From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.7 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5E713C43387 for ; Sat, 12 Jan 2019 20:05:01 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id EE31D20836 for ; Sat, 12 Jan 2019 20:05:00 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=ieee.org header.i=@ieee.org header.b="ewYxCOM8" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726492AbfALUFA (ORCPT ); Sat, 12 Jan 2019 15:05:00 -0500 Received: from mail-qk1-f196.google.com ([209.85.222.196]:37677 "EHLO mail-qk1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725876AbfALUFA (ORCPT ); Sat, 12 Jan 2019 15:05:00 -0500 Received: by mail-qk1-f196.google.com with SMTP id g125so8515153qke.4 for ; Sat, 12 Jan 2019 12:04:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ieee.org; s=google; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=nPl2G4/k8mNFYQl0qFD4hOGT8OH6wvUs6fbIjTsl1zc=; b=ewYxCOM8/XAl6gn+xtZCXZJPHuEwWuyHzObJiLiGPT8BCktCOdWCr6VdGypAc0LIV+ /fjcFSD26dVGYAxEmFQdxuLWsd550G3Z0TCRdmUXZPSdFQFLN2sxHD9GOKiflA+PiLwS d0S/INYdFypU+2l9mtZRFtLszqip4epeK/3TY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=nPl2G4/k8mNFYQl0qFD4hOGT8OH6wvUs6fbIjTsl1zc=; b=ZnFRZxusUuCcuROfsIRRgOhBFBp5WiIYTtTjlKUklScVHn9rsYrprkwj84NTAp9tbo I5QJ151M1c+ZSoD5//s6nvGJN3Ub7E8OU1thXG26q+WnLxiep+nWcgT8jDe3X61iPlO0 +OV/bBA5ykgFO/GO6hNAlPUrPV+uOBzwbeHwrDP54e+BNur+bMOtrrCkLEn6q2/kxX7l w6JAuByhuGOI9NJW4E7JrOGBsy0qEhJe1dvSw6uBhgX2UeM0nTe9H2e0xhG/gIUZKOU1 s/P3KmN+nJnOE6iteC57N6tyVMwVPpXngzHo6KQAzUfkX5kQ7ysdSZP4UxJuSUIDJQN5 Kxhw== X-Gm-Message-State: AJcUukfxSYXmWD1N733JOjD/4MuqlZMzLUk0BCHSOO0KYl1yYiPD0GP8 0R2Awbr1DXHVJHzVsOpNeCz9VW4vAYE= X-Google-Smtp-Source: ALg8bN6xu6tlhLWjccqj8Y0fsDYDy69z9i3EZ7B1iiqQxswABE+EUqZ7yX+pViPy0GbgIthAPqNyVQ== X-Received: by 2002:a05:620a:151a:: with SMTP id i26mr17410608qkk.281.1547323492610; Sat, 12 Jan 2019 12:04:52 -0800 (PST) Received: from [192.168.1.190] (pool-108-15-23-247.bltmmd.fios.verizon.net. [108.15.23.247]) by smtp.gmail.com with ESMTPSA id h187sm37689798qke.46.2019.01.12.12.04.51 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 12 Jan 2019 12:04:52 -0800 (PST) Subject: Re: [PATCH] s/mozilla/webbrowser/g To: Jason Zaman , Russell Coker Cc: "selinux-refpolicy@vger.kernel.org" References: <20190112051909.GA7745@xev> <20190112073320.GA40543@baraddur.perfinion.com> From: Chris PeBenito Message-ID: <9e966272-1e72-c250-bfb6-0f3b8bd07931@ieee.org> Date: Sat, 12 Jan 2019 14:46:44 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.3.0 MIME-Version: 1.0 In-Reply-To: <20190112073320.GA40543@baraddur.perfinion.