib/netscape/.+/communicator/communicator-smotif\.real -- gen_context(system_u:object_r:mozilla_exec_t,s0)
-/usr/lib/nspluginwrapper/npviewer.bin -- gen_context(system_u:object_r:mozilla_plugin_exec_t,s0)
-/usr/lib/nspluginwrapper/plugin-config -- gen_context(system_u:object_r:mozilla_plugin_config_exec_t,s0)
-/usr/lib/xulrunner[^/]*/plugin-container -- gen_context(system_u:object_r:mozilla_plugin_exec_t,s0)
+/usr/lib/[^/]*firefox[^/]*/firefox -- gen_context(system_u:object_r:webbrowser_exec_t,s0)
+/usr/lib/[^/]*firefox[^/]*/firefox-bin -- gen_context(system_u:object_r:webbrowser_exec_t,s0)
+/usr/lib/firefox[^/]*/firefox-.* -- gen_context(system_u:object_r:webbrowser_exec_t,s0)
+/usr/lib/firefox[^/]*/mozilla-.* -- gen_context(system_u:object_r:webbrowser_exec_t,s0)
+/usr/lib/galeon/galeon -- gen_context(system_u:object_r:webbrowser_exec_t,s0)
+/usr/lib/iceweasel/iceweasel -- gen_context(system_u:object_r:webbrowser_exec_t,s0)
+/usr/lib/iceweasel/plugin-container -- gen_context(system_u:object_r:webbrowser_plugin_exec_t,s0)
+/usr/lib/mozilla[^/]*/reg.+ -- gen_context(system_u:object_r:webbrowser_exec_t,s0)
+/usr/lib/mozilla[^/]*/mozilla-.* -- gen_context(system_u:object_r:webbrowser_exec_t,s0)
+/usr/lib/mozilla/plugins-wrapped(/.*)? gen_context(system_u:object_r:webbrowser_plugin_rw_t,s0)
+/usr/lib/netscape/base-4/wrapper -- gen_context(system_u:object_r:webbrowser_exec_t,s0)
+/usr/lib/netscape/.+/communicator/communicator-smotif\.real -- gen_context(system_u:object_r:webbrowser_exec_t,s0)
+/usr/lib/nspluginwrapper/npviewer.bin -- gen_context(system_u:object_r:webbrowser_plugin_exec_t,s0)
+/usr/lib/nspluginwrapper/plugin-config -- gen_context(system_u:object_r:webbrowser_plugin_config_exec_t,s0)
+/usr/lib/xulrunner[^/]*/plugin-container -- gen_context(system_u:object_r:webbrowser_plugin_exec_t,s0)
Index: refpolicy-2.20180701/policy/modules/apps/mozilla.if
===================================================================
--- refpolicy-2.20180701.orig/policy/modules/apps/mozilla.if
+++ refpolicy-2.20180701/policy/modules/apps/mozilla.if
@@ -2,7 +2,7 @@
########################################
## <summary>
-## Role access for mozilla.
+## Role access for graphical web browser.
## </summary>
## <param name="role">
## <summary>
@@ -15,12 +15,12 @@
## </summary>
## </param>
#
-interface(`mozilla_role',`
+interface(`webbrowser_role',`
gen_require(`
- type mozilla_t, mozilla_exec_t, mozilla_home_t;
- type mozilla_tmp_t, mozilla_tmpfs_t, mozilla_plugin_tmp_t;
- type mozilla_plugin_tmpfs_t, mozilla_plugin_home_t;
- attribute_role mozilla_roles;
+ type webbrowser_t, webbrowser_exec_t, webbrowser_home_t;
+ type webbrowser_tmp_t, webbrowser_tmpfs_t, webbrowser_plugin_tmp_t;
+ type webbrowser_plugin_tmpfs_t, webbrowser_plugin_home_t;
+ attribute_role webbrowser_roles;
')
########################################
@@ -28,53 +28,53 @@ interface(`mozilla_role',`
# Declarations
#
- roleattribute $1 mozilla_roles;
+ roleattribute $1 webbrowser_roles;
########################################
#
# Policy
#
- domtrans_pattern($2, mozilla_exec_t, mozilla_t)
+ domtrans_pattern($2, webbrowser_exec_t, webbrowser_t)
- allow $2 mozilla_t:process { noatsecure siginh rlimitinh ptrace signal_perms };
- ps_process_pattern($2, mozilla_t)
+ allow $2 webbrowser_t:process { noatsecure siginh rlimitinh ptrace signal_perms };
+ ps_process_pattern($2, webbrowser_t)
- allow mozilla_t $2:process signull;
- allow mozilla_t $2:unix_stream_socket connectto;
+ allow webbrowser_t $2:process signull;
+ allow webbrowser_t $2:unix_stream_socket connectto;
- allow $2 mozilla_t:fd use;
- allow $2 mozilla_t:shm rw_shm_perms;
+ allow $2 webbrowser_t:fd use;
+ allow $2 webbrowser_t:shm rw_shm_perms;
- stream_connect_pattern($2, mozilla_tmpfs_t, mozilla_tmpfs_t, mozilla_t)
+ stream_connect_pattern($2, webbrowser_tmpfs_t, webbrowser_tmpfs_t, webbrowser_t)
- allow $2 { mozilla_home_t mozilla_plugin_home_t }:dir { manage_dir_perms relabel_dir_perms };
- allow $2 { mozilla_home_t mozilla_plugin_home_t }:file { manage_file_perms relabel_file_perms };
- allow $2 mozilla_home_t:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms };
- userdom_user_home_dir_filetrans($2, mozilla_home_t, dir, ".galeon")
- userdom_user_home_dir_filetrans($2, mozilla_home_t, dir, ".mozilla")
- userdom_user_home_dir_filetrans($2, mozilla_home_t, dir, ".netscape")
- userdom_user_home_dir_filetrans($2, mozilla_home_t, dir, ".phoenix")
+ allow $2 { webbrowser_home_t webbrowser_plugin_home_t }:dir { manage_dir_perms relabel_dir_perms };
+ allow $2 { webbrowser_home_t webbrowser_plugin_home_t }:file { manage_file_perms relabel_file_perms };
+ allow $2 webbrowser_home_t:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms };
+ userdom_user_home_dir_filetrans($2, webbrowser_home_t, dir, ".galeon")
+ userdom_user_home_dir_filetrans($2, webbrowser_home_t, dir, ".mozilla")
+ userdom_user_home_dir_filetrans($2, webbrowser_home_t, dir, ".netscape")
+ userdom_user_home_dir_filetrans($2, webbrowser_home_t, dir, ".phoenix")
- filetrans_pattern($2, mozilla_home_t, mozilla_plugin_home_t, dir, "plugins")
+ filetrans_pattern($2, webbrowser_home_t, webbrowser_plugin_home_t, dir, "plugins")
- allow $2 { mozilla_tmp_t mozilla_plugin_tmp_t }:dir { manage_dir_perms relabel_dir_perms };
- allow $2 { mozilla_tmp_t mozilla_plugin_tmp_t }:file { manage_file_perms relabel_file_perms };
- allow $2 mozilla_plugin_tmp_t:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms };
+ allow $2 { webbrowser_tmp_t webbrowser_plugin_tmp_t }:dir { manage_dir_perms relabel_dir_perms };
+ allow $2 { webbrowser_tmp_t webbrowser_plugin_tmp_t }:file { manage_file_perms relabel_file_perms };
+ allow $2 webbrowser_plugin_tmp_t:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms };
- allow $2 { mozilla_tmpfs_t mozilla_plugin_tmpfs_t }:dir { manage_dir_perms relabel_dir_perms };
- allow $2 { mozilla_tmpfs_t mozilla_plugin_tmpfs_t }:file { manage_file_perms relabel_file_perms };
- allow $2 { mozilla_tmpfs_t mozilla_plugin_tmpfs_t }:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms };
- allow $2 { mozilla_tmpfs_t mozilla_plugin_tmpfs_t }:sock_file { manage_sock_file_perms relabel_sock_file_perms };
+ allow $2 { webbrowser_tmpfs_t webbrowser_plugin_tmpfs_t }:dir { manage_dir_perms relabel_dir_perms };
+ allow $2 { webbrowser_tmpfs_t webbrowser_plugin_tmpfs_t }:file { manage_file_perms relabel_file_perms };
+ allow $2 { webbrowser_tmpfs_t webbrowser_plugin_tmpfs_t }:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms };
+ allow $2 { webbrowser_tmpfs_t webbrowser_plugin_tmpfs_t }:sock_file { manage_sock_file_perms relabel_sock_file_perms };
optional_policy(`
- mozilla_dbus_chat($2)
+ webbrowser_dbus_chat($2)
')
')
########################################
## <summary>
-## Role access for mozilla plugin.
+## Role access for web browser plugin.
## </summary>
## <param name="role">
## <summary>
@@ -87,60 +87,60 @@ interface(`mozilla_role',`
## </summary>
## </param>
#
-interface(`mozilla_role_plugin',`
+interface(`webbrowser_role_plugin',`
gen_require(`
- type mozilla_plugin_tmp_t, mozilla_plugin_tmpfs_t, mozilla_plugin_rw_t;
- type mozilla_home_t;
+ type webbrowser_plugin_tmp_t, webbrowser_plugin_tmpfs_t, webbrowser_plugin_rw_t;
+ type webbrowser_home_t;
')
- mozilla_run_plugin($2, $1)
- mozilla_run_plugin_config($2, $1)
+ webbrowser_run_plugin($2, $1)
+ webbrowser_run_plugin_config($2, $1)
- allow $2 { mozilla_plugin_t mozilla_plugin_config_t }:process { ptrace signal_perms };
- ps_process_pattern($2, { mozilla_plugin_t mozilla_plugin_config_t })
+ allow $2 { webbrowser_plugin_t webbrowser_plugin_config_t }:process { ptrace signal_perms };
+ ps_process_pattern($2, { webbrowser_plugin_t webbrowser_plugin_config_t })
- allow $2 mozilla_plugin_t:unix_stream_socket rw_socket_perms;
- allow $2 mozilla_plugin_t:fd use;
+ allow $2 webbrowser_plugin_t:unix_stream_socket rw_socket_perms;
+ allow $2 webbrowser_plugin_t:fd use;
- stream_connect_pattern($2, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t, mozilla_plugin_t)
+ stream_connect_pattern($2, webbrowser_plugin_tmpfs_t, webbrowser_plugin_tmpfs_t, webbrowser_plugin_t)
- allow mozilla_plugin_t $2:process signull;
- allow mozilla_plugin_t $2:unix_stream_socket { connectto rw_socket_perms };
- allow mozilla_plugin_t $2:unix_dgram_socket { sendto rw_socket_perms };
- allow mozilla_plugin_t $2:shm { rw_shm_perms destroy };
- allow mozilla_plugin_t $2:sem create_sem_perms;
+ allow webbrowser_plugin_t $2:process signull;
+ allow webbrowser_plugin_t $2:unix_stream_socket { connectto rw_socket_perms };
+ allow webbrowser_plugin_t $2:unix_dgram_socket { sendto rw_socket_perms };
+ allow webbrowser_plugin_t $2:shm { rw_shm_perms destroy };
+ allow webbrowser_plugin_t $2:sem create_sem_perms;
- allow $2 mozilla_home_t:dir { manage_dir_perms relabel_dir_perms };
- allow $2 mozilla_home_t:file { manage_file_perms relabel_file_perms };
- allow $2 mozilla_home_t:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms };
- userdom_user_home_dir_filetrans($2, mozilla_home_t, dir, ".galeon")
- userdom_user_home_dir_filetrans($2, mozilla_home_t, dir, ".mozilla")
- userdom_user_home_dir_filetrans($2, mozilla_home_t, dir, ".netscape")
- userdom_user_home_dir_filetrans($2, mozilla_home_t, dir, ".phoenix")
+ allow $2 webbrowser_home_t:dir { manage_dir_perms relabel_dir_perms };
+ allow $2 webbrowser_home_t:file { manage_file_perms relabel_file_perms };
+ allow $2 webbrowser_home_t:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms };
+ userdom_user_home_dir_filetrans($2, webbrowser_home_t, dir, ".galeon")
+ userdom_user_home_dir_filetrans($2, webbrowser_home_t, dir, ".mozilla")
+ userdom_user_home_dir_filetrans($2, webbrowser_home_t, dir, ".netscape")
+ userdom_user_home_dir_filetrans($2, webbrowser_home_t, dir, ".phoenix")
- allow $2 mozilla_plugin_tmp_t:dir { manage_dir_perms relabel_dir_perms };
- allow $2 mozilla_plugin_tmp_t:file { manage_file_perms relabel_file_perms };
- allow $2 mozilla_plugin_tmp_t:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms };
+ allow $2 webbrowser_plugin_tmp_t:dir { manage_dir_perms relabel_dir_perms };
+ allow $2 webbrowser_plugin_tmp_t:file { manage_file_perms relabel_file_perms };
+ allow $2 webbrowser_plugin_tmp_t:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms };
- allow $2 mozilla_plugin_tmpfs_t:dir { manage_dir_perms relabel_dir_perms };
- allow $2 mozilla_plugin_tmpfs_t:file { manage_file_perms relabel_file_perms };
- allow $2 mozilla_plugin_tmpfs_t:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms };
- allow $2 mozilla_plugin_tmpfs_t:sock_file { manage_sock_file_perms relabel_sock_file_perms };
+ allow $2 webbrowser_plugin_tmpfs_t:dir { manage_dir_perms relabel_dir_perms };
+ allow $2 webbrowser_plugin_tmpfs_t:file { manage_file_perms relabel_file_perms };
+ allow $2 webbrowser_plugin_tmpfs_t:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms };
+ allow $2 webbrowser_plugin_tmpfs_t:sock_file { manage_sock_file_perms relabel_sock_file_perms };
- allow $2 mozilla_plugin_rw_t:dir list_dir_perms;
- allow $2 mozilla_plugin_rw_t:file read_file_perms;
- allow $2 mozilla_plugin_rw_t:lnk_file read_lnk_file_perms;
+ allow $2 webbrowser_plugin_rw_t:dir list_dir_perms;
+ allow $2 webbrowser_plugin_rw_t:file read_file_perms;
+ allow $2 webbrowser_plugin_rw_t:lnk_file read_lnk_file_perms;
- can_exec($2, mozilla_plugin_rw_t)
+ can_exec($2, webbrowser_plugin_rw_t)
optional_policy(`
- mozilla_dbus_chat_plugin($2)
+ webbrowser_dbus_chat_plugin($2)
')
')
########################################
## <summary>
-## Read mozilla home directory content.
+## Read web browser home directory content.
## </summary>
## <param name="domain">
## <summary>
@@ -148,20 +148,20 @@ interface(`mozilla_role_plugin',`
## </summary>
## </param>
#
-interface(`mozilla_read_user_home_files',`
+interface(`webbrowser_read_user_home_files',`
gen_require(`
- type mozilla_home_t;
+ type webbrowser_home_t;
')
userdom_search_user_home_dirs($1)
- allow $1 mozilla_home_t:dir list_dir_perms;
- allow $1 mozilla_home_t:file read_file_perms;
- allow $1 mozilla_home_t:lnk_file read_lnk_file_perms;
+ allow $1 webbrowser_home_t:dir list_dir_perms;
+ allow $1 webbrowser_home_t:file read_file_perms;
+ allow $1 webbrowser_home_t:lnk_file read_lnk_file_perms;
')
########################################
## <summary>
-## Write mozilla home directory files.
+## Write web browser home directory files.
## </summary>
## <param name="domain">
## <summary>
@@ -169,19 +169,19 @@ interface(`mozilla_read_user_home_files'
## </summary>
## </param>
#
-interface(`mozilla_write_user_home_files',`
+interface(`webbrowser_write_user_home_files',`
gen_require(`
- type mozilla_home_t;
+ type webbrowser_home_t;
')
userdom_search_user_home_dirs($1)
- write_files_pattern($1, mozilla_home_t, mozilla_home_t)
+ write_files_pattern($1, webbrowser_home_t, webbrowser_home_t)
')
########################################
## <summary>
## Do not audit attempts to read and
-## write mozilla home directory files.
+## write web browser home directory files.
## </summary>
## <param name="domain">
## <summary>
@@ -189,18 +189,18 @@ interface(`mozilla_write_user_home_files
## </summary>
## </param>
#
-interface(`mozilla_dontaudit_rw_user_home_files',`
+interface(`webbrowser_dontaudit_rw_user_home_files',`
gen_require(`
- type mozilla_home_t;
+ type webbrowser_home_t;
')
- dontaudit $1 mozilla_home_t:file rw_file_perms;
+ dontaudit $1 webbrowser_home_t:file rw_file_perms;
')
########################################
## <summary>
## Do not audit attempt to Create,
-## read, write, and delete mozilla
+## read, write, and delete web browser
## home directory content.
## </summary>
## <param name="domain">
@@ -209,19 +209,19 @@ interface(`mozilla_dontaudit_rw_user_hom
## </summary>
## </param>
#
-interface(`mozilla_dontaudit_manage_user_home_files',`
+interface(`webbrowser_dontaudit_manage_user_home_files',`
gen_require(`
- type mozilla_home_t;
+ type webbrowser_home_t;
')
- dontaudit $1 mozilla_home_t:dir manage_dir_perms;
- dontaudit $1 mozilla_home_t:file manage_file_perms;
- dontaudit $1 mozilla_home_t:lnk_file manage_lnk_file_perms;
+ dontaudit $1 webbrowser_home_t:dir manage_dir_perms;
+ dontaudit $1 webbrowser_home_t:file manage_file_perms;
+ dontaudit $1 webbrowser_home_t:lnk_file manage_lnk_file_perms;
')
########################################
## <summary>
-## Execute mozilla plugin home directory files.
+## Execute web browser plugin home directory files.
## </summary>
## <param name="domain">
## <summary>
@@ -229,13 +229,13 @@ interface(`mozilla_dontaudit_manage_user
## </summary>
## </param>
#
-interface(`mozilla_exec_user_plugin_home_files',`
+interface(`webbrowser_exec_user_plugin_home_files',`
gen_require(`
- type mozilla_home_t, mozilla_plugin_home_t;
+ type webbrowser_home_t, webbrowser_plugin_home_t;
')
userdom_search_user_home_dirs($1)
- exec_files_pattern($1, { mozilla_home_t mozilla_plugin_home_t }, mozilla_plugin_home_t)
+ exec_files_pattern($1, { webbrowser_home_t webbrowser_plugin_home_t }, webbrowser_plugin_home_t)
')
########################################
@@ -249,17 +249,17 @@ interface(`mozilla_exec_user_plugin_home
## </summary>
## </param>
#
-interface(`mozilla_execmod_user_plugin_home_files',`
+interface(`webbrowser_execmod_user_plugin_home_files',`
gen_require(`
- type mozilla_plugin_home_t;
+ type webbrowser_plugin_home_t;
')
- allow $1 mozilla_plugin_home_t:file execmod;
+ allow $1 webbrowser_plugin_home_t:file execmod;
')
#######################################
## <summary>
-## Read temporary mozilla files.
+## Read temporary web browser files.
## </summary>
## <param name="domain">
## <summary>
@@ -267,17 +267,17 @@ interface(`mozilla_execmod_user_plugin_h
## </summary>
## </param>
#
-interface(`mozilla_read_tmp_files',`
+interface(`webbrowser_read_tmp_files',`
gen_require(`
- type mozilla_tmp_t;
+ type webbrowser_tmp_t;
')
- read_files_pattern($1, mozilla_tmp_t, mozilla_tmp_t)
+ read_files_pattern($1, webbrowser_tmp_t, webbrowser_tmp_t)
')
########################################
## <summary>
-## Run mozilla in the mozilla domain.
+## Run web browser in the web browser domain.
## </summary>
## <param name="domain">
## <summary>
@@ -285,19 +285,19 @@ interface(`mozilla_read_tmp_files',`
## </summary>
## </param>
#
-interface(`mozilla_domtrans',`
+interface(`webbrowser_domtrans',`
gen_require(`
- type mozilla_t, mozilla_exec_t;
+ type webbrowser_t, webbrowser_exec_t;
')
corecmd_search_bin($1)
- domtrans_pattern($1, mozilla_exec_t, mozilla_t)
+ domtrans_pattern($1, webbrowser_exec_t, webbrowser_t)
')
########################################
## <summary>
## Execute a domain transition to
-## run mozilla plugin.
+## run web browser plugin.
## </summary>
## <param name="domain">
## <summary>
@@ -305,20 +305,20 @@ interface(`mozilla_domtrans',`
## </summary>
## </param>
#
-interface(`mozilla_domtrans_plugin',`
+interface(`webbrowser_domtrans_plugin',`
gen_require(`
- type mozilla_plugin_t, mozilla_plugin_exec_t;
+ type webbrowser_plugin_t, webbrowser_plugin_exec_t;
')
corecmd_search_bin($1)
- domtrans_pattern($1, mozilla_plugin_exec_t, mozilla_plugin_t)
+ domtrans_pattern($1, webbrowser_plugin_exec_t, webbrowser_plugin_t)
')
########################################
## <summary>
-## Execute mozilla plugin in the
-## mozilla plugin domain, and allow
-## the specified role the mozilla
+## Execute web browser plugin in the
+## web browser plugin domain, and allow
+## the specified role the web browser
## plugin domain.
## </summary>
## <param name="domain">
@@ -332,19 +332,19 @@ interface(`mozilla_domtrans_plugin',`
## </summary>
## </param>
#
-interface(`mozilla_run_plugin',`
+interface(`webbrowser_run_plugin',`
gen_require(`
- attribute_role mozilla_plugin_roles;
+ attribute_role webbrowser_plugin_roles;
')
- mozilla_domtrans_plugin($1)
- roleattribute $2 mozilla_plugin_roles;
+ webbrowser_domtrans_plugin($1)
+ roleattribute $2 webbrowser_plugin_roles;
')
########################################
## <summary>
## Execute a domain transition to
-## run mozilla plugin config.
+## run web browser plugin config.
## </summary>
## <param name="domain">
## <summary>
@@ -352,21 +352,21 @@ interface(`mozilla_run_plugin',`
## </summary>
## </param>
#
-interface(`mozilla_domtrans_plugin_config',`
+interface(`webbrowser_domtrans_plugin_config',`
gen_require(`
- type mozilla_plugin_config_t, mozilla_plugin_config_exec_t;
+ type webbrowser_plugin_config_t, webbrowser_plugin_config_exec_t;
')
corecmd_search_bin($1)
- domtrans_pattern($1, mozilla_plugin_config_exec_t, mozilla_plugin_config_t)
+ domtrans_pattern($1, webbrowser_plugin_config_exec_t, webbrowser_plugin_config_t)
')
########################################
## <summary>
-## Execute mozilla plugin config in
-## the mozilla plugin config domain,
+## Execute web browser plugin config in
+## the web browser plugin config domain,
## and allow the specified role the
-## mozilla plugin config domain.
+## web browser plugin config domain.
## </summary>
## <param name="domain">
## <summary>
@@ -379,19 +379,19 @@ interface(`mozilla_domtrans_plugin_confi
## </summary>
## </param>
#
-interface(`mozilla_run_plugin_config',`
+interface(`webbrowser_run_plugin_config',`
gen_require(`
- attribute_role mozilla_plugin_config_roles;
+ attribute_role webbrowser_plugin_config_roles;
')
- mozilla_domtrans_plugin_config($1)
- roleattribute $2 mozilla_plugin_config_roles;
+ webbrowser_domtrans_plugin_config($1)
+ roleattribute $2 webbrowser_plugin_config_roles;
')
########################################
## <summary>
## Send and receive messages from
-## mozilla over dbus.
+## web browser over dbus.
## </summary>
## <param name="domain">
## <summary>
@@ -399,20 +399,20 @@ interface(`mozilla_run_plugin_config',`
## </summary>
## </param>
#
-interface(`mozilla_dbus_chat',`
+interface(`webbrowser_dbus_chat',`
gen_require(`
- type mozilla_t;
+ type webbrowser_t;
class dbus send_msg;
')
- allow $1 mozilla_t:dbus send_msg;
- allow mozilla_t $1:dbus send_msg;
+ allow $1 webbrowser_t:dbus send_msg;
+ allow webbrowser_t $1:dbus send_msg;
')
########################################
## <summary>
## Send and receive messages from
-## mozilla plugin over dbus.
+## web browser plugin over dbus.
## </summary>
## <param name="domain">
## <summary>
@@ -420,19 +420,19 @@ interface(`mozilla_dbus_chat',`
## </summary>
## </param>
#
-interface(`mozilla_dbus_chat_plugin',`
+interface(`webbrowser_dbus_chat_plugin',`
gen_require(`
- type mozilla_plugin_t;
+ type webbrowser_plugin_t;
class dbus send_msg;
')
- allow $1 mozilla_plugin_t:dbus send_msg;
- allow mozilla_plugin_t $1:dbus send_msg;
+ allow $1 webbrowser_plugin_t:dbus send_msg;
+ allow webbrowser_plugin_t $1:dbus send_msg;
')
########################################
## <summary>
-## Read and write mozilla TCP sockets.
+## Read and write web browser TCP sockets.
## </summary>
## <param name="domain">
## <summary>
@@ -440,18 +440,18 @@ interface(`mozilla_dbus_chat_plugin',`
## </summary>
## </param>
#
-interface(`mozilla_rw_tcp_sockets',`
+interface(`webbrowser_rw_tcp_sockets',`
gen_require(`
- type mozilla_t;
+ type webbrowser_t;
')
- allow $1 mozilla_t:tcp_socket rw_socket_perms;
+ allow $1 webbrowser_t:tcp_socket rw_socket_perms;
')
########################################
## <summary>
## Create, read, write, and delete
-## mozilla plugin rw files.
+## web browser plugin rw files.
## </summary>
## <param name="domain">
## <summary>
@@ -459,18 +459,18 @@ interface(`mozilla_rw_tcp_sockets',`
## </summary>
## </param>
#
-interface(`mozilla_manage_plugin_rw_files',`
+interface(`webbrowser_manage_plugin_rw_files',`
gen_require(`
- type mozilla_plugin_rw_t;
+ type webbrowser_plugin_rw_t;
')
libs_search_lib($1)
- manage_files_pattern($1, mozilla_plugin_rw_t, mozilla_plugin_rw_t)
+ manage_files_pattern($1, webbrowser_plugin_rw_t, webbrowser_plugin_rw_t)
')
########################################
## <summary>
-## Read mozilla_plugin tmpfs files.
+## Read webbrowser_plugin tmpfs files.
## </summary>
## <param name="domain">
## <summary>
@@ -478,18 +478,18 @@ interface(`mozilla_manage_plugin_rw_file
## </summary>
## </param>
#
-interface(`mozilla_plugin_read_tmpfs_files',`
+interface(`webbrowser_plugin_read_tmpfs_files',`
gen_require(`
- type mozilla_plugin_tmpfs_t;
+ type webbrowser_plugin_tmpfs_t;
')
fs_search_tmpfs($1)
- allow $1 mozilla_plugin_tmpfs_t:file read_file_perms;
+ allow $1 webbrowser_plugin_tmpfs_t:file read_file_perms;
')
########################################
## <summary>
-## Delete mozilla_plugin tmpfs files.
+## Delete webbrowser_plugin tmpfs files.
## </summary>
## <param name="domain">
## <summary>
@@ -497,19 +497,19 @@ interface(`mozilla_plugin_read_tmpfs_fil
## </summary>
## </param>
#
-interface(`mozilla_plugin_delete_tmpfs_files',`
+interface(`webbrowser_plugin_delete_tmpfs_files',`
gen_require(`
- type mozilla_plugin_tmpfs_t;
+ type webbrowser_plugin_tmpfs_t;
')
fs_search_tmpfs($1)
- allow $1 mozilla_plugin_tmpfs_t:file delete_file_perms;
+ allow $1 webbrowser_plugin_tmpfs_t:file delete_file_perms;
')
########################################
## <summary>
## Create, read, write, and delete
-## generic mozilla plugin home content.
+## generic web browser plugin home content.
## </summary>
## <param name="domain">
## <summary>
@@ -517,23 +517,23 @@ interface(`mozilla_plugin_delete_tmpfs_f
## </summary>
## </param>
#
-interface(`mozilla_manage_generic_plugin_home_content',`
+interface(`webbrowser_manage_generic_plugin_home_content',`
gen_require(`
- type mozilla_plugin_home_t;
+ type webbrowser_plugin_home_t;
')
userdom_search_user_home_dirs($1)
- allow $1 mozilla_plugin_home_t:dir manage_dir_perms;
- allow $1 mozilla_plugin_home_t:file manage_file_perms;
- allow $1 mozilla_plugin_home_t:fifo_file manage_fifo_file_perms;
- allow $1 mozilla_plugin_home_t:lnk_file manage_lnk_file_perms;
- allow $1 mozilla_plugin_home_t:sock_file manage_sock_file_perms;
+ allow $1 webbrowser_plugin_home_t:dir manage_dir_perms;
+ allow $1 webbrowser_plugin_home_t:file manage_file_perms;
+ allow $1 webbrowser_plugin_home_t:fifo_file manage_fifo_file_perms;
+ allow $1 webbrowser_plugin_home_t:lnk_file manage_lnk_file_perms;
+ allow $1 webbrowser_plugin_home_t:sock_file manage_sock_file_perms;
')
########################################
## <summary>
## Create objects in user home
-## directories with the generic mozilla
+## directories with the generic web browser
## plugin home type.
## </summary>
## <param name="domain">
@@ -552,10 +552,10 @@ interface(`mozilla_manage_generic_plugin
## </summary>
## </param>
#
-interface(`mozilla_home_filetrans_plugin_home',`
+interface(`webbrowser_home_filetrans_plugin_home',`
gen_require(`
- type mozilla_plugin_home_t;
+ type webbrowser_plugin_home_t;
')
- userdom_user_home_dir_filetrans($1, mozilla_plugin_home_t, $2, $3)
+ userdom_user_home_dir_filetrans($1, webbrowser_plugin_home_t, $2, $3)
')
Index: refpolicy-2.20180701/policy/modules/roles/staff.te
===================================================================
--- refpolicy-2.20180701.orig/policy/modules/roles/staff.te
+++ refpolicy-2.20180701/policy/modules/roles/staff.te
@@ -142,7 +142,7 @@ ifndef(`distro_redhat',`
')
optional_policy(`
- mozilla_role(staff_r, staff_t)
+ webbrowser_role(staff_r, staff_t)
')
optional_policy(`
Index: refpolicy-2.20180701/policy/modules/roles/sysadm.te
===================================================================
--- refpolicy-2.20180701.orig/policy/modules/roles/sysadm.te
+++ refpolicy-2.20180701/policy/modules/roles/sysadm.te
@@ -652,7 +652,7 @@ optional_policy(`
')
optional_policy(`
- mozilla_role(sysadm_r, sysadm_t)
+ webbrowser_role(sysadm_r, sysadm_t)
')
optional_policy(`
Index: refpolicy-2.20180701/policy/modules/roles/unprivuser.te
===================================================================
--- refpolicy-2.20180701.orig/policy/modules/roles/unprivuser.te
+++ refpolicy-2.20180701/policy/modules/roles/unprivuser.te
@@ -114,7 +114,7 @@ ifndef(`distro_redhat',`
')
optional_policy(`
- mozilla_role(user_r, user_t)
+ webbrowser_role(user_r, user_t)
')
optional_policy(`
Index: refpolicy-2.20180701/policy/modules/roles/xguest.te
===================================================================
--- refpolicy-2.20180701.orig/policy/modules/roles/xguest.te
+++ refpolicy-2.20180701/policy/modules/roles/xguest.te
@@ -103,7 +103,7 @@ optional_policy(`
')
optional_policy(`
- mozilla_role(xguest_r, xguest_t)
+ webbrowser_role(xguest_r, xguest_t)
')
optional_policy(`
Index: refpolicy-2.20180701/policy/modules/admin/prelink.te
===================================================================
--- refpolicy-2.20180701.orig/policy/modules/admin/prelink.te
+++ refpolicy-2.20180701/policy/modules/admin/prelink.te
@@ -141,7 +141,7 @@ optional_policy(`
')
optional_policy(`
- mozilla_manage_plugin_rw_files(prelink_t)
+ webbrowser_manage_plugin_rw_files(prelink_t)
')
optional_policy(`
Index: refpolicy-2.20180701/policy/modules/apps/evolution.te
===================================================================
--- refpolicy-2.20180701.orig/policy/modules/apps/evolution.te
+++ refpolicy-2.20180701/policy/modules/apps/evolution.te
@@ -291,8 +291,8 @@ optional_policy(`
')
optional_policy(`
- mozilla_read_user_home_files(evolution_t)
- mozilla_domtrans(evolution_t)
+ webbrowser_read_user_home_files(evolution_t)
+ webbrowser_domtrans(evolution_t)
')
optional_policy(`
Index: refpolicy-2.20180701/policy/modules/apps/gpg.te
===================================================================
--- refpolicy-2.20180701.orig/policy/modules/apps/gpg.te
+++ refpolicy-2.20180701/policy/modules/apps/gpg.te
@@ -171,7 +171,7 @@ optional_policy(`
')
optional_policy(`
- mozilla_dontaudit_rw_user_home_files(gpg_t)
+ webbrowser_dontaudit_rw_user_home_files(gpg_t)
')
optional_policy(`
@@ -306,7 +306,7 @@ optional_policy(`
')
optional_policy(`
- mozilla_dontaudit_rw_user_home_files(gpg_agent_t)
+ webbrowser_dontaudit_rw_user_home_files(gpg_agent_t)
')
optional_policy(`
Index: refpolicy-2.20180701/policy/modules/apps/openoffice.te
===================================================================
--- refpolicy-2.20180701.orig/policy/modules/apps/openoffice.te
+++ refpolicy-2.20180701/policy/modules/apps/openoffice.te
@@ -140,8 +140,8 @@ optional_policy(`
')
optional_policy(`
- mozilla_domtrans(ooffice_t)
- mozilla_read_tmp_files(ooffice_t)
+ webbrowser_domtrans(ooffice_t)
+ webbrowser_read_tmp_files(ooffice_t)
')
optional_policy(`
Index: refpolicy-2.20180701/policy/modules/apps/seunshare.te
===================================================================
--- refpolicy-2.20180701.orig/policy/modules/apps/seunshare.te
+++ refpolicy-2.20180701/policy/modules/apps/seunshare.te
@@ -39,6 +39,6 @@ ifdef(`hide_broken_symptoms', `
fs_dontaudit_rw_anon_inodefs_files(seunshare_t)
optional_policy(`
- mozilla_dontaudit_manage_user_home_files(seunshare_t)
+ webbrowser_dontaudit_manage_user_home_files(seunshare_t)
')
')
Index: refpolicy-2.20180701/policy/modules/apps/thunderbird.te
===================================================================
--- refpolicy-2.20180701.orig/policy/modules/apps/thunderbird.te
+++ refpolicy-2.20180701/policy/modules/apps/thunderbird.te
@@ -151,7 +151,7 @@ optional_policy(`
')
optional_policy(`
- mozilla_dbus_chat(thunderbird_t)
+ webbrowser_dbus_chat(thunderbird_t)
')
')
@@ -175,8 +175,8 @@ optional_policy(`
')
optional_policy(`
- mozilla_read_user_home_files(thunderbird_t)
- mozilla_domtrans(thunderbird_t)
+ webbrowser_read_user_home_files(thunderbird_t)
+ webbrowser_domtrans(thunderbird_t)
')
optional_policy(`
Index: refpolicy-2.20180701/policy/modules/apps/wm.te
===================================================================
--- refpolicy-2.20180701.orig/policy/modules/apps/wm.te
+++ refpolicy-2.20180701/policy/modules/apps/wm.te
@@ -126,7 +126,7 @@ optional_policy(`
')
optional_policy(`
- mozilla_dbus_chat(wm_domain)
+ webbrowser_dbus_chat(wm_domain)
')
optional_policy(`
^ permalink raw reply [flat|nested] 5+ messages in thread* Re: [PATCH] s/mozilla/webbrowser/g
2019-01-12 5:19 [PATCH] s/mozilla/webbrowser/g Russell Coker
@ 2019-01-12 7:33 ` Jason Zaman
2019-01-12 19:46 ` Chris PeBenito
0 siblings, 1 reply; 5+ messages in thread
From: Jason Zaman @ 2019-01-12 7:33 UTC (permalink / raw)
To: Russell Coker; +Cc: selinux-refpolicy
On Sat, Jan 12, 2019 at 04:19:09PM +1100, Russell Coker wrote:
> This patch as requested renames mozilla to webbrowser and adds appropriate
> typealias rules.