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: selinux-refpolicy-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux-refpolicy@vger.kernel.org On 1/12/19 2:33 AM, Jason Zaman wrote: > On Sat, Jan 12, 2019 at 04:19:09PM +1100, Russell Coker wrote: >> This patch as requested renames mozilla to webbrowser and adds appropriate >> typealias rules. > > Hm. the mozilla and chrome policies are pretty different tho. I dont > like this merging thing, I think we should keep mozilla_t and chromium_t > separate. I'm fixing up the gentoo chromium policy and i'll send it in a > couple hrs. The chromium policy Jason posted is indeed slimmer than the current mozilla policy (see Jason's thread), which would seem to indicate keeping them separate. However, the mozilla policy is so big because it's been around for a long time and has built up all of the various odds and ends that a browser brings in, which could possibly be missing from the chromium policy. I am on the fence. I could see going either way. >> >> Index: refpolicy-2.20180701/policy/modules/apps/mozilla.te >> =================================================================== >> --- refpolicy-2.20180701.orig/policy/modules/apps/mozilla.te >> +++ refpolicy-2.20180701/policy/modules/apps/mozilla.te >> @@ -7,335 +7,346 @@ policy_module(mozilla, 2.14.1) >> >> ## >> ##

>> -## Determine whether mozilla can >> +## Determine whether web browser can >> ## make its stack executable. >> ##

>> ##
>> -gen_tunable(mozilla_execstack, false) >> +gen_tunable(webbrowser_execstack, false) >> >> -attribute_role mozilla_roles; >> -attribute_role mozilla_plugin_roles; >> -attribute_role mozilla_plugin_config_roles; >> +attribute_role webbrowser_roles; >> +attribute_role webbrowser_plugin_roles; >> +attribute_role webbrowser_plugin_config_roles; >> >> -type mozilla_t; >> -type mozilla_exec_t; >> -typealias mozilla_t alias { user_mozilla_t staff_mozilla_t sysadm_mozilla_t }; >> -typealias mozilla_t alias { auditadm_mozilla_t secadm_mozilla_t }; >> -userdom_user_application_domain(mozilla_t, mozilla_exec_t) >> -role mozilla_roles types mozilla_t; >> +type webbrowser_t; >> +type webbrowser_exec_t; >> +typealias webbrowser_t alias { user_mozilla_t staff_mozilla_t sysadm_mozilla_t }; >> +typealias webbrowser_t alias { auditadm_mozilla_t secadm_mozilla_t mozilla_t }; >> +typealias webbrowser_exec_t alias { mozilla_exec_t }; >> +userdom_user_application_domain(webbrowser_t, webbrowser_exec_t) >> +role webbrowser_roles types webbrowser_t; >> >> optional_policy(` >> - wm_application_domain(mozilla_t, mozilla_exec_t) >> + wm_application_domain(webbrowser_t, webbrowser_exec_t) >> ') >> >> -type mozilla_home_t; >> -typealias mozilla_home_t alias { user_mozilla_home_t staff_mozilla_home_t sysadm_mozilla_home_t }; >> -typealias mozilla_home_t alias { auditadm_mozilla_home_t secadm_mozilla_home_t }; >> -userdom_user_home_content(mozilla_home_t) >> +type webbrowser_home_t; >> +typealias webbrowser_home_t alias { user_mozilla_home_t staff_mozilla_home_t sysadm_mozilla_home_t }; >> +typealias webbrowser_home_t alias { auditadm_mozilla_home_t secadm_mozilla_home_t mozilla_home_t }; >> +userdom_user_home_content(webbrowser_home_t) >> >> -type mozilla_plugin_t; >> -type mozilla_plugin_exec_t; >> -userdom_user_application_domain(mozilla_plugin_t, mozilla_plugin_exec_t) >> -role mozilla_plugin_roles types mozilla_plugin_t; >> +type webbrowser_plugin_t; >> +type webbrowser_plugin_exec_t; >> +typealias webbrowser_plugin_t alias { mozilla_plugin_t }; >> +typealias webbrowser_plugin_exec_t alias { mozilla_plugin_exec_t }; >> +userdom_user_application_domain(webbrowser_plugin_t, webbrowser_plugin_exec_t) >> +role webbrowser_plugin_roles types webbrowser_plugin_t; >> >> -type mozilla_plugin_home_t; >> -userdom_user_home_content(mozilla_plugin_home_t) >> +type webbrowser_plugin_home_t; >> +typealias webbrowser_plugin_home_t alias { mozilla_plugin_home_t }; >> +userdom_user_home_content(webbrowser_plugin_home_t) >> >> -type mozilla_plugin_tmp_t; >> -userdom_user_tmp_file(mozilla_plugin_tmp_t) >> +type webbrowser_plugin_tmp_t; >> +typealias webbrowser_plugin_tmp_t alias { mozilla_plugin_tmp_t }; >> +userdom_user_tmp_file(webbrowser_plugin_tmp_t) >> >> -type mozilla_plugin_tmpfs_t; >> -userdom_user_tmpfs_file(mozilla_plugin_tmpfs_t) >> +type webbrowser_plugin_tmpfs_t; >> +typealias webbrowser_plugin_tmpfs_t alias { mozilla_plugin_tmpfs_t }; >> +userdom_user_tmpfs_file(webbrowser_plugin_tmpfs_t) >> >> optional_policy(` >> - pulseaudio_tmpfs_content(mozilla_plugin_tmpfs_t) >> + pulseaudio_tmpfs_content(webbrowser_plugin_tmpfs_t) >> ') >> >> -type mozilla_plugin_rw_t; >> -files_type(mozilla_plugin_rw_t) >> +type webbrowser_plugin_rw_t; >> +typealias webbrowser_plugin_rw_t alias { mozilla_plugin_rw_t }; >> +files_type(webbrowser_plugin_rw_t) >> >> -type mozilla_plugin_config_t; >> -type mozilla_plugin_config_exec_t; >> -userdom_user_application_domain(mozilla_plugin_config_t, mozilla_plugin_config_exec_t) >> -role mozilla_plugin_config_roles types mozilla_plugin_config_t; >> +type webbrowser_plugin_config_t; >> +typealias webbrowser_plugin_config_t alias { mozilla_plugin_config_t }; >> +type webbrowser_plugin_config_exec_t; >> +typealias webbrowser_plugin_config_exec_t alias { mozilla_plugin_config_exec_t }; >> +userdom_user_application_domain(webbrowser_plugin_config_t, webbrowser_plugin_config_exec_t) >> +role webbrowser_plugin_config_roles types webbrowser_plugin_config_t; >> >> -type mozilla_tmp_t; >> -userdom_user_tmp_file(mozilla_tmp_t) >> +type webbrowser_tmp_t; >> +typealias webbrowser_tmp_t alias { mozilla_tmp_t }; >> +userdom_user_tmp_file(webbrowser_tmp_t) >> >> -type mozilla_tmpfs_t; >> -typealias mozilla_tmpfs_t alias { user_mozilla_tmpfs_t staff_mozilla_tmpfs_t sysadm_mozilla_tmpfs_t }; >> -typealias mozilla_tmpfs_t alias { auditadm_mozilla_tmpfs_t secadm_mozilla_tmpfs_t }; >> -userdom_user_tmpfs_file(mozilla_tmpfs_t) >> +type webbrowser_tmpfs_t; >> +typealias webbrowser_tmpfs_t alias { mozilla_tmpfs_t }; >> +typealias webbrowser_tmpfs_t alias { user_mozilla_tmpfs_t staff_mozilla_tmpfs_t sysadm_mozilla_tmpfs_t }; >> +typealias webbrowser_tmpfs_t alias { auditadm_mozilla_tmpfs_t secadm_mozilla_tmpfs_t }; >> +userdom_user_tmpfs_file(webbrowser_tmpfs_t) >> >> optional_policy(` >> - pulseaudio_tmpfs_content(mozilla_tmpfs_t) >> + pulseaudio_tmpfs_content(webbrowser_tmpfs_t) >> ') >> >> -type mozilla_xdg_cache_t; >> -xdg_cache_content(mozilla_xdg_cache_t) >> +type webbrowser_xdg_cache_t; >> +xdg_cache_content(webbrowser_xdg_cache_t) >> >> ######################################## >> # >> # Local policy >> # >> >> -allow mozilla_t self:capability { setgid setuid sys_nice }; >> -allow mozilla_t self:process { sigkill signal setsched getsched setrlimit }; >> -allow mozilla_t self:fifo_file rw_fifo_file_perms; >> -allow mozilla_t self:shm create_shm_perms; >> -allow mozilla_t self:sem create_sem_perms; >> -allow mozilla_t self:socket create_socket_perms; >> -allow mozilla_t self:unix_stream_socket { accept listen }; >> - >> -allow mozilla_t mozilla_plugin_t:unix_stream_socket rw_socket_perms; >> -allow mozilla_t mozilla_plugin_t:fd use; >> - >> -allow mozilla_t { mozilla_home_t mozilla_plugin_home_t }:dir manage_dir_perms; >> -allow mozilla_t { mozilla_home_t mozilla_plugin_home_t }:file { manage_file_perms map }; >> -allow mozilla_t mozilla_home_t:lnk_file manage_lnk_file_perms; >> -userdom_user_home_dir_filetrans(mozilla_t, mozilla_home_t, dir, ".galeon") >> -userdom_user_home_dir_filetrans(mozilla_t, mozilla_home_t, dir, ".mozilla") >> -userdom_user_home_dir_filetrans(mozilla_t, mozilla_home_t, dir, ".netscape") >> -userdom_user_home_dir_filetrans(mozilla_t, mozilla_home_t, dir, ".phoenix") >> - >> -filetrans_pattern(mozilla_t, mozilla_home_t, mozilla_plugin_home_t, dir, "plugins") >> - >> -manage_files_pattern(mozilla_t, mozilla_tmp_t, mozilla_tmp_t) >> -manage_lnk_files_pattern(mozilla_t, mozilla_tmp_t, mozilla_tmp_t) >> -manage_dirs_pattern(mozilla_t, mozilla_tmp_t, mozilla_tmp_t) >> -allow mozilla_t mozilla_tmp_t:file map; >> -files_tmp_filetrans(mozilla_t, mozilla_tmp_t, { file dir }) >> - >> -manage_files_pattern(mozilla_t, mozilla_tmpfs_t, mozilla_tmpfs_t) >> -manage_lnk_files_pattern(mozilla_t, mozilla_tmpfs_t, mozilla_tmpfs_t) >> -manage_fifo_files_pattern(mozilla_t, mozilla_tmpfs_t, mozilla_tmpfs_t) >> -manage_sock_files_pattern(mozilla_t, mozilla_tmpfs_t, mozilla_tmpfs_t) >> -fs_tmpfs_filetrans(mozilla_t, mozilla_tmpfs_t, { file lnk_file sock_file fifo_file }) >> -allow mozilla_t mozilla_plugin_tmpfs_t:file map; >> - >> -allow mozilla_t mozilla_plugin_rw_t:dir list_dir_perms; >> -allow mozilla_t mozilla_plugin_rw_t:file read_file_perms; >> -allow mozilla_t mozilla_plugin_rw_t:lnk_file read_lnk_file_perms; >> - >> -stream_connect_pattern(mozilla_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t, mozilla_plugin_t) >> - >> -manage_files_pattern(mozilla_t, mozilla_xdg_cache_t, mozilla_xdg_cache_t) >> -manage_dirs_pattern(mozilla_t, mozilla_xdg_cache_t, mozilla_xdg_cache_t) >> -xdg_cache_filetrans(mozilla_t, mozilla_xdg_cache_t, dir, "mozilla") >> - >> -can_exec(mozilla_t, { mozilla_exec_t mozilla_plugin_rw_t