Hm. the mozilla and chrome policies are pretty different tho. I dont
like this merging thing, I think we should keep mozilla_t and chromium_t
separate. I'm fixing up the gentoo chromium policy and i'll send it in a
couple hrs.
-- Jason
>
> Index: refpolicy-2.20180701/policy/modules/apps/mozilla.te
> ===================================================================
> --- refpolicy-2.20180701.orig/policy/modules/apps/mozilla.te
> +++ refpolicy-2.20180701/policy/modules/apps/mozilla.te
> @@ -7,335 +7,346 @@ policy_module(mozilla, 2.14.1)
>
> ## <desc>
> ## <p>
> -## Determine whether mozilla can
> +## Determine whether web browser can
> ## make its stack executable.
> ## </p>
> ## </desc>
> -gen_tunable(mozilla_execstack, false)
> +gen_tunable(webbrowser_execstack, false)
>
> -attribute_role mozilla_roles;
> -attribute_role mozilla_plugin_roles;
> -attribute_role mozilla_plugin_config_roles;
> +attribute_role webbrowser_roles;
> +attribute_role webbrowser_plugin_roles;
> +attribute_role webbrowser_plugin_config_roles;
>
> -type mozilla_t;
> -type mozilla_exec_t;
> -typealias mozilla_t alias { user_mozilla_t staff_mozilla_t sysadm_mozilla_t };
> -typealias mozilla_t alias { auditadm_mozilla_t secadm_mozilla_t };
> -userdom_user_application_domain(mozilla_t, mozilla_exec_t)
> -role mozilla_roles types mozilla_t;
> +type webbrowser_t;
> +type webbrowser_exec_t;
> +typealias webbrowser_t alias { user_mozilla_t staff_mozilla_t sysadm_mozilla_t };
> +typealias webbrowser_t alias { auditadm_mozilla_t secadm_mozilla_t mozilla_t };
> +typealias webbrowser_exec_t alias { mozilla_exec_t };
> +userdom_user_application_domain(webbrowser_t, webbrowser_exec_t)
> +role webbrowser_roles types webbrowser_t;
>
> optional_policy(`
> - wm_application_domain(mozilla_t, mozilla_exec_t)
> + wm_application_domain(webbrowser_t, webbrowser_exec_t)
> ')
>
> -type mozilla_home_t;
> -typealias mozilla_home_t alias { user_mozilla_home_t staff_mozilla_home_t sysadm_mozilla_home_t };
> -typealias mozilla_home_t alias { auditadm_mozilla_home_t secadm_mozilla_home_t };
> -userdom_user_home_content(mozilla_home_t)
> +type webbrowser_home_t;
> +typealias webbrowser_home_t alias { user_mozilla_home_t staff_mozilla_home_t sysadm_mozilla_home_t };
> +typealias webbrowser_home_t alias { auditadm_mozilla_home_t secadm_mozilla_home_t mozilla_home_t };
> +userdom_user_home_content(webbrowser_home_t)
>
> -type mozilla_plugin_t;
> -type mozilla_plugin_exec_t;
> -userdom_user_application_domain(mozilla_plugin_t, mozilla_plugin_exec_t)
> -role mozilla_plugin_roles types mozilla_plugin_t;
> +type webbrowser_plugin_t;
> +type webbrowser_plugin_exec_t;
> +typealias webbrowser_plugin_t alias { mozilla_plugin_t };
> +typealias webbrowser_plugin_exec_t alias { mozilla_plugin_exec_t };
> +userdom_user_application_domain(webbrowser_plugin_t, webbrowser_plugin_exec_t)
> +role webbrowser_plugin_roles types webbrowser_plugin_t;
>
> -type mozilla_plugin_home_t;
> -userdom_user_home_content(mozilla_plugin_home_t)
> +type webbrowser_plugin_home_t;
> +typealias webbrowser_plugin_home_t alias { mozilla_plugin_home_t };
> +userdom_user_home_content(webbrowser_plugin_home_t)
>
> -type mozilla_plugin_tmp_t;
> -userdom_user_tmp_file(mozilla_plugin_tmp_t)
> +type webbrowser_plugin_tmp_t;
> +typealias webbrowser_plugin_tmp_t alias { mozilla_plugin_tmp_t };
> +userdom_user_tmp_file(webbrowser_plugin_tmp_t)
>
> -type mozilla_plugin_tmpfs_t;
> -userdom_user_tmpfs_file(mozilla_plugin_tmpfs_t)
> +type webbrowser_plugin_tmpfs_t;
> +typealias webbrowser_plugin_tmpfs_t alias { mozilla_plugin_tmpfs_t };
> +userdom_user_tmpfs_file(webbrowser_plugin_tmpfs_t)
>
> optional_policy(`
> - pulseaudio_tmpfs_content(mozilla_plugin_tmpfs_t)
> + pulseaudio_tmpfs_content(webbrowser_plugin_tmpfs_t)
> ')
>
> -type mozilla_plugin_rw_t;
> -files_type(mozilla_plugin_rw_t)
> +type webbrowser_plugin_rw_t;
> +typealias webbrowser_plugin_rw_t alias { mozilla_plugin_rw_t };
> +files_type(webbrowser_plugin_rw_t)
>
> -type mozilla_plugin_config_t;
> -type mozilla_plugin_config_exec_t;
> -userdom_user_application_domain(mozilla_plugin_config_t, mozilla_plugin_config_exec_t)
> -role mozilla_plugin_config_roles types mozilla_plugin_config_t;
> +type webbrowser_plugin_config_t;
> +typealias webbrowser_plugin_config_t alias { mozilla_plugin_config_t };
> +type webbrowser_plugin_config_exec_t;
> +typealias webbrowser_plugin_config_exec_t alias { mozilla_plugin_config_exec_t };
> +userdom_user_application_domain(webbrowser_plugin_config_t, webbrowser_plugin_config_exec_t)
> +role webbrowser_plugin_config_roles types webbrowser_plugin_config_t;
>
> -type mozilla_tmp_t;
> -userdom_user_tmp_file(mozilla_tmp_t)
> +type webbrowser_tmp_t;
> +typealias webbrowser_tmp_t alias { mozilla_tmp_t };
> +userdom_user_tmp_file(webbrowser_tmp_t)
>
> -type mozilla_tmpfs_t;
> -typealias mozilla_tmpfs_t alias { user_mozilla_tmpfs_t staff_mozilla_tmpfs_t sysadm_mozilla_tmpfs_t };
> -typealias mozilla_tmpfs_t alias { auditadm_mozilla_tmpfs_t secadm_mozilla_tmpfs_t };
> -userdom_user_tmpfs_file(mozilla_tmpfs_t)
> +type webbrowser_tmpfs_t;
> +typealias webbrowser_tmpfs_t alias { mozilla_tmpfs_t };
> +typealias webbrowser_tmpfs_t alias { user_mozilla_tmpfs_t staff_mozilla_tmpfs_t sysadm_mozilla_tmpfs_t };
> +typealias webbrowser_tmpfs_t alias { auditadm_mozilla_tmpfs_t secadm_mozilla_tmpfs_t };
> +userdom_user_tmpfs_file(webbrowser_tmpfs_t)
>
> optional_policy(`
> - pulseaudio_tmpfs_content(mozilla_tmpfs_t)
> + pulseaudio_tmpfs_content(webbrowser_tmpfs_t)
> ')
>
> -type mozilla_xdg_cache_t;
> -xdg_cache_content(mozilla_xdg_cache_t)
> +type webbrowser_xdg_cache_t;
> +xdg_cache_content(webbrowser_xdg_cache_t)
>
> ########################################
> #
> # Local policy
> #
>
> -allow mozilla_t self:capability { setgid setuid sys_nice };
> -allow mozilla_t self:process { sigkill signal setsched getsched setrlimit };
> -allow mozilla_t self:fifo_file rw_fifo_file_perms;
> -allow mozilla_t self:shm create_shm_perms;
> -allow mozilla_t self:sem create_sem_perms;
> -allow mozilla_t self:socket create_socket_perms;
> -allow mozilla_t self:unix_stream_socket { accept listen };
> -
> -allow mozilla_t mozilla_plugin_t:unix_stream_socket rw_socket_perms;
> -allow mozilla_t mozilla_plugin_t:fd use;
> -
> -allow mozilla_t { mozilla_home_t mozilla_plugin_home_t }:dir manage_dir_perms;
> -allow mozilla_t { mozilla_home_t mozilla_plugin_home_t }:file { manage_file_perms map };
> -allow mozilla_t mozilla_home_t:lnk_file manage_lnk_file_perms;
> -userdom_user_home_dir_filetrans(mozilla_t, mozilla_home_t, dir, ".galeon")
> -userdom_user_home_dir_filetrans(mozilla_t, mozilla_home_t, dir, ".mozilla")
> -userdom_user_home_dir_filetrans(mozilla_t, mozilla_home_t, dir, ".netscape")
> -userdom_user_home_dir_filetrans(mozilla_t, mozilla_home_t, dir, ".phoenix")
> -
> -filetrans_pattern(mozilla_t, mozilla_home_t, mozilla_plugin_home_t, dir, "plugins")
> -
> -manage_files_pattern(mozilla_t, mozilla_tmp_t, mozilla_tmp_t)
> -manage_lnk_files_pattern(mozilla_t, mozilla_tmp_t, mozilla_tmp_t)
> -manage_dirs_pattern(mozilla_t, mozilla_tmp_t, mozilla_tmp_t)
> -allow mozilla_t mozilla_tmp_t:file map;
> -files_tmp_filetrans(mozilla_t, mozilla_tmp_t, { file dir })
> -
> -manage_files_pattern(mozilla_t, mozilla_tmpfs_t, mozilla_tmpfs_t)
> -manage_lnk_files_pattern(mozilla_t, mozilla_tmpfs_t, mozilla_tmpfs_t)
> -manage_fifo_files_pattern(mozilla_t, mozilla_tmpfs_t, mozilla_tmpfs_t)
> -manage_sock_files_pattern(mozilla_t, mozilla_tmpfs_t, mozilla_tmpfs_t)
> -fs_tmpfs_filetrans(mozilla_t, mozilla_tmpfs_t, { file lnk_file sock_file fifo_file })
> -allow mozilla_t mozilla_plugin_tmpfs_t:file map;
> -
> -allow mozilla_t mozilla_plugin_rw_t:dir list_dir_perms;
> -allow mozilla_t mozilla_plugin_rw_t:file read_file_perms;
> -allow mozilla_t mozilla_plugin_rw_t:lnk_file read_lnk_file_perms;
> -
> -stream_connect_pattern(mozilla_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t, mozilla_plugin_t)
> -
> -manage_files_pattern(mozilla_t, mozilla_xdg_cache_t, mozilla_xdg_cache_t)
> -manage_dirs_pattern(mozilla_t, mozilla_xdg_cache_t, mozilla_xdg_cache_t)
> -xdg_cache_filetrans(mozilla_t, mozilla_xdg_cache_t, dir, "mozilla")
> -
> -can_exec(mozilla_t, { mozilla_exec_t mozilla_plugin_rw_t mozilla_plugin_home_t })
> -
> -kernel_read_kernel_sysctls(mozilla_t)
> -kernel_read_network_state(mozilla_t)
> -kernel_read_system_state(mozilla_t)
> -kernel_read_net_sysctls(mozilla_t)
> -
> -corecmd_list_bin(mozilla_t)
> -corecmd_exec_shell(mozilla_t)
> -corecmd_exec_bin(mozilla_t)
> -
> -corenet_all_recvfrom_unlabeled(mozilla_t)
> -corenet_all_recvfrom_netlabel(mozilla_t)
> -corenet_tcp_sendrecv_generic_if(mozilla_t)
> -corenet_tcp_sendrecv_generic_node(mozilla_t)
> -
> -corenet_sendrecv_http_client_packets(mozilla_t)
> -corenet_tcp_connect_http_port(mozilla_t)
> -corenet_tcp_sendrecv_http_port(mozilla_t)
> -
> -corenet_sendrecv_http_cache_client_packets(mozilla_t)
> -corenet_tcp_connect_http_cache_port(mozilla_t)
> -corenet_tcp_sendrecv_http_cache_port(mozilla_t)
> -
> -corenet_sendrecv_squid_client_packets(mozilla_t)
> -corenet_tcp_connect_squid_port(mozilla_t)
> -corenet_tcp_sendrecv_squid_port(mozilla_t)
> -
> -corenet_sendrecv_ftp_client_packets(mozilla_t)
> -corenet_tcp_connect_ftp_port(mozilla_t)
> -corenet_tcp_sendrecv_ftp_port(mozilla_t)
> -
> -corenet_sendrecv_ipp_client_packets(mozilla_t)
> -corenet_tcp_connect_ipp_port(mozilla_t)
> -corenet_tcp_sendrecv_ipp_port(mozilla_t)
> -
> -corenet_sendrecv_soundd_client_packets(mozilla_t)
> -corenet_tcp_connect_soundd_port(mozilla_t)
> -corenet_tcp_sendrecv_soundd_port(mozilla_t)
> -
> -corenet_sendrecv_speech_client_packets(mozilla_t)
> -corenet_tcp_connect_speech_port(mozilla_t)
> -corenet_tcp_sendrecv_speech_port(mozilla_t)
> -
> -dev_getattr_sysfs_dirs(mozilla_t)
> -dev_read_sysfs(mozilla_t)
> -dev_read_sound(mozilla_t)
> -dev_read_rand(mozilla_t)
> -dev_read_urand(mozilla_t)
> -dev_rw_dri(mozilla_t)
> -dev_write_sound(mozilla_t)
> -
> -domain_dontaudit_read_all_domains_state(mozilla_t)
> -
> -files_read_etc_runtime_files(mozilla_t)
> -files_map_usr_files(mozilla_t)
> -files_read_usr_files(mozilla_t)
> -files_read_var_files(mozilla_t)
> -files_read_var_lib_files(mozilla_t)
> -files_read_var_symlinks(mozilla_t)
> -files_dontaudit_getattr_boot_dirs(mozilla_t)
> -
> -fs_getattr_all_fs(mozilla_t)
> -fs_search_auto_mountpoints(mozilla_t)
> -fs_list_inotifyfs(mozilla_t)
> -fs_rw_tmpfs_files(mozilla_t)
> -
> -term_dontaudit_getattr_pty_dirs(mozilla_t)
> -
> -auth_use_nsswitch(mozilla_t)
> -
> -logging_send_syslog_msg(mozilla_t)
> -
> -miscfiles_read_fonts(mozilla_t)
> -miscfiles_read_generic_certs(mozilla_t)
> -miscfiles_read_localization(mozilla_t)
> -miscfiles_dontaudit_setattr_fonts_dirs(mozilla_t)
> -miscfiles_dontaudit_setattr_fonts_cache_dirs(mozilla_t)
> -
> -userdom_use_user_ptys(mozilla_t)
> -
> -userdom_manage_user_tmp_dirs(mozilla_t)
> -userdom_manage_user_tmp_files(mozilla_t)
> -userdom_map_user_tmp_files(mozilla_t)
> -
> -userdom_user_content_access_template(mozilla, { mozilla_t mozilla_plugin_t })
> -userdom_user_home_dir_filetrans_user_home_content(mozilla_t, { dir file })
> -
> -userdom_write_user_tmp_sockets(mozilla_t)
> -
> -mozilla_run_plugin(mozilla_t, mozilla_roles)
> -mozilla_run_plugin_config(mozilla_t, mozilla_roles)
> -
> -xdg_read_config_files(mozilla_t)
> -xdg_read_data_files(mozilla_t)
> -xdg_manage_downloads(mozilla_t)
> -
> -xserver_rw_mesa_shader_cache(mozilla_t)
> -xserver_user_x_domain_template(mozilla, mozilla_t, mozilla_tmpfs_t)
> -xserver_dontaudit_read_xdm_tmp_files(mozilla_t)
> -xserver_dontaudit_getattr_xdm_tmp_sockets(mozilla_t)
> +allow webbrowser_t self:capability { setgid setuid sys_nice };
> +allow webbrowser_t self:process { sigkill signal setsched getsched setrlimit };
> +allow webbrowser_t self:fifo_file rw_fifo_file_perms;
> +allow webbrowser_t self:shm create_shm_perms;
> +allow webbrowser_t self:sem create_sem_perms;
> +allow webbrowser_t self:socket create_socket_perms;
> +allow webbrowser_t self:unix_stream_socket { accept listen };
> +
> +allow webbrowser_t webbrowser_plugin_t:unix_stream_socket rw_socket_perms;
> +allow webbrowser_t webbrowser_plugin_t:fd use;
> +
> +allow webbrowser_t { webbrowser_home_t webbrowser_plugin_home_t }:dir manage_dir_perms;
> +allow webbrowser_t { webbrowser_home_t webbrowser_plugin_home_t }:file { manage_file_perms map };
> +allow webbrowser_t webbrowser_home_t:lnk_file manage_lnk_file_perms;
> +userdom_user_home_dir_filetrans(webbrowser_t, webbrowser_home_t, dir, ".galeon")
> +userdom_user_home_dir_filetrans(webbrowser_t, webbrowser_home_t, dir, ".mozilla")
> +userdom_user_home_dir_filetrans(webbrowser_t, webbrowser_home_t, dir, ".netscape")
> +userdom_user_home_dir_filetrans(webbrowser_t, webbrowser_home_t, dir, ".phoenix")
> +
> +filetrans_pattern(webbrowser_t, webbrowser_home_t, webbrowser_plugin_home_t, dir, "plugins")
> +
> +manage_files_pattern(webbrowser_t, webbrowser_tmp_t, webbrowser_tmp_t)
> +manage_lnk_files_pattern(webbrowser_t, webbrowser_tmp_t, webbrowser_tmp_t)
> +manage_dirs_pattern(webbrowser_t, webbrowser_tmp_t, webbrowser_tmp_t)
> +allow webbrowser_t webbrowser_tmp_t:file map;
> +files_tmp_filetrans(webbrowser_t, webbrowser_tmp_t, { file dir })
> +
> +manage_files_pattern(webbrowser_t, webbrowser_tmpfs_t, webbrowser_tmpfs_t)
> +manage_lnk_files_pattern(webbrowser_t, webbrowser_tmpfs_t, webbrowser_tmpfs_t)
> +manage_fifo_files_pattern(webbrowser_t, webbrowser_tmpfs_t, webbrowser_tmpfs_t)
> +manage_sock_files_pattern(webbrowser_t, webbrowser_tmpfs_t, webbrowser_tmpfs_t)
> +fs_tmpfs_filetrans(webbrowser_t, webbrowser_tmpfs_t, { file lnk_file sock_file fifo_file })
> +allow webbrowser_t webbrowser_plugin_tmpfs_t:file map;
> +
> +allow webbrowser_t webbrowser_plugin_rw_t:dir list_dir_perms;
> +allow webbrowser_t webbrowser_plugin_rw_t:file read_file_perms;
> +allow webbrowser_t webbrowser_plugin_rw_t:lnk_file read_lnk_file_perms;
> +
> +stream_connect_pattern(webbrowser_t, webbrowser_plugin_tmpfs_t, webbrowser_plugin_tmpfs_t, webbrowser_plugin_t)
> +
> +manage_files_pattern(webbrowser_t, webbrowser_xdg_cache_t, webbrowser_xdg_cache_t)
> +manage_dirs_pattern(webbrowser_t, webbrowser_xdg_cache_t, webbrowser_xdg_cache_t)
> +xdg_cache_filetrans(webbrowser_t, webbrowser_xdg_cache_t, dir, "mozilla")
> +
> +can_exec(webbrowser_t, { webbrowser_exec_t webbrowser_plugin_rw_t webbrowser_plugin_home_t })
> +
> +kernel_read_kernel_sysctls(webbrowser_t)
> +kernel_read_network_state(webbrowser_t)
> +kernel_read_system_state(webbrowser_t)
> +kernel_read_net_sysctls(webbrowser_t)
> +
> +corecmd_list_bin(webbrowser_t)
> +corecmd_exec_shell(webbrowser_t)
> +corecmd_exec_bin(webbrowser_t)
> +
> +corenet_all_recvfrom_unlabeled(webbrowser_t)
> +corenet_all_recvfrom_netlabel(webbrowser_t)
> +corenet_tcp_sendrecv_generic_if(webbrowser_t)
> +corenet_tcp_sendrecv_generic_node(webbrowser_t)
> +
> +corenet_sendrecv_http_client_packets(webbrowser_t)
> +corenet_tcp_connect_http_port(webbrowser_t)
> +corenet_tcp_sendrecv_http_port(webbrowser_t)
> +
> +corenet_sendrecv_http_cache_client_packets(webbrowser_t)
> +corenet_tcp_connect_http_cache_port(webbrowser_t)
> +corenet_tcp_sendrecv_http_cache_port(webbrowser_t)
> +
> +corenet_sendrecv_squid_client_packets(webbrowser_t)
> +corenet_tcp_connect_squid_port(webbrowser_t)
> +corenet_tcp_sendrecv_squid_port(webbrowser_t)
> +
> +corenet_sendrecv_ftp_client_packets(webbrowser_t)
> +corenet_tcp_connect_ftp_port(webbrowser_t)
> +corenet_tcp_sendrecv_ftp_port(webbrowser_t)
> +
> +corenet_sendrecv_ipp_client_packets(webbrowser_t)
> +corenet_tcp_connect_ipp_port(webbrowser_t)
> +corenet_tcp_sendrecv_ipp_port(webbrowser_t)
> +
> +corenet_sendrecv_soundd_client_packets(webbrowser_t)
> +corenet_tcp_connect_soundd_port(webbrowser_t)
> +corenet_tcp_sendrecv_soundd_port(webbrowser_t)
> +
> +corenet_sendrecv_speech_client_packets(webbrowser_t)
> +corenet_tcp_connect_speech_port(webbrowser_t)
> +corenet_tcp_sendrecv_speech_port(webbrowser_t)
> +
> +dev_getattr_sysfs_dirs(webbrowser_t)
> +dev_read_sysfs(webbrowser_t)
> +dev_read_sound(webbrowser_t)
> +dev_read_rand(webbrowser_t)
> +dev_read_urand(webbrowser_t)
> +dev_rw_dri(webbrowser_t)
> +dev_write_sound(webbrowser_t)
> +
> +domain_dontaudit_read_all_domains_state(webbrowser_t)
> +
> +files_read_etc_runtime_files(webbrowser_t)
> +files_map_usr_files(webbrowser_t)
> +files_read_usr_files(webbrowser_t)
> +files_read_var_files(webbrowser_t)
> +files_read_var_lib_files(webbrowser_t)
> +files_read_var_symlinks(webbrowser_t)
> +files_dontaudit_getattr_boot_dirs(webbrowser_t)
> +
> +fs_getattr_all_fs(webbrowser_t)
> +fs_search_auto_mountpoints(webbrowser_t)
> +fs_list_inotifyfs(webbrowser_t)
> +fs_rw_tmpfs_files(webbrowser_t)
> +
> +term_dontaudit_getattr_pty_dirs(webbrowser_t)
> +
> +auth_use_nsswitch(webbrowser_t)
> +
> +logging_send_syslog_msg(webbrowser_t)
> +
> +miscfiles_read_fonts(webbrowser_t)
> +miscfiles_read_generic_certs(webbrowser_t)
> +miscfiles_read_localization(webbrowser_t)
> +miscfiles_dontaudit_setattr_fonts_dirs(webbrowser_t)
> +miscfiles_dontaudit_setattr_fonts_cache_dirs(webbrowser_t)
> +
> +userdom_use_user_ptys(webbrowser_t)
> +
> +userdom_manage_user_tmp_dirs(webbrowser_t)
> +userdom_manage_user_tmp_files(webbrowser_t)
> +userdom_map_user_tmp_files(webbrowser_t)
> +
> +userdom_user_content_access_template(webbrowser, { webbrowser_t webbrowser_plugin_t })
> +userdom_user_home_dir_filetrans_user_home_content(webbrowser_t, { dir file })
> +
> +userdom_write_user_tmp_sockets(webbrowser_t)
> +
> +webbrowser_run_plugin(webbrowser_t, webbrowser_roles)
> +webbrowser_run_plugin_config(webbrowser_t, webbrowser_roles)
> +
> +xdg_read_config_files(webbrowser_t)
> +xdg_read_data_files(webbrowser_t)
> +xdg_manage_downloads(webbrowser_t)
> +
> +xserver_rw_mesa_shader_cache(webbrowser_t)
> +xserver_user_x_domain_template(webbrowser, webbrowser_t, webbrowser_tmpfs_t)
> +xserver_dontaudit_read_xdm_tmp_files(webbrowser_t)
> +xserver_dontaudit_getattr_xdm_tmp_sockets(webbrowser_t)
>
> ifndef(`enable_mls',`
> - fs_list_dos(mozilla_t)
> - fs_read_dos_files(mozilla_t)
> + fs_list_dos(webbrowser_t)
> + fs_read_dos_files(webbrowser_t)
>
> - fs_search_removable(mozilla_t)
> - fs_read_removable_files(mozilla_t)
> - fs_read_removable_symlinks(mozilla_t)
> + fs_search_removable(webbrowser_t)
> + fs_read_removable_files(webbrowser_t)
> + fs_read_removable_symlinks(webbrowser_t)
>
> - fs_read_iso9660_files(mozilla_t)
> + fs_read_iso9660_files(webbrowser_t)
> ')
>
> tunable_policy(`allow_execmem',`
> - allow mozilla_t self:process execmem;
> + allow webbrowser_t self:process execmem;
> ')
>
> -tunable_policy(`mozilla_execstack',`
> - allow mozilla_t self:process { execmem execstack };
> +tunable_policy(`webbrowser_execstack',`
> + allow webbrowser_t self:process { execmem execstack };
> ')
>
> tunable_policy(`use_nfs_home_dirs',`
> - fs_manage_nfs_dirs(mozilla_t)
> - fs_manage_nfs_files(mozilla_t)
> - fs_manage_nfs_symlinks(mozilla_t)
> + fs_manage_nfs_dirs(webbrowser_t)
> + fs_manage_nfs_files(webbrowser_t)
> + fs_manage_nfs_symlinks(webbrowser_t)
> ')
>
> tunable_policy(`use_samba_home_dirs',`
> - fs_manage_cifs_dirs(mozilla_t)
> - fs_manage_cifs_files(mozilla_t)
> - fs_manage_cifs_symlinks(mozilla_t)
> + fs_manage_cifs_dirs(webbrowser_t)
> + fs_manage_cifs_files(webbrowser_t)
> + fs_manage_cifs_symlinks(webbrowser_t)
> ')
>
> optional_policy(`
> - alsa_read_config(mozilla_t)
> - alsa_read_home_files(mozilla_t)
> + alsa_read_config(webbrowser_t)
> + alsa_read_home_files(webbrowser_t)
> ')
>
> optional_policy(`
> - apache_read_user_scripts(mozilla_t)
> - apache_read_user_content(mozilla_t)
> + apache_read_user_scripts(webbrowser_t)
> + apache_read_user_content(webbrowser_t)
> ')
>
> optional_policy(`
> - automount_dontaudit_getattr_tmp_dirs(mozilla_t)
> + automount_dontaudit_getattr_tmp_dirs(webbrowser_t)
> ')
>
> optional_policy(`
> - cups_read_rw_config(mozilla_t)
> - cups_stream_connect(mozilla_t)
> + cups_read_rw_config(webbrowser_t)
> + cups_stream_connect(webbrowser_t)
> ')
>
> optional_policy(`
> - dbus_all_session_bus_client(mozilla_t)
> - dbus_connect_all_session_bus(mozilla_t)
> - dbus_system_bus_client(mozilla_t)
> + dbus_all_session_bus_client(webbrowser_t)
> + dbus_connect_all_session_bus(webbrowser_t)
> + dbus_system_bus_client(webbrowser_t)
>
> optional_policy(`
> - cups_dbus_chat(mozilla_t)
> + cups_dbus_chat(webbrowser_t)
> ')
>
> optional_policy(`
> - mozilla_dbus_chat_plugin(mozilla_t)
> + webbrowser_dbus_chat_plugin(webbrowser_t)
> ')
>
> optional_policy(`
> - networkmanager_dbus_chat(mozilla_t)
> + networkmanager_dbus_chat(webbrowser_t)
> ')
> ')
>
> optional_policy(`
> - evolution_domtrans(mozilla_t)
> + evolution_domtrans(webbrowser_t)
> ')
>
> optional_policy(`
> - gnome_stream_connect_gconf(mozilla_t)
> - gnome_manage_generic_gconf_home_content(mozilla_t)
> - gnome_home_filetrans_gconf_home(mozilla_t, dir, ".gconf")
> - gnome_home_filetrans_gconf_home(mozilla_t, dir, ".gconfd")
> - gnome_manage_generic_home_content(mozilla_t)
> - gnome_home_filetrans_gnome_home(mozilla_t, dir, ".gnome")
> - gnome_home_filetrans_gnome_home(mozilla_t, dir, ".gnome2")
> - gnome_home_filetrans_gnome_home(mozilla_t, dir, ".gnome2_private")
> + gnome_stream_connect_gconf(webbrowser_t)
> + gnome_manage_generic_gconf_home_content(webbrowser_t)
> + gnome_home_filetrans_gconf_home(webbrowser_t, dir, ".gconf")
> + gnome_home_filetrans_gconf_home(webbrowser_t, dir, ".gconfd")
> + gnome_manage_generic_home_content(webbrowser_t)
> + gnome_home_filetrans_gnome_home(webbrowser_t, dir, ".gnome")
> + gnome_home_filetrans_gnome_home(webbrowser_t, dir, ".gnome2")
> + gnome_home_filetrans_gnome_home(webbrowser_t, dir, ".gnome2_private")
> ')
>
> optional_policy(`
> - java_exec(mozilla_t)
> - java_manage_generic_home_content(mozilla_t)
> - java_manage_java_tmp(mozilla_t)
> - java_home_filetrans_java_home(mozilla_t, dir, ".java")
> + java_exec(webbrowser_t)
> + java_manage_generic_home_content(webbrowser_t)
> + java_manage_java_tmp(webbrowser_t)
> + java_home_filetrans_java_home(webbrowser_t, dir, ".java")
> ')
>
> optional_policy(`
> - lpd_run_lpr(mozilla_t, mozilla_roles)
> + lpd_run_lpr(webbrowser_t, webbrowser_roles)
> ')
>
> optional_policy(`
> - mplayer_exec(mozilla_t)
> - mplayer_manage_generic_home_content(mozilla_t)
> - mplayer_home_filetrans_mplayer_home(mozilla_t, dir, ".mplayer")
> + mplayer_exec(webbrowser_t)
> + mplayer_manage_generic_home_content(webbrowser_t)
> + mplayer_home_filetrans_mplayer_home(webbrowser_t, dir, ".mplayer")
> ')
>
> optional_policy(`
> - ooffice_domtrans(mozilla_t)
> - ooffice_rw_tmp_files(mozilla_t)
> + ooffice_domtrans(webbrowser_t)
> + ooffice_rw_tmp_files(webbrowser_t)
> ')
>
> optional_policy(`
> - pulseaudio_run(mozilla_t, mozilla_roles)
> + pulseaudio_run(webbrowser_t, webbrowser_roles)
> ')
>
> optional_policy(`
> - thunderbird_domtrans(mozilla_t)
> + thunderbird_domtrans(webbrowser_t)
> ')
>
> ########################################
> @@ -343,282 +354,282 @@ optional_policy(`
> # Plugin local policy
> #
>
> -dontaudit mozilla_plugin_t self:capability { ipc_lock sys_nice sys_ptrace sys_tty_config };
> -allow mozilla_plugin_t self:process { setpgid getsched setsched signal_perms setrlimit };
> -allow mozilla_plugin_t self:fifo_file manage_fifo_file_perms;
> -allow mozilla_plugin_t self:netlink_kobject_uevent_socket create_socket_perms;
> -allow mozilla_plugin_t self:sem create_sem_perms;
> -allow mozilla_plugin_t self:shm create_shm_perms;
> -allow mozilla_plugin_t self:tcp_socket { accept listen };
> -allow mozilla_plugin_t self:unix_stream_socket { accept connectto listen };
> -
> -allow mozilla_plugin_t mozilla_t:unix_stream_socket rw_socket_perms;
> -allow mozilla_plugin_t mozilla_t:unix_dgram_socket rw_socket_perms;
> -allow mozilla_plugin_t mozilla_t:shm { rw_shm_perms destroy };
> -allow mozilla_plugin_t mozilla_t:sem create_sem_perms;
> -
> -manage_dirs_pattern(mozilla_plugin_t, { mozilla_home_t mozilla_plugin_home_t }, { mozilla_home_t mozilla_plugin_home_t })
> -manage_files_pattern(mozilla_plugin_t, { mozilla_home_t mozilla_plugin_home_t }, mozilla_plugin_home_t)
> -manage_lnk_files_pattern(mozilla_plugin_t, { mozilla_home_t mozilla_plugin_home_t }, mozilla_plugin_home_t)
> -allow mozilla_plugin_t mozilla_home_t:file map;
> -
> -userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_home_t, dir, ".galeon")
> -userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_home_t, dir, ".mozilla")
> -userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_home_t, dir, ".netscape")
> -userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_home_t, dir, ".phoenix")
> -
> -userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_plugin_home_t, dir, ".adobe")
> -userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_plugin_home_t, dir, ".macromedia")
> -userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_plugin_home_t, dir, ".gnash")
> -userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_plugin_home_t, dir, ".gcjwebplugin")
> -userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_plugin_home_t, dir, ".icedteaplugin")
> -userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_plugin_home_t, dir, ".spicec")
> -userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_plugin_home_t, dir, ".ICAClient")
> -userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_plugin_home_t, dir, "zimbrauserdata")
> -
> -filetrans_pattern(mozilla_plugin_t, mozilla_home_t, mozilla_plugin_home_t, dir, "plugins")
> -
> -manage_dirs_pattern(mozilla_plugin_t, mozilla_plugin_tmp_t, mozilla_plugin_tmp_t)
> -manage_files_pattern(mozilla_plugin_t, mozilla_plugin_tmp_t, mozilla_plugin_tmp_t)
> -manage_fifo_files_pattern(mozilla_plugin_t, mozilla_plugin_tmp_t, mozilla_plugin_tmp_t)
> -files_tmp_filetrans(mozilla_plugin_t, mozilla_plugin_tmp_t, { dir file fifo_file })
> -userdom_user_tmp_filetrans(mozilla_plugin_t, mozilla_plugin_tmp_t, { dir file fifo_file })
> -
> -allow mozilla_plugin_t mozilla_tmp_t:file rw_file_perms;
> -
> -manage_files_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t)
> -manage_lnk_files_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t)
> -manage_fifo_files_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t)
> -manage_sock_files_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t)
> -fs_tmpfs_filetrans(mozilla_plugin_t, mozilla_plugin_tmpfs_t, { file lnk_file sock_file fifo_file })
> -
> -allow mozilla_plugin_t mozilla_plugin_rw_t:dir list_dir_perms;
> -allow mozilla_plugin_t mozilla_plugin_rw_t:file read_file_perms;
> -allow mozilla_plugin_t mozilla_plugin_rw_t:lnk_file read_lnk_file_perms;
> -
> -dgram_send_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t, mozilla_t)
> -stream_connect_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t, mozilla_t)
> -
> -can_exec(mozilla_plugin_t, { mozilla_exec_t mozilla_plugin_home_t mozilla_plugin_tmp_t })
> -
> -kernel_read_all_sysctls(mozilla_plugin_t)
> -kernel_read_system_state(mozilla_plugin_t)
> -kernel_read_network_state(mozilla_plugin_t)
> -kernel_request_load_module(mozilla_plugin_t)
> -kernel_dontaudit_getattr_core_if(mozilla_plugin_t)
> -
> -corecmd_exec_bin(mozilla_plugin_t)