mozilla_plugin_home_t }) >> - >> -kernel_read_kernel_sysctls(mozilla_t) >> -kernel_read_network_state(mozilla_t) >> -kernel_read_system_state(mozilla_t) >> -kernel_read_net_sysctls(mozilla_t) >> - >> -corecmd_list_bin(mozilla_t) >> -corecmd_exec_shell(mozilla_t) >> -corecmd_exec_bin(mozilla_t) >> - >> -corenet_all_recvfrom_unlabeled(mozilla_t) >> -corenet_all_recvfrom_netlabel(mozilla_t) >> -corenet_tcp_sendrecv_generic_if(mozilla_t) >> -corenet_tcp_sendrecv_generic_node(mozilla_t) >> - >> -corenet_sendrecv_http_client_packets(mozilla_t) >> -corenet_tcp_connect_http_port(mozilla_t) >> -corenet_tcp_sendrecv_http_port(mozilla_t) >> - >> -corenet_sendrecv_http_cache_client_packets(mozilla_t) >> -corenet_tcp_connect_http_cache_port(mozilla_t) >> -corenet_tcp_sendrecv_http_cache_port(mozilla_t) >> - >> -corenet_sendrecv_squid_client_packets(mozilla_t) >> -corenet_tcp_connect_squid_port(mozilla_t) >> -corenet_tcp_sendrecv_squid_port(mozilla_t) >> - >> -corenet_sendrecv_ftp_client_packets(mozilla_t) >> -corenet_tcp_connect_ftp_port(mozilla_t) >> -corenet_tcp_sendrecv_ftp_port(mozilla_t) >> - >> -corenet_sendrecv_ipp_client_packets(mozilla_t) >> -corenet_tcp_connect_ipp_port(mozilla_t) >> -corenet_tcp_sendrecv_ipp_port(mozilla_t) >> - >> -corenet_sendrecv_soundd_client_packets(mozilla_t) >> -corenet_tcp_connect_soundd_port(mozilla_t) >> -corenet_tcp_sendrecv_soundd_port(mozilla_t) >> - >> -corenet_sendrecv_speech_client_packets(mozilla_t) >> -corenet_tcp_connect_speech_port(mozilla_t) >> -corenet_tcp_sendrecv_speech_port(mozilla_t) >> - >> -dev_getattr_sysfs_dirs(mozilla_t) >> -dev_read_sysfs(mozilla_t) >> -dev_read_sound(mozilla_t) >> -dev_read_rand(mozilla_t) >> -dev_read_urand(mozilla_t) >> -dev_rw_dri(mozilla_t) >> -dev_write_sound(mozilla_t) >> - >> -domain_dontaudit_read_all_domains_state(mozilla_t) >> - >> -files_read_etc_runtime_files(mozilla_t) >> -files_map_usr_files(mozilla_t) >> -files_read_usr_files(mozilla_t) >> -files_read_var_files(mozilla_t) >> -files_read_var_lib_files(mozilla_t) >> -files_read_var_symlinks(mozilla_t) >> -files_dontaudit_getattr_boot_dirs(mozilla_t) >> - >> -fs_getattr_all_fs(mozilla_t) >> -fs_search_auto_mountpoints(mozilla_t) >> -fs_list_inotifyfs(mozilla_t) >> -fs_rw_tmpfs_files(mozilla_t) >> - >> -term_dontaudit_getattr_pty_dirs(mozilla_t) >> - >> -auth_use_nsswitch(mozilla_t) >> - >> -logging_send_syslog_msg(mozilla_t) >> - >> -miscfiles_read_fonts(mozilla_t) >> -miscfiles_read_generic_certs(mozilla_t) >> -miscfiles_read_localization(mozilla_t) >> -miscfiles_dontaudit_setattr_fonts_dirs(mozilla_t) >> -miscfiles_dontaudit_setattr_fonts_cache_dirs(mozilla_t) >> - >> -userdom_use_user_ptys(mozilla_t) >> - >> -userdom_manage_user_tmp_dirs(mozilla_t) >> -userdom_manage_user_tmp_files(mozilla_t) >> -userdom_map_user_tmp_files(mozilla_t) >> - >> -userdom_user_content_access_template(mozilla, { mozilla_t mozilla_plugin_t }) >> -userdom_user_home_dir_filetrans_user_home_content(mozilla_t, { dir file }) >> - >> -userdom_write_user_tmp_sockets(mozilla_t) >> - >> -mozilla_run_plugin(mozilla_t, mozilla_roles) >> -mozilla_run_plugin_config(mozilla_t, mozilla_roles) >> - >> -xdg_read_config_files(mozilla_t) >> -xdg_read_data_files(mozilla_t) >> -xdg_manage_downloads(mozilla_t) >> - >> -xserver_rw_mesa_shader_cache(mozilla_t) >> -xserver_user_x_domain_template(mozilla, mozilla_t, mozilla_tmpfs_t) >> -xserver_dontaudit_read_xdm_tmp_files(mozilla_t) >> -xserver_dontaudit_getattr_xdm_tmp_sockets(mozilla_t) >> +allow webbrowser_t self:capability { setgid setuid sys_nice }; >> +allow webbrowser_t self:process { sigkill signal setsched getsched setrlimit }; >> +allow webbrowser_t self:fifo_file rw_fifo_file_perms; >> +allow webbrowser_t self:shm create_shm_perms; >> +allow webbrowser_t self:sem create_sem_perms; >> +allow webbrowser_t self:socket create_socket_perms; >> +allow webbrowser_t self:unix_stream_socket { accept listen }; >> + >> +allow webbrowser_t webbrowser_plugin_t:unix_stream_socket rw_socket_perms; >> +allow webbrowser_t webbrowser_plugin_t:fd use; >> + >> +allow webbrowser_t { webbrowser_home_t webbrowser_plugin_home_t }:dir manage_dir_perms; >> +allow webbrowser_t { webbrowser_home_t webbrowser_plugin_home_t }:file { manage_file_perms map }; >> +allow webbrowser_t webbrowser_home_t:lnk_file manage_lnk_file_perms; >> +userdom_user_home_dir_filetrans(webbrowser_t, webbrowser_home_t, dir, ".galeon") >> +userdom_user_home_dir_filetrans(webbrowser_t, webbrowser_home_t, dir, ".mozilla") >> +userdom_user_home_dir_filetrans(webbrowser_t, webbrowser_home_t, dir, ".netscape") >> +userdom_user_home_dir_filetrans(webbrowser_t, webbrowser_home_t, dir, ".phoenix") >> + >> +filetrans_pattern(webbrowser_t, webbrowser_home_t, webbrowser_plugin_home_t, dir, "plugins") >> + >> +manage_files_pattern(webbrowser_t, webbrowser_tmp_t, webbrowser_tmp_t) >> +manage_lnk_files_pattern(webbrowser_t, webbrowser_tmp_t, webbrowser_tmp_t) >> +manage_dirs_pattern(webbrowser_t, webbrowser_tmp_t, webbrowser_tmp_t) >> +allow webbrowser_t webbrowser_tmp_t:file map; >> +files_tmp_filetrans(webbrowser_t, webbrowser_tmp_t, { file dir }) >> + >> +manage_files_pattern(webbrowser_t, webbrowser_tmpfs_t, webbrowser_tmpfs_t) >> +manage_lnk_files_pattern(webbrowser_t, webbrowser_tmpfs_t, webbrowser_tmpfs_t) >> +manage_fifo_files_pattern(webbrowser_t, webbrowser_tmpfs_t, webbrowser_tmpfs_t) >> +manage_sock_files_pattern(webbrowser_t, webbrowser_tmpfs_t, webbrowser_tmpfs_t) >> +fs_tmpfs_filetrans(webbrowser_t, webbrowser_tmpfs_t, { file lnk_file sock_file fifo_file }) >> +allow webbrowser_t webbrowser_plugin_tmpfs_t:file map; >> + >> +allow webbrowser_t webbrowser_plugin_rw_t:dir list_dir_perms; >> +allow webbrowser_t webbrowser_plugin_rw_t:file read_file_perms; >> +allow webbrowser_t webbrowser_plugin_rw_t:lnk_file