> -corecmd_exec_shell(mozilla_plugin_t)
> -
> -corenet_all_recvfrom_netlabel(mozilla_plugin_t)
> -corenet_all_recvfrom_unlabeled(mozilla_plugin_t)
> -corenet_tcp_sendrecv_generic_if(mozilla_plugin_t)
> -corenet_tcp_sendrecv_generic_node(mozilla_plugin_t)
> -
> -corenet_sendrecv_asterisk_client_packets(mozilla_plugin_t)
> -corenet_tcp_connect_asterisk_port(mozilla_plugin_t)
> -corenet_tcp_sendrecv_asterisk_port(mozilla_plugin_t)
> -
> -corenet_sendrecv_ftp_client_packets(mozilla_plugin_t)
> -corenet_tcp_connect_ftp_port(mozilla_plugin_t)
> -corenet_tcp_sendrecv_ftp_port(mozilla_plugin_t)
> -
> -corenet_sendrecv_gatekeeper_client_packets(mozilla_plugin_t)
> -corenet_tcp_connect_gatekeeper_port(mozilla_plugin_t)
> -corenet_tcp_sendrecv_gatekeeper_port(mozilla_plugin_t)
> -
> -corenet_sendrecv_http_client_packets(mozilla_plugin_t)
> -corenet_tcp_connect_http_port(mozilla_plugin_t)
> -corenet_tcp_sendrecv_http_port(mozilla_plugin_t)
> -
> -corenet_sendrecv_http_cache_client_packets(mozilla_plugin_t)
> -corenet_tcp_connect_http_cache_port(mozilla_plugin_t)
> -corenet_tcp_sendrecv_http_cache_port(mozilla_plugin_t)
> -
> -corenet_sendrecv_ipp_client_packets(mozilla_plugin_t)
> -corenet_tcp_connect_ipp_port(mozilla_plugin_t)
> -corenet_tcp_sendrecv_ipp_port(mozilla_plugin_t)
> -
> -corenet_sendrecv_ircd_client_packets(mozilla_plugin_t)
> -corenet_tcp_connect_ircd_port(mozilla_plugin_t)
> -corenet_tcp_sendrecv_ircd_port(mozilla_plugin_t)
> -
> -corenet_sendrecv_jabber_client_client_packets(mozilla_plugin_t)
> -corenet_tcp_connect_jabber_client_port(mozilla_plugin_t)
> -corenet_tcp_sendrecv_jabber_client_port(mozilla_plugin_t)
> -
> -corenet_sendrecv_mmcc_client_packets(mozilla_plugin_t)
> -corenet_tcp_connect_mmcc_port(mozilla_plugin_t)
> -corenet_tcp_sendrecv_mmcc_port(mozilla_plugin_t)
> -
> -corenet_sendrecv_monopd_client_packets(mozilla_plugin_t)
> -corenet_tcp_connect_monopd_port(mozilla_plugin_t)
> -corenet_tcp_sendrecv_monopd_port(mozilla_plugin_t)
> -
> -corenet_sendrecv_soundd_client_packets(mozilla_plugin_t)
> -corenet_tcp_connect_soundd_port(mozilla_plugin_t)
> -corenet_tcp_sendrecv_soundd_port(mozilla_plugin_t)
> -
> -corenet_sendrecv_speech_client_packets(mozilla_plugin_t)
> -corenet_tcp_connect_speech_port(mozilla_plugin_t)
> -corenet_tcp_sendrecv_speech_port(mozilla_plugin_t)
> -
> -corenet_sendrecv_squid_client_packets(mozilla_plugin_t)
> -corenet_tcp_connect_squid_port(mozilla_plugin_t)
> -corenet_tcp_sendrecv_squid_port(mozilla_plugin_t)
> -
> -corenet_sendrecv_vnc_client_packets(mozilla_plugin_t)
> -corenet_tcp_connect_vnc_port(mozilla_plugin_t)
> -corenet_tcp_sendrecv_vnc_port(mozilla_plugin_t)
> -
> -dev_read_generic_usb_dev(mozilla_plugin_t)
> -dev_read_rand(mozilla_plugin_t)
> -dev_read_realtime_clock(mozilla_plugin_t)
> -dev_read_sound(mozilla_plugin_t)
> -dev_read_sysfs(mozilla_plugin_t)
> -dev_read_urand(mozilla_plugin_t)
> -dev_read_video_dev(mozilla_plugin_t)
> -dev_write_sound(mozilla_plugin_t)
> -dev_write_video_dev(mozilla_plugin_t)
> -dev_rw_dri(mozilla_plugin_t)
> -dev_rw_xserver_misc(mozilla_plugin_t)
> -
> -dev_dontaudit_getattr_generic_files(mozilla_plugin_t)
> -dev_dontaudit_getattr_generic_pipes(mozilla_plugin_t)
> -dev_dontaudit_getattr_all_blk_files(mozilla_plugin_t)
> -dev_dontaudit_getattr_all_chr_files(mozilla_plugin_t)
> -
> -domain_use_interactive_fds(mozilla_plugin_t)
> -domain_dontaudit_read_all_domains_state(mozilla_plugin_t)
> -
> -files_exec_usr_files(mozilla_plugin_t)
> -files_list_mnt(mozilla_plugin_t)
> -files_read_config_files(mozilla_plugin_t)
> -files_read_usr_files(mozilla_plugin_t)
> -files_map_usr_files(mozilla_plugin_t)
> -
> -fs_getattr_all_fs(mozilla_plugin_t)
> -# fs_read_hugetlbfs_files(mozilla_plugin_t)
> -fs_search_auto_mountpoints(mozilla_plugin_t)
> -
> -term_getattr_all_ttys(mozilla_plugin_t)
> -term_getattr_all_ptys(mozilla_plugin_t)
> -
> -application_exec(mozilla_plugin_t)
> -
> -auth_use_nsswitch(mozilla_plugin_t)
> -
> -libs_exec_ld_so(mozilla_plugin_t)
> -libs_exec_lib_files(mozilla_plugin_t)
> -
> -logging_send_syslog_msg(mozilla_plugin_t)
> -
> -miscfiles_read_localization(mozilla_plugin_t)
> -miscfiles_read_fonts(mozilla_plugin_t)
> -miscfiles_read_generic_certs(mozilla_plugin_t)
> -miscfiles_dontaudit_setattr_fonts_dirs(mozilla_plugin_t)
> -miscfiles_dontaudit_setattr_fonts_cache_dirs(mozilla_plugin_t)
> -
> -userdom_manage_user_tmp_dirs(mozilla_plugin_t)
> -userdom_manage_user_tmp_files(mozilla_plugin_t)
> -userdom_map_user_tmp_files(mozilla_plugin_t)
> +dontaudit webbrowser_plugin_t self:capability { ipc_lock sys_nice sys_ptrace sys_tty_config };
> +allow webbrowser_plugin_t self:process { setpgid getsched setsched signal_perms setrlimit };
> +allow webbrowser_plugin_t self:fifo_file manage_fifo_file_perms;
> +allow webbrowser_plugin_t self:netlink_kobject_uevent_socket create_socket_perms;
> +allow webbrowser_plugin_t self:sem create_sem_perms;
> +allow webbrowser_plugin_t self:shm create_shm_perms;
> +allow webbrowser_plugin_t self:tcp_socket { accept listen };
> +allow webbrowser_plugin_t self:unix_stream_socket { accept connectto listen };
> +
> +allow webbrowser_plugin_t webbrowser_t:unix_stream_socket rw_socket_perms;
> +allow webbrowser_plugin_t webbrowser_t:unix_dgram_socket rw_socket_perms;
> +allow webbrowser_plugin_t webbrowser_t:shm { rw_shm_perms destroy };
> +allow webbrowser_plugin_t webbrowser_t:sem create_sem_perms;
> +
> +manage_dirs_pattern(webbrowser_plugin_t, { webbrowser_home_t webbrowser_plugin_home_t }, { webbrowser_home_t webbrowser_plugin_home_t })
> +manage_files_pattern(webbrowser_plugin_t, { webbrowser_home_t webbrowser_plugin_home_t }, webbrowser_plugin_home_t)
> +manage_lnk_files_pattern(webbrowser_plugin_t, { webbrowser_home_t webbrowser_plugin_home_t }, webbrowser_plugin_home_t)
> +allow webbrowser_plugin_t webbrowser_home_t:file map;
> +
> +userdom_user_home_dir_filetrans(webbrowser_plugin_t, webbrowser_home_t, dir, ".galeon")
> +userdom_user_home_dir_filetrans(webbrowser_plugin_t, webbrowser_home_t, dir, ".mozilla")
> +userdom_user_home_dir_filetrans(webbrowser_plugin_t, webbrowser_home_t, dir, ".netscape")
> +userdom_user_home_dir_filetrans(webbrowser_plugin_t, webbrowser_home_t, dir, ".phoenix")
> +
> +userdom_user_home_dir_filetrans(webbrowser_plugin_t, webbrowser_plugin_home_t, dir, ".adobe")
> +userdom_user_home_dir_filetrans(webbrowser_plugin_t, webbrowser_plugin_home_t, dir, ".macromedia")
> +userdom_user_home_dir_filetrans(webbrowser_plugin_t, webbrowser_plugin_home_t, dir, ".gnash")
> +userdom_user_home_dir_filetrans(webbrowser_plugin_t, webbrowser_plugin_home_t, dir, ".gcjwebplugin")
> +userdom_user_home_dir_filetrans(webbrowser_plugin_t, webbrowser_plugin_home_t, dir, ".icedteaplugin")
> +userdom_user_home_dir_filetrans(webbrowser_plugin_t, webbrowser_plugin_home_t, dir, ".spicec")
> +userdom_user_home_dir_filetrans(webbrowser_plugin_t, webbrowser_plugin_home_t, dir, ".ICAClient")
> +userdom_user_home_dir_filetrans(webbrowser_plugin_t, webbrowser_plugin_home_t, dir, "zimbrauserdata")
> +
> +filetrans_pattern(webbrowser_plugin_t, webbrowser_home_t, webbrowser_plugin_home_t, dir, "plugins")
> +
> +manage_dirs_pattern(webbrowser_plugin_t, webbrowser_plugin_tmp_t, webbrowser_plugin_tmp_t)
> +manage_files_pattern(webbrowser_plugin_t, webbrowser_plugin_tmp_t, webbrowser_plugin_tmp_t)
> +manage_fifo_files_pattern(webbrowser_plugin_t, webbrowser_plugin_tmp_t, webbrowser_plugin_tmp_t)
> +files_tmp_filetrans(webbrowser_plugin_t, webbrowser_plugin_tmp_t, { dir file fifo_file })
> +userdom_user_tmp_filetrans(webbrowser_plugin_t, webbrowser_plugin_tmp_t, { dir file fifo_file })
> +
> +allow webbrowser_plugin_t webbrowser_tmp_t:file rw_file_perms;
> +
> +manage_files_pattern(webbrowser_plugin_t, webbrowser_plugin_tmpfs_t, webbrowser_plugin_tmpfs_t)
> +manage_lnk_files_pattern(webbrowser_plugin_t, webbrowser_plugin_tmpfs_t, webbrowser_plugin_tmpfs_t)
> +manage_fifo_files_pattern(webbrowser_plugin_t, webbrowser_plugin_tmpfs_t, webbrowser_plugin_tmpfs_t)
> +manage_sock_files_pattern(webbrowser_plugin_t, webbrowser_plugin_tmpfs_t, webbrowser_plugin_tmpfs_t)
> +fs_tmpfs_filetrans(webbrowser_plugin_t, webbrowser_plugin_tmpfs_t, { file lnk_file sock_file fifo_file })
> +
> +allow webbrowser_plugin_t webbrowser_plugin_rw_t:dir list_dir_perms;
> +allow webbrowser_plugin_t webbrowser_plugin_rw_t:file read_file_perms;
> +allow webbrowser_plugin_t webbrowser_plugin_rw_t:lnk_file read_lnk_file_perms;
> +
> +dgram_send_pattern(webbrowser_plugin_t, webbrowser_plugin_tmpfs_t, webbrowser_plugin_tmpfs_t, webbrowser_t)
> +stream_connect_pattern(webbrowser_plugin_t, webbrowser_plugin_tmpfs_t, webbrowser_plugin_tmpfs_t, webbrowser_t)
> +
> +can_exec(webbrowser_plugin_t, { webbrowser_exec_t webbrowser_plugin_home_t webbrowser_plugin_tmp_t })
> +
> +kernel_read_all_sysctls(webbrowser_plugin_t)
> +kernel_read_system_state(webbrowser_plugin_t)
> +kernel_read_network_state(webbrowser_plugin_t)
> +kernel_request_load_module(webbrowser_plugin_t)
> +kernel_dontaudit_getattr_core_if(webbrowser_plugin_t)
> +
> +corecmd_exec_bin(webbrowser_plugin_t)
> +corecmd_exec_shell(webbrowser_plugin_t)
> +
> +corenet_all_recvfrom_netlabel(webbrowser_plugin_t)
> +corenet_all_recvfrom_unlabeled(webbrowser_plugin_t)
> +corenet_tcp_sendrecv_generic_if(webbrowser_plugin_t)
> +corenet_tcp_sendrecv_generic_node(webbrowser_plugin_t)
> +
> +corenet_sendrecv_asterisk_client_packets(webbrowser_plugin_t)
> +corenet_tcp_connect_asterisk_port(webbrowser_plugin_t)
> +corenet_tcp_sendrecv_asterisk_port(webbrowser_plugin_t)
> +
> +corenet_sendrecv_ftp_client_packets(webbrowser_plugin_t)
> +corenet_tcp_connect_ftp_port(webbrowser_plugin_t)
> +corenet_tcp_sendrecv_ftp_port(webbrowser_plugin_t)
> +
> +corenet_sendrecv_gatekeeper_client_packets(webbrowser_plugin_t)
> +corenet_tcp_connect_gatekeeper_port(webbrowser_plugin_t)
> +corenet_tcp_sendrecv_gatekeeper_port(webbrowser_plugin_t)
> +
> +corenet_sendrecv_http_client_packets(webbrowser_plugin_t)
> +corenet_tcp_connect_http_port(webbrowser_plugin_t)
> +corenet_tcp_sendrecv_http_port(webbrowser_plugin_t)
> +
> +corenet_sendrecv_http_cache_client_packets(webbrowser_plugin_t)
> +corenet_tcp_connect_http_cache_port(webbrowser_plugin_t)
> +corenet_tcp_sendrecv_http_cache_port(webbrowser_plugin_t)
> +
> +corenet_sendrecv_ipp_client_packets(webbrowser_plugin_t)
> +corenet_tcp_connect_ipp_port(webbrowser_plugin_t)
> +corenet_tcp_sendrecv_ipp_port(webbrowser_plugin_t)
> +
> +corenet_sendrecv_ircd_client_packets(webbrowser_plugin_t)
> +corenet_tcp_connect_ircd_port(webbrowser_plugin_t)
> +corenet_tcp_sendrecv_ircd_port(webbrowser_plugin_t)
> +
> +corenet_sendrecv_jabber_client_client_packets(webbrowser_plugin_t)
> +corenet_tcp_connect_jabber_client_port(webbrowser_plugin_t)
> +corenet_tcp_sendrecv_jabber_client_port(webbrowser_plugin_t)
> +
> +corenet_sendrecv_mmcc_client_packets(webbrowser_plugin_t)
> +corenet_tcp_connect_mmcc_port(webbrowser_plugin_t)
> +corenet_tcp_sendrecv_mmcc_port(webbrowser_plugin_t)
> +
> +corenet_sendrecv_monopd_client_packets(webbrowser_plugin_t)
> +corenet_tcp_connect_monopd_port(webbrowser_plugin_t)
> +corenet_tcp_sendrecv_monopd_port(webbrowser_plugin_t)
> +
> +corenet_sendrecv_soundd_client_packets(webbrowser_plugin_t)
> +corenet_tcp_connect_soundd_port(webbrowser_plugin_t)
> +corenet_tcp_sendrecv_soundd_port(webbrowser_plugin_t)
> +
> +corenet_sendrecv_speech_client_packets(webbrowser_plugin_t)
> +corenet_tcp_connect_speech_port(webbrowser_plugin_t)
> +corenet_tcp_sendrecv_speech_port(webbrowser_plugin_t)
> +
> +corenet_sendrecv_squid_client_packets(webbrowser_plugin_t)
> +corenet_tcp_connect_squid_port(webbrowser_plugin_t)
> +corenet_tcp_sendrecv_squid_port(webbrowser_plugin_t)
> +
> +corenet_sendrecv_vnc_client_packets(webbrowser_plugin_t)
> +corenet_tcp_connect_vnc_port(webbrowser_plugin_t)
> +corenet_tcp_sendrecv_vnc_port(webbrowser_plugin_t)
> +
> +dev_read_generic_usb_dev(webbrowser_plugin_t)
> +dev_read_rand(webbrowser_plugin_t)
> +dev_read_realtime_clock(webbrowser_plugin_t)
> +dev_read_sound(webbrowser_plugin_t)
> +dev_read_sysfs(webbrowser_plugin_t)
> +dev_read_urand(webbrowser_plugin_t)
> +dev_read_video_dev(webbrowser_plugin_t)
> +dev_write_sound(webbrowser_plugin_t)
> +dev_write_video_dev(webbrowser_plugin_t)
> +dev_rw_dri(webbrowser_plugin_t)
> +dev_rw_xserver_misc(webbrowser_plugin_t)
> +
> +dev_dontaudit_getattr_generic_files(webbrowser_plugin_t)
> +dev_dontaudit_getattr_generic_pipes(webbrowser_plugin_t)
> +dev_dontaudit_getattr_all_blk_files(webbrowser_plugin_t)
> +dev_dontaudit_getattr_all_chr_files(webbrowser_plugin_t)
> +
> +domain_use_interactive_fds(webbrowser_plugin_t)
> +domain_dontaudit_read_all_domains_state(webbrowser_plugin_t)
> +
> +files_exec_usr_files(webbrowser_plugin_t)
> +files_list_mnt(webbrowser_plugin_t)
> +files_read_config_files(webbrowser_plugin_t)
> +files_read_usr_files(webbrowser_plugin_t)
> +files_map_usr_files(webbrowser_plugin_t)
> +
> +fs_getattr_all_fs(webbrowser_plugin_t)
> +# fs_read_hugetlbfs_files(webbrowser_plugin_t)
> +fs_search_auto_mountpoints(webbrowser_plugin_t)
> +
> +term_getattr_all_ttys(webbrowser_plugin_t)
> +term_getattr_all_ptys(webbrowser_plugin_t)
> +
> +application_exec(webbrowser_plugin_t)
> +
> +auth_use_nsswitch(webbrowser_plugin_t)
> +
> +libs_exec_ld_so(webbrowser_plugin_t)
> +libs_exec_lib_files(webbrowser_plugin_t)
> +
> +logging_send_syslog_msg(webbrowser_plugin_t)
> +
> +miscfiles_read_localization(webbrowser_plugin_t)
> +miscfiles_read_fonts(webbrowser_plugin_t)
> +miscfiles_read_generic_certs(webbrowser_plugin_t)
> +miscfiles_dontaudit_setattr_fonts_dirs(webbrowser_plugin_t)
> +miscfiles_dontaudit_setattr_fonts_cache_dirs(webbrowser_plugin_t)
> +
> +userdom_manage_user_tmp_dirs(webbrowser_plugin_t)
> +userdom_manage_user_tmp_files(webbrowser_plugin_t)
> +userdom_map_user_tmp_files(webbrowser_plugin_t)
>
> -userdom_user_home_dir_filetrans_user_home_content(mozilla_plugin_t, { dir file })
> +userdom_user_home_dir_filetrans_user_home_content(webbrowser_plugin_t, { dir file })
>
> -userdom_write_user_tmp_sockets(mozilla_plugin_t)
> +userdom_write_user_tmp_sockets(webbrowser_plugin_t)
>
> -userdom_dontaudit_use_user_terminals(mozilla_plugin_t)
> +userdom_dontaudit_use_user_terminals(webbrowser_plugin_t)
>
> -xdg_read_config_files(mozilla_plugin_t)
> +xdg_read_config_files(webbrowser_plugin_t)
>
> ifndef(`enable_mls',`
> - fs_list_dos(mozilla_plugin_t)
> - fs_read_dos_files(mozilla_plugin_t)
> + fs_list_dos(webbrowser_plugin_t)
> + fs_read_dos_files(webbrowser_plugin_t)
>
> - fs_search_removable(mozilla_plugin_t)
> - fs_read_removable_files(mozilla_plugin_t)
> - fs_read_removable_symlinks(mozilla_plugin_t)
> + fs_search_removable(webbrowser_plugin_t)
> + fs_read_removable_files(webbrowser_plugin_t)
> + fs_read_removable_symlinks(webbrowser_plugin_t)
>
> - fs_read_iso9660_files(mozilla_plugin_t)
> + fs_read_iso9660_files(webbrowser_plugin_t)
> ')
>
> tunable_policy(`allow_execmem',`
> - allow mozilla_plugin_t self:process execmem;
> + allow webbrowser_plugin_t self:process execmem;
> ')
>
> -tunable_policy(`mozilla_execstack',`
> - allow mozilla_plugin_t self:process { execmem execstack };
> +tunable_policy(`webbrowser_execstack',`
> + allow webbrowser_plugin_t self:process { execmem execstack };
> ')
>
> tunable_policy(`use_nfs_home_dirs',`
> - fs_manage_nfs_dirs(mozilla_plugin_t)
> - fs_manage_nfs_files(mozilla_plugin_t)
> - fs_manage_nfs_symlinks(mozilla_plugin_t)
> + fs_manage_nfs_dirs(webbrowser_plugin_t)
> + fs_manage_nfs_files(webbrowser_plugin_t)
> + fs_manage_nfs_symlinks(webbrowser_plugin_t)
> ')
>
> tunable_policy(`use_samba_home_dirs',`
> - fs_manage_cifs_dirs(mozilla_plugin_t)
> - fs_manage_cifs_files(mozilla_plugin_t)
> - fs_manage_cifs_symlinks(mozilla_plugin_t)
> + fs_manage_cifs_dirs(webbrowser_plugin_t)
> + fs_manage_cifs_files(webbrowser_plugin_t)
> + fs_manage_cifs_symlinks(webbrowser_plugin_t)
> ')
>
> optional_policy(`
> - alsa_read_config(mozilla_plugin_t)
> - alsa_read_home_files(mozilla_plugin_t)
> + alsa_read_config(webbrowser_plugin_t)
> + alsa_read_home_files(webbrowser_plugin_t)
> ')
>
> optional_policy(`
> - automount_dontaudit_getattr_tmp_dirs(mozilla_plugin_t)
> + automount_dontaudit_getattr_tmp_dirs(webbrowser_plugin_t)
> ')
>
> optional_policy(`
> - dbus_all_session_bus_client(mozilla_plugin_t)
> - dbus_connect_all_session_bus(mozilla_plugin_t)
> - dbus_system_bus_client(mozilla_plugin_t)
> + dbus_all_session_bus_client(webbrowser_plugin_t)
> + dbus_connect_all_session_bus(webbrowser_plugin_t)
> + dbus_system_bus_client(webbrowser_plugin_t)
> ')
>
> optional_policy(`
> - gnome_manage_generic_home_content(mozilla_plugin_t)
> - gnome_home_filetrans_gnome_home(mozilla_plugin_t, dir, ".gnome")
> - gnome_home_filetrans_gnome_home(mozilla_plugin_t, dir, ".gnome2")
> - gnome_home_filetrans_gnome_home(mozilla_plugin_t, dir, ".gnome2_private")
> + gnome_manage_generic_home_content(webbrowser_plugin_t)
> + gnome_home_filetrans_gnome_home(webbrowser_plugin_t, dir, ".gnome")
> + gnome_home_filetrans_gnome_home(webbrowser_plugin_t, dir, ".gnome2")
> + gnome_home_filetrans_gnome_home(webbrowser_plugin_t, dir, ".gnome2_private")
> ')
>
> optional_policy(`
> - java_exec(mozilla_plugin_t)
> - java_manage_generic_home_content(mozilla_plugin_t)
> - java_manage_java_tmp(mozilla_plugin_t)
> - java_home_filetrans_java_home(mozilla_plugin_t, dir, ".java")
> + java_exec(webbrowser_plugin_t)
> + java_manage_generic_home_content(webbrowser_plugin_t)
> + java_manage_java_tmp(webbrowser_plugin_t)
> + java_home_filetrans_java_home(webbrowser_plugin_t, dir, ".java")
> ')
>
> optional_policy(`
> - lpd_run_lpr(mozilla_plugin_t, mozilla_plugin_roles)
> + lpd_run_lpr(webbrowser_plugin_t, webbrowser_plugin_roles)
> ')
>
> optional_policy(`
> - mplayer_exec(mozilla_plugin_t)
> - mplayer_manage_generic_home_content(mozilla_plugin_t)
> - mplayer_home_filetrans_mplayer_home(mozilla_plugin_t, dir, ".mplayer")
> + mplayer_exec(webbrowser_plugin_t)
> + mplayer_manage_generic_home_content(webbrowser_plugin_t)
> + mplayer_home_filetrans_mplayer_home(webbrowser_plugin_t, dir, ".mplayer")
> ')
>
> optional_policy(`
> - pcscd_stream_connect(mozilla_plugin_t)
> + pcscd_stream_connect(webbrowser_plugin_t)
> ')
>
> optional_policy(`
> - pulseaudio_run(mozilla_plugin_t, mozilla_plugin_roles)
> + pulseaudio_run(webbrowser_plugin_t, webbrowser_plugin_roles)
> ')
>
> optional_policy(`
> - udev_read_db(mozilla_plugin_t)
> + udev_read_db(webbrowser_plugin_t)
> ')
>
> optional_policy(`
> - xserver_read_user_xauth(mozilla_plugin_t)
> - xserver_read_xdm_pid(mozilla_plugin_t)
> - xserver_stream_connect(mozilla_plugin_t)
> - xserver_use_user_fonts(mozilla_plugin_t)
> - xserver_dontaudit_read_xdm_tmp_files(mozilla_plugin_t)
> + xserver_read_user_xauth(webbrowser_plugin_t)
> + xserver_read_xdm_pid(webbrowser_plugin_t)
> + xserver_stream_connect(webbrowser_plugin_t)
> + xserver_use_user_fonts(webbrowser_plugin_t)
> + xserver_dontaudit_read_xdm_tmp_files(webbrowser_plugin_t)
> ')
>
> ########################################
> @@ -626,96 +637,96 @@ optional_policy(`
> # Plugin config local policy
> #
>
> -allow mozilla_plugin_config_t self:capability { dac_override dac_read_search setgid setuid sys_nice };
> -allow mozilla_plugin_config_t self:process { setsched signal_perms getsched };
> -allow mozilla_plugin_config_t self:fifo_file rw_fifo_file_perms;
> -allow mozilla_plugin_config_t self:unix_stream_socket create_stream_socket_perms;
> +allow webbrowser_plugin_config_t self:capability { dac_override dac_read_search setgid setuid sys_nice };
> +allow webbrowser_plugin_config_t self:process { setsched signal_perms getsched };
> +allow webbrowser_plugin_config_t self:fifo_file rw_fifo_file_perms;
> +allow webbrowser_plugin_config_t self:unix_stream_socket create_stream_socket_perms;
>
> -allow mozilla_plugin_config_t mozilla_plugin_rw_t:dir manage_dir_perms;
> -allow mozilla_plugin_config_t mozilla_plugin_rw_t:file manage_file_perms;
> -allow mozilla_plugin_config_t mozilla_plugin_rw_t:lnk_file manage_lnk_file_perms;
> +allow webbrowser_plugin_config_t webbrowser_plugin_rw_t:dir manage_dir_perms;
> +allow webbrowser_plugin_config_t webbrowser_plugin_rw_t:file manage_file_perms;
> +allow webbrowser_plugin_config_t webbrowser_plugin_rw_t:lnk_file manage_lnk_file_perms;
>
> -manage_dirs_pattern(mozilla_plugin_config_t, { mozilla_home_t mozilla_plugin_home_t }, { mozilla_home_t mozilla_plugin_home_t })
> -manage_files_pattern(mozilla_plugin_config_t, { mozilla_home_t mozilla_plugin_home_t }, mozilla_plugin_home_t)
> -manage_lnk_files_pattern(mozilla_plugin_config_t, { mozilla_home_t mozilla_plugin_home_t }, mozilla_plugin_home_t)
> +manage_dirs_pattern(webbrowser_plugin_config_t, { webbrowser_home_t webbrowser_plugin_home_t }, { webbrowser_home_t webbrowser_plugin_home_t })
> +manage_files_pattern(webbrowser_plugin_config_t, { webbrowser_home_t webbrowser_plugin_home_t }, webbrowser_plugin_home_t)
> +manage_lnk_files_pattern(webbrowser_plugin_config_t, { webbrowser_home_t webbrowser_plugin_home_t }, webbrowser_plugin_home_t)
>
> -userdom_user_home_dir_filetrans(mozilla_plugin_config_t, mozilla_home_t, dir, ".galeon")
> -userdom_user_home_dir_filetrans(mozilla_plugin_config_t, mozilla_home_t, dir, ".mozilla")
> -userdom_user_home_dir_filetrans(mozilla_plugin_config_t, mozilla_home_t, dir, ".netscape")
> -userdom_user_home_dir_filetrans(mozilla_plugin_config_t, mozilla_home_t, dir, ".phoenix")
> +userdom_user_home_dir_filetrans(webbrowser_plugin_config_t, webbrowser_home_t, dir, ".galeon")
> +userdom_user_home_dir_filetrans(webbrowser_plugin_config_t, webbrowser_home_t, dir, ".mozilla")
> +userdom_user_home_dir_filetrans(webbrowser_plugin_config_t, webbrowser_home_t, dir, ".netscape")
> +userdom_user_home_dir_filetrans(webbrowser_plugin_config_t, webbrowser_home_t, dir, ".phoenix")
>
> -userdom_user_home_dir_filetrans(mozilla_plugin_config_t, mozilla_plugin_home_t, dir, ".adobe")
> -userdom_user_home_dir_filetrans(mozilla_plugin_config_t, mozilla_plugin_home_t, dir, ".macromedia")
> -userdom_user_home_dir_filetrans(mozilla_plugin_config_t, mozilla_plugin_home_t, dir, ".gnash")
> -userdom_user_home_dir_filetrans(mozilla_plugin_config_t, mozilla_plugin_home_t, dir, ".gcjwebplugin")
> -userdom_user_home_dir_filetrans(mozilla_plugin_config_t, mozilla_plugin_home_t, dir, ".icedteaplugin")
> -userdom_user_home_dir_filetrans(mozilla_plugin_config_t, mozilla_plugin_home_t, dir, ".spicec")
> -userdom_user_home_dir_filetrans(mozilla_plugin_config_t, mozilla_plugin_home_t, dir, ".ICAClient")
> -userdom_user_home_dir_filetrans(mozilla_plugin_config_t, mozilla_plugin_home_t, dir, "zimbrauserdata")
> +userdom_user_home_dir_filetrans(webbrowser_plugin_config_t, webbrowser_plugin_home_t, dir, ".adobe")
> +userdom_user_home_dir_filetrans(webbrowser_plugin_config_t, webbrowser_plugin_home_t, dir, ".macromedia")
> +userdom_user_home_dir_filetrans(webbrowser_plugin_config_t, webbrowser_plugin_home_t, dir, ".gnash")
> +userdom_user_home_dir_filetrans(webbrowser_plugin_config_t, webbrowser_plugin_home_t, dir, ".gcjwebplugin")
> +userdom_user_home_dir_filetrans(webbrowser_plugin_config_t, webbrowser_plugin_home_t, dir, ".icedteaplugin")
> +userdom_user_home_dir_filetrans(webbrowser_plugin_config_t, webbrowser_plugin_home_t, dir, ".spicec")
> +userdom_user_home_dir_filetrans(webbrowser_plugin_config_t, webbrowser_plugin_home_t, dir, ".ICAClient")
> +userdom_user_home_dir_filetrans(webbrowser_plugin_config_t, webbrowser_plugin_home_t, dir, "zimbrauserdata")
>
> -filetrans_pattern(mozilla_plugin_config_t, mozilla_home_t, mozilla_plugin_home_t, dir, "plugins")
> +filetrans_pattern(webbrowser_plugin_config_t, webbrowser_home_t, webbrowser_plugin_home_t, dir, "plugins")
>
> -can_exec(mozilla_plugin_config_t, { mozilla_plugin_rw_t mozilla_plugin_home_t })
> +can_exec(webbrowser_plugin_config_t, { webbrowser_plugin_rw_t webbrowser_plugin_home_t })
>
> -ps_process_pattern(mozilla_plugin_config_t, mozilla_plugin_t)
> +ps_process_pattern(webbrowser_plugin_config_t, webbrowser_plugin_t)
>
> -kernel_read_system_state(mozilla_plugin_config_t)
> -kernel_request_load_module(mozilla_plugin_config_t)
> +kernel_read_system_state(webbrowser_plugin_config_t)
> +kernel_request_load_module(webbrowser_plugin_config_t)
>
> -corecmd_exec_bin(mozilla_plugin_config_t)
> -corecmd_exec_shell(mozilla_plugin_config_t)
> +corecmd_exec_bin(webbrowser_plugin_config_t)
> +corecmd_exec_shell(webbrowser_plugin_config_t)
>
> -dev_read_urand(mozilla_plugin_config_t)
> -dev_rw_dri(mozilla_plugin_config_t)
> -dev_search_sysfs(mozilla_plugin_config_t)
> -dev_dontaudit_read_rand(mozilla_plugin_config_t)
> +dev_read_urand(webbrowser_plugin_config_t)
> +dev_rw_dri(webbrowser_plugin_config_t)
> +dev_search_sysfs(webbrowser_plugin_config_t)
> +dev_dontaudit_read_rand(webbrowser_plugin_config_t)
>
> -domain_use_interactive_fds(mozilla_plugin_config_t)
> +domain_use_interactive_fds(webbrowser_plugin_config_t)
>
> -files_list_tmp(mozilla_plugin_config_t)
> -files_read_usr_files(mozilla_plugin_config_t)
> -files_dontaudit_search_home(mozilla_plugin_config_t)
> +files_list_tmp(webbrowser_plugin_config_t)
> +files_read_usr_files(webbrowser_plugin_config_t)
> +files_dontaudit_search_home(webbrowser_plugin_config_t)
>
> -fs_getattr_all_fs(mozilla_plugin_config_t)
> -fs_search_auto_mountpoints(mozilla_plugin_config_t)
> -fs_list_inotifyfs(mozilla_plugin_config_t)
> +fs_getattr_all_fs(webbrowser_plugin_config_t)
> +fs_search_auto_mountpoints(webbrowser_plugin_config_t)
> +fs_list_inotifyfs(webbrowser_plugin_config_t)
>
> -auth_use_nsswitch(mozilla_plugin_config_t)
> +auth_use_nsswitch(webbrowser_plugin_config_t)
>
> -miscfiles_read_localization(mozilla_plugin_config_t)
> -miscfiles_read_fonts(mozilla_plugin_config_t)
> +miscfiles_read_localization(webbrowser_plugin_config_t)
> +miscfiles_read_fonts(webbrowser_plugin_config_t)
>
> -userdom_read_user_home_content_symlinks(mozilla_plugin_config_t)
> -userdom_read_user_home_content_files(mozilla_plugin_config_t)
> +userdom_read_user_home_content_symlinks(webbrowser_plugin_config_t)
> +userdom_read_user_home_content_files(webbrowser_plugin_config_t)
>
> -userdom_use_user_ptys(mozilla_plugin_config_t)
> +userdom_use_user_ptys(webbrowser_plugin_config_t)
>
> -mozilla_run_plugin(mozilla_plugin_config_t, mozilla_plugin_config_roles)
> +webbrowser_run_plugin(webbrowser_plugin_config_t, webbrowser_plugin_config_roles)
>
> tunable_policy(`allow_execmem',`
> - allow mozilla_plugin_config_t self:process execmem;
> + allow webbrowser_plugin_config_t self:process execmem;
> ')
>
> -tunable_policy(`mozilla_execstack',`
> - allow mozilla_plugin_config_t self:process { execmem execstack };
> +tunable_policy(`webbrowser_execstack',`
> + allow webbrowser_plugin_config_t self:process { execmem execstack };
> ')
>
> tunable_policy(`use_nfs_home_dirs',`
> - fs_manage_nfs_dirs(mozilla_plugin_config_t)
> - fs_manage_nfs_files(mozilla_plugin_config_t)
> - fs_manage_nfs_symlinks(mozilla_plugin_config_t)
> + fs_manage_nfs_dirs(webbrowser_plugin_config_t)
> + fs_manage_nfs_files(webbrowser_plugin_config_t)
> + fs_manage_nfs_symlinks(webbrowser_plugin_config_t)
> ')
>
> tunable_policy(`use_samba_home_dirs',`