read_lnk_file_perms; >> + >> +stream_connect_pattern(webbrowser_t, webbrowser_plugin_tmpfs_t, webbrowser_plugin_tmpfs_t, webbrowser_plugin_t) >> + >> +manage_files_pattern(webbrowser_t, webbrowser_xdg_cache_t, webbrowser_xdg_cache_t) >> +manage_dirs_pattern(webbrowser_t, webbrowser_xdg_cache_t, webbrowser_xdg_cache_t) >> +xdg_cache_filetrans(webbrowser_t, webbrowser_xdg_cache_t, dir, "mozilla") >> + >> +can_exec(webbrowser_t, { webbrowser_exec_t webbrowser_plugin_rw_t webbrowser_plugin_home_t }) >> + >> +kernel_read_kernel_sysctls(webbrowser_t) >> +kernel_read_network_state(webbrowser_t) >> +kernel_read_system_state(webbrowser_t) >> +kernel_read_net_sysctls(webbrowser_t) >> + >> +corecmd_list_bin(webbrowser_t) >> +corecmd_exec_shell(webbrowser_t) >> +corecmd_exec_bin(webbrowser_t) >> + >> +corenet_all_recvfrom_unlabeled(webbrowser_t) >> +corenet_all_recvfrom_netlabel(webbrowser_t) >> +corenet_tcp_sendrecv_generic_if(webbrowser_t) >> +corenet_tcp_sendrecv_generic_node(webbrowser_t) >> + >> +corenet_sendrecv_http_client_packets(webbrowser_t) >> +corenet_tcp_connect_http_port(webbrowser_t) >> +corenet_tcp_sendrecv_http_port(webbrowser_t) >> + >> +corenet_sendrecv_http_cache_client_packets(webbrowser_t) >> +corenet_tcp_connect_http_cache_port(webbrowser_t) >> +corenet_tcp_sendrecv_http_cache_port(webbrowser_t) >> + >> +corenet_sendrecv_squid_client_packets(webbrowser_t) >> +corenet_tcp_connect_squid_port(webbrowser_t) >> +corenet_tcp_sendrecv_squid_port(webbrowser_t) >> + >> +corenet_sendrecv_ftp_client_packets(webbrowser_t) >> +corenet_tcp_connect_ftp_port(webbrowser_t) >> +corenet_tcp_sendrecv_ftp_port(webbrowser_t) >> + >> +corenet_sendrecv_ipp_client_packets(webbrowser_t) >> +corenet_tcp_connect_ipp_port(webbrowser_t) >> +corenet_tcp_sendrecv_ipp_port(webbrowser_t) >> + >> +corenet_sendrecv_soundd_client_packets(webbrowser_t) >> +corenet_tcp_connect_soundd_port(webbrowser_t) >> +corenet_tcp_sendrecv_soundd_port(webbrowser_t) >> + >> +corenet_sendrecv_speech_client_packets(webbrowser_t) >> +corenet_tcp_connect_speech_port(webbrowser_t) >> +corenet_tcp_sendrecv_speech_port(webbrowser_t) >> + >> +dev_getattr_sysfs_dirs(webbrowser_t) >> +dev_read_sysfs(webbrowser_t) >> +dev_read_sound(webbrowser_t) >> +dev_read_rand(webbrowser_t) >> +dev_read_urand(webbrowser_t) >> +dev_rw_dri(webbrowser_t) >> +dev_write_sound(webbrowser_t) >> + >> +domain_dontaudit_read_all_domains_state(webbrowser_t) >> + >> +files_read_etc_runtime_files(webbrowser_t) >> +files_map_usr_files(webbrowser_t) >> +files_read_usr_files(webbrowser_t) >> +files_read_var_files(webbrowser_t) >> +files_read_var_lib_files(webbrowser_t) >> +files_read_var_symlinks(webbrowser_t) >> +files_dontaudit_getattr_boot_dirs(webbrowser_t) >> + >> +fs_getattr_all_fs(webbrowser_t) >> +fs_search_auto_mountpoints(webbrowser_t) >> +fs_list_inotifyfs(webbrowser_t) >> +fs_rw_tmpfs_files(webbrowser_t) >> + >> +term_dontaudit_getattr_pty_dirs(webbrowser_t) >> + >> +auth_use_nsswitch(webbrowser_t) >> + >> +logging_send_syslog_msg(webbrowser_t) >> + >> +miscfiles_read_fonts(webbrowser_t) >> +miscfiles_read_generic_certs(webbrowser_t) >> +miscfiles_read_localization(webbrowser_t) >> +miscfiles_dontaudit_setattr_fonts_dirs(webbrowser_t) >> +miscfiles_dontaudit_setattr_fonts_cache_dirs(webbrowser_t) >> + >> +userdom_use_user_ptys(webbrowser_t) >> + >> +userdom_manage_user_tmp_dirs(webbrowser_t) >> +userdom_manage_user_tmp_files(webbrowser_t) >> +userdom_map_user_tmp_files(webbrowser_t) >> + >> +userdom_user_content_access_template(webbrowser, { webbrowser_t webbrowser_plugin_t }) >> +userdom_user_home_dir_filetrans_user_home_content(webbrowser_t, { dir file }) >> + >> +userdom_write_user_tmp_sockets(webbrowser_t) >> + >> +webbrowser_run_plugin(webbrowser_t, webbrowser_roles) >> +webbrowser_run_plugin_config(webbrowser_t, webbrowser_roles) >> + >> +xdg_read_config_files(webbrowser_t) >> +xdg_read_data_files(webbrowser_t) >> +xdg_manage_downloads(webbrowser_t) >> + >> +xserver_rw_mesa_shader_cache(webbrowser_t) >> +xserver_user_x_domain_template(webbrowser, webbrowser_t, webbrowser_tmpfs_t) >> +xserver_dontaudit_read_xdm_tmp_files(webbrowser_t) >> +xserver_dontaudit_getattr_xdm_tmp_sockets(webbrowser_t) >> >> ifndef(`enable_mls',` >> - fs_list_dos(mozilla_t) >> - fs_read_dos_files(mozilla_t) >> + fs_list_dos(webbrowser_t) >> + fs_read_dos_files(webbrowser_t) >> >> - fs_search_removable(mozilla_t) >> - fs_read_removable_files(mozilla_t) >> - fs_read_removable_symlinks(mozilla_t) >> + fs_search_removable(webbrowser_t) >> + fs_read_removable_files(webbrowser_t) >> + fs_read_removable_symlinks(webbrowser_t) >> >> - fs_read_iso9660_files(mozilla_t) >> + fs_read_iso9660_files(webbrowser_t) >> ') >> >> tunable_policy(`allow_execmem',` >> - allow mozilla_t self:process execmem; >> + allow webbrowser_t self:process execmem; >> ') >> >> -tunable_policy(`mozilla_execstack',` >> - allow mozilla_t self:process { execmem execstack }; >> +tunable_policy(`webbrowser_execstack',` >> + allow webbrowser_t self:process { execmem execstack }; >> ') >> >> tunable_policy(`use_nfs_home_dirs',` >> - fs_manage_nfs_dirs(mozilla_t) >> - fs_manage_nfs_files(mozilla_t) >> - fs_manage_nfs_symlinks(mozilla_t) >> + fs_manage_nfs_dirs(webbrowser_t) >> + fs_manage_nfs_files(webbrowser_t) >> + fs_manage_nfs_symlinks(webbrowser_t) >> ') >> >> tunable_policy(`use_samba_home_dirs',` >> - fs_manage_cifs_dirs(mozilla_t) >> - fs_manage_cifs_files(mozilla_t) >> - fs_manage_cifs_symlinks(mozilla_t) >> + fs_manage_cifs_dirs(webbrowser_t) >> + fs_manage_cifs_files(webbrowser_t) >> + fs_manage_cifs_symlinks(webbrowser_t) >> ') >> >> optional_policy(` >> - alsa_read_config(mozilla_t) >> - alsa_read_home_files(mozilla_t) >> + alsa_read_config(webbrowser_t) >> + alsa_read_home_files(webbrowser_t) >> ') >> >> optional_policy(` >> - apache_read_user_scripts(mozilla_t) >> - apache_read_user_content(mozilla_t) >> + apache_read_user_scripts(webbrowser_t) >> + apache_read_user_content(webbrowser_t) >> ') >> >