> - fs_manage_cifs_dirs(mozilla_plugin_config_t)
> - fs_manage_cifs_files(mozilla_plugin_config_t)
> - fs_manage_cifs_symlinks(mozilla_plugin_config_t)
> + fs_manage_cifs_dirs(webbrowser_plugin_config_t)
> + fs_manage_cifs_files(webbrowser_plugin_config_t)
> + fs_manage_cifs_symlinks(webbrowser_plugin_config_t)
> ')
>
> optional_policy(`
> - automount_dontaudit_getattr_tmp_dirs(mozilla_plugin_config_t)
> + automount_dontaudit_getattr_tmp_dirs(webbrowser_plugin_config_t)
> ')
>
> optional_policy(`
> - xserver_use_user_fonts(mozilla_plugin_config_t)
> + xserver_use_user_fonts(webbrowser_plugin_config_t)
> ')
> Index: refpolicy-2.20180701/policy/modules/apps/mozilla.fc
> ===================================================================
> --- refpolicy-2.20180701.orig/policy/modules/apps/mozilla.fc
> +++ refpolicy-2.20180701/policy/modules/apps/mozilla.fc
> @@ -1,42 +1,42 @@
> -HOME_DIR/\.cache/mozilla(/.*)? gen_context(system_u:object_r:mozilla_xdg_cache_t,s0)
> -HOME_DIR/\.galeon(/.*)? gen_context(system_u:object_r:mozilla_home_t,s0)
> -HOME_DIR/\.mozilla(/.*)? gen_context(system_u:object_r:mozilla_home_t,s0)
> -HOME_DIR/\.mozilla/plugins(/.*)? gen_context(system_u:object_r:mozilla_plugin_home_t,s0)
> -HOME_DIR/\.netscape(/.*)? gen_context(system_u:object_r:mozilla_home_t,s0)
> -HOME_DIR/\.phoenix(/.*)? gen_context(system_u:object_r:mozilla_home_t,s0)
> -HOME_DIR/\.vimperator.* gen_context(system_u:object_r:mozilla_home_t,s0)
> +HOME_DIR/\.cache/mozilla(/.*)? gen_context(system_u:object_r:webbrowser_xdg_cache_t,s0)
> +HOME_DIR/\.galeon(/.*)? gen_context(system_u:object_r:webbrowser_home_t,s0)
> +HOME_DIR/\.mozilla(/.*)? gen_context(system_u:object_r:webbrowser_home_t,s0)
> +HOME_DIR/\.mozilla/plugins(/.*)? gen_context(system_u:object_r:webbrowser_plugin_home_t,s0)
> +HOME_DIR/\.netscape(/.*)? gen_context(system_u:object_r:webbrowser_home_t,s0)
> +HOME_DIR/\.phoenix(/.*)? gen_context(system_u:object_r:webbrowser_home_t,s0)
> +HOME_DIR/\.vimperator.* gen_context(system_u:object_r:webbrowser_home_t,s0)
>
> -HOME_DIR/\.adobe(/.*)? gen_context(system_u:object_r:mozilla_plugin_home_t,s0)
> -HOME_DIR/\.macromedia(/.*)? gen_context(system_u:object_r:mozilla_plugin_home_t,s0)
> -HOME_DIR/\.gnash(/.*)? gen_context(system_u:object_r:mozilla_plugin_home_t,s0)
> -HOME_DIR/\.gcjwebplugin(/.*)? gen_context(system_u:object_r:mozilla_plugin_home_t,s0)
> -HOME_DIR/\.icedteaplugin(/.*)? gen_context(system_u:object_r:mozilla_plugin_home_t,s0)
> -HOME_DIR/\.spicec(/.*)? gen_context(system_u:object_r:mozilla_plugin_home_t,s0)
> -HOME_DIR/\.ICAClient(/.*)? gen_context(system_u:object_r:mozilla_plugin_home_t,s0)
> -HOME_DIR/zimbrauserdata(/.*)? gen_context(system_u:object_r:mozilla_plugin_home_t,s0)
> +HOME_DIR/\.adobe(/.*)? gen_context(system_u:object_r:webbrowser_plugin_home_t,s0)
> +HOME_DIR/\.macromedia(/.*)? gen_context(system_u:object_r:webbrowser_plugin_home_t,s0)
> +HOME_DIR/\.gnash(/.*)? gen_context(system_u:object_r:webbrowser_plugin_home_t,s0)
> +HOME_DIR/\.gcjwebplugin(/.*)? gen_context(system_u:object_r:webbrowser_plugin_home_t,s0)
> +HOME_DIR/\.icedteaplugin(/.*)? gen_context(system_u:object_r:webbrowser_plugin_home_t,s0)
> +HOME_DIR/\.spicec(/.*)? gen_context(system_u:object_r:webbrowser_plugin_home_t,s0)
> +HOME_DIR/\.ICAClient(/.*)? gen_context(system_u:object_r:webbrowser_plugin_home_t,s0)
> +HOME_DIR/zimbrauserdata(/.*)? gen_context(system_u:object_r:webbrowser_plugin_home_t,s0)
>
> -/usr/bin/epiphany -- gen_context(system_u:object_r:mozilla_exec_t,s0)
> -/usr/bin/epiphany-bin -- gen_context(system_u:object_r:mozilla_exec_t,s0)
> -/usr/bin/mozilla -- gen_context(system_u:object_r:mozilla_exec_t,s0)
> -/usr/bin/mozilla-snapshot -- gen_context(system_u:object_r:mozilla_exec_t,s0)
> -/usr/bin/mozilla-[0-9].* -- gen_context(system_u:object_r:mozilla_exec_t,s0)
> -/usr/bin/mozilla-bin-[0-9].* -- gen_context(system_u:object_r:mozilla_exec_t,s0)
> -/usr/bin/netscape -- gen_context(system_u:object_r:mozilla_exec_t,s0)
> -/usr/bin/nspluginscan -- gen_context(system_u:object_r:mozilla_plugin_exec_t,s0)
> -/usr/bin/nspluginviewer -- gen_context(system_u:object_r:mozilla_plugin_exec_t,s0)
> +/usr/bin/epiphany -- gen_context(system_u:object_r:webbrowser_exec_t,s0)
> +/usr/bin/epiphany-bin -- gen_context(system_u:object_r:webbrowser_exec_t,s0)
> +/usr/bin/mozilla -- gen_context(system_u:object_r:webbrowser_exec_t,s0)
> +/usr/bin/mozilla-snapshot -- gen_context(system_u:object_r:webbrowser_exec_t,s0)
> +/usr/bin/mozilla-[0-9].* -- gen_context(system_u:object_r:webbrowser_exec_t,s0)
> +/usr/bin/mozilla-bin-[0-9].* -- gen_context(system_u:object_r:webbrowser_exec_t,s0)
> +/usr/bin/netscape -- gen_context(system_u:object_r:webbrowser_exec_t,s0)
> +/usr/bin/nspluginscan -- gen_context(system_u:object_r:webbrowser_plugin_exec_t,s0)
> +/usr/bin/nspluginviewer -- gen_context(system_u:object_r:webbrowser_plugin_exec_t,s0)
>
> -/usr/lib/[^/]*firefox[^/]*/firefox -- gen_context(system_u:object_r:mozilla_exec_t,s0)
> -/usr/lib/[^/]*firefox[^/]*/firefox-bin -- gen_context(system_u:object_r:mozilla_exec_t,s0)
> -/usr/lib/firefox[^/]*/firefox-.* -- gen_context(system_u:object_r:mozilla_exec_t,s0)
> -/usr/lib/firefox[^/]*/mozilla-.* -- gen_context(system_u:object_r:mozilla_exec_t,s0)
> -/usr/lib/galeon/galeon -- gen_context(system_u:object_r:mozilla_exec_t,s0)
> -/usr/lib/iceweasel/iceweasel -- gen_context(system_u:object_r:mozilla_exec_t,s0)
> -/usr/lib/iceweasel/plugin-container -- gen_context(system_u:object_r:mozilla_plugin_exec_t,s0)
> -/usr/lib/mozilla[^/]*/reg.+ -- gen_context(system_u:object_r:mozilla_exec_t,s0)
> -/usr/lib/mozilla[^/]*/mozilla-.* -- gen_context(system_u:object_r:mozilla_exec_t,s0)
> -/usr/lib/mozilla/plugins-wrapped(/.*)? gen_context(system_u:object_r:mozilla_plugin_rw_t,s0)
> -/usr/lib/netscape/base-4/wrapper -- gen_context(system_u:object_r:mozilla_exec_t,s0)
> -/usr/lib/netscape/.+/communicator/communicator-smotif\.real -- gen_context(system_u:object_r:mozilla_exec_t,s0)
> -/usr/lib/nspluginwrapper/npviewer.bin -- gen_context(system_u:object_r:mozilla_plugin_exec_t,s0)
> -/usr/lib/nspluginwrapper/plugin-config -- gen_context(system_u:object_r:mozilla_plugin_config_exec_t,s0)
> -/usr/lib/xulrunner[^/]*/plugin-container -- gen_context(system_u:object_r:mozilla_plugin_exec_t,s0)
> +/usr/lib/[^/]*firefox[^/]*/firefox -- gen_context(system_u:object_r:webbrowser_exec_t,s0)
> +/usr/lib/[^/]*firefox[^/]*/firefox-bin -- gen_context(system_u:object_r:webbrowser_exec_t,s0)
> +/usr/lib/firefox[^/]*/firefox-.* -- gen_context(system_u:object_r:webbrowser_exec_t,s0)
> +/usr/lib/firefox[^/]*/mozilla-.* -- gen_context(system_u:object_r:webbrowser_exec_t,s0)
> +/usr/lib/galeon/galeon -- gen_context(system_u:object_r:webbrowser_exec_t,s0)
> +/usr/lib/iceweasel/iceweasel -- gen_context(system_u:object_r:webbrowser_exec_t,s0)
> +/usr/lib/iceweasel/plugin-container -- gen_context(system_u:object_r:webbrowser_plugin_exec_t,s0)
> +/usr/lib/mozilla[^/]*/reg.+ -- gen_context(system_u:object_r:webbrowser_exec_t,s0)
> +/usr/lib/mozilla[^/]*/mozilla-.* -- gen_context(system_u:object_r:webbrowser_exec_t,s0)
> +/usr/lib/mozilla/plugins-wrapped(/.*)? gen_context(system_u:object_r:webbrowser_plugin_rw_t,s0)
> +/usr/lib/netscape/base-4/wrapper -- gen_context(system_u:object_r:webbrowser_exec_t,s0)
> +/usr/lib/netscape/.+/communicator/communicator-smotif\.real -- gen_context(system_u:object_r:webbrowser_exec_t,s0)
> +/usr/lib/nspluginwrapper/npviewer.bin -- gen_context(system_u:object_r:webbrowser_plugin_exec_t,s0)
> +/usr/lib/nspluginwrapper/plugin-config -- gen_context(system_u:object_r:webbrowser_plugin_config_exec_t,s0)
> +/usr/lib/xulrunner[^/]*/plugin-container -- gen_context(system_u:object_r:webbrowser_plugin_exec_t,s0)
> Index: refpolicy-2.20180701/policy/modules/apps/mozilla.if
> ===================================================================
> --- refpolicy-2.20180701.orig/policy/modules/apps/mozilla.if
> +++ refpolicy-2.20180701/policy/modules/apps/mozilla.if
> @@ -2,7 +2,7 @@
>
> ########################################
> ## <summary>
> -## Role access for mozilla.
> +## Role access for graphical web browser.
> ## </summary>
> ## <param name="role">
> ## <summary>
> @@ -15,12 +15,12 @@
> ## </summary>
> ## </param>
> #
> -interface(`mozilla_role',`
> +interface(`webbrowser_role',`
> gen_require(`
> - type mozilla_t, mozilla_exec_t, mozilla_home_t;
> - type mozilla_tmp_t, mozilla_tmpfs_t, mozilla_plugin_tmp_t;
> - type mozilla_plugin_tmpfs_t, mozilla_plugin_home_t;
> - attribute_role mozilla_roles;
> + type webbrowser_t, webbrowser_exec_t, webbrowser_home_t;
> + type webbrowser_tmp_t, webbrowser_tmpfs_t, webbrowser_plugin_tmp_t;
> + type webbrowser_plugin_tmpfs_t, webbrowser_plugin_home_t;
> + attribute_role webbrowser_roles;
> ')
>
> ########################################
> @@ -28,53 +28,53 @@ interface(`mozilla_role',`
> # Declarations
> #
>
> - roleattribute $1 mozilla_roles;
> + roleattribute $1 webbrowser_roles;
>
> ########################################
> #
> # Policy
> #
>
> - domtrans_pattern($2, mozilla_exec_t, mozilla_t)
> + domtrans_pattern($2, webbrowser_exec_t, webbrowser_t)
>
> - allow $2 mozilla_t:process { noatsecure siginh rlimitinh ptrace signal_perms };
> - ps_process_pattern($2, mozilla_t)
> + allow $2 webbrowser_t:process { noatsecure siginh rlimitinh ptrace signal_perms };
> + ps_process_pattern($2, webbrowser_t)
>
> - allow mozilla_t $2:process signull;
> - allow mozilla_t $2:unix_stream_socket connectto;
> + allow webbrowser_t $2:process signull;
> + allow webbrowser_t $2:unix_stream_socket connectto;
>
> - allow $2 mozilla_t:fd use;
> - allow $2 mozilla_t:shm rw_shm_perms;
> + allow $2 webbrowser_t:fd use;
> + allow $2 webbrowser_t:shm rw_shm_perms;
>
> - stream_connect_pattern($2, mozilla_tmpfs_t, mozilla_tmpfs_t, mozilla_t)
> + stream_connect_pattern($2, webbrowser_tmpfs_t, webbrowser_tmpfs_t, webbrowser_t)
>
> - allow $2 { mozilla_home_t mozilla_plugin_home_t }:dir { manage_dir_perms relabel_dir_perms };
> - allow $2 { mozilla_home_t mozilla_plugin_home_t }:file { manage_file_perms relabel_file_perms };
> - allow $2 mozilla_home_t:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms };
> - userdom_user_home_dir_filetrans($2, mozilla_home_t, dir, ".galeon")
> - userdom_user_home_dir_filetrans($2, mozilla_home_t, dir, ".mozilla")
> - userdom_user_home_dir_filetrans($2, mozilla_home_t, dir, ".netscape")
> - userdom_user_home_dir_filetrans($2, mozilla_home_t, dir, ".phoenix")
> + allow $2 { webbrowser_home_t webbrowser_plugin_home_t }:dir { manage_dir_perms relabel_dir_perms };
> + allow $2 { webbrowser_home_t webbrowser_plugin_home_t }:file { manage_file_perms relabel_file_perms };
> + allow $2 webbrowser_home_t:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms };
> + userdom_user_home_dir_filetrans($2, webbrowser_home_t, dir, ".galeon")
> + userdom_user_home_dir_filetrans($2, webbrowser_home_t, dir, ".mozilla")
> + userdom_user_home_dir_filetrans($2, webbrowser_home_t, dir, ".netscape")
> + userdom_user_home_dir_filetrans($2, webbrowser_home_t, dir, ".phoenix")
>
> - filetrans_pattern($2, mozilla_home_t, mozilla_plugin_home_t, dir, "plugins")
> + filetrans_pattern($2, webbrowser_home_t, webbrowser_plugin_home_t, dir, "plugins")
>
> - allow $2 { mozilla_tmp_t mozilla_plugin_tmp_t }:dir { manage_dir_perms relabel_dir_perms };
> - allow $2 { mozilla_tmp_t mozilla_plugin_tmp_t }:file { manage_file_perms relabel_file_perms };
> - allow $2 mozilla_plugin_tmp_t:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms };
> + allow $2 { webbrowser_tmp_t webbrowser_plugin_tmp_t }:dir { manage_dir_perms relabel_dir_perms };
> + allow $2 { webbrowser_tmp_t webbrowser_plugin_tmp_t }:file { manage_file_perms relabel_file_perms };
> + allow $2 webbrowser_plugin_tmp_t:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms };
>
> - allow $2 { mozilla_tmpfs_t mozilla_plugin_tmpfs_t }:dir { manage_dir_perms relabel_dir_perms };
> - allow $2 { mozilla_tmpfs_t mozilla_plugin_tmpfs_t }:file { manage_file_perms relabel_file_perms };
> - allow $2 { mozilla_tmpfs_t mozilla_plugin_tmpfs_t }:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms };
> - allow $2 { mozilla_tmpfs_t mozilla_plugin_tmpfs_t }:sock_file { manage_sock_file_perms relabel_sock_file_perms };
> + allow $2 { webbrowser_tmpfs_t webbrowser_plugin_tmpfs_t }:dir { manage_dir_perms relabel_dir_perms };
> + allow $2 { webbrowser_tmpfs_t webbrowser_plugin_tmpfs_t }:file { manage_file_perms relabel_file_perms };
> + allow $2 { webbrowser_tmpfs_t webbrowser_plugin_tmpfs_t }:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms };
> + allow $2 { webbrowser_tmpfs_t webbrowser_plugin_tmpfs_t }:sock_file { manage_sock_file_perms relabel_sock_file_perms };
>
> optional_policy(`
> - mozilla_dbus_chat($2)
> + webbrowser_dbus_chat($2)
> ')
> ')
>
> ########################################
> ## <summary>
> -## Role access for mozilla plugin.
> +## Role access for web browser plugin.
> ## </summary>
> ## <param name="role">
> ## <summary>
> @@ -87,60 +87,60 @@ interface(`mozilla_role',`
> ## </summary>
> ## </param>
> #
> -interface(`mozilla_role_plugin',`
> +interface(`webbrowser_role_plugin',`
> gen_require(`
> - type mozilla_plugin_tmp_t, mozilla_plugin_tmpfs_t, mozilla_plugin_rw_t;
> - type mozilla_home_t;
> + type webbrowser_plugin_tmp_t, webbrowser_plugin_tmpfs_t, webbrowser_plugin_rw_t;
> + type webbrowser_home_t;
> ')
>
> - mozilla_run_plugin($2, $1)
> - mozilla_run_plugin_config($2, $1)
> + webbrowser_run_plugin($2, $1)
> + webbrowser_run_plugin_config($2, $1)
>
> - allow $2 { mozilla_plugin_t mozilla_plugin_config_t }:process { ptrace signal_perms };
> - ps_process_pattern($2, { mozilla_plugin_t mozilla_plugin_config_t })
> + allow $2 { webbrowser_plugin_t webbrowser_plugin_config_t }:process { ptrace signal_perms };
> + ps_process_pattern($2, { webbrowser_plugin_t webbrowser_plugin_config_t })
>
> - allow $2 mozilla_plugin_t:unix_stream_socket rw_socket_perms;
> - allow $2 mozilla_plugin_t:fd use;
> + allow $2 webbrowser_plugin_t:unix_stream_socket rw_socket_perms;
> + allow $2 webbrowser_plugin_t:fd use;
>
> - stream_connect_pattern($2, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t, mozilla_plugin_t)
> + stream_connect_pattern($2, webbrowser_plugin_tmpfs_t, webbrowser_plugin_tmpfs_t, webbrowser_plugin_t)
>
> - allow mozilla_plugin_t $2:process signull;
> - allow mozilla_plugin_t $2:unix_stream_socket { connectto rw_socket_perms };
> - allow mozilla_plugin_t $2:unix_dgram_socket { sendto rw_socket_perms };
> - allow mozilla_plugin_t $2:shm { rw_shm_perms destroy };
> - allow mozilla_plugin_t $2:sem create_sem_perms;
> + allow webbrowser_plugin_t $2:process signull;
> + allow webbrowser_plugin_t $2:unix_stream_socket { connectto rw_socket_perms };
> + allow webbrowser_plugin_t $2:unix_dgram_socket { sendto rw_socket_perms };
> + allow webbrowser_plugin_t $2:shm { rw_shm_perms destroy };
> + allow webbrowser_plugin_t $2:sem create_sem_perms;
>
> - allow $2 mozilla_home_t:dir { manage_dir_perms relabel_dir_perms };
> - allow $2 mozilla_home_t:file { manage_file_perms relabel_file_perms };
> - allow $2 mozilla_home_t:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms };
> - userdom_user_home_dir_filetrans($2, mozilla_home_t, dir, ".galeon")
> - userdom_user_home_dir_filetrans($2, mozilla_home_t, dir, ".mozilla")
> - userdom_user_home_dir_filetrans($2, mozilla_home_t, dir, ".netscape")
> - userdom_user_home_dir_filetrans($2, mozilla_home_t, dir, ".phoenix")
> + allow $2 webbrowser_home_t:dir { manage_dir_perms relabel_dir_perms };
> + allow $2 webbrowser_home_t:file { manage_file_perms relabel_file_perms };
> + allow $2 webbrowser_home_t:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms };
> + userdom_user_home_dir_filetrans($2, webbrowser_home_t, dir, ".galeon")
> + userdom_user_home_dir_filetrans($2, webbrowser_home_t, dir, ".mozilla")
> + userdom_user_home_dir_filetrans($2, webbrowser_home_t, dir, ".netscape")
> + userdom_user_home_dir_filetrans($2, webbrowser_home_t, dir, ".phoenix")
>
> - allow $2 mozilla_plugin_tmp_t:dir { manage_dir_perms relabel_dir_perms };
> - allow $2 mozilla_plugin_tmp_t:file { manage_file_perms relabel_file_perms };
> - allow $2 mozilla_plugin_tmp_t:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms };
> + allow $2 webbrowser_plugin_tmp_t:dir { manage_dir_perms relabel_dir_perms };
> + allow $2 webbrowser_plugin_tmp_t:file { manage_file_perms relabel_file_perms };
> + allow $2 webbrowser_plugin_tmp_t:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms };
>
> - allow $2 mozilla_plugin_tmpfs_t:dir { manage_dir_perms relabel_dir_perms };
> - allow $2 mozilla_plugin_tmpfs_t:file { manage_file_perms relabel_file_perms };
> - allow $2 mozilla_plugin_tmpfs_t:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms };
> - allow $2 mozilla_plugin_tmpfs_t:sock_file { manage_sock_file_perms relabel_sock_file_perms };
> + allow $2 webbrowser_plugin_tmpfs_t:dir { manage_dir_perms relabel_dir_perms };
> + allow $2 webbrowser_plugin_tmpfs_t:file { manage_file_perms relabel_file_perms };
> + allow $2 webbrowser_plugin_tmpfs_t:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms };
> + allow $2 webbrowser_plugin_tmpfs_t:sock_file { manage_sock_file_perms relabel_sock_file_perms };
>
> - allow $2 mozilla_plugin_rw_t:dir list_dir_perms;
> - allow $2 mozilla_plugin_rw_t:file read_file_perms;
> - allow $2 mozilla_plugin_rw_t:lnk_file read_lnk_file_perms;
> + allow $2 webbrowser_plugin_rw_t:dir list_dir_perms;
> + allow $2 webbrowser_plugin_rw_t:file read_file_perms;
> + allow $2 webbrowser_plugin_rw_t:lnk_file read_lnk_file_perms;
>
> - can_exec($2, mozilla_plugin_rw_t)
> + can_exec($2, webbrowser_plugin_rw_t)
>
> optional_policy(`
> - mozilla_dbus_chat_plugin($2)
> + webbrowser_dbus_chat_plugin($2)
> ')
> ')
>
> ########################################
> ## <summary>
> -## Read mozilla home directory content.
> +## Read web browser home directory content.
> ## </summary>
> ## <param name="domain">
> ## <summary>
> @@ -148,20 +148,20 @@ interface(`mozilla_role_plugin',`
> ## </summary>
> ## </param>
> #
> -interface(`mozilla_read_user_home_files',`
> +interface(`webbrowser_read_user_home_files',`
> gen_require(`
> - type mozilla_home_t;
> + type webbrowser_home_t;
> ')
>
> userdom_search_user_home_dirs($1)
> - allow $1 mozilla_home_t:dir list_dir_perms;
> - allow $1 mozilla_home_t:file read_file_perms;
> - allow $1 mozilla_home_t:lnk_file read_lnk_file_perms;
> + allow $1 webbrowser_home_t:dir list_dir_perms;
> + allow $1 webbrowser_home_t:file read_file_perms;
> + allow $1 webbrowser_home_t:lnk_file read_lnk_file_perms;
> ')
>
> ########################################
> ## <summary>
> -## Write mozilla home directory files.
> +## Write web browser home directory files.
> ## </summary>
> ## <param name="domain">
> ## <summary>
> @@ -169,19 +169,19 @@ interface(`mozilla_read_user_home_files'
> ## </summary>
> ## </param>
> #
> -interface(`mozilla_write_user_home_files',`
> +interface(`webbrowser_write_user_home_files',`
> gen_require(`
> - type mozilla_home_t;
> + type webbrowser_home_t;
> ')
>
> userdom_search_user_home_dirs($1)
> - write_files_pattern($1, mozilla_home_t, mozilla_home_t)
> + write_files_pattern($1, webbrowser_home_t, webbrowser_home_t)
> ')
>
> ########################################
> ## <summary>
> ## Do not audit attempts to read and
> -## write mozilla home directory files.
> +## write web browser home directory files.
> ## </summary>
> ## <param name="domain">
> ## <summary>
> @@ -189,18 +189,18 @@ interface(`mozilla_write_user_home_files
> ## </summary>
> ## </param>
> #
> -interface(`mozilla_dontaudit_rw_user_home_files',`
> +interface(`webbrowser_dontaudit_rw_user_home_files',`
> gen_require(`
> - type mozilla_home_t;
> + type webbrowser_home_t;
> ')
>
> - dontaudit $1 mozilla_home_t:file rw_file_perms;
> + dontaudit $1 webbrowser_home_t:file rw_file_perms;
> ')
>
> ########################################
> ## <summary>
> ## Do not audit attempt to Create,
> -## read, write, and delete mozilla
> +## read, write, and delete web browser
> ## home directory content.
> ## </summary>
> ## <param name="domain">
> @@ -209,19 +209,19 @@ interface(`mozilla_dontaudit_rw_user_hom
> ## </summary>
> ## </param>
> #
> -interface(`mozilla_dontaudit_manage_user_home_files',`
> +interface(`webbrowser_dontaudit_manage_user_home_files',`
> gen_require(`
> - type mozilla_home_t;
> + type webbrowser_home_t;
> ')
>
> - dontaudit $1 mozilla_home_t:dir manage_dir_perms;
> - dontaudit $1 mozilla_home_t:file manage_file_perms;
> - dontaudit $1 mozilla_home_t:lnk_file manage_lnk_file_perms;
> + dontaudit $1 webbrowser_home_t:dir manage_dir_perms;
> + dontaudit $1 webbrowser_home_t:file manage_file_perms;
> + dontaudit $1 webbrowser_home_t:lnk_file manage_lnk_file_perms;
> ')
>
> ########################################
> ## <summary>
> -## Execute mozilla plugin home directory files.
> +## Execute web browser plugin home directory files.
> ## </summary>
> ## <param name="domain">
> ## <summary>
> @@ -229,13 +229,13 @@ interface(`mozilla_dontaudit_manage_user
> ## </summary>
> ## </param>
> #
> -interface(`mozilla_exec_user_plugin_home_files',`
> +interface(`webbrowser_exec_user_plugin_home_files',`
> gen_require(`
> - type mozilla_home_t, mozilla_plugin_home_t;
> + type webbrowser_home_t, webbrowser_plugin_home_t;
> ')
>
> userdom_search_user_home_dirs($1)
> - exec_files_pattern($1, { mozilla_home_t mozilla_plugin_home_t }, mozilla_plugin_home_t)
> + exec_files_pattern($1, { webbrowser_home_t webbrowser_plugin_home_t }, webbrowser_plugin_home_t)
> ')
>
> ########################################
> @@ -249,17 +249,17 @@ interface(`mozilla_exec_user_plugin_home
> ## </summary>
> ## </param>
> #
> -interface(`mozilla_execmod_user_plugin_home_files',`
> +interface(`webbrowser_execmod_user_plugin_home_files',`
> gen_require(`
> - type mozilla_plugin_home_t;
> + type webbrowser_plugin_home_t;
> ')
>
> - allow $1 mozilla_plugin_home_t:file execmod;
> + allow $1 webbrowser_plugin_home_t:file execmod;
> ')
>
> #######################################
> ## <summary>
> -## Read temporary mozilla files.
> +## Read temporary web browser files.
> ## </summary>
> ## <param name="domain">
> ## <summary>
> @@ -267,17 +267,17 @@ interface(`mozilla_execmod_user_plugin_h
> ## </summary>
> ## </param>
> #
> -interface(`mozilla_read_tmp_files',`
> +interface(`webbrowser_read_tmp_files',`
> gen_require(`
> - type mozilla_tmp_t;
> + type webbrowser_tmp_t;
> ')
>
> - read_files_pattern($1, mozilla_tmp_t, mozilla_tmp_t)
> + read_files_pattern($1, webbrowser_tmp_t, webbrowser_tmp_t)
> ')
>
> ########################################
> ## <summary>
> -## Run mozilla in the mozilla domain.
> +## Run web browser in the web browser domain.
> ## </summary>
> ## <param name="domain">
> ## <summary>
> @@ -285,19 +285,19 @@ interface(`mozilla_read_tmp_files',`
> ## </summary>
> ## </param>
> #
> -interface(`mozilla_domtrans',`
> +interface(`webbrowser_domtrans',`
> gen_require(`
> - type mozilla_t, mozilla_exec_t;
> + type webbrowser_t, webbrowser_exec_t;
> ')
>
> corecmd_search_bin($1)
> - domtrans_pattern($1, mozilla_exec_t, mozilla_t)
> + domtrans_pattern($1, webbrowser_exec_t, webbrowser_t)
> ')
>
> ########################################
> ## <summary>
> ## Execute a domain transition to
> -## run mozilla plugin.
> +## run web browser plugin.
> ## </summary>
> ## <param name="domain">
> ## <summary>
> @@ -305,20 +305,20 @@ interface(`mozilla_domtrans',`
> ## </summary>
> ## </param>
> #
> -interface(`mozilla_domtrans_plugin',`
> +interface(`webbrowser_domtrans_plugin',`
> gen_require(`
> - type mozilla_plugin_t, mozilla_plugin_exec_t;
> + type webbrowser_plugin_t, webbrowser_plugin_exec_t;
> ')
>
> corecmd_search_bin($1)
> - domtrans_pattern($1, mozilla_plugin_exec_t, mozilla_plugin_t)
> + domtrans_pattern($1, webbrowser_plugin_exec_t, webbrowser_plugin_t)
> ')
>
> ########################################
> ## <summary>
> -## Execute mozilla plugin in the
> -## mozilla plugin domain, and allow
> -## the specified role the mozilla
> +## Execute web browser plugin in the
> +## web browser plugin domain, and allow
> +## the specified role the web browser
> ## plugin domain.
> ## </summary>
> ## <param name="domain">
> @@ -332,19 +332,19 @@ interface(`mozilla_domtrans_plugin',`
> ## </summary>
> ## </param>
> #
> -interface(`mozilla_run_plugin',`
> +interface(`webbrowser_run_plugin',`
> gen_require(`
> - attribute_role mozilla_plugin_roles;
> + attribute_role webbrowser_plugin_roles;
> ')
>
> - mozilla_domtrans_plugin($1)
> - roleattribute $2 mozilla_plugin_roles;
> + webbrowser_domtrans_plugin($1)
> + roleattribute $2 webbrowser_plugin_roles;
> ')
>
> ########################################
> ## <summary>
> ## Execute a domain transition to
> -## run mozilla plugin config.
> +## run web browser plugin config.
> ## </summary>
> ## <param name="domain">
> ## <summary>
> @@ -352,21 +352,21 @@ interface(`mozilla_run_plugin',`
> ## </summary>
> ## </param>
> #
> -interface(`mozilla_domtrans_plugin_config',`
> +interface(`webbrowser_domtrans_plugin_config',`
> gen_require(`
> - type mozilla_plugin_config_t, mozilla_plugin_config_exec_t;
> + type webbrowser_plugin_config_t, webbrowser_plugin_config_exec_t;
> ')
>
> corecmd_search_bin($1)
> - domtrans_pattern($1, mozilla_plugin_config_exec_t, mozilla_plugin_config_t)
> + domtrans_pattern($1, webbrowser_plugin_config_exec_t, webbrowser_plugin_config_t)
> ')
>
> ########################################
> ## <summary>
> -## Execute mozilla plugin config in
> -## the mozilla plugin config domain,
> +## Execute web browser plugin config in
> +## the web browser plugin config domain,
> ## and allow the specified role the
> -## mozilla plugin config domain.
> +## web browser plugin config domain.
> ## </summary>
> ## <param name="domain">
> ## <summary>
> @@ -379,19 +379,19 @@ interface(`mozilla_domtrans_plugin_confi
> ## </summary>
> ## </param>
> #
> -interface(`mozilla_run_plugin_config',`
> +interface(`webbrowser_run_plugin_config',`
> gen_require(`
> - attribute_role mozilla_plugin_config_roles;
> + attribute_role webbrowser_plugin_config_roles;
> ')
>
> - mozilla_domtrans_plugin_config($1)
> - roleattribute $2 mozilla_plugin_config_roles;
> + webbrowser_domtrans_plugin_config($1)
> + roleattribute $2 webbrowser_plugin_config_roles;
> ')
>
> ########################################
> ## <summary>
> ## Send and receive messages from
> -## mozilla over dbus.
> +## web browser over dbus.
> ## </summary>
> ## <param name="domain">
> ## <summary>
> @@ -399,20 +399,20 @@ interface(`mozilla_run_plugin_config',`
> ## </summary>
> ## </param>
> #
> -interface(`mozilla_dbus_chat',`
> +interface(`webbrowser_dbus_chat',`
> gen_require(`
> - type mozilla_t;
> + type webbrowser_t;
> class dbus send_msg;
> ')
>
> - allow $1 mozilla_t:dbus send_msg;
> - allow mozilla_t $1:dbus send_msg;
> + allow $1 webbrowser_t:dbus send_msg;
> + allow webbrowser_t $1:dbus send_msg;
> ')
>
> ########################################
> ## <summary>
> ## Send and receive messages from
> -## mozilla plugin over dbus.
> +## web browser plugin over dbus.
> ## </summary>
> ## <param name="domain">
> ## <summary>
> @@ -420,19 +420,19 @@ interface(`mozilla_dbus_chat',`
> ## </summary>
> ## </param>
> #
> -interface(`mozilla_dbus_chat_plugin',`
> +interface(`webbrowser_dbus_chat_plugin',`
> gen_require(`
> - type mozilla_plugin_t;
> + type webbrowser_plugin_t;
> class dbus send_msg;
> ')
>
> - allow $1 mozilla_plugin_t:dbus send_msg;
> - allow mozilla_plugin_t $1:dbus send_msg;
> + allow $1 webbrowser_plugin_t:dbus send_msg;
> + allow webbrowser_plugin_t $1:dbus send_msg;
> ')
>
> ########################################
> ## <summary>
> -## Read and write mozilla TCP sockets.
> +## Read and write web browser TCP sockets.
> ## </summary>
> ## <param name="domain">
> ## <summary>
> @@ -440,18 +440,18 @@ interface(`mozilla_dbus_chat_plugin',`
> ## </summary>
> ## </param>
> #
> -interface(`mozilla_rw_tcp_sockets',`
> +interface(`webbrowser_rw_tcp_sockets',`
> gen_require(`
> - type mozilla_t;
> + type webbrowser_t;
> ')
>
> - allow $1 mozilla_t:tcp_socket rw_socket_perms;
> + allow $1 webbrowser_t:tcp_socket rw_socket_perms;
> ')
>
> ########################################
> ## <summary>
> ## Create, read, write, and delete
> -## mozilla plugin rw files.
> +## web browser plugin rw files.
> ## </summary>
> ## <param name="domain">
> ## <summary>
> @@ -459,18 +459,18 @@ interface(`mozilla_rw_tcp_sockets',`
> ## </summary>
> ## </param>
> #
> -interface(`mozilla_manage_plugin_rw_files',`
> +interface(`webbrowser_manage_plugin_rw_files',`
> gen_require(`
> - type mozilla_plugin_rw_t;
> + type webbrowser_plugin_rw_t;
> ')
>
> libs_search_lib($1)
> - manage_files_pattern($1, mozilla_plugin_rw_t, mozilla_plugin_rw_t)
> + manage_files_pattern($1, webbrowser_plugin_rw_t, webbrowser_plugin_rw_t)
> ')
>
> ########################################
> ## <summary>
> -## Read mozilla_plugin tmpfs files.
> +## Read webbrowser_plugin tmpfs files.
> ## </summary>
> ## <param name="domain">
> ## <summary>
> @@ -478,18 +478,18 @@ interface(`mozilla_manage_plugin_rw_file
> ## </summary>
> ## </param>
> #
> -interface(`mozilla_plugin_read_tmpfs_files',`
> +interface(`webbrowser_plugin_read_tmpfs_files',`
> gen_require(`
> - type mozilla_plugin_tmpfs_t;
> + type webbrowser_plugin_tmpfs_t;
> ')
>
> fs_search_tmpfs($1)
> - allow $1 mozilla_plugin_tmpfs_t:file read_file_perms;
> + allow $1 webbrowser_plugin_tmpfs_t:file read_file_perms;
> ')
>
> ########################################
> ## <summary>
> -## Delete mozilla_plugin tmpfs files.
> +## Delete webbrowser_plugin tmpfs files.
> ## </summary>
> ## <param name="domain">
> ## <summary>
> @@ -497,19 +497,19 @@ interface(`mozilla_plugin_read_tmpfs_fil
> ## </summary>
> ## </param>
> #
> -interface(`mozilla_plugin_delete_tmpfs_files',`
> +interface(`webbrowser_plugin_delete_tmpfs_files',`
> gen_require(`
> - type mozilla_plugin_tmpfs_t;
> + type webbrowser_plugin_tmpfs_t;
> ')
>
> fs_search_tmpfs($1)
> - allow $1 mozilla_plugin_tmpfs_t:file delete_file_perms;
> + allow $1 webbrowser_plugin_tmpfs_t:file delete_file_perms;
> ')
>
> ########################################
> ## <summary>
> ## Create, read, write, and delete
> -## generic mozilla plugin home content.
> +## generic web browser plugin home content.
> ## </summary>
> ## <param name="domain">
> ## <summary>
> @@ -517,23 +517,23 @@ interface(`mozilla_plugin_delete_tmpfs_f
> ## </summary>
> ## </param>
> #
> -interface(`mozilla_manage_generic_plugin_home_content',`
> +interface(`webbrowser_manage_generic_plugin_home_content',`
> gen_require(`
> - type mozilla_plugin_home_t;
> + type webbrowser_plugin_home_t;
> ')
>
> userdom_search_user_home_dirs($1)
> - allow $1 mozilla_plugin_home_t:dir manage_dir_perms;
> - allow $1 mozilla_plugin_home_t:file manage_file_perms;
> - allow $1 mozilla_plugin_home_t:fifo_file manage_fifo_file_perms;
> - allow $1 mozilla_plugin_home_t:lnk_file manage_lnk_file_perms;
> - allow $1 mozilla_plugin_home_t:sock_file manage_sock_file_perms;
> + allow $1 webbrowser_plugin_home_t:dir manage_dir_perms;
> + allow $1 webbrowser_plugin_home_t:file manage_file_perms;
> + allow $1 webbrowser_plugin_home_t:fifo_file manage_fifo_file_perms;
> + allow $1 webbrowser_plugin_home_t:lnk_file manage_lnk_file_perms;
> + allow $1 webbrowser_plugin_home_t:sock_file manage_sock_file_perms;
> ')
>
> ########################################
> ## <summary>
> ## Create objects in user home
> -## directories with the generic mozilla
> +## directories with the generic web browser
> ## plugin home type.
> ## </summary>
> ## <param name="domain">
> @@ -552,10 +552,10 @@ interface(`mozilla_manage_generic_plugin
> ## </summary>
> ## </param>
> #
> -interface(`mozilla_home_filetrans_plugin_home',`
> +interface(`webbrowser_home_filetrans_plugin_home',`
> gen_require(`
> - type mozilla_plugin_home_t;
> + type webbrowser_plugin_home_t;
> ')
>
> - userdom_user_home_dir_filetrans($1, mozilla_plugin_home_t, $2, $3)
> + userdom_user_home_dir_filetrans($1, webbrowser_plugin_home_t, $2, $3)
> ')
> Index: refpolicy-2.20180701/policy/modules/roles/staff.te
> ===================================================================
> --- refpolicy-2.20180701.orig/policy/modules/roles/staff.te
> +++ refpolicy-2.20180701/policy/modules/roles/staff.te
> @@ -142,7 +142,7 @@ ifndef(`distro_redhat',`
> ')
>
> optional_policy(`
> - mozilla_role(staff_r, staff_t)
> + webbrowser_role(staff_r, staff_t)
> ')
>
> optional_policy(`
> Index: refpolicy-2.20180701/policy/modules/roles/sysadm.te
> ===================================================================
> --- refpolicy-2.20180701.orig/policy/modules/roles/sysadm.te
> +++ refpolicy-2.20180701/policy/modules/roles/sysadm.te
> @@ -652,7 +652,7 @@ optional_policy(`
> ')
>
> optional_policy(`
> - mozilla_role(sysadm_r, sysadm_t)
> + webbrowser_role(sysadm_r, sysadm_t)
> ')
>
> optional_policy(`
> Index: refpolicy-2.20180701/policy/modules/roles/unprivuser.te
> ===================================================================
> --- refpolicy-2.20180701.orig/policy/modules/roles/unprivuser.te
> +++ refpolicy-2.20180701/policy/modules/roles/unprivuser.te
> @@ -114,7 +114,7 @@ ifndef(`distro_redhat',`
> ')
>
> optional_policy(`
> - mozilla_role(user_r, user_t)
> + webbrowser_role(user_r, user_t)
> ')
>
> optional_policy(`
> Index: refpolicy-2.20180701/policy/modules/roles/xguest.te
> ===================================================================
> --- refpolicy-2.20180701.orig/policy/modules/roles/xguest.te
> +++ refpolicy-2.20180701/policy/modules/roles/xguest.te
> @@ -103,7 +103,7 @@ optional_policy(`
> ')
>
> optional_policy(`
> - mozilla_role(xguest_r, xguest_t)
> + webbrowser_role(xguest_r, xguest_t)
> ')
>
> optional_policy(`
> Index: refpolicy-2.20180701/policy/modules/admin/prelink.te
> ===================================================================
> --- refpolicy-2.20180701.orig/policy/modules/admin/prelink.te
> +++ refpolicy-2.20180701/policy/modules/admin/prelink.te
> @@ -141,7 +141,7 @@ optional_policy(`
> ')
>
> optional_policy(`
> - mozilla_manage_plugin_rw_files(prelink_t)
> + webbrowser_manage_plugin_rw_files(prelink_t)
> ')
>
> optional_policy(`
> Index: refpolicy-2.20180701/policy/modules/apps/evolution.te
> ===================================================================
> --- refpolicy-2.20180701.orig/policy/modules/apps/evolution.te
> +++ refpolicy-2.20180701/policy/modules/apps/evolution.te
> @@ -291,8 +291,8 @@ optional_policy(`
> ')
>
> optional_policy(`
> - mozilla_read_user_home_files(evolution_t)
> - mozilla_domtrans(evolution_t)
> + webbrowser_read_user_home_files(evolution_t)
> + webbrowser_domtrans(evolution_t)
> ')
>
> optional_policy(`
> Index: refpolicy-2.20180701/policy/modules/apps/gpg.te
> ===================================================================
> --- refpolicy-2.20180701.orig/policy/modules/apps/gpg.te
> +++ refpolicy-2.20180701/policy/modules/apps/gpg.te
> @@ -171,7 +171,7 @@ optional_policy(`
> ')
>
> optional_policy(`
> - mozilla_dontaudit_rw_user_home_files(gpg_t)
> + webbrowser_dontaudit_rw_user_home_files(gpg_t)
> ')
>
> optional_policy(`
> @@ -306,7 +306,7 @@ optional_policy(`
> ')
>
> optional_policy(`
> - mozilla_dontaudit_rw_user_home_files(gpg_agent_t)
> + webbrowser_dontaudit_rw_user_home_files(gpg_agent_t)
> ')
>
> optional_policy(`
> Index: refpolicy-2.20180701/policy/modules/apps/openoffice.te
> ===================================================================
> --- refpolicy-2.20180701.orig/policy/modules/apps/openoffice.te
> +++ refpolicy-2.20180701/policy/modules/apps/openoffice.te
> @@ -140,8 +140,8 @@ optional_policy(`
> ')
>
> optional_policy(`
> - mozilla_domtrans(ooffice_t)
> - mozilla_read_tmp_files(ooffice_t)
> + webbrowser_domtrans(ooffice_t)
> + webbrowser_read_tmp_files(ooffice_t)
> ')
>
> optional_policy(`
> Index: refpolicy-2.20180701/policy/modules/apps/seunshare.te
> ===================================================================
> --- refpolicy-2.20180701.orig/policy/modules/apps/seunshare.te
> +++ refpolicy-2.20180701/policy/modules/apps/seunshare.te
> @@ -39,6 +39,6 @@ ifdef(`hide_broken_symptoms', `
> fs_dontaudit_rw_anon_inodefs_files(seunshare_t)
>
> optional_policy(`
> - mozilla_dontaudit_manage_user_home_files(seunshare_t)
> + webbrowser_dontaudit_manage_user_home_files(seunshare_t)
> ')
> ')
> Index: refpolicy-2.20180701/policy/modules/apps/thunderbird.te
> ===================================================================
> --- refpolicy-2.20180701.orig/policy/modules/apps/thunderbird.te
> +++ refpolicy-2.20180701/policy/modules/apps/thunderbird.te
> @@ -151,7 +151,7 @@ optional_policy(`
> ')
>
> optional_policy(`
> - mozilla_dbus_chat(thunderbird_t)
> + webbrowser_dbus_chat(thunderbird_t)
> ')
> ')
>
> @@ -175,8 +175,8 @@ optional_policy(`
> ')
>
> optional_policy(`
> - mozilla_read_user_home_files(thunderbird_t)
> - mozilla_domtrans(thunderbird_t)
> + webbrowser_read_user_home_files(thunderbird_t)
> + webbrowser_domtrans(thunderbird_t)
> ')
>
> optional_policy(`
> Index: refpolicy-2.20180701/policy/modules/apps/wm.te
> ===================================================================
> --- refpolicy-2.20180701.orig/policy/modules/apps/wm.te
> +++ refpolicy-2.20180701/policy/modules/apps/wm.te
> @@ -126,7 +126,7 @@ optional_policy(`
> ')
>
> optional_policy(`
> - mozilla_dbus_chat(wm_domain)
> + webbrowser_dbus_chat(wm_domain)
> ')
>
> optional_policy(`
^ permalink raw reply [flat|nested] 5+ messages in thread* Re: [PATCH] s/mozilla/webbrowser/g
2019-01-12 7:33 ` Jason Zaman
@ 2019-01-12 19:46 ` Chris PeBenito
2019-01-12 22:55 ` Nicolas Iooss
2019-01-13 0:50 ` Russell Coker
0 siblings, 2 replies; 5+ messages in thread
From: Chris PeBenito @ 2019-01-12 19:46 UTC (permalink / raw)
To: Jason Zaman, Russell Coker; +Cc: selinux-refpolicy
On 1/12/19 2:33 AM, Jason Zaman wrote:
> On Sat, Jan 12, 2019 at 04:19:09PM +1100, Russell Coker wrote:
>> This patch as requested renames mozilla to webbrowser and adds appropriate
>> typealias rules.
>
> Hm. the mozilla and chrome policies are pretty different tho. I dont
> like this merging thing, I think we should keep mozilla_t and chromium_t
> separate. I'm fixing up the gentoo chromium policy and i'll send it in a
> couple hrs.
The chromium policy Jason posted is indeed slimmer than the current
mozilla policy (see Jason's thread), which would seem to indicate
keeping them separate. However, the mozilla policy is so big because
it's been around for a long time and has built up all of the various
odds and ends that a browser brings in, which could possibly be missing
from the chromium policy.
I am on the fence. I could see going either way.
>>
>> Index: refpolicy-2.20180701/policy/modules/apps/mozilla.te
>> ===================================================================
>> --- refpolicy-2.20180701.orig/policy/modules/apps/mozilla.te
>> +++ refpolicy-2.20180701/policy/modules/apps/mozilla.te
>> @@ -7,335 +7,346 @@ policy_module(mozilla, 2.14.1)
>>
>> ## <desc>
>> ## <p>
>> -## Determine whether mozilla can
>> +## Determine whether web browser can
>> ## make its stack executable.
>> ## </p>
>> ## </desc>
>> -gen_tunable(mozilla_execstack, false)
>> +gen_tunable(webbrowser_execstack, false)
>>
>> -attribute_role mozilla_roles;
>> -attribute_role mozilla_plugin_roles;
>> -attribute_role mozilla_plugin_config_roles;
>> +attribute_role webbrowser_roles;
>> +attribute_role webbrowser_plugin_roles;
>> +attribute_role webbrowser_plugin_config_roles;
>>
>> -type mozilla_t;
>> -type mozilla_exec_t;
>> -typealias mozilla_t alias { user_mozilla_t staff_mozilla_t sysadm_mozilla_t };
>> -typealias mozilla_t alias { auditadm_mozilla_t secadm_mozilla_t };
>> -userdom_user_application_domain(mozilla_t, mozilla_exec_t)
>> -role mozilla_roles types mozilla_t;
>> +type webbrowser_t;
>> +type webbrowser_exec_t;
>> +typealias webbrowser_t alias { user_mozilla_t staff_mozilla_t sysadm_mozilla_t };
>> +typealias webbrowser_t alias { auditadm_mozilla_t secadm_mozilla_t mozilla_t };
>> +typealias webbrowser_exec_t alias { mozilla_exec_t };
>> +userdom_user_application_domain(webbrowser_t, webbrowser_exec_t)
>> +role webbrowser_roles types webbrowser_t;
>>
>> optional_policy(`
>> - wm_application_domain(mozilla_t, mozilla_exec_t)
>> + wm_application_domain(webbrowser_t, webbrowser_exec_t)
>> ')
>>
>> -type mozilla_home_t;
>> -typealias mozilla_home_t alias { user_mozilla_home_t staff_mozilla_home_t sysadm_mozilla_home_t };
>> -typealias mozilla_home_t alias { auditadm_mozilla_home_t secadm_mozilla_home_t };
>> -userdom_user_home_content(mozilla_home_t)
>> +type webbrowser_home_t;
>> +typealias webbrowser_home_t alias { user_mozilla_home_t staff_mozilla_home_t sysadm_mozilla_home_t };
>> +typealias webbrowser_home_t alias { auditadm_mozilla_home_t secadm_mozilla_home_t mozilla_home_t };
>> +userdom_user_home_content(webbrowser_home_t)
>>
>> -type mozilla_plugin_t;
>> -type mozilla_plugin_exec_t;
>> -userdom_user_application_domain(mozilla_plugin_t, mozilla_plugin_exec_t)
>> -role mozilla_plugin_roles types mozilla_plugin_t;
>> +type webbrowser_plugin_t;
>> +type webbrowser_plugin_exec_t;
>> +typealias webbrowser_plugin_t alias { mozilla_plugin_t };
>> +typealias webbrowser_plugin_exec_t alias { mozilla_plugin_exec_t };
>> +userdom_user_application_domain(webbrowser_plugin_t, webbrowser_plugin_exec_t)
>> +role webbrowser_plugin_roles types webbrowser_plugin_t;
>>
>> -type mozilla_plugin_home_t;
>> -userdom_user_home_content(mozilla_plugin_home_t)
>> +type webbrowser_plugin_home_t;
>> +typealias webbrowser_plugin_home_t alias { mozilla_plugin_home_t };
>> +userdom_user_home_content(webbrowser_plugin_home_t)
>>
>> -type mozilla_plugin_tmp_t;
>> -userdom_user_tmp_file(mozilla_plugin_tmp_t)
>> +type webbrowser_plugin_tmp_t;
>> +typealias webbrowser_plugin_tmp_t alias { mozilla_plugin_tmp_t };
>> +userdom_user_tmp_file(webbrowser_plugin_tmp_t)
>>
>> -type mozilla_plugin_tmpfs_t;
>> -userdom_user_tmpfs_file(mozilla_plugin_tmpfs_t)
>> +type webbrowser_plugin_tmpfs_t;
>> +typealias webbrowser_plugin_tmpfs_t alias { mozilla_plugin_tmpfs_t };
>> +userdom_user_tmpfs_file(webbrowser_plugin_tmpfs_t)
>>
>> optional_policy(`
>> - pulseaudio_tmpfs_content(mozilla_plugin_tmpfs_t)
>> + pulseaudio_tmpfs_content(webbrowser_plugin_tmpfs_t)
>> ')
>>
>> -type mozilla_plugin_rw_t;
>> -files_type(mozilla_plugin_rw_t)
>> +type webbrowser_plugin_rw_t;
>> +typealias webbrowser_plugin_rw_t alias { mozilla_plugin_rw_t };
>> +files_type(webbrowser_plugin_rw_t)
>>
>> -type mozilla_plugin_config_t;
>> -type mozilla_plugin_config_exec_t;
>> -userdom_user_application_domain(mozilla_plugin_config_t, mozilla_plugin_config_exec_t)
>> -role mozilla_plugin_config_roles types mozilla_plugin_config_t;
>> +type webbrowser_plugin_config_t;
>> +typealias webbrowser_plugin_config_t alias { mozilla_plugin_config_t };
>> +type webbrowser_plugin_config_exec_t;
>> +typealias webbrowser_plugin_config_exec_t alias { mozilla_plugin_config_exec_t };
>> +userdom_user_application_domain(webbrowser_plugin_config_t, webbrowser_plugin_config_exec_t)
>> +role webbrowser_plugin_config_roles types webbrowser_plugin_config_t;
>>
>> -type mozilla_tmp_t;
>> -userdom_user_tmp_file(mozilla_tmp_t)
>> +type webbrowser_tmp_t;
>> +typealias webbrowser_tmp_t alias { mozilla_tmp_t };
>> +userdom_user_tmp_file(webbrowser_tmp_t)
>>
>> -type mozilla_tmpfs_t;
>> -typealias mozilla_tmpfs_t alias { user_mozilla_tmpfs_t staff_mozilla_tmpfs_t sysadm_mozilla_tmpfs_t };
>> -typealias mozilla_tmpfs_t alias { auditadm_mozilla_tmpfs_t secadm_mozilla_tmpfs_t };
>> -userdom_user_tmpfs_file(mozilla_tmpfs_t)
>> +type webbrowser_tmpfs_t;
>> +typealias webbrowser_tmpfs_t alias { mozilla_tmpfs_t };
>> +typealias webbrowser_tmpfs_t alias { user_mozilla_tmpfs_t staff_mozilla_tmpfs_t sysadm_mozilla_tmpfs_t };
>> +typealias webbrowser_tmpfs_t alias { auditadm_mozilla_tmpfs_t secadm_mozilla_tmpfs_t };
>> +userdom_user_tmpfs_file(webbrowser_tmpfs_t)
>>
>> optional_policy(`
>> - pulseaudio_tmpfs_content(mozilla_tmpfs_t)
>> + pulseaudio_tmpfs_content(webbrowser_tmpfs_t)
>> ')
>>
>> -type mozilla_xdg_cache_t;
>> -xdg_cache_content(mozilla_xdg_cache_t)
>> +type webbrowser_xdg_cache_t;
>> +xdg_cache_content(webbrowser_xdg_cache_t)
>>
>> ########################################
>> #
>> # Local policy
>> #
>>
>> -allow mozilla_t self:capability { setgid setuid sys_nice };
>> -allow mozilla_t self:process { sigkill signal setsched getsched setrlimit };
>> -allow mozilla_t self:fifo_file rw_fifo_file_perms;
>> -allow mozilla_t self:shm create_shm_perms;
>> -allow mozilla_t self:sem create_sem_perms;
>> -allow mozilla_t self:socket create_socket_perms;
>> -allow mozilla_t self:unix_stream_socket { accept listen };
>> -
>> -allow mozilla_t mozilla_plugin_t:unix_stream_socket rw_socket_perms;
>> -allow mozilla_t mozilla_plugin_t:fd use;
>> -
>> -allow mozilla_t { mozilla_home_t mozilla_plugin_home_t }:dir manage_dir_perms;
>> -allow mozilla_t { mozilla_home_t mozilla_plugin_home_t }:file { manage_file_perms map };
>> -allow mozilla_t mozilla_home_t:lnk_file manage_lnk_file_perms;
>> -userdom_user_home_dir_filetrans(mozilla_t, mozilla_home_t, dir, ".galeon")
>> -userdom_user_home_dir_filetrans(mozilla_t, mozilla_home_t, dir, ".mozilla")
>> -userdom_user_home_dir_filetrans(mozilla_t, mozilla_home_t, dir, ".netscape")
>> -userdom_user_home_dir_filetrans(mozilla_t, mozilla_home_t, dir, ".phoenix")
>> -
>> -filetrans_pattern(mozilla_t, mozilla_home_t, mozilla_plugin_home_t, dir, "plugins")
>> -
>> -manage_files_pattern(mozilla_t, mozilla_tmp_t, mozilla_tmp_t)
>> -manage_lnk_files_pattern(mozilla_t, mozilla_tmp_t, mozilla_tmp_t)
>> -manage_dirs_pattern(mozilla_t, mozilla_tmp_t, mozilla_tmp_t)
>> -allow mozilla_t mozilla_tmp_t:file map;
>> -files_tmp_filetrans(mozilla_t, mozilla_tmp_t, { file dir })
>> -
>> -manage_files_pattern(mozilla_t, mozilla_tmpfs_t, mozilla_tmpfs_t)
>> -manage_lnk_files_pattern(mozilla_t, mozilla_tmpfs_t, mozilla_tmpfs_t)
>> -manage_fifo_files_pattern(mozilla_t, mozilla_tmpfs_t, mozilla_tmpfs_t)
>> -manage_sock_files_pattern(mozilla_t, mozilla_tmpfs_t, mozilla_tmpfs_t)
>> -fs_tmpfs_filetrans(mozilla_t, mozilla_tmpfs_t, { file lnk_file sock_file fifo_file })
>> -allow mozilla_t mozilla_plugin_tmpfs_t:file map;
>> -
>> -allow mozilla_t mozilla_plugin_rw_t:dir list_dir_perms;
>> -allow mozilla_t mozilla_plugin_rw_t:file read_file_perms;
>> -allow mozilla_t mozilla_plugin_rw_t:lnk_file read_lnk_file_perms;
>> -
>> -stream_connect_pattern(mozilla_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t, mozilla_plugin_t)
>> -
>> -manage_files_pattern(mozilla_t, mozilla_xdg_cache_t, mozilla_xdg_cache_t)
>> -manage_dirs_pattern(mozilla_t, mozilla_xdg_cache_t, mozilla_xdg_cache_t)
>> -xdg_cache_filetrans(mozilla_t, mozilla_xdg_cache_t, dir, "mozilla")
>> -
>> -can_exec(mozilla_t, { mozilla_exec_t mozilla_plugin_rw_t mozilla_plugin_home_t })
>> -
>> -kernel_read_kernel_sysctls(mozilla_t)
>> -kernel_read_network_state(mozilla_t)
>> -kernel_read_system_state(mozilla_t)
>> -kernel_read_net_sysctls(mozilla_t)
>> -
>> -corecmd_list_bin(mozilla_t)
>> -corecmd_exec_shell(mozilla_t)
>> -corecmd_exec_bin(mozilla_t)
>> -
>> -corenet_all_recvfrom_unlabeled(mozilla_t)
>> -corenet_all_recvfrom_netlabel(mozilla_t)
>> -corenet_tcp_sendrecv_generic_if(mozilla_t)
>> -corenet_tcp_sendrecv_generic_node(mozilla_t)
>> -
>> -corenet_sendrecv_http_client_packets(mozilla_t)
>> -corenet_tcp_connect_http_port(mozilla_t)
>> -corenet_tcp_sendrecv_http_port(mozilla_t)
>> -
>> -corenet_sendrecv_http_cache_client_packets(mozilla_t)
>> -corenet_tcp_connect_http_cache_port(mozilla_t)
>> -corenet_tcp_sendrecv_http_cache_port(mozilla_t)
>> -
>> -corenet_sendrecv_squid_client_packets(mozilla_t)
>> -corenet_tcp_connect_squid_port(mozilla_t)
>> -corenet_tcp_sendrecv_squid_port(mozilla_t)
>> -
>> -corenet_sendrecv_ftp_client_packets(mozilla_t)
>> -corenet_tcp_connect_ftp_port(mozilla_t)
>> -corenet_tcp_sendrecv_ftp_port(mozilla_t)
>> -
>> -corenet_sendrecv_ipp_client_packets(mozilla_t)
>> -corenet_tcp_connect_ipp_port(mozilla_t)
>> -corenet_tcp_sendrecv_ipp_port(mozilla_t)
>> -
>> -corenet_sendrecv_soundd_client_packets(mozilla_t)
>> -corenet_tcp_connect_soundd_port(mozilla_t)
>> -corenet_tcp_sendrecv_soundd_port(mozilla_t)
>> -
>> -corenet_sendrecv_speech_client_packets(mozilla_t)
>> -corenet_tcp_connect_speech_port(mozilla_t)
>> -corenet_tcp_sendrecv_speech_port(mozilla_t)
>> -
>> -dev_getattr_sysfs_dirs(mozilla_t)
>> -dev_read_sysfs(mozilla_t)
>> -dev_read_sound(mozilla_t)
>> -dev_read_rand(mozilla_t)
>> -dev_read_urand(mozilla_t)
>> -dev_rw_dri(mozilla_t)
>> -dev_write_sound(mozilla_t)
>> -
>> -domain_dontaudit_read_all_domains_state(mozilla_t)
>> -
>> -files_read_etc_runtime_files(mozilla_t)
>> -files_map_usr_files(mozilla_t)
>> -files_read_usr_files(mozilla_t)
>> -files_read_var_files(mozilla_t)
>> -files_read_var_lib_files(mozilla_t)
>> -files_read_var_symlinks(mozilla_t)
>> -files_dontaudit_getattr_boot_dirs(mozilla_t)
>> -
>> -fs_getattr_all_fs(mozilla_t)
>> -fs_search_auto_mountpoints(mozilla_t)
>> -fs_list_inotifyfs(mozilla_t)
>> -fs_rw_tmpfs_files(mozilla_t)
>> -
>> -term_dontaudit_getattr_pty_dirs(mozilla_t)
>> -
>> -auth_use_nsswitch(mozilla_t)
>> -
>> -logging_send_syslog_msg(mozilla_t)
>> -
>> -miscfiles_read_fonts(mozilla_t)
>> -miscfiles_read_generic_certs(mozilla_t)
>> -miscfiles_read_localization(mozilla_t)
>> -miscfiles_dontaudit_setattr_fonts_dirs(mozilla_t)
>> -miscfiles_dontaudit_setattr_fonts_cache_dirs(mozilla_t)
>> -
>> -userdom_use_user_ptys(mozilla_t)
>> -
>> -userdom_manage_user_tmp_dirs(mozilla_t)
>> -userdom_manage_user_tmp_files(mozilla_t)
>> -userdom_map_user_tmp_files(mozilla_t)
>> -
>> -userdom_user_content_access_template(mozilla, { mozilla_t mozilla_plugin_t })
>> -userdom_user_home_dir_filetrans_user_home_content(mozilla_t, { dir file })
>> -
>> -userdom_write_user_tmp_sockets(mozilla_t)
>> -
>> -mozilla_run_plugin(mozilla_t, mozilla_roles)
>> -mozilla_run_plugin_config(mozilla_t, mozilla_roles)
>> -
>> -xdg_read_config_files(mozilla_t)
>> -xdg_read_data_files(mozilla_t)
>> -xdg_manage_downloads(mozilla_t)
>> -
>> -xserver_rw_mesa_shader_cache(mozilla_t)
>> -xserver_user_x_domain_template(mozilla, mozilla_t, mozilla_tmpfs_t)
>> -xserver_dontaudit_read_xdm_tmp_files(mozilla_t)
>> -xserver_dontaudit_getattr_xdm_tmp_sockets(mozilla_t)
>> +allow webbrowser_t self:capability { setgid setuid sys_nice };
>> +allow webbrowser_t self:process { sigkill signal setsched getsched setrlimit };
>> +allow webbrowser_t self:fifo_file rw_fifo_file_perms;
>> +allow webbrowser_t self:shm create_shm_perms;
>> +allow webbrowser_t self:sem create_sem_perms;
>> +allow webbrowser_t self:socket create_socket_perms;
>> +allow webbrowser_t self:unix_stream_socket { accept listen };
>> +
>> +allow webbrowser_t webbrowser_plugin_t:unix_stream_socket rw_socket_perms;
>> +allow webbrowser_t webbrowser_plugin_t:fd use;
>> +
>> +allow webbrowser_t { webbrowser_home_t webbrowser_plugin_home_t }:dir manage_dir_perms;
>> +allow webbrowser_t { webbrowser_home_t webbrowser_plugin_home_t }:file { manage_file_perms map };
>> +allow webbrowser_t webbrowser_home_t:lnk_file manage_lnk_file_perms;
>> +userdom_user_home_dir_filetrans(webbrowser_t, webbrowser_home_t, dir, ".galeon")
>> +userdom_user_home_dir_filetrans(webbrowser_t, webbrowser_home_t, dir, ".mozilla")
>> +userdom_user_home_dir_filetrans(webbrowser_t, webbrowser_home_t, dir, ".netscape")
>> +userdom_user_home_dir_filetrans(webbrowser_t, webbrowser_home_t, dir, ".phoenix")
>> +
>> +filetrans_pattern(webbrowser_t, webbrowser_home_t, webbrowser_plugin_home_t, dir, "plugins")
>> +
>> +manage_files_pattern(webbrowser_t, webbrowser_tmp_t, webbrowser_tmp_t)
>> +manage_lnk_files_pattern(webbrowser_t, webbrowser_tmp_t, webbrowser_tmp_t)
>> +manage_dirs_pattern(webbrowser_t, webbrowser_tmp_t, webbrowser_tmp_t)
>> +allow webbrowser_t webbrowser_tmp_t:file map;
>> +files_tmp_filetrans(webbrowser_t, webbrowser_tmp_t, { file dir })
>> +
>> +manage_files_pattern(webbrowser_t, webbrowser_tmpfs_t, webbrowser_tmpfs_t)
>> +manage_lnk_files_pattern(webbrowser_t, webbrowser_tmpfs_t, webbrowser_tmpfs_t)
>> +manage_fifo_files_pattern(webbrowser_t, webbrowser_tmpfs_t, webbrowser_tmpfs_t)
>> +manage_sock_files_pattern(webbrowser_t, webbrowser_tmpfs_t, webbrowser_tmpfs_t)
>> +fs_tmpfs_filetrans(webbrowser_t, webbrowser_tmpfs_t, { file lnk_file sock_file fifo_file })
>> +allow webbrowser_t webbrowser_plugin_tmpfs_t:file map;
>> +
>> +allow webbrowser_t webbrowser_plugin_rw_t:dir list_dir_perms;
>> +allow webbrowser_t webbrowser_plugin_rw_t:file read_file_perms;
>> +allow webbrowser_t webbrowser_plugin_rw_t:lnk_file read_lnk_file_perms;
>> +
>> +stream_connect_pattern(webbrowser_t, webbrowser_plugin_tmpfs_t, webbrowser_plugin_tmpfs_t, webbrowser_plugin_t)
>> +
>> +manage_files_pattern(webbrowser_t, webbrowser_xdg_cache_t, webbrowser_xdg_cache_t)
>> +manage_dirs_pattern(webbrowser_t, webbrowser_xdg_cache_t, webbrowser_xdg_cache_t)
>> +xdg_cache_filetrans(webbrowser_t, webbrowser_xdg_cache_t, dir, "mozilla")
>> +
>> +can_exec(webbrowser_t, { webbrowser_exec_t webbrowser_plugin_rw_t webbrowser_plugin_home_t })
>> +
>> +kernel_read_kernel_sysctls(webbrowser_t)
>> +kernel_read_network_state(webbrowser_t)
>> +kernel_read_system_state(webbrowser_t)
>> +kernel_read_net_sysctls(webbrowser_t)
>> +
>> +corecmd_list_bin(webbrowser_t)
>> +corecmd_exec_shell(webbrowser_t)
>> +corecmd_exec_bin(webbrowser_t)
>> +
>> +corenet_all_recvfrom_unlabeled(webbrowser_t)
>> +corenet_all_recvfrom_netlabel(webbrowser_t)
>> +corenet_tcp_sendrecv_generic_if(webbrowser_t)
>> +corenet_tcp_sendrecv_generic_node(webbrowser_t)
>> +
>> +corenet_sendrecv_http_client_packets(webbrowser_t)
>> +corenet_tcp_connect_http_port(webbrowser_t)
>> +corenet_tcp_sendrecv_http_port(webbrowser_t)
>> +
>> +corenet_sendrecv_http_cache_client_packets(webbrowser_t)
>> +corenet_tcp_connect_http_cache_port(webbrowser_t)
>> +corenet_tcp_sendrecv_http_cache_port(webbrowser_t)
>> +
>> +corenet_sendrecv_squid_client_packets(webbrowser_t)
>> +corenet_tcp_connect_squid_port(webbrowser_t)
>> +corenet_tcp_sendrecv_squid_port(webbrowser_t)
>> +
>> +corenet_sendrecv_ftp_client_packets(webbrowser_t)
>> +corenet_tcp_connect_ftp_port(webbrowser_t)
>> +corenet_tcp_sendrecv_ftp_port(webbrowser_t)
>> +
>> +corenet_sendrecv_ipp_client_packets(webbrowser_t)
>> +corenet_tcp_connect_ipp_port(webbrowser_t)
>> +corenet_tcp_sendrecv_ipp_port(webbrowser_t)
>> +
>> +corenet_sendrecv_soundd_client_packets(webbrowser_t)
>> +corenet_tcp_connect_soundd_port(webbrowser_t)
>> +corenet_tcp_sendrecv_soundd_port(webbrowser_t)
>> +
>> +corenet_sendrecv_speech_client_packets(webbrowser_t)
>> +corenet_tcp_connect_speech_port(webbrowser_t)
>> +corenet_tcp_sendrecv_speech_port(webbrowser_t)
>> +
>> +dev_getattr_sysfs_dirs(webbrowser_t)
>> +dev_read_sysfs(webbrowser_t)
>> +dev_read_sound(webbrowser_t)
>> +dev_read_rand(webbrowser_t)
>> +dev_read_urand(webbrowser_t)
>> +dev_rw_dri(webbrowser_t)
>> +dev_write_sound(webbrowser_t)
>> +
>> +domain_dontaudit_read_all_domains_state(webbrowser_t)
>> +
>> +files_read_etc_runtime_files(webbrowser_t)
>> +files_map_usr_files(webbrowser_t)
>> +files_read_usr_files(webbrowser_t)
>> +files_read_var_files(webbrowser_t)
>> +files_read_var_lib_files(webbrowser_t)
>> +files_read_var_symlinks(webbrowser_t)
>> +files_dontaudit_getattr_boot_dirs(webbrowser_t)
>> +
>> +fs_getattr_all_fs(webbrowser_t)
>> +fs_search_auto_mountpoints(webbrowser_t)
>> +fs_list_inotifyfs(webbrowser_t)
>> +fs_rw_tmpfs_files(webbrowser_t)
>> +
>> +term_dontaudit_getattr_pty_dirs(webbrowser_t)
>> +
>> +auth_use_nsswitch(webbrowser_t)
>> +
>> +logging_send_syslog_msg(webbrowser_t)
>> +
>> +miscfiles_read_fonts(webbrowser_t)
>> +miscfiles_read_generic_certs(webbrowser_t)
>> +miscfiles_read_localization(webbrowser_t)
>> +miscfiles_dontaudit_setattr_fonts_dirs(webbrowser_t)
>> +miscfiles_dontaudit_setattr_fonts_cache_dirs(webbrowser_t)
>> +
>> +userdom_use_user_ptys(webbrowser_t)
>> +
>> +userdom_manage_user_tmp_dirs(webbrowser_t)
>> +userdom_manage_user_tmp_files(webbrowser_t)
>> +userdom_map_user_tmp_files(webbrowser_t)
>> +
>> +userdom_user_content_access_template(webbrowser, { webbrowser_t webbrowser_plugin_t })
>> +userdom_user_home_dir_filetrans_user_home_content(webbrowser_t, { dir file })
>> +
>> +userdom_write_user_tmp_sockets(webbrowser_t)
>> +
>> +webbrowser_run_plugin(webbrowser_t, webbrowser_roles)
>> +webbrowser_run_plugin_config(webbrowser_t, webbrowser_roles)
>> +
>> +xdg_read_config_files(webbrowser_t)
>> +xdg_read_data_files(webbrowser_t)
>> +xdg_manage_downloads(webbrowser_t)
>> +
>> +xserver_rw_mesa_shader_cache(webbrowser_t)
>> +xserver_user_x_domain_template(webbrowser, webbrowser_t, webbrowser_tmpfs_t)
>> +xserver_dontaudit_read_xdm_tmp_files(webbrowser_t)
>> +xserver_dontaudit_getattr_xdm_tmp_sockets(webbrowser_t)
>>
>> ifndef(`enable_mls',`
>> - fs_list_dos(mozilla_t)
>> - fs_read_dos_files(mozilla_t)
>> + fs_list_dos(webbrowser_t)
>> + fs_read_dos_files(webbrowser_t)
>>
>> - fs_search_removable(mozilla_t)
>> - fs_read_removable_files(mozilla_t)
>> - fs_read_removable_symlinks(mozilla_t)
>> + fs_search_removable(webbrowser_t)
>> + fs_read_removable_files(webbrowser_t)
>> + fs_read_removable_symlinks(webbrowser_t)
>>
>> - fs_read_iso9660_files(mozilla_t)
>> + fs_read_iso9660_files(webbrowser_t)
>> ')
>>
>> tunable_policy(`allow_execmem',`
>> - allow mozilla_t self:process execmem;
>> + allow webbrowser_t self:process execmem;
>> ')
>>
>> -tunable_policy(`mozilla_execstack',`
>> - allow mozilla_t self:process { execmem execstack };
>> +tunable_policy(`webbrowser_execstack',`
>> + allow webbrowser_t self:process { execmem execstack };
>> ')
>>
>> tunable_policy(`use_nfs_home_dirs',`
>> - fs_manage_nfs_dirs(mozilla_t)
>> - fs_manage_nfs_files(mozilla_t)
>> - fs_manage_nfs_symlinks(mozilla_t)
>> + fs_manage_nfs_dirs(webbrowser_t)
>> + fs_manage_nfs_files(webbrowser_t)
>> + fs_manage_nfs_symlinks(webbrowser_t)
>> ')
>>
>> tunable_policy(`use_samba_home_dirs',`
>> - fs_manage_cifs_dirs(mozilla_t)
>> - fs_manage_cifs_files(mozilla_t)
>> - fs_manage_cifs_symlinks(mozilla_t)
>> + fs_manage_cifs_dirs(webbrowser_t)
>> + fs_manage_cifs_files(webbrowser_t)
>> + fs_manage_cifs_symlinks(webbrowser_t)
>> ')
>>
>> optional_policy(`
>> - alsa_read_config(mozilla_t)
>> - alsa_read_home_files(mozilla_t)
>> + alsa_read_config(webbrowser_t)
>> + alsa_read_home_files(webbrowser_t)
>> ')
>>
>> optional_policy(`
>> - apache_read_user_scripts(mozilla_t)
>> - apache_read_user_content(mozilla_t)
>> + apache_read_user_scripts(webbrowser_t)
>> + apache_read_user_content(webbrowser_t)
>> ')
>>
>> optional_policy(`
>> - automount_dontaudit_getattr_tmp_dirs(mozilla_t)
>> + automount_dontaudit_getattr_tmp_dirs(webbrowser_t)
>> ')
>>
>> optional_policy(`
>> - cups_read_rw_config(mozilla_t)
>> - cups_stream_connect(mozilla_t)
>> + cups_read_rw_config(webbrowser_t)
>> + cups_stream_connect(webbrowser_t)
>> ')
>>
>> optional_policy(`
>> - dbus_all_session_bus_client(mozilla_t)
>> - dbus_connect_all_session_bus(mozilla_t)
>> - dbus_system_bus_client(mozilla_t)
>> + dbus_all_session_bus_client(webbrowser_t)
>> + dbus_connect_all_session_bus(webbrowser_t)
>> + dbus_system_bus_client(webbrowser_t)
>>
>> optional_policy(`
>> - cups_dbus_chat(mozilla_t)
>> + cups_dbus_chat(webbrowser_t)
>> ')
>>
>> optional_policy(`
>> - mozilla_dbus_chat_plugin(mozilla_t)
>> + webbrowser_dbus_chat_plugin(webbrowser_t)
>> ')
>>
>> optional_policy(`
>> - networkmanager_dbus_chat(mozilla_t)
>> + networkmanager_dbus_chat(webbrowser_t)
>> ')
>> ')
>>
>> optional_policy(`
>> - evolution_domtrans(mozilla_t)
>> + evolution_domtrans(webbrowser_t)
>> ')
>>
>> optional_policy(`
>> - gnome_stream_connect_gconf(mozilla_t)
>> - gnome_manage_generic_gconf_home_content(mozilla_t)
>> - gnome_home_filetrans_gconf_home(mozilla_t, dir, ".gconf")
>> - gnome_home_filetrans_gconf_home(mozilla_t, dir, ".gconfd")
>> - gnome_manage_generic_home_content(mozilla_t)
>> - gnome_home_filetrans_gnome_home(mozilla_t, dir, ".gnome")
>> - gnome_home_filetrans_gnome_home(mozilla_t, dir, ".gnome2")
>> - gnome_home_filetrans_gnome_home(mozilla_t, dir, ".gnome2_private")
>> + gnome_stream_connect_gconf(webbrowser_t)
>> + gnome_manage_generic_gconf_home_content(webbrowser_t)
>> + gnome_home_filetrans_gconf_home(webbrowser_t, dir, ".gconf")
>> + gnome_home_filetrans_gconf_home(webbrowser_t, dir, ".gconfd")
>> + gnome_manage_generic_home_content(webbrowser_t)
>> + gnome_home_filetrans_gnome_home(webbrowser_t, dir, ".gnome")
>> + gnome_home_filetrans_gnome_home(webbrowser_t, dir, ".gnome2")
>> + gnome_home_filetrans_gnome_home(webbrowser_t, dir, ".gnome2_private")
>> ')
>>
>> optional_policy(`
>> - java_exec(mozilla_t)
>> - java_manage_generic_home_content(mozilla_t)
>> - java_manage_java_tmp(mozilla_t)
>> - java_home_filetrans_java_home(mozilla_t, dir, ".java")
>> + java_exec(webbrowser_t)
>> + java_manage_generic_home_content(webbrowser_t)
>> + java_manage_java_tmp(webbrowser_t)
>> + java_home_filetrans_java_home(webbrowser_t, dir, ".java")
>> ')
>>
>> optional_policy(`
>> - lpd_run_lpr(mozilla_t, mozilla_roles)
>> + lpd_run_lpr(webbrowser_t, webbrowser_roles)
>> ')
>>
>> optional_policy(`
>> - mplayer_exec(mozilla_t)
>> - mplayer_manage_generic_home_content(mozilla_t)
>> - mplayer_home_filetrans_mplayer_home(mozilla_t, dir, ".mplayer")
>> + mplayer_exec(webbrowser_t)
>> + mplayer_manage_generic_home_content(webbrowser_t)
>> + mplayer_home_filetrans_mplayer_home(webbrowser_t, dir, ".mplayer")
>> ')
>>
>> optional_policy(`
>> - ooffice_domtrans(mozilla_t)
>> - ooffice_rw_tmp_files(mozilla_t)
>> + ooffice_domtrans(webbrowser_t)
>> + ooffice_rw_tmp_files(webbrowser_t)
>> ')
>>
>> optional_policy(`
>> - pulseaudio_run(mozilla_t, mozilla_roles)
>> + pulseaudio_run(webbrowser_t, webbrowser_roles)
>> ')
>>
>> optional_policy(`
>> - thunderbird_domtrans(mozilla_t)
>> + thunderbird_domtrans(webbrowser_t)
>> ')
>>
>> ########################################
>> @@ -343,282 +354,282 @@ optional_policy(`
>> # Plugin local policy
>> #
>>
>> -dontaudit mozilla_plugin_t self:capability { ipc_lock sys_nice sys_ptrace sys_tty_config };
>> -allow mozilla_plugin_t self:process { setpgid getsched setsched signal_perms setrlimit };
>> -allow mozilla_plugin_t self:fifo_file manage_fifo_file_perms;
>> -allow mozilla_plugin_t self:netlink_kobject_uevent_socket create_socket_perms;
>> -allow mozilla_plugin_t self:sem create_sem_perms;
>> -allow mozilla_plugin_t self:shm create_shm_perms;
>> -allow mozilla_plugin_t self:tcp_socket { accept listen };
>> -allow mozilla_plugin_t self:unix_stream_socket { accept connectto listen };
>> -
>> -allow mozilla_plugin_t mozilla_t:unix_stream_socket rw_socket_perms;
>> -allow mozilla_plugin_t mozilla_t:unix_dgram_socket rw_socket_perms;
>> -allow mozilla_plugin_t mozilla_t:shm { rw_shm_perms destroy };
>> -allow mozilla_plugin_t mozilla_t:sem create_sem_perms;
>> -
>> -manage_dirs_pattern(mozilla_plugin_t, { mozilla_home_t mozilla_plugin_home_t }, { mozilla_home_t mozilla_plugin_home_t })
>> -manage_files_pattern(mozilla_plugin_t, { mozilla_home_t mozilla_plugin_home_t }, mozilla_plugin_home_t)
>> -manage_lnk_files_pattern(mozilla_plugin_t, { mozilla_home_t mozilla_plugin_home_t }, mozilla_plugin_home_t)
>> -allow mozilla_plugin_t mozilla_home_t:file map;
>> -
>> -userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_home_t, dir, ".galeon")
>> -userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_home_t, dir, ".mozilla")
>> -userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_home_t, dir, ".netscape")
>> -userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_home_t, dir, ".phoenix")
>> -
>> -userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_plugin_home_t, dir, ".adobe")
>> -userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_plugin_home_t, dir, ".macromedia")
>> -userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_plugin_home_t, dir, ".gnash")
>> -userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_plugin_home_t, dir, ".gcjwebplugin")
>> -userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_plugin_home_t, dir, ".icedteaplugin")
>> -userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_plugin_home_t, dir, ".spicec")
>> -userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_plugin_home_t, dir, ".ICAClient")
>> -userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_plugin_home_t, dir, "zimbrauserdata")
>> -
>> -filetrans_pattern(mozilla_plugin_t, mozilla_home_t, mozilla_plugin_home_t, dir, "plugins")
>> -
>> -manage_dirs_pattern(mozilla_plugin_t, mozilla_plugin_tmp_t, mozilla_plugin_tmp_t)
>> -manage_files_pattern(mozilla_plugin_t, mozilla_plugin_tmp_t, mozilla_plugin_tmp_t)
>> -manage_fifo_files_pattern(mozilla_plugin_t, mozilla_plugin_tmp_t, mozilla_plugin_tmp_t)
>> -files_tmp_filetrans(mozilla_plugin_t, mozilla_plugin_tmp_t, { dir file fifo_file })
>> -userdom_user_tmp_filetrans(mozilla_plugin_t, mozilla_plugin_tmp_t, { dir file fifo_file })
>> -
>> -allow mozilla_plugin_t mozilla_tmp_t:file rw_file_perms;
>> -
>> -manage_files_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t)
>> -manage_lnk_files_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t)
>> -manage_fifo_files_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t)
>> -manage_sock_files_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t)
>> -fs_tmpfs_filetrans(mozilla_plugin_t, mozilla_plugin_tmpfs_t, { file lnk_file sock_file fifo_file })
>> -
>> -allow mozilla_plugin_t mozilla_plugin_rw_t:dir list_dir_perms;
>> -allow mozilla_plugin_t mozilla_plugin_rw_t:file read_file_perms;
>> -allow mozilla_plugin_t mozilla_plugin_rw_t:lnk_file read_lnk_file_perms;
>> -
>> -dgram_send_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t, mozilla_t)
>> -stream_connect_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t, mozilla_t)
>> -
>> -can_exec(mozilla_plugin_t, { mozilla_exec_t mozilla_plugin_home_t mozilla_plugin_tmp_t })
>> -
>> -kernel_read_all_sysctls(mozilla_plugin_t)
>> -kernel_read_system_state(mozilla_plugin_t)
>> -kernel_read_network_state(mozilla_plugin_t)
>> -kernel_request_load_module(mozilla_plugin_t)
>> -kernel_dontaudit_getattr_core_if(mozilla_plugin_t)
>> -
>> -corecmd_exec_bin(mozilla_plugin_t)
>> -corecmd_exec_shell(mozilla_plugin_t)
>> -
>> -corenet_all_recvfrom_netlabel(mozilla_plugin_t)
>> -corenet_all_recvfrom_unlabeled(mozilla_plugin_t)
>> -corenet_tcp_sendrecv_generic_if(mozilla_plugin_t)
>> -corenet_tcp_sendrecv_generic_node(mozilla_plugin_t)
>> -
>> -corenet_sendrecv_asterisk_client_packets(mozilla_plugin_t)
>> -corenet_tcp_connect_asterisk_port(mozilla_plugin_t)
>> -corenet_tcp_sendrecv_asterisk_port(mozilla_plugin_t)
>> -
>> -corenet_sendrecv_ftp_client_packets(mozilla_plugin_t)
>> -corenet_tcp_connect_ftp_port(mozilla_plugin_t)
>> -corenet_tcp_sendrecv_ftp_port(mozilla_plugin_t)
>> -
>> -corenet_sendrecv_gatekeeper_client_packets(mozilla_plugin_t)
>> -corenet_tcp_connect_gatekeeper_port(mozilla_plugin_t)
>> -corenet_tcp_sendrecv_gatekeeper_port(mozilla_plugin_t)
>> -
>> -corenet_sendrecv_http_client_packets(mozilla_plugin_t)
>> -corenet_tcp_connect_http_port(mozilla_plugin_t)
>> -corenet_tcp_sendrecv_http_port(mozilla_plugin_t)
>> -
>> -corenet_sendrecv_http_cache_client_packets(mozilla_plugin_t)
>> -corenet_tcp_connect_http_cache_port(mozilla_plugin_t)
>> -corenet_tcp_sendrecv_http_cache_port(mozilla_plugin_t)
>> -
>> -corenet_sendrecv_ipp_client_packets(mozilla_plugin_t)
>> -corenet_tcp_connect_ipp_port(mozilla_plugin_t)
>> -corenet_tcp_sendrecv_ipp_port(mozilla_plugin_t)
>> -
>> -corenet_sendrecv_ircd_client_packets(mozilla_plugin_t)
>> -corenet_tcp_connect_ircd_port(mozilla_plugin_t)
>> -corenet_tcp_sendrecv_ircd_port(mozilla_plugin_t)
>> -
>> -corenet_sendrecv_jabber_client_client_packets(mozilla_plugin_t)
>> -corenet_tcp_connect_jabber_client_port(mozilla_plugin_t)
>> -corenet_tcp_sendrecv_jabber_client_port(mozilla_plugin_t)
>> -
>> -corenet_sendrecv_mmcc_client_packets(mozilla_plugin_t)
>> -corenet_tcp_connect_mmcc_port(mozilla_plugin_t)
>> -corenet_tcp_sendrecv_mmcc_port(mozilla_plugin_t)
>> -
>> -corenet_sendrecv_monopd_client_packets(mozilla_plugin_t)
>> -corenet_tcp_connect_monopd_port(mozilla_plugin_t)
>> -corenet_tcp_sendrecv_monopd_port(mozilla_plugin_t)
>> -
>> -corenet_sendrecv_soundd_client_packets(mozilla_plugin_t)
>> -corenet_tcp_connect_soundd_port(mozilla_plugin_t)
>> -corenet_tcp_sendrecv_soundd_port(mozilla_plugin_t)
>> -
>> -corenet_sendrecv_speech_client_packets(mozilla_plugin_t)
>> -corenet_tcp_connect_speech_port(mozilla_plugin_t)
>> -corenet_tcp_sendrecv_speech_port(mozilla_plugin_t)
>> -
>> -corenet_sendrecv_squid_client_packets(mozilla_plugin_t)
>> -corenet_tcp_connect_squid_port(mozilla_plugin_t)
>> -corenet_tcp_sendrecv_squid_port(mozilla_plugin_t)
>> -
>> -corenet_sendrecv_vnc_client_packets(mozilla_plugin_t)
>> -corenet_tcp_connect_vnc_port(mozilla_plugin_t)
>> -corenet_tcp_sendrecv_vnc_port(mozilla_plugin_t)
>> -
>> -dev_read_generic_usb_dev(mozilla_plugin_t)
>> -dev_read_rand(mozilla_plugin_t)
>> -dev_read_realtime_clock(mozilla_plugin_t)
>> -dev_read_sound(mozilla_plugin_t)
>> -dev_read_sysfs(mozilla_plugin_t)
>> -dev_read_urand(mozilla_plugin_t)
>> -dev_read_video_dev(mozilla_plugin_t)
>> -dev_write_sound(mozilla_plugin_t)
>> -dev_write_video_dev(mozilla_plugin_t)
>> -dev_rw_dri(mozilla_plugin_t)
>> -dev_rw_xserver_misc(mozilla_plugin_t)
>> -
>> -dev_dontaudit_getattr_generic_files(mozilla_plugin_t)
>> -dev_dontaudit_getattr_generic_pipes(mozilla_plugin_t)
>> -dev_dontaudit_getattr_all_blk_files(mozilla_plugin_t)
>> -dev_dontaudit_getattr_all_chr_files(mozilla_plugin_t)
>> -
>> -domain_use_interactive_fds(mozilla_plugin_t)
>> -domain_dontaudit_read_all_domains_state(mozilla_plugin_t)
>> -
>> -files_exec_usr_files(mozilla_plugin_t)
>> -files_list_mnt(mozilla_plugin_t)
>> -files_read_config_files(mozilla_plugin_t)
>> -files_read_usr_files(mozilla_plugin_t)
>> -files_map_usr_files(mozilla_plugin_t)
>> -
>> -fs_getattr_all_fs(mozilla_plugin_t)
>> -# fs_read_hugetlbfs_files(mozilla_plugin_t)
>> -fs_search_auto_mountpoints(mozilla_plugin_t)
>> -
>> -term_getattr_all_ttys(mozilla_plugin_t)
>> -term_getattr_all_ptys(mozilla_plugin_t)
>> -
>> -application_exec(mozilla_plugin_t)
>> -
>> -auth_use_nsswitch(mozilla_plugin_t)
>> -
>> -libs_exec_ld_so(mozilla_plugin_t)
>> -libs_exec_lib_files(mozilla_plugin_t)
>> -
>> -logging_send_syslog_msg(mozilla_plugin_t)
>> -
>> -miscfiles_read_localization(mozilla_plugin_t)
>> -miscfiles_read_fonts(mozilla_plugin_t)
>> -miscfiles_read_generic_certs(mozilla_plugin_t)
>> -miscfiles_dontaudit_setattr_fonts_dirs(mozilla_plugin_t)
>> -miscfiles_dontaudit_setattr_fonts_cache_dirs(mozilla_plugin_t)
>> -
>> -userdom_manage_user_tmp_dirs(mozilla_plugin_t)
>> -userdom_manage_user_tmp_files(mozilla_plugin_t)
>> -userdom_map_user_tmp_files(mozilla_plugin_t)
>> +dontaudit webbrowser_plugin_t self:capability { ipc_lock sys_nice sys_ptrace sys_tty_config };
>> +allow webbrowser_plugin_t self:process { setpgid getsched setsched signal_perms setrlimit };
>> +allow webbrowser_plugin_t self:fifo_file manage_fifo_file_perms;
>> +allow webbrowser_plugin_t self:netlink_kobject_uevent_socket create_socket_perms;
>> +allow webbrowser_plugin_t self:sem create_sem_perms;
>> +allow webbrowser_plugin_t self:shm create_shm_perms;
>> +allow webbrowser_plugin_t self:tcp_socket { accept listen };
>> +allow webbrowser_plugin_t self:unix_stream_socket { accept connectto listen };
>> +
>> +allow webbrowser_plugin_t webbrowser_t:unix_stream_socket rw_socket_perms;
>> +allow webbrowser_plugin_t webbrowser_t:unix_dgram_socket rw_socket_perms;
>> +allow webbrowser_plugin_t webbrowser_t:shm { rw_shm_perms destroy };
>> +allow webbrowser_plugin_t webbrowser_t:sem create_sem_perms;
>> +
>> +manage_dirs_pattern(webbrowser_plugin_t, { webbrowser_home_t webbrowser_plugin_home_t }, { webbrowser_home_t webbrowser_plugin_home_t })
>> +manage_files_pattern(webbrowser_plugin_t, { webbrowser_home_t webbrowser_plugin_home_t }, webbrowser_plugin_home_t)
>> +manage_lnk_files_pattern(webbrowser_plugin_t, { webbrowser_home_t webbrowser_plugin_home_t }, webbrowser_plugin_home_t)
>> +allow webbrowser_plugin_t webbrowser_home_t:file map;
>> +
>> +userdom_user_home_dir_filetrans(webbrowser_plugin_t, webbrowser_home_t, dir, ".galeon")
>> +userdom_user_home_dir_filetrans(webbrowser_plugin_t, webbrowser_home_t, dir, ".mozilla")
>> +userdom_user_home_dir_filetrans(webbrowser_plugin_t, webbrowser_home_t, dir, ".netscape")
>> +userdom_user_home_dir_filetrans(webbrowser_plugin_t, webbrowser_home_t, dir, ".phoenix")
>> +
>> +userdom_user_home_dir_filetrans(webbrowser_plugin_t, webbrowser_plugin_home_t, dir, ".adobe")
>> +userdom_user_home_dir_filetrans(webbrowser_plugin_t, webbrowser_plugin_home_t, dir, ".macromedia")
>> +userdom_user_home_dir_filetrans(webbrowser_plugin_t, webbrowser_plugin_home_t, dir, ".gnash")
>> +userdom_user_home_dir_filetrans(webbrowser_plugin_t, webbrowser_plugin_home_t, dir, ".gcjwebplugin")
>> +userdom_user_home_dir_filetrans(webbrowser_plugin_t, webbrowser_plugin_home_t, dir, ".icedteaplugin")
>> +userdom_user_home_dir_filetrans(webbrowser_plugin_t, webbrowser_plugin_home_t, dir, ".spicec")
>> +userdom_user_home_dir_filetrans(webbrowser_plugin_t, webbrowser_plugin_home_t, dir, ".ICAClient")
>> +userdom_user_home_dir_filetrans(webbrowser_plugin_t, webbrowser_plugin_home_t, dir, "zimbrauserdata")
>> +
>> +filetrans_pattern(webbrowser_plugin_t, webbrowser_home_t, webbrowser_plugin_home_t, dir, "plugins")
>> +
>> +manage_dirs_pattern(webbrowser_plugin_t, webbrowser_plugin_tmp_t, webbrowser_plugin_tmp_t)
>> +manage_files_pattern(webbrowser_plugin_t, webbrowser_plugin_tmp_t, webbrowser_plugin_tmp_t)
>> +manage_fifo_files_pattern(webbrowser_plugin_t, webbrowser_plugin_tmp_t, webbrowser_plugin_tmp_t)
>> +files_tmp_filetrans(webbrowser_plugin_t, webbrowser_plugin_tmp_t, { dir file fifo_file })
>> +userdom_user_tmp_filetrans(webbrowser_plugin_t, webbrowser_plugin_tmp_t, { dir file fifo_file })
>> +
>> +allow webbrowser_plugin_t webbrowser_tmp_t:file rw_file_perms;
>> +
>> +manage_files_pattern(webbrowser_plugin_t, webbrowser_plugin_tmpfs_t, webbrowser_plugin_tmpfs_t)
>> +manage_lnk_files_pattern(webbrowser_plugin_t, webbrowser_plugin_tmpfs_t, webbrowser_plugin_tmpfs_t)
>> +manage_fifo_files_pattern(webbrowser_plugin_t, webbrowser_plugin_tmpfs_t, webbrowser_plugin_tmpfs_t)
>> +manage_sock_files_pattern(webbrowser_plugin_t, webbrowser_plugin_tmpfs_t, webbrowser_plugin_tmpfs_t)
>> +fs_tmpfs_filetrans(webbrowser_plugin_t, webbrowser_plugin_tmpfs_t, { file lnk_file sock_file fifo_file })
>> +
>> +allow webbrowser_plugin_t webbrowser_plugin_rw_t:dir list_dir_perms;
>> +allow webbrowser_plugin_t webbrowser_plugin_rw_t:file read_file_perms;
>> +allow webbrowser_plugin_t webbrowser_plugin_rw_t:lnk_file read_lnk_file_perms;
>> +
>> +dgram_send_pattern(webbrowser_plugin_t, webbrowser_plugin_tmpfs_t, webbrowser_plugin_tmpfs_t, webbrowser_t)
>> +stream_connect_pattern(webbrowser_plugin_t, webbrowser_plugin_tmpfs_t, webbrowser_plugin_tmpfs_t, webbrowser_t)
>> +
>> +can_exec(webbrowser_plugin_t, { webbrowser_exec_t webbrowser_plugin_home_t webbrowser_plugin_tmp_t })
>> +
>> +kernel_read_all_sysctls(webbrowser_plugin_t)
>> +kernel_read_system_state(webbrowser_plugin_t)
>> +kernel_read_network_state(webbrowser_plugin_t)
>> +kernel_request_load_module(webbrowser_plugin_t)
>> +kernel_dontaudit_getattr_core_if(webbrowser_plugin_t)
>> +
>> +corecmd_exec_bin(webbrowser_plugin_t)
>> +corecmd_exec_shell(webbrowser_plugin_t)
>> +
>> +corenet_all_recvfrom_netlabel(webbrowser_plugin_t)
>> +corenet_all_recvfrom_unlabeled(webbrowser_plugin_t)
>> +corenet_tcp_sendrecv_generic_if(webbrowser_plugin_t)
>> +corenet_tcp_sendrecv_generic_node(webbrowser_plugin_t)
>> +
>> +corenet_sendrecv_asterisk_client_packets(webbrowser_plugin_t)
>> +corenet_tcp_connect_asterisk_port(webbrowser_plugin_t)
>> +corenet_tcp_sendrecv_asterisk_port(webbrowser_plugin_t)
>> +
>> +corenet_sendrecv_ftp_client_packets(webbrowser_plugin_t)
>> +corenet_tcp_connect_ftp_port(webbrowser_plugin_t)
>> +corenet_tcp_sendrecv_ftp_port(webbrowser_plugin_t)
>> +
>> +corenet_sendrecv_gatekeeper_client_packets(webbrowser_plugin_t)
>> +corenet_tcp_connect_gatekeeper_port(webbrowser_plugin_t)
>> +corenet_tcp_sendrecv_gatekeeper_port(webbrowser_plugin_t)
>> +
>> +corenet_sendrecv_http_client_packets(webbrowser_plugin_t)
>> +corenet_tcp_connect_http_port(webbrowser_plugin_t)
>> +corenet_tcp_sendrecv_http_port(webbrowser_plugin_t)
>> +
>> +corenet_sendrecv_http_cache_client_packets(webbrowser_plugin_t)
>> +corenet_tcp_connect_http_cache_port(webbrowser_plugin_t)
>> +corenet_tcp_sendrecv_http_cache_port(webbrowser_plugin_t)
>> +
>> +corenet_sendrecv_ipp_client_packets(webbrowser_plugin_t)
>> +corenet_tcp_connect_ipp_port(webbrowser_plugin_t)
>> +corenet_tcp_sendrecv_ipp_port(webbrowser_plugin_t)
>> +
>> +corenet_sendrecv_ircd_client_packets(webbrowser_plugin_t)
>> +corenet_tcp_connect_ircd_port(webbrowser_plugin_t)
>> +corenet_tcp_sendrecv_ircd_port(webbrowser_plugin_t)
>> +
>> +corenet_sendrecv_jabber_client_client_packets(webbrowser_plugin_t)
>> +corenet_tcp_connect_jabber_client_port(webbrowser_plugin_t)
>> +corenet_tcp_sendrecv_jabber_client_port(webbrowser_plugin_t)
>> +
>> +corenet_sendrecv_mmcc_client_packets(webbrowser_plugin_t)
>> +corenet_tcp_connect_mmcc_port(webbrowser_plugin_t)
>> +corenet_tcp_sendrecv_mmcc_port(webbrowser_plugin_t)
>> +
>> +corenet_sendrecv_monopd_client_packets(webbrowser_plugin_t)
>> +corenet_tcp_connect_monopd_port(webbrowser_plugin_t)
>> +corenet_tcp_sendrecv_monopd_port(webbrowser_plugin_t)
>> +
>> +corenet_sendrecv_soundd_client_packets(webbrowser_plugin_t)
>> +corenet_tcp_connect_soundd_port(webbrowser_plugin_t)
>> +corenet_tcp_sendrecv_soundd_port(webbrowser_plugin_t)
>> +
>> +corenet_sendrecv_speech_client_packets(webbrowser_plugin_t)
>> +corenet_tcp_connect_speech_port(webbrowser_plugin_t)
>> +corenet_tcp_sendrecv_speech_port(webbrowser_plugin_t)
>> +
>> +corenet_sendrecv_squid_client_packets(webbrowser_plugin_t)
>> +corenet_tcp_connect_squid_port(webbrowser_plugin_t)
>> +corenet_tcp_sendrecv_squid_port(webbrowser_plugin_t)
>> +
>> +corenet_sendrecv_vnc_client_packets(webbrowser_plugin_t)
>> +corenet_tcp_connect_vnc_port(webbrowser_plugin_t)
>> +corenet_tcp_sendrecv_vnc_port(webbrowser_plugin_t)
>> +
>> +dev_read_generic_usb_dev(webbrowser_plugin_t)
>> +dev_read_rand(webbrowser_plugin_t)
>> +dev_read_realtime_clock(webbrowser_plugin_t)
>> +dev_read_sound(webbrowser_plugin_t)
>> +dev_read_sysfs(webbrowser_plugin_t)
>> +dev_read_urand(webbrowser_plugin_t)
>> +dev_read_video_dev(webbrowser_plugin_t)
>> +dev_write_sound(webbrowser_plugin_t)
>> +dev_write_video_dev(webbrowser_plugin_t)
>> +dev_rw_dri(webbrowser_plugin_t)
>> +dev_rw_xserver_misc(webbrowser_plugin_t)
>> +
>> +dev_dontaudit_getattr_generic_files(webbrowser_plugin_t)
>> +dev_dontaudit_getattr_generic_pipes(webbrowser_plugin_t)
>> +dev_dontaudit_getattr_all_blk_files(webbrowser_plugin_t)
>> +dev_dontaudit_getattr_all_chr_files(webbrowser_plugin_t)
>> +
>> +domain_use_interactive_fds(webbrowser_plugin_t)
>> +domain_dontaudit_read_all_domains_state(webbrowser_plugin_t)
>> +
>> +files_exec_usr_files(webbrowser_plugin_t)
>> +files_list_mnt(webbrowser_plugin_t)
>> +files_read_config_files(webbrowser_plugin_t)
>> +files_read_usr_files(webbrowser_plugin_t)
>> +files_map_usr_files(webbrowser_plugin_t)
>> +
>> +fs_getattr_all_fs(webbrowser_plugin_t)
>> +# fs_read_hugetlbfs_files(webbrowser_plugin_t)
>> +fs_search_auto_mountpoints(webbrowser_plugin_t)
>> +
>> +term_getattr_all_ttys(webbrowser_plugin_t)
>> +term_getattr_all_ptys(webbrowser_plugin_t)
>> +
>> +application_exec(webbrowser_plugin_t)
>> +
>> +auth_use_nsswitch(webbrowser_plugin_t)
>> +
>> +libs_exec_ld_so(webbrowser_plugin_t)
>> +libs_exec_lib_files(webbrowser_plugin_t)
>> +
>> +logging_send_syslog_msg(webbrowser_plugin_t)
>> +
>> +miscfiles_read_localization(webbrowser_plugin_t)
>> +miscfiles_read_fonts(webbrowser_plugin_t)
>> +miscfiles_read_generic_certs(webbrowser_plugin_t)
>> +miscfiles_dontaudit_setattr_fonts_dirs(webbrowser_plugin_t)
>> +miscfiles_dontaudit_setattr_fonts_cache_dirs(webbrowser_plugin_t)
>> +
>> +userdom_manage_user_tmp_dirs(webbrowser_plugin_t)
>> +userdom_manage_user_tmp_files(webbrowser_plugin_t)
>> +userdom_map_user_tmp_files(webbrowser_plugin_t)
>>
>> -userdom_user_home_dir_filetrans_user_home_content(mozilla_plugin_t, { dir file })
>> +userdom_user_home_dir_filetrans_user_home_content(webbrowser_plugin_t, { dir file })
>>
>> -userdom_write_user_tmp_sockets(mozilla_plugin_t)
>> +userdom_write_user_tmp_sockets(webbrowser_plugin_t)
>>
>> -userdom_dontaudit_use_user_terminals(mozilla_plugin_t)
>> +userdom_dontaudit_use_user_terminals(webbrowser_plugin_t)
>>
>> -xdg_read_config_files(mozilla_plugin_t)
>> +xdg_read_config_files(webbrowser_plugin_t)
>>
>> ifndef(`enable_mls',`
>> - fs_list_dos(mozilla_plugin_t)
>> - fs_read_dos_files(mozilla_plugin_t)
>> + fs_list_dos(webbrowser_plugin_t)
>> + fs_read_dos_files(webbrowser_plugin_t)
>>
>> - fs_search_removable(mozilla_plugin_t)
>> - fs_read_removable_files(mozilla_plugin_t)
>> - fs_read_removable_symlinks(mozilla_plugin_t)
>> + fs_search_removable(webbrowser_plugin_t)
>> + fs_read_removable_files(webbrowser_plugin_t)
>> + fs_read_removable_symlinks(webbrowser_plugin_t)
>>
>> - fs_read_iso9660_files(mozilla_plugin_t)
>> + fs_read_iso9660_files(webbrowser_plugin_t)
>> ')
>>
>> tunable_policy(`allow_execmem',`
>> - allow mozilla_plugin_t self:process execmem;
>> + allow webbrowser_plugin_t self:process execmem;
>> ')
>>
>> -tunable_policy(`mozilla_execstack',`
>> - allow mozilla_plugin_t self:process { execmem execstack };
>> +tunable_policy(`webbrowser_execstack',`
>> + allow webbrowser_plugin_t self:process { execmem execstack };
>> ')
>>
>> tunable_policy(`use_nfs_home_dirs',`
>> - fs_manage_nfs_dirs(mozilla_plugin_t)
>> - fs_manage_nfs_files(mozilla_plugin_t)
>> - fs_manage_nfs_symlinks(mozilla_plugin_t)
>> + fs_manage_nfs_dirs(webbrowser_plugin_t)
>> + fs_manage_nfs_files(webbrowser_plugin_t)
>> + fs_manage_nfs_symlinks(webbrowser_plugin_t)
>> ')
>>
>> tunable_policy(`use_samba_home_dirs',`
>> - fs_manage_cifs_dirs(mozilla_plugin_t)
>> - fs_manage_cifs_files(mozilla_plugin_t)
>> - fs_manage_cifs_symlinks(mozilla_plugin_t)
>> + fs_manage_cifs_dirs(webbrowser_plugin_t)
>> + fs_manage_cifs_files(webbrowser_plugin_t)
>> + fs_manage_cifs_symlinks(webbrowser_plugin_t)
>> ')
>>
>> optional_policy(`
>> - alsa_read_config(mozilla_plugin_t)
>> - alsa_read_home_files(mozilla_plugin_t)
>> + alsa_read_config(webbrowser_plugin_t)
>> + alsa_read_home_files(webbrowser_plugin_t)
>> ')
>>
>> optional_policy(`
>> - automount_dontaudit_getattr_tmp_dirs(mozilla_plugin_t)
>> + automount_dontaudit_getattr_tmp_dirs(webbrowser_plugin_t)
>> ')
>>
>> optional_policy(`
>> - dbus_all_session_bus_client(mozilla_plugin_t)
>> - dbus_connect_all_session_bus(mozilla_plugin_t)
>> - dbus_system_bus_client(mozilla_plugin_t)
>> + dbus_all_session_bus_client(webbrowser_plugin_t)
>> + dbus_connect_all_session_bus(webbrowser_plugin_t)
>> + dbus_system_bus_client(webbrowser_plugin_t)
>> ')
>>
>> optional_policy(`
>> - gnome_manage_generic_home_content(mozilla_plugin_t)
>> - gnome_home_filetrans_gnome_home(mozilla_plugin_t, dir, ".gnome")
>> - gnome_home_filetrans_gnome_home(mozilla_plugin_t, dir, ".gnome2")
>> - gnome_home_filetrans_gnome_home(mozilla_plugin_t, dir, ".gnome2_private")
>> + gnome_manage_generic_home_content(webbrowser_plugin_t)
>> + gnome_home_filetrans_gnome_home(webbrowser_plugin_t, dir, ".gnome")
>> + gnome_home_filetrans_gnome_home(webbrowser_plugin_t, dir, ".gnome2")
>> + gnome_home_filetrans_gnome_home(webbrowser_plugin_t, dir, ".gnome2_private")
>> ')
>>
>> optional_policy(`
>> - java_exec(mozilla_plugin_t)
>> - java_manage_generic_home_content(mozilla_plugin_t)
>> - java_manage_java_tmp(mozilla_plugin_t)
>> - java_home_filetrans_java_home(mozilla_plugin_t, dir, ".java")
>> + java_exec(webbrowser_plugin_t)
>> + java_manage_generic_home_content(webbrowser_plugin_t)
>> + java_manage_java_tmp(webbrowser_plugin_t)
>> + java_home_filetrans_java_home(webbrowser_plugin_t, dir, ".java")
>> ')
>>
>> optional_policy(`
>> - lpd_run_lpr(mozilla_plugin_t, mozilla_plugin_roles)
>> + lpd_run_lpr(webbrowser_plugin_t, webbrowser_plugin_roles)
>> ')
>>
>> optional_policy(`
>> - mplayer_exec(mozilla_plugin_t)
>> - mplayer_manage_generic_home_content(mozilla_plugin_t)
>> - mplayer_home_filetrans_mplayer_home(mozilla_plugin_t, dir, ".mplayer")
>> + mplayer_exec(webbrowser_plugin_t)
>> + mplayer_manage_generic_home_content(webbrowser_plugin_t)
>> + mplayer_home_filetrans_mplayer_home(webbrowser_plugin_t, dir, ".mplayer")
>> ')
>>
>> optional_policy(`
>> - pcscd_stream_connect(mozilla_plugin_t)
>> + pcscd_stream_connect(webbrowser_plugin_t)
>> ')
>>
>> optional_policy(`
>> - pulseaudio_run(mozilla_plugin_t, mozilla_plugin_roles)
>> + pulseaudio_run(webbrowser_plugin_t, webbrowser_plugin_roles)
>> ')
>>
>> optional_policy(`
>> - udev_read_db(mozilla_plugin_t)
>> + udev_read_db(webbrowser_plugin_t)
>> ')
>>
>> optional_policy(`
>> - xserver_read_user_xauth(mozilla_plugin_t)
>> - xserver_read_xdm_pid(mozilla_plugin_t)
>> - xserver_stream_connect(mozilla_plugin_t)
>> - xserver_use_user_fonts(mozilla_plugin_t)
>> - xserver_dontaudit_read_xdm_tmp_files(mozilla_plugin_t)
>> + xserver_read_user_xauth(webbrowser_plugin_t)
>> + xserver_read_xdm_pid(webbrowser_plugin_t)
>> + xserver_stream_connect(webbrowser_plugin_t)
>> + xserver_use_user_fonts(webbrowser_plugin_t)
>> + xserver_dontaudit_read_xdm_tmp_files(webbrowser_plugin_t)
>> ')
>>
>> ########################################
>> @@ -626,96 +637,96 @@ optional_policy(`
>> # Plugin config local policy
>> #
>>
>> -allow mozilla_plugin_config_t self:capability { dac_override dac_read_search setgid setuid sys_nice };
>> -allow mozilla_plugin_config_t self:process { setsched signal_perms getsched };
>> -allow mozilla_plugin_config_t self:fifo_file rw_fifo_file_perms;
>> -allow mozilla_plugin_config_t self:unix_stream_socket create_stream_socket_perms;
>> +allow webbrowser_plugin_config_t self:capability { dac_override dac_read_search setgid setuid sys_nice };
>> +allow webbrowser_plugin_config_t self:process { setsched signal_perms getsched };
>> +allow webbrowser_plugin_config_t self:fifo_file rw_fifo_file_perms;
>> +allow webbrowser_plugin_config_t self:unix_stream_socket create_stream_socket_perms;
>>
>> -allow mozilla_plugin_config_t mozilla_plugin_rw_t:dir manage_dir_perms;
>> -allow mozilla_plugin_config_t mozilla_plugin_rw_t:file manage_file_perms;
>> -allow mozilla_plugin_config_t mozilla_plugin_rw_t:lnk_file manage_lnk_file_perms;
>> +allow webbrowser_plugin_config_t webbrowser_plugin_rw_t:dir manage_dir_perms;
>> +allow webbrowser_plugin_config_t webbrowser_plugin_rw_t:file manage_file_perms;
>> +allow webbrowser_plugin_config_t webbrowser_plugin_rw_t:lnk_file manage_lnk_file_perms;
>>
>> -manage_dirs_pattern(mozilla_plugin_config_t, { mozilla_home_t mozilla_plugin_home_t }, { mozilla_home_t mozilla_plugin_home_t })
>> -manage_files_pattern(mozilla_plugin_config_t, { mozilla_home_t mozilla_plugin_home_t }, mozilla_plugin_home_t)
>> -manage_lnk_files_pattern(mozilla_plugin_config_t, { mozilla_home_t mozilla_plugin_home_t }, mozilla_plugin_home_t)
>> +manage_dirs_pattern(webbrowser_plugin_config_t, { webbrowser_home_t webbrowser_plugin_home_t }, { webbrowser_home_t webbrowser_plugin_home_t })
>> +manage_files_pattern(webbrowser_plugin_config_t, { webbrowser_home_t webbrowser_plugin_home_t }, webbrowser_plugin_home_t)
>> +manage_lnk_files_pattern(webbrowser_plugin_config_t, { webbrowser_home_t webbrowser_plugin_home_t }, webbrowser_plugin_home_t)
>>
>> -userdom_user_home_dir_filetrans(mozilla_plugin_config_t, mozilla_home_t, dir, ".galeon")
>> -userdom_user_home_dir_filetrans(mozilla_plugin_config_t, mozilla_home_t, dir, ".mozilla")
>> -userdom_user_home_dir_filetrans(mozilla_plugin_config_t, mozilla_home_t, dir, ".netscape")
>> -userdom_user_home_dir_filetrans(mozilla_plugin_config_t, mozilla_home_t, dir, ".phoenix")
>> +userdom_user_home_dir_filetrans(webbrowser_plugin_config_t, webbrowser_home_t, dir, ".galeon")
>> +userdom_user_home_dir_filetrans(webbrowser_plugin_config_t, webbrowser_home_t, dir, ".mozilla")
>> +userdom_user_home_dir_filetrans(webbrowser_plugin_config_t, webbrowser_home_t, dir, ".netscape")
>> +userdom_user_home_dir_filetrans(webbrowser_plugin_config_t, webbrowser_home_t, dir, ".phoenix")
>>
>> -userdom_user_home_dir_filetrans(mozilla_plugin_config_t, mozilla_plugin_home_t, dir, ".adobe")
>> -userdom_user_home_dir_filetrans(mozilla_plugin_config_t, mozilla_plugin_home_t, dir, ".macromedia")
>> -userdom_user_home_dir_filetrans(mozilla_plugin_config_t, mozilla_plugin_home_t, dir, ".gnash")
>> -userdom_user_home_dir_filetrans(mozilla_plugin_config_t, mozilla_plugin_home_t, dir, ".gcjwebplugin")
>> -userdom_user_home_dir_filetrans(mozilla_plugin_config_t, mozilla_plugin_home_t, dir, ".icedteaplugin")
>> -userdom_user_home_dir_filetrans(mozilla_plugin_config_t, mozilla_plugin_home_t, dir, ".spicec")
>> -userdom_user_home_dir_filetrans(mozilla_plugin_config_t, mozilla_plugin_home_t, dir, ".ICAClient")
>> -userdom_user_home_dir_filetrans(mozilla_plugin_config_t, mozilla_plugin_home_t, dir, "zimbrauserdata")
>> +userdom_user_home_dir_filetrans(webbrowser_plugin_config_t, webbrowser_plugin_home_t, dir, ".adobe")
>> +userdom_user_home_dir_filetrans(webbrowser_plugin_config_t, webbrowser_plugin_home_t, dir, ".macromedia")
>> +userdom_user_home_dir_filetrans(webbrowser_plugin_config_t, webbrowser_plugin_home_t, dir, ".gnash")
>> +userdom_user_home_dir_filetrans(webbrowser_plugin_config_t, webbrowser_plugin_home_t, dir, ".gcjwebplugin")
>> +userdom_user_home_dir_filetrans(webbrowser_plugin_config_t, webbrowser_plugin_home_t, dir, ".icedteaplugin")
>> +userdom_user_home_dir_filetrans(webbrowser_plugin_config_t, webbrowser_plugin_home_t, dir, ".spicec")
>> +userdom_user_home_dir_filetrans(webbrowser_plugin_config_t, webbrowser_plugin_home_t, dir, ".ICAClient")
>> +userdom_user_home_dir_filetrans(webbrowser_plugin_config_t, webbrowser_plugin_home_t, dir, "zimbrauserdata")
>>
>> -filetrans_pattern(mozilla_plugin_config_t, mozilla_home_t, mozilla_plugin_home_t, dir, "plugins")
>> +filetrans_pattern(webbrowser_plugin_config_t, webbrowser_home_t, webbrowser_plugin_home_t, dir, "plugins")
>>
>> -can_exec(mozilla_plugin_config_t, { mozilla_plugin_rw_t mozilla_plugin_home_t })
>> +can_exec(webbrowser_plugin_config_t, { webbrowser_plugin_rw_t webbrowser_plugin_home_t })
>>
>> -ps_process_pattern(mozilla_plugin_config_t, mozilla_plugin_t)
>> +ps_process_pattern(webbrowser_plugin_config_t, webbrowser_plugin_t)
>>
>> -kernel_read_system_state(mozilla_plugin_config_t)
>> -kernel_request_load_module(mozilla_plugin_config_t)
>> +kernel_read_system_state(webbrowser_plugin_config_t)
>> +kernel_request_load_module(webbrowser_plugin_config_t)
>>
>> -corecmd_exec_bin(mozilla_plugin_config_t)
>> -corecmd_exec_shell(mozilla_plugin_config_t)
>> +corecmd_exec_bin(webbrowser_plugin_config_t)
>> +corecmd_exec_shell(webbrowser_plugin_config_t)
>>
>> -dev_read_urand(mozilla_plugin_config_t)
>> -dev_rw_dri(mozilla_plugin_config_t)
>> -dev_search_sysfs(mozilla_plugin_config_t)
>> -dev_dontaudit_read_rand(mozilla_plugin_config_t)
>> +dev_read_urand(webbrowser_plugin_config_t)
>> +dev_rw_dri(webbrowser_plugin_config_t)
>> +dev_search_sysfs(webbrowser_plugin_config_t)
>> +dev_dontaudit_read_rand(webbrowser_plugin_config_t)
>>
>> -domain_use_interactive_fds(mozilla_plugin_config_t)
>> +domain_use_interactive_fds(webbrowser_plugin_config_t)
>>
>> -files_list_tmp(mozilla_plugin_config_t)
>> -files_read_usr_files(mozilla_plugin_config_t)
>> -files_dontaudit_search_home(mozilla_plugin_config_t)
>> +files_list_tmp(webbrowser_plugin_config_t)
>> +files_read_usr_files(webbrowser_plugin_config_t)
>> +files_dontaudit_search_home(webbrowser_plugin_config_t)
>>
>> -fs_getattr_all_fs(mozilla_plugin_config_t)
>> -fs_search_auto_mountpoints(mozilla_plugin_config_t)
>> -fs_list_inotifyfs(mozilla_plugin_config_t)
>> +fs_getattr_all_fs(webbrowser_plugin_config_t)
>> +fs_search_auto_mountpoints(webbrowser_plugin_config_t)
>> +fs_list_inotifyfs(webbrowser_plugin_config_t)
>>
>> -auth_use_nsswitch(mozilla_plugin_config_t)
>> +auth_use_nsswitch(webbrowser_plugin_config_t)
>>
>> -miscfiles_read_localization(mozilla_plugin_config_t)
>> -miscfiles_read_fonts(mozilla_plugin_config_t)
>> +miscfiles_read_localization(webbrowser_plugin_config_t)
>> +miscfiles_read_fonts(webbrowser_plugin_config_t)
>>
>> -userdom_read_user_home_content_symlinks(mozilla_plugin_config_t)
>> -userdom_read_user_home_content_files(mozilla_plugin_config_t)
>> +userdom_read_user_home_content_symlinks(webbrowser_plugin_config_t)
>> +userdom_read_user_home_content_files(webbrowser_plugin_config_t)
>>
>> -userdom_use_user_ptys(mozilla_plugin_config_t)
>> +userdom_use_user_ptys(webbrowser_plugin_config_t)
>>
>> -mozilla_run_plugin(mozilla_plugin_config_t, mozilla_plugin_config_roles)
>> +webbrowser_run_plugin(webbrowser_plugin_config_t, webbrowser_plugin_config_roles)
>>
>> tunable_policy(`allow_execmem',`
>> - allow mozilla_plugin_config_t self:process execmem;
>> + allow webbrowser_plugin_config_t self:process execmem;
>> ')
>>
>> -tunable_policy(`mozilla_execstack',`
>> - allow mozilla_plugin_config_t self:process { execmem execstack };
>> +tunable_policy(`webbrowser_execstack',`
>> + allow webbrowser_plugin_config_t self:process { execmem execstack };
>> ')
>>
>> tunable_policy(`use_nfs_home_dirs',`
>> - fs_manage_nfs_dirs(mozilla_plugin_config_t)
>> - fs_manage_nfs_files(mozilla_plugin_config_t)
>> - fs_manage_nfs_symlinks(mozilla_plugin_config_t)
>> + fs_manage_nfs_dirs(webbrowser_plugin_config_t)
>> + fs_manage_nfs_files(webbrowser_plugin_config_t)
>> + fs_manage_nfs_symlinks(webbrowser_plugin_config_t)
>> ')
>>
>> tunable_policy(`use_samba_home_dirs',`
>> - fs_manage_cifs_dirs(mozilla_plugin_config_t)
>> - fs_manage_cifs_files(mozilla_plugin_config_t)
>> - fs_manage_cifs_symlinks(mozilla_plugin_config_t)
>> + fs_manage_cifs_dirs(webbrowser_plugin_config_t)
>> + fs_manage_cifs_files(webbrowser_plugin_config_t)
>> + fs_manage_cifs_symlinks(webbrowser_plugin_config_t)
>> ')
>>
>> optional_policy(`
>> - automount_dontaudit_getattr_tmp_dirs(mozilla_plugin_config_t)
>> + automount_dontaudit_getattr_tmp_dirs(webbrowser_plugin_config_t)
>> ')
>>
>> optional_policy(`
>> - xserver_use_user_fonts(mozilla_plugin_config_t)
>> + xserver_use_user_fonts(webbrowser_plugin_config_t)
>> ')
>> Index: refpolicy-2.20180701/policy/modules/apps/mozilla.fc
>> ===================================================================
>> --- refpolicy-2.20180701.orig/policy/modules/apps/mozilla.fc
>> +++ refpolicy-2.20180701/policy/modules/apps/mozilla.fc
>> @@ -1,42 +1,42 @@
>> -HOME_DIR/\.cache/mozilla(/.*)? gen_context(system_u:object_r:mozilla_xdg_cache_t,s0)
>> -HOME_DIR/\.galeon(/.*)? gen_context(system_u:object_r:mozilla_home_t,s0)
>> -HOME_DIR/\.mozilla(/.*)? gen_context(system_u:object_r:mozilla_home_t,s0)
>> -HOME_DIR/\.mozilla/plugins(/.*)? gen_context(system_u:object_r:mozilla_plugin_home_t,s0)
>> -HOME_DIR/\.netscape(/.*)? gen_context(system_u:object_r:mozilla_home_t,s0)
>> -HOME_DIR/\.phoenix(/.*)? gen_context(system_u:object_r:mozilla_home_t,s0)
>> -HOME_DIR/\.vimperator.* gen_context(system_u:object_r:mozilla_home_t,s0)
>> +HOME_DIR/\.cache/mozilla(/.*)? gen_context(system_u:object_r:webbrowser_xdg_cache_t,s0)
>> +HOME_DIR/\.galeon(/.*)? gen_context(system_u:object_r:webbrowser_home_t,s0)
>> +HOME_DIR/\.mozilla(/.*)? gen_context(system_u:object_r:webbrowser_home_t,s0)
>> +HOME_DIR/\.mozilla/plugins(/.*)? gen_context(system_u:object_r:webbrowser_plugin_home_t,s0)
>> +HOME_DIR/\.netscape(/.*)? gen_context(system_u:object_r:webbrowser_home_t,s0)
>> +HOME_DIR/\.phoenix(/.*)? gen_context(system_u:object_r:webbrowser_home_t,s0)
>> +HOME_DIR/\.vimperator.* gen_context(system_u:object_r:webbrowser_home_t,s0)
>>
>> -HOME_DIR/\.adobe(/.*)? gen_context(system_u:object_r:mozilla_plugin_home_t,s0)
>> -HOME_DIR/\.macromedia(/.*)? gen_context(system_u:object_r:mozilla_plugin_home_t,s0)
>> -HOME_DIR/\.gnash(/.*)? gen_context(system_u:object_r:mozilla_plugin_home_t,s0)
>> -HOME_DIR/\.gcjwebplugin(/.*)? gen_context(system_u:object_r:mozilla_plugin_home_t,s0)
>> -HOME_DIR/\.icedteaplugin(/.*)? gen_context(system_u:object_r:mozilla_plugin_home_t,s0)
>> -HOME_DIR/\.spicec(/.*)? gen_context(system_u:object_r:mozilla_plugin_home_t,s0)
>> -HOME_DIR/\.ICAClient(/.*)? gen_context(system_u:object_r:mozilla_plugin_home_t,s0)
>> -HOME_DIR/zimbrauserdata(/.*)? gen_context(system_u:object_r:mozilla_plugin_home_t,s0)
>> +HOME_DIR/\.adobe(/.*)? gen_context(system_u:object_r:webbrowser_plugin_home_t,s0)
>> +HOME_DIR/\.macromedia(/.*)? gen_context(system_u:object_r:webbrowser_plugin_home_t,s0)
>> +HOME_DIR/\.gnash(/.*)? gen_context(system_u:object_r:webbrowser_plugin_home_t,s0)
>> +HOME_DIR/\.gcjwebplugin(/.*)? gen_context(system_u:object_r:webbrowser_plugin_home_t,s0)
>> +HOME_DIR/\.icedteaplugin(/.*)? gen_context(system_u:object_r:webbrowser_plugin_home_t,s0)
>> +HOME_DIR/\.spicec(/.*)? gen_context(system_u:object_r:webbrowser_plugin_home_t,s0)
>> +HOME_DIR/\.ICAClient(/.*)? gen_context(system_u:object_r:webbrowser_plugin_home_t,s0)
>> +HOME_DIR/zimbrauserdata(/.*)? gen_context(system_u:object_r:webbrowser_plugin_home_t,s0)
>>
>> -/usr/bin/epiphany -- gen_context(system_u:object_r:mozilla_exec_t,s0)
>> -/usr/bin/epiphany-bin -- gen_context(system_u:object_r:mozilla_exec_t,s0)
>> -/usr/bin/mozilla -- gen_context(system_u:object_r:mozilla_exec_t,s0)
>> -/usr/bin/mozilla-snapshot -- gen_context(system_u:object_r:mozilla_exec_t,s0)
>> -/usr/bin/mozilla-[0-9].* -- gen_context(system_u:object_r:mozilla_exec_t,s0)
>> -/usr/bin/mozilla-bin-[0-9].* -- gen_context(system_u:object_r:mozilla_exec_t,s0)
>> -/usr/bin/netscape -- gen_context(system_u:object_r:mozilla_exec_t,s0)
>> -/usr/bin/nspluginscan -- gen_context(system_u:object_r:mozilla_plugin_exec_t,s0)
>> -/usr/bin/nspluginviewer -- gen_context(system_u:object_r:mozilla_plugin_exec_t,s0)
>> +/usr/bin/epiphany -- gen_context(system_u:object_r:webbrowser_exec_t,s0)
>> +/usr/bin/epiphany-bin -- gen_context(system_u:object_r:webbrowser_exec_t,s0)
>> +/usr/bin/mozilla -- gen_context(system_u:object_r:webbrowser_exec_t,s0)
>> +/usr/bin/mozilla-snapshot -- gen_context(system_u:object_r:webbrowser_exec_t,s0)
>> +/usr/bin/mozilla-[0-9].* -- gen_context(system_u:object_r:webbrowser_exec_t,s0)
>> +/usr/bin/mozilla-bin-[0-9].* -- gen_context(system_u:object_r:webbrowser_exec_t,s0)
>> +/usr/bin/netscape -- gen_context(system_u:object_r:webbrowser_exec_t,s0)
>> +/usr/bin/nspluginscan -- gen_context(system_u:object_r:webbrowser_plugin_exec_t,s0)
>> +/usr/bin/nspluginviewer -- gen_context(system_u:object_r:webbrowser_plugin_exec_t,s0)
>>
>> -/usr/lib/[^/]*firefox[^/]*/firefox -- gen_context(system_u:object_r:mozilla_exec_t,s0)
>> -/usr/lib/[^/]*firefox[^/]*/firefox-bin -- gen_context(system_u:object_r:mozilla_exec_t,s0)
>> -/usr/lib/firefox[^/]*/firefox-.* -- gen_context(system_u:object_r:mozilla_exec_t,s0)
>> -/usr/lib/firefox[^/]*/mozilla-.* -- gen_context(system_u:object_r:mozilla_exec_t,s0)
>> -/usr/lib/galeon/galeon -- gen_context(system_u:object_r:mozilla_exec_t,s0)
>> -/usr/lib/iceweasel/iceweasel -- gen_context(system_u:object_r:mozilla_exec_t,s0)
>> -/usr/lib/iceweasel/plugin-container -- gen_context(system_u:object_r:mozilla_plugin_exec_t,s0)
>> -/usr/lib/mozilla[^/]*/reg.+ -- gen_context(system_u:object_r:mozilla_exec_t,s0)
>> -/usr/lib/mozilla[^/]*/mozilla-.* -- gen_context(system_u:object_r:mozilla_exec_t,s0)
>> -/usr/lib/mozilla/plugins-wrapped(/.*)? gen_context(system_u:object_r:mozilla_plugin_rw_t,s0)
>> -/usr/lib/netscape/base-4/wrapper -- gen_context(system_u:object_r:mozilla_exec_t,s0)
>> -/usr/lib/netscape/.+/communicator/communicator-smotif\.real -- gen_context(system_u:object_r:mozilla_exec_t,s0)
>> -/usr/lib/nspluginwrapper/npviewer.bin -- gen_context(system_u:object_r:mozilla_plugin_exec_t,s0)
>> -/usr/lib/nspluginwrapper/plugin-config -- gen_context(system_u:object_r:mozilla_plugin_config_exec_t,s0)
>> -/usr/lib/xulrunner[^/]*/plugin-container -- gen_context(system_u:object_r:mozilla_plugin_exec_t,s0)
>> +/usr/lib/[^/]*firefox[^/]*/firefox -- gen_context(system_u:object_r:webbrowser_exec_t,s0)
>> +/usr/lib/[^/]*firefox[^/]*/firefox-bin -- gen_context(system_u:object_r:webbrowser_exec_t,s0)
>> +/usr/lib/firefox[^/]*/firefox-.* -- gen_context(system_u:object_r:webbrowser_exec_t,s0)
>> +/usr/lib/firefox[^/]*/mozilla-.* -- gen_context(system_u:object_r:webbrowser_exec_t,s0)
>> +/usr/lib/galeon/galeon -- gen_context(system_u:object_r:webbrowser_exec_t,s0)
>> +/usr/lib/iceweasel/iceweasel -- gen_context(system_u:object_r:webbrowser_exec_t,s0)
>> +/usr/lib/iceweasel/plugin-container -- gen_context(system_u:object_r:webbrowser_plugin_exec_t,s0)
>> +/usr/lib/mozilla[^/]*/reg.+ -- gen_context(system_u:object_r:webbrowser_exec_t,s0)
>> +/usr/lib/mozilla[^/]*/mozilla-.* -- gen_context(system_u:object_r:webbrowser_exec_t,s0)
>> +/usr/lib/mozilla/plugins-wrapped(/.*)? gen_context(system_u:object_r:webbrowser_plugin_rw_t,s0)
>> +/usr/lib/netscape/base-4/wrapper -- gen_context(system_u:object_r:webbrowser_exec_t,s0)
>> +/usr/lib/netscape/.+/communicator/communicator-smotif\.real -- gen_context(system_u:object_r:webbrowser_exec_t,s0)
>> +/usr/lib/nspluginwrapper/npviewer.bin -- gen_context(system_u:object_r:webbrowser_plugin_exec_t,s0)
>> +/usr/lib/nspluginwrapper/plugin-config -- gen_context(system_u:object_r:webbrowser_plugin_config_exec_t,s0)
>> +/usr/lib/xulrunner[^/]*/plugin-container -- gen_context(system_u:object_r:webbrowser_plugin_exec_t,s0)
>> Index: refpolicy-2.20180701/policy/modules/apps/mozilla.if
>> ===================================================================
>> --- refpolicy-2.20180701.orig/policy/modules/apps/mozilla.if
>> +++ refpolicy-2.20180701/policy/modules/apps/mozilla.if
>> @@ -2,7 +2,7 @@
>>
>> ########################################
>> ## <summary>
>> -## Role access for mozilla.
>> +## Role access for graphical web browser.
>> ## </summary>
>> ## <param name="role">
>> ## <summary>
>> @@ -15,12 +15,12 @@
>> ## </summary>
>> ## </param>
>> #
>> -interface(`mozilla_role',`
>> +interface(`webbrowser_role',`
>> gen_require(`
>> - type mozilla_t, mozilla_exec_t, mozilla_home_t;
>> - type mozilla_tmp_t, mozilla_tmpfs_t, mozilla_plugin_tmp_t;
>> - type mozilla_plugin_tmpfs_t, mozilla_plugin_home_t;
>> - attribute_role mozilla_roles;
>> + type webbrowser_t, webbrowser_exec_t, webbrowser_home_t;
>> + type webbrowser_tmp_t, webbrowser_tmpfs_t, webbrowser_plugin_tmp_t;
>> + type webbrowser_plugin_tmpfs_t, webbrowser_plugin_home_t;
>> + attribute_role webbrowser_roles;
>> ')
>>
>> ########################################
>> @@ -28,53 +28,53 @@ interface(`mozilla_role',`
>> # Declarations
>> #
>>
>> - roleattribute $1 mozilla_roles;
>> + roleattribute $1 webbrowser_roles;
>>
>> ########################################
>> #
>> # Policy
>> #
>>
>> - domtrans_pattern($2, mozilla_exec_t, mozilla_t)
>> + domtrans_pattern($2, webbrowser_exec_t, webbrowser_t)
>>
>> - allow $2 mozilla_t:process { noatsecure siginh rlimitinh ptrace signal_perms };
>> - ps_process_pattern($2, mozilla_t)
>> + allow $2 webbrowser_t:process { noatsecure siginh rlimitinh ptrace signal_perms };
>> + ps_process_pattern($2, webbrowser_t)
>>
>> - allow mozilla_t $2:process signull;
>> - allow mozilla_t $2:unix_stream_socket connectto;
>> + allow webbrowser_t $2:process signull;
>> + allow webbrowser_t $2:unix_stream_socket connectto;
>>
>> - allow $2 mozilla_t:fd use;
>> - allow $2 mozilla_t:shm rw_shm_perms;
>> + allow $2 webbrowser_t:fd use;
>> + allow $2 webbrowser_t:shm rw_shm_perms;
>>
>> - stream_connect_pattern($2, mozilla_tmpfs_t, mozilla_tmpfs_t, mozilla_t)
>> + stream_connect_pattern($2, webbrowser_tmpfs_t, webbrowser_tmpfs_t, webbrowser_t)
>>
>> - allow $2 { mozilla_home_t mozilla_plugin_home_t }:dir { manage_dir_perms relabel_dir_perms };
>> - allow $2 { mozilla_home_t mozilla_plugin_home_t }:file { manage_file_perms relabel_file_perms };
>> - allow $2 mozilla_home_t:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms };
>> - userdom_user_home_dir_filetrans($2, mozilla_home_t, dir, ".galeon")
>> - userdom_user_home_dir_filetrans($2, mozilla_home_t, dir, ".mozilla")
>> - userdom_user_home_dir_filetrans($2, mozilla_home_t, dir, ".netscape")
>> - userdom_user_home_dir_filetrans($2, mozilla_home_t, dir, ".phoenix")
>> + allow $2 { webbrowser_home_t webbrowser_plugin_home_t }:dir { manage_dir_perms relabel_dir_perms };
>> + allow $2 { webbrowser_home_t webbrowser_plugin_home_t }:file { manage_file_perms relabel_file_perms };
>> + allow $2 webbrowser_home_t:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms };
>> + userdom_user_home_dir_filetrans($2, webbrowser_home_t, dir, ".galeon")
>> + userdom_user_home_dir_filetrans($2, webbrowser_home_t, dir, ".mozilla")
>> + userdom_user_home_dir_filetrans($2, webbrowser_home_t, dir, ".netscape")
>> + userdom_user_home_dir_filetrans($2, webbrowser_home_t, dir, ".phoenix")
>>
>> - filetrans_pattern($2, mozilla_home_t, mozilla_plugin_home_t, dir, "plugins")
>> + filetrans_pattern($2, webbrowser_home_t, webbrowser_plugin_home_t, dir, "plugins")
>>
>> - allow $2 { mozilla_tmp_t mozilla_plugin_tmp_t }:dir { manage_dir_perms relabel_dir_perms };
>> - allow $2 { mozilla_tmp_t mozilla_plugin_tmp_t }:file { manage_file_perms relabel_file_perms };
>> - allow $2 mozilla_plugin_tmp_t:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms };
>> + allow $2 { webbrowser_tmp_t webbrowser_plugin_tmp_t }:dir { manage_dir_perms relabel_dir_perms };
>> + allow $2 { webbrowser_tmp_t webbrowser_plugin_tmp_t }:file { manage_file_perms relabel_file_perms };
>> + allow $2 webbrowser_plugin_tmp_t:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms };
>>
>> - allow $2 { mozilla_tmpfs_t mozilla_plugin_tmpfs_t }:dir { manage_dir_perms relabel_dir_perms };
>> - allow $2 { mozilla_tmpfs_t mozilla_plugin_tmpfs_t }:file { manage_file_perms relabel_file_perms };
>> - allow $2 { mozilla_tmpfs_t mozilla_plugin_tmpfs_t }:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms };
>> - allow $2 { mozilla_tmpfs_t mozilla_plugin_tmpfs_t }:sock_file { manage_sock_file_perms relabel_sock_file_perms };
>> + allow $2 { webbrowser_tmpfs_t webbrowser_plugin_tmpfs_t }:dir { manage_dir_perms relabel_dir_perms };
>> + allow $2 { webbrowser_tmpfs_t webbrowser_plugin_tmpfs_t }:file { manage_file_perms relabel_file_perms };
>> + allow $2 { webbrowser_tmpfs_t webbrowser_plugin_tmpfs_t }:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms };
>> + allow $2 { webbrowser_tmpfs_t webbrowser_plugin_tmpfs_t }:sock_file { manage_sock_file_perms relabel_sock_file_perms };
>>
>> optional_policy(`
>> - mozilla_dbus_chat($2)
>> + webbrowser_dbus_chat($2)
>> ')
>> ')
>>
>> ########################################
>> ## <summary>
>> -## Role access for mozilla plugin.
>> +## Role access for web browser plugin.
>> ## </summary>
>> ## <param name="role">
>> ## <summary>
>> @@ -87,60 +87,60 @@ interface(`mozilla_role',`
>> ## </summary>
>> ## </param>
>> #
>> -interface(`mozilla_role_plugin',`
>> +interface(`webbrowser_role_plugin',`
>> gen_require(`
>> - type mozilla_plugin_tmp_t, mozilla_plugin_tmpfs_t, mozilla_plugin_rw_t;
>> - type mozilla_home_t;
>> + type webbrowser_plugin_tmp_t, webbrowser_plugin_tmpfs_t, webbrowser_plugin_rw_t;
>> + type webbrowser_home_t;
>> ')
>>
>> - mozilla_run_plugin($2, $1)
>> - mozilla_run_plugin_config($2, $1)
>> + webbrowser_run_plugin($2, $1)
>> + webbrowser_run_plugin_config($2, $1)
>>
>> - allow $2 { mozilla_plugin_t mozilla_plugin_config_t }:process { ptrace signal_perms };
>> - ps_process_pattern($2, { mozilla_plugin_t mozilla_plugin_config_t })
>> + allow $2 { webbrowser_plugin_t webbrowser_plugin_config_t }:process { ptrace signal_perms };
>> + ps_process_pattern($2, { webbrowser_plugin_t webbrowser_plugin_config_t })
>>
>> - allow $2 mozilla_plugin_t:unix_stream_socket rw_socket_perms;
>> - allow $2 mozilla_plugin_t:fd use;
>> + allow $2 webbrowser_plugin_t:unix_stream_socket rw_socket_perms;
>> + allow $2 webbrowser_plugin_t:fd use;
>>
>> - stream_connect_pattern($2, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t, mozilla_plugin_t)
>> + stream_connect_pattern($2, webbrowser_plugin_tmpfs_t, webbrowser_plugin_tmpfs_t, webbrowser_plugin_t)
>>
>> - allow mozilla_plugin_t $2:process signull;
>> - allow mozilla_plugin_t $2:unix_stream_socket { connectto rw_socket_perms };
>> - allow mozilla_plugin_t $2:unix_dgram_socket { sendto rw_socket_perms };
>> - allow mozilla_plugin_t $2:shm { rw_shm_perms destroy };
>> - allow mozilla_plugin_t $2:sem create_sem_perms;
>> + allow webbrowser_plugin_t $2:process signull;
>> + allow webbrowser_plugin_t $2:unix_stream_socket { connectto rw_socket_perms };
>> + allow webbrowser_plugin_t $2:unix_dgram_socket { sendto rw_socket_perms };
>> + allow webbrowser_plugin_t $2:shm { rw_shm_perms destroy };
>> + allow webbrowser_plugin_t $2:sem create_sem_perms;
>>
>> - allow $2 mozilla_home_t:dir { manage_dir_perms relabel_dir_perms };
>> - allow $2 mozilla_home_t:file { manage_file_perms relabel_file_perms };
>> - allow $2 mozilla_home_t:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms };
>> - userdom_user_home_dir_filetrans($2, mozilla_home_t, dir, ".galeon")
>> - userdom_user_home_dir_filetrans($2, mozilla_home_t, dir, ".mozilla")
>> - userdom_user_home_dir_filetrans($2, mozilla_home_t, dir, ".netscape")
>> - userdom_user_home_dir_filetrans($2, mozilla_home_t, dir, ".phoenix")
>> + allow $2 webbrowser_home_t:dir { manage_dir_perms relabel_dir_perms };
>> + allow $2 webbrowser_home_t:file { manage_file_perms relabel_file_perms };
>> + allow $2 webbrowser_home_t:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms };
>> + userdom_user_home_dir_filetrans($2, webbrowser_home_t, dir, ".galeon")
>> + userdom_user_home_dir_filetrans($2, webbrowser_home_t, dir, ".mozilla")
>> + userdom_user_home_dir_filetrans($2, webbrowser_home_t, dir, ".netscape")
>> + userdom_user_home_dir_filetrans($2, webbrowser_home_t, dir, ".phoenix")
>>
>> - allow $2 mozilla_plugin_tmp_t:dir { manage_dir_perms relabel_dir_perms };
>> - allow $2 mozilla_plugin_tmp_t:file { manage_file_perms relabel_file_perms };
>> - allow $2 mozilla_plugin_tmp_t:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms };
>> + allow $2 webbrowser_plugin_tmp_t:dir { manage_dir_perms relabel_dir_perms };
>> + allow $2 webbrowser_plugin_tmp_t:file { manage_file_perms relabel_file_perms };
>> + allow $2 webbrowser_plugin_tmp_t:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms };
>>
>> - allow $2 mozilla_plugin_tmpfs_t:dir { manage_dir_perms relabel_dir_perms };
>> - allow $2 mozilla_plugin_tmpfs_t:file { manage_file_perms relabel_file_perms };
>> - allow $2 mozilla_plugin_tmpfs_t:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms };
>> - allow $2 mozilla_plugin_tmpfs_t:sock_file { manage_sock_file_perms relabel_sock_file_perms };
>> + allow $2 webbrowser_plugin_tmpfs_t:dir { manage_dir_perms relabel_dir_perms };
>> + allow $2 webbrowser_plugin_tmpfs_t:file { manage_file_perms relabel_file_perms };
>> + allow $2 webbrowser_plugin_tmpfs_t:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms };
>> + allow $2 webbrowser_plugin_tmpfs_t:sock_file { manage_sock_file_perms relabel_sock_file_perms };
>>
>> - allow $2 mozilla_plugin_rw_t:dir list_dir_perms;
>> - allow $2 mozilla_plugin_rw_t:file read_file_perms;
>> - allow $2 mozilla_plugin_rw_t:lnk_file read_lnk_file_perms;
>> + allow $2 webbrowser_plugin_rw_t:dir list_dir_perms;
>> + allow $2 webbrowser_plugin_rw_t:file read_file_perms;
>> + allow $2 webbrowser_plugin_rw_t:lnk_file read_lnk_file_perms;
>>
>> - can_exec($2, mozilla_plugin_rw_t)
>> + can_exec($2, webbrowser_plugin_rw_t)
>>
>> optional_policy(`
>> - mozilla_dbus_chat_plugin($2)
>> + webbrowser_dbus_chat_plugin($2)
>> ')
>> ')
>>
>> ########################################
>> ## <summary>
>> -## Read mozilla home directory content.
>> +## Read web browser home directory content.
>> ## </summary>
>> ## <param name="domain">
>> ## <summary>
>> @@ -148,20 +148,20 @@ interface(`mozilla_role_plugin',`
>> ## </summary>
>> ## </param>
>> #
>> -interface(`mozilla_read_user_home_files',`
>> +interface(`webbrowser_read_user_home_files',`
>> gen_require(`
>> - type mozilla_home_t;
>> + type webbrowser_home_t;
>> ')
>>
>> userdom_search_user_home_dirs($1)
>> - allow $1 mozilla_home_t:dir list_dir_perms;
>> - allow $1 mozilla_home_t:file read_file_perms;
>> - allow $1 mozilla_home_t:lnk_file read_lnk_file_perms;
>> + allow $1 webbrowser_home_t:dir list_dir_perms;
>> + allow $1 webbrowser_home_t:file read_file_perms;
>> + allow $1 webbrowser_home_t:lnk_file read_lnk_file_perms;
>> ')
>>
>> ########################################
>> ## <summary>
>> -## Write mozilla home directory files.
>> +## Write web browser home directory files.
>> ## </summary>
>> ## <param name="domain">
>> ## <summary>
>> @@ -169,19 +169,19 @@ interface(`mozilla_read_user_home_files'
>> ## </summary>
>> ## </param>
>> #
>> -interface(`mozilla_write_user_home_files',`
>> +interface(`webbrowser_write_user_home_files',`
>> gen_require(`
>> - type mozilla_home_t;
>> + type webbrowser_home_t;
>> ')
>>
>> userdom_search_user_home_dirs($1)
>> - write_files_pattern($1, mozilla_home_t, mozilla_home_t)
>> + write_files_pattern($1, webbrowser_home_t, webbrowser_home_t)
>> ')
>>
>> ########################################
>> ## <summary>
>> ## Do not audit attempts to read and
>> -## write mozilla home directory files.
>> +## write web browser home directory files.
>> ## </summary>
>> ## <param name="domain">
>> ## <summary>
>> @@ -189,18 +189,18 @@ interface(`mozilla_write_user_home_files
>> ## </summary>
>> ## </param>
>> #
>> -interface(`mozilla_dontaudit_rw_user_home_files',`
>> +interface(`webbrowser_dontaudit_rw_user_home_files',`
>> gen_require(`
>> - type mozilla_home_t;
>> + type webbrowser_home_t;
>> ')
>>
>> - dontaudit $1 mozilla_home_t:file rw_file_perms;
>> + dontaudit $1 webbrowser_home_t:file rw_file_perms;
>> ')
>>
>> ########################################
>> ## <summary>
>> ## Do not audit attempt to Create,
>> -## read, write, and delete mozilla
>> +## read, write, and delete web browser
>> ## home directory content.
>> ## </summary>
>> ## <param name="domain">
>> @@ -209,19 +209,19 @@ interface(`mozilla_dontaudit_rw_user_hom
>> ## </summary>
>> ## </param>
>> #
>> -interface(`mozilla_dontaudit_manage_user_home_files',`
>> +interface(`webbrowser_dontaudit_manage_user_home_files',`
>> gen_require(`
>> - type mozilla_home_t;
>> + type webbrowser_home_t;
>> ')
>>
>> - dontaudit $1 mozilla_home_t:dir manage_dir_perms;
>> - dontaudit $1 mozilla_home_t:file manage_file_perms;
>> - dontaudit $1 mozilla_home_t:lnk_file manage_lnk_file_perms;
>> + dontaudit $1 webbrowser_home_t:dir manage_dir_perms;
>> + dontaudit $1 webbrowser_home_t:file manage_file_perms;
>> + dontaudit $1 webbrowser_home_t:lnk_file manage_lnk_file_perms;
>> ')
>>
>> ########################################
>> ## <summary>
>> -## Execute mozilla plugin home directory files.
>> +## Execute web browser plugin home directory files.
>> ## </summary>
>> ## <param name="domain">
>> ## <summary>
>> @@ -229,13 +229,13 @@ interface(`mozilla_dontaudit_manage_user
>> ## </summary>
>> ## </param>
>> #
>> -interface(`mozilla_exec_user_plugin_home_files',`
>> +interface(`webbrowser_exec_user_plugin_home_files',`
>> gen_require(`
>> - type mozilla_home_t, mozilla_plugin_home_t;
>> + type webbrowser_home_t, webbrowser_plugin_home_t;
>> ')
>>
>> userdom_search_user_home_dirs($1)
>> - exec_files_pattern($1, { mozilla_home_t mozilla_plugin_home_t }, mozilla_plugin_home_t)
>> + exec_files_pattern($1, { webbrowser_home_t webbrowser_plugin_home_t }, webbrowser_plugin_home_t)
>> ')
>>
>> ########################################
>> @@ -249,17 +249,17 @@ interface(`mozilla_exec_user_plugin_home
>> ## </summary>
>> ## </param>
>> #
>> -interface(`mozilla_execmod_user_plugin_home_files',`
>> +interface(`webbrowser_execmod_user_plugin_home_files',`
>> gen_require(`
>> - type mozilla_plugin_home_t;
>> + type webbrowser_plugin_home_t;
>> ')
>>
>> - allow $1 mozilla_plugin_home_t:file execmod;
>> + allow $1 webbrowser_plugin_home_t:file execmod;
>> ')
>>
>> #######################################
>> ## <summary>
>> -## Read temporary mozilla files.
>> +## Read temporary web browser files.
>> ## </summary>
>> ## <param name="domain">
>> ## <summary>
>> @@ -267,17 +267,17 @@ interface(`mozilla_execmod_user_plugin_h
>> ## </summary>
>> ## </param>
>> #
>> -interface(`mozilla_read_tmp_files',`
>> +interface(`webbrowser_read_tmp_files',`
>> gen_require(`
>> - type mozilla_tmp_t;
>> + type webbrowser_tmp_t;
>> ')
>>
>> - read_files_pattern($1, mozilla_tmp_t, mozilla_tmp_t)
>> + read_files_pattern($1, webbrowser_tmp_t, webbrowser_tmp_t)
>> ')
>>
>> ########################################
>> ## <summary>
>> -## Run mozilla in the mozilla domain.
>> +## Run web browser in the web browser domain.
>> ## </summary>
>> ## <param name="domain">
>> ## <summary>
>> @@ -285,19 +285,19 @@ interface(`mozilla_read_tmp_files',`
>> ## </summary>
>> ## </param>
>> #
>> -interface(`mozilla_domtrans',`
>> +interface(`webbrowser_domtrans',`
>> gen_require(`
>> - type mozilla_t, mozilla_exec_t;
>> + type webbrowser_t, webbrowser_exec_t;
>> ')
>>
>> corecmd_search_bin($1)
>> - domtrans_pattern($1, mozilla_exec_t, mozilla_t)
>> + domtrans_pattern($1, webbrowser_exec_t, webbrowser_t)
>> ')
>>
>> ########################################
>> ## <summary>
>> ## Execute a domain transition to
>> -## run mozilla plugin.
>> +## run web browser plugin.
>> ## </summary>
>> ## <param name="domain">
>> ## <summary>
>> @@ -305,20 +305,20 @@ interface(`mozilla_domtrans',`
>> ## </summary>
>> ## </param>
>> #
>> -interface(`mozilla_domtrans_plugin',`
>> +interface(`webbrowser_domtrans_plugin',`
>> gen_require(`
>> - type mozilla_plugin_t, mozilla_plugin_exec_t;
>> + type webbrowser_plugin_t, webbrowser_plugin_exec_t;
>> ')
>>
>> corecmd_search_bin($1)
>> - domtrans_pattern($1, mozilla_plugin_exec_t, mozilla_plugin_t)
>> + domtrans_pattern($1, webbrowser_plugin_exec_t, webbrowser_plugin_t)
>> ')
>>
>> ########################################
>> ## <summary>
>> -## Execute mozilla plugin in the
>> -## mozilla plugin domain, and allow
>> -## the specified role the mozilla
>> +## Execute web browser plugin in the
>> +## web browser plugin domain, and allow
>> +## the specified role the web browser
>> ## plugin domain.
>> ## </summary>
>> ## <param name="domain">
>> @@ -332,19 +332,19 @@ interface(`mozilla_domtrans_plugin',`
>> ## </summary>
>> ## </param>
>> #
>> -interface(`mozilla_run_plugin',`
>> +interface(`webbrowser_run_plugin',`
>> gen_require(`
>> - attribute_role mozilla_plugin_roles;
>> + attribute_role webbrowser_plugin_roles;
>> ')
>>
>> - mozilla_domtrans_plugin($1)
>> - roleattribute $2 mozilla_plugin_roles;
>> + webbrowser_domtrans_plugin($1)
>> + roleattribute $2 webbrowser_plugin_roles;
>> ')
>>
>> ########################################
>> ## <summary>
>> ## Execute a domain transition to
>> -## run mozilla plugin config.
>> +## run web browser plugin config.
>> ## </summary>
>> ## <param name="domain">
>> ## <summary>
>> @@ -352,21 +352,21 @@ interface(`mozilla_run_plugin',`
>> ## </summary>
>> ## </param>
>> #
>> -interface(`mozilla_domtrans_plugin_config',`
>> +interface(`webbrowser_domtrans_plugin_config',`
>> gen_require(`
>> - type mozilla_plugin_config_t, mozilla_plugin_config_exec_t;
>> + type webbrowser_plugin_config_t, webbrowser_plugin_config_exec_t;
>> ')
>>
>> corecmd_search_bin($1)
>> - domtrans_pattern($1, mozilla_plugin_config_exec_t, mozilla_plugin_config_t)
>> + domtrans_pattern($1, webbrowser_plugin_config_exec_t, webbrowser_plugin_config_t)
>> ')
>>
>> ########################################
>> ## <summary>
>> -## Execute mozilla plugin config in
>> -## the mozilla plugin config domain,
>> +## Execute web browser plugin config in
>> +## the web browser plugin config domain,
>> ## and allow the specified role the
>> -## mozilla plugin config domain.
>> +## web browser plugin config domain.
>> ## </summary>
>> ## <param name="domain">
>> ## <summary>
>> @@ -379,19 +379,19 @@ interface(`mozilla_domtrans_plugin_confi
>> ## </summary>
>> ## </param>
>> #
>> -interface(`mozilla_run_plugin_config',`
>> +interface(`webbrowser_run_plugin_config',`
>> gen_require(`
>> - attribute_role mozilla_plugin_config_roles;
>> + attribute_role webbrowser_plugin_config_roles;
>> ')
>>
>> - mozilla_domtrans_plugin_config($1)
>> - roleattribute $2 mozilla_plugin_config_roles;
>> + webbrowser_domtrans_plugin_config($1)
>> + roleattribute $2 webbrowser_plugin_config_roles;
>> ')
>>
>> ########################################
>> ## <summary>
>> ## Send and receive messages from
>> -## mozilla over dbus.
>> +## web browser over dbus.
>> ## </summary>
>> ## <param name="domain">
>> ## <summary>
>> @@ -399,20 +399,20 @@ interface(`mozilla_run_plugin_config',`
>> ## </summary>
>> ## </param>
>> #
>> -interface(`mozilla_dbus_chat',`
>> +interface(`webbrowser_dbus_chat',`
>> gen_require(`
>> - type mozilla_t;
>> + type webbrowser_t;
>> class dbus send_msg;
>> ')
>>
>> - allow $1 mozilla_t:dbus send_msg;
>> - allow mozilla_t $1:dbus send_msg;
>> + allow $1 webbrowser_t:dbus send_msg;
>> + allow webbrowser_t $1:dbus send_msg;
>> ')
>>
>> ########################################
>> ## <summary>
>> ## Send and receive messages from
>> -## mozilla plugin over dbus.
>> +## web browser plugin over dbus.
>> ## </summary>
>> ## <param name="domain">
>> ## <summary>
>> @@ -420,19 +420,19 @@ interface(`mozilla_dbus_chat',`
>> ## </summary>
>> ## </param>
>> #
>> -interface(`mozilla_dbus_chat_plugin',`
>> +interface(`webbrowser_dbus_chat_plugin',`
>> gen_require(`
>> - type mozilla_plugin_t;
>> + type webbrowser_plugin_t;
>> class dbus send_msg;
>> ')
>>
>> - allow $1 mozilla_plugin_t:dbus send_msg;
>> - allow mozilla_plugin_t $1:dbus send_msg;
>> + allow $1 webbrowser_plugin_t:dbus send_msg;
>> + allow webbrowser_plugin_t $1:dbus send_msg;
>> ')
>>
>> ########################################
>> ## <summary>
>> -## Read and write mozilla TCP sockets.
>> +## Read and write web browser TCP sockets.
>> ## </summary>
>> ## <param name="domain">
>> ## <summary>
>> @@ -440,18 +440,18 @@ interface(`mozilla_dbus_chat_plugin',`
>> ## </summary>
>> ## </param>
>> #
>> -interface(`mozilla_rw_tcp_sockets',`
>> +interface(`webbrowser_rw_tcp_sockets',`
>> gen_require(`
>> - type mozilla_t;
>> + type webbrowser_t;
>> ')
>>
>> - allow $1 mozilla_t:tcp_socket rw_socket_perms;
>> + allow $1 webbrowser_t:tcp_socket rw_socket_perms;
>> ')
>>
>> ########################################
>> ## <summary>
>> ## Create, read, write, and delete
>> -## mozilla plugin rw files.
>> +## web browser plugin rw files.
>> ## </summary>
>> ## <param name="domain">
>> ## <summary>
>> @@ -459,18 +459,18 @@ interface(`mozilla_rw_tcp_sockets',`
>> ## </summary>
>> ## </param>
>> #
>> -interface(`mozilla_manage_plugin_rw_files',`
>> +interface(`webbrowser_manage_plugin_rw_files',`
>> gen_require(`
>> - type mozilla_plugin_rw_t;
>> + type webbrowser_plugin_rw_t;
>> ')
>>
>> libs_search_lib($1)
>> - manage_files_pattern($1, mozilla_plugin_rw_t, mozilla_plugin_rw_t)
>> + manage_files_pattern($1, webbrowser_plugin_rw_t, webbrowser_plugin_rw_t)
>> ')
>>
>> ########################################
>> ## <summary>
>> -## Read mozilla_plugin tmpfs files.
>> +## Read webbrowser_plugin tmpfs files.
>> ## </summary>
>> ## <param name="domain">
>> ## <summary>
>> @@ -478,18 +478,18 @@ interface(`mozilla_manage_plugin_rw_file
>> ## </summary>
>> ## </param>
>> #
>> -interface(`mozilla_plugin_read_tmpfs_files',`
>> +interface(`webbrowser_plugin_read_tmpfs_files',`
>> gen_require(`
>> - type mozilla_plugin_tmpfs_t;
>> + type webbrowser_plugin_tmpfs_t;
>> ')
>>
>> fs_search_tmpfs($1)
>> - allow $1 mozilla_plugin_tmpfs_t:file read_file_perms;
>> + allow $1 webbrowser_plugin_tmpfs_t:file read_file_perms;
>> ')
>>
>> ########################################
>> ## <summary>
>> -## Delete mozilla_plugin tmpfs files.
>> +## Delete webbrowser_plugin tmpfs files.
>> ## </summary>
>> ## <param name="domain">
>> ## <summary>
>> @@ -497,19 +497,19 @@ interface(`mozilla_plugin_read_tmpfs_fil
>> ## </summary>
>> ## </param>
>> #
>> -interface(`mozilla_plugin_delete_tmpfs_files',`
>> +interface(`webbrowser_plugin_delete_tmpfs_files',`
>> gen_require(`
>> - type mozilla_plugin_tmpfs_t;
>> + type webbrowser_plugin_tmpfs_t;
>> ')
>>
>> fs_search_tmpfs($1)
>> - allow $1 mozilla_plugin_tmpfs_t:file delete_file_perms;
>> + allow $1 webbrowser_plugin_tmpfs_t:file delete_file_perms;
>> ')
>>
>> ########################################
>> ## <summary>
>> ## Create, read, write, and delete
>> -## generic mozilla plugin home content.
>> +## generic web browser plugin home content.
>> ## </summary>
>> ## <param name="domain">
>> ## <summary>
>> @@ -517,23 +517,23 @@ interface(`mozilla_plugin_delete_tmpfs_f
>> ## </summary>
>> ## </param>
>> #
>> -interface(`mozilla_manage_generic_plugin_home_content',`
>> +interface(`webbrowser_manage_generic_plugin_home_content',`
>> gen_require(`
>> - type mozilla_plugin_home_t;
>> + type webbrowser_plugin_home_t;
>> ')
>>
>> userdom_search_user_home_dirs($1)
>> - allow $1 mozilla_plugin_home_t:dir manage_dir_perms;
>> - allow $1 mozilla_plugin_home_t:file manage_file_perms;
>> - allow $1 mozilla_plugin_home_t:fifo_file manage_fifo_file_perms;
>> - allow $1 mozilla_plugin_home_t:lnk_file manage_lnk_file_perms;
>> - allow $1 mozilla_plugin_home_t:sock_file manage_sock_file_perms;
>> + allow $1 webbrowser_plugin_home_t:dir manage_dir_perms;
>> + allow $1 webbrowser_plugin_home_t:file manage_file_perms;
>> + allow $1 webbrowser_plugin_home_t:fifo_file manage_fifo_file_perms;
>> + allow $1 webbrowser_plugin_home_t:lnk_file manage_lnk_file_perms;
>> + allow $1 webbrowser_plugin_home_t:sock_file manage_sock_file_perms;
>> ')
>>
>> ########################################
>> ## <summary>
>> ## Create objects in user home
>> -## directories with the generic mozilla
>> +## directories with the generic web browser
>> ## plugin home type.
>> ## </summary>
>> ## <param name="domain">
>> @@ -552,10 +552,10 @@ interface(`mozilla_manage_generic_plugin
>> ## </summary>
>> ## </param>
>> #
>> -interface(`mozilla_home_filetrans_plugin_home',`
>> +interface(`webbrowser_home_filetrans_plugin_home',`
>> gen_require(`
>> - type mozilla_plugin_home_t;
>> + type webbrowser_plugin_home_t;
>> ')
>>
>> - userdom_user_home_dir_filetrans($1, mozilla_plugin_home_t, $2, $3)
>> + userdom_user_home_dir_filetrans($1, webbrowser_plugin_home_t, $2, $3)
>> ')
>> Index: refpolicy-2.20180701/policy/modules/roles/staff.te
>> ===================================================================
>> --- refpolicy-2.20180701.orig/policy/modules/roles/staff.te
>> +++ refpolicy-2.20180701/policy/modules/roles/staff.te
>> @@ -142,7 +142,7 @@ ifndef(`distro_redhat',`
>> ')
>>
>> optional_policy(`
>> - mozilla_role(staff_r, staff_t)
>> + webbrowser_role(staff_r, staff_t)
>> ')
>>
>> optional_policy(`
>> Index: refpolicy-2.20180701/policy/modules/roles/sysadm.te
>> ===================================================================
>> --- refpolicy-2.20180701.orig/policy/modules/roles/sysadm.te
>> +++ refpolicy-2.20180701/policy/modules/roles/sysadm.te
>> @@ -652,7 +652,7 @@ optional_policy(`
>> ')
>>
>> optional_policy(`
>> - mozilla_role(sysadm_r, sysadm_t)
>> + webbrowser_role(sysadm_r, sysadm_t)
>> ')
>>
>> optional_policy(`
>> Index: refpolicy-2.20180701/policy/modules/roles/unprivuser.te
>> ===================================================================
>> --- refpolicy-2.20180701.orig/policy/modules/roles/unprivuser.te
>> +++ refpolicy-2.20180701/policy/modules/roles/unprivuser.te
>> @@ -114,7 +114,7 @@ ifndef(`distro_redhat',`
>> ')
>>
>> optional_policy(`
>> - mozilla_role(user_r, user_t)
>> + webbrowser_role(user_r, user_t)
>> ')
>>
>> optional_policy(`
>> Index: refpolicy-2.20180701/policy/modules/roles/xguest.te
>> ===================================================================
>> --- refpolicy-2.20180701.orig/policy/modules/roles/xguest.te
>> +++ refpolicy-2.20180701/policy/modules/roles/xguest.te
>> @@ -103,7 +103,7 @@ optional_policy(`
>> ')
>>
>> optional_policy(`
>> - mozilla_role(xguest_r, xguest_t)
>> + webbrowser_role(xguest_r, xguest_t)
>> ')
>>
>> optional_policy(`
>> Index: refpolicy-2.20180701/policy/modules/admin/prelink.te
>> ===================================================================
>> --- refpolicy-2.20180701.orig/policy/modules/admin/prelink.te
>> +++ refpolicy-2.20180701/policy/modules/admin/prelink.te
>> @@ -141,7 +141,7 @@ optional_policy(`
>> ')
>>
>> optional_policy(`
>> - mozilla_manage_plugin_rw_files(prelink_t)
>> + webbrowser_manage_plugin_rw_files(prelink_t)
>> ')
>>
>> optional_policy(`
>> Index: refpolicy-2.20180701/policy/modules/apps/evolution.te
>> ===================================================================
>> --- refpolicy-2.20180701.orig/policy/modules/apps/evolution.te
>> +++ refpolicy-2.20180701/policy/modules/apps/evolution.te
>> @@ -291,8 +291,8 @@ optional_policy(`
>> ')
>>
>> optional_policy(`
>> - mozilla_read_user_home_files(evolution_t)
>> - mozilla_domtrans(evolution_t)
>> + webbrowser_read_user_home_files(evolution_t)
>> + webbrowser_domtrans(evolution_t)
>> ')
>>
>> optional_policy(`
>> Index: refpolicy-2.20180701/policy/modules/apps/gpg.te
>> ===================================================================
>> --- refpolicy-2.20180701.orig/policy/modules/apps/gpg.te
>> +++ refpolicy-2.20180701/policy/modules/apps/gpg.te
>> @@ -171,7 +171,7 @@ optional_policy(`
>> ')
>>
>> optional_policy(`
>> - mozilla_dontaudit_rw_user_home_files(gpg_t)
>> + webbrowser_dontaudit_rw_user_home_files(gpg_t)
>> ')
>>
>> optional_policy(`
>> @@ -306,7 +306,7 @@ optional_policy(`
>> ')
>>
>> optional_policy(`
>> - mozilla_dontaudit_rw_user_home_files(gpg_agent_t)
>> + webbrowser_dontaudit_rw_user_home_files(gpg_agent_t)
>> ')
>>
>> optional_policy(`
>> Index: refpolicy-2.20180701/policy/modules/apps/openoffice.te
>> ===================================================================
>> --- refpolicy-2.20180701.orig/policy/modules/apps/openoffice.te
>> +++ refpolicy-2.20180701/policy/modules/apps/openoffice.te
>> @@ -140,8 +140,8 @@ optional_policy(`
>> ')
>>
>> optional_policy(`
>> - mozilla_domtrans(ooffice_t)
>> - mozilla_read_tmp_files(ooffice_t)
>> + webbrowser_domtrans(ooffice_t)
>> + webbrowser_read_tmp_files(ooffice_t)
>> ')
>>
>> optional_policy(`
>> Index: refpolicy-2.20180701/policy/modules/apps/seunshare.te
>> ===================================================================
>> --- refpolicy-2.20180701.orig/policy/modules/apps/seunshare.te
>> +++ refpolicy-2.20180701/policy/modules/apps/seunshare.te
>> @@ -39,6 +39,6 @@ ifdef(`hide_broken_symptoms', `
>> fs_dontaudit_rw_anon_inodefs_files(seunshare_t)
>>
>> optional_policy(`
>> - mozilla_dontaudit_manage_user_home_files(seunshare_t)
>> + webbrowser_dontaudit_manage_user_home_files(seunshare_t)
>> ')
>> ')
>> Index: refpolicy-2.20180701/policy/modules/apps/thunderbird.te
>> ===================================================================
>> --- refpolicy-2.20180701.orig/policy/modules/apps/thunderbird.te
>> +++ refpolicy-2.20180701/policy/modules/apps/thunderbird.te
>> @@ -151,7 +151,7 @@ optional_policy(`
>> ')
>>
>> optional_policy(`
>> - mozilla_dbus_chat(thunderbird_t)
>> + webbrowser_dbus_chat(thunderbird_t)
>> ')
>> ')
>>
>> @@ -175,8 +175,8 @@ optional_policy(`
>> ')
>>
>> optional_policy(`
>> - mozilla_read_user_home_files(thunderbird_t)
>> - mozilla_domtrans(thunderbird_t)
>> + webbrowser_read_user_home_files(thunderbird_t)
>> + webbrowser_domtrans(thunderbird_t)
>> ')
>>
>> optional_policy(`
>> Index: refpolicy-2.20180701/policy/modules/apps/wm.te
>> ===================================================================
>> --- refpolicy-2.20180701.orig/policy/modules/apps/wm.te
>> +++ refpolicy-2.20180701/policy/modules/apps/wm.te
>> @@ -126,7 +126,7 @@ optional_policy(`
>> ')
>>
>> optional_policy(`
>> - mozilla_dbus_chat(wm_domain)
>> + webbrowser_dbus_chat(wm_domain)
>> ')
>>
>> optional_policy(`
--
Chris PeBenito
^ permalink raw reply [flat|nested] 5+ messages in thread* Re: [PATCH] s/mozilla/webbrowser/g
2019-01-12 19:46 ` Chris PeBenito
@ 2019-01-12 22:55 ` Nicolas Iooss
2019-01-13 0:50 ` Russell Coker
1 sibling, 0 replies; 5+ messages in thread
From: Nicolas Iooss @ 2019-01-12 22:55 UTC (permalink / raw)
To: Chris PeBenito; +Cc: Jason Zaman, Russell Coker, selinux-refpolicy
On Sat, Jan 12, 2019 at 9:05 PM Chris PeBenito <pebenito@ieee.org> wrote:
>
> On 1/12/19 2:33 AM, Jason Zaman wrote:
> > On Sat, Jan 12, 2019 at 04:19:09PM +1100, Russell Coker wrote:
> >> This patch as requested renames mozilla to webbrowser and adds appropriate
> >> typealias rules.
> >
> > Hm. the mozilla and chrome policies are pretty different tho. I dont
> > like this merging thing, I think we should keep mozilla_t and chromium_t
> > separate. I'm fixing up the gentoo chromium policy and i'll send it in a
> > couple hrs.
>
> The chromium policy Jason posted is indeed slimmer than the current
> mozilla policy (see Jason's thread), which would seem to indicate
> keeping them separate. However, the mozilla policy is so big because
> it's been around for a long time and has built up all of the various
> odds and ends that a browser brings in, which could possibly be missing
> from the chromium policy.
>
> I am on the fence. I could see going either way.
Even though Mozilla browsers and Chrome/Chromium are both web browsers
with Javascript engines, plugins, etc. they have strong differences.
If I remember correctly:
- Chromium uses a sandbox (which is labelled differently) contrary to Firefox ;
- Chromium can interact with Multicast DNS (it listens on UDP port
5353 on my system, I guess for feature likes Chromecast) and I do not
whether Firefox or Epiphany can do something similar, and I do not
expect them to.
Moreover some developers package apps with Electron, which uses a
runtime based on Chromium (according to
https://electronjs.org/docs/tutorial/about). Having a separate
chromium policy might help creating a policy for such an app, though I
am not sure about this.
About the fact that mozilla policy has been around for a long time
contrary to this new chromium policy, if it is an issue, it should be
possible to compare Gentoo's policy with Fedora's one: it has a chrome
module in contrib/ that has been around for a least 6 years according
to https://github.com/fedora-selinux/selinux-policy-contrib/commits/rawhide?path%5B%5D=chrome.te
.
All of this remain my humble opinion on this subject and I am sharing
it in order to help making a choice. I will of course understand if
the choice of merging everything into a single web-browser module is
being made (for example to ease the maintenance of the policy or to
avoid introducing many types in the policy).
Cheers,
Nicolas
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] s/mozilla/webbrowser/g
2019-01-12 19:46 ` Chris PeBenito
2019-01-12 22:55 ` Nicolas Iooss
@ 2019-01-13 0:50 ` Russell Coker
1 sibling, 0 replies; 5+ messages in thread
From: Russell Coker @ 2019-01-13 0:50 UTC (permalink / raw)
To: Chris PeBenito; +Cc: Jason Zaman, selinux-refpolicy
On Sunday, 13 January 2019 6:46:44 AM AEDT Chris PeBenito wrote:
> The chromium policy Jason posted is indeed slimmer than the current
> mozilla policy (see Jason's thread), which would seem to indicate
> keeping them separate. However, the mozilla policy is so big because
> it's been around for a long time and has built up all of the various
> odds and ends that a browser brings in, which could possibly be missing
> from the chromium policy.
>
> I am on the fence. I could see going either way.
One of the things the Mozilla policy has is a domain for plugins while Chrome
has a domain for a sandbox. Does Chrome support running plugins in a separate
process (doesn't seem to but I generally avoid plugins). There seems to be
some real functionality difference between the two browsers.
--
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2019-01-13 0:50 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-01-12 5:19 [PATCH] s/mozilla/webbrowser/g Russell Coker
2019-01-12 7:33 ` Jason Zaman
2019-01-12 19:46 ` Chris PeBenito
2019-01-12 22:55 ` Nicolas Iooss
2019-01-13 0:50 ` Russell Coker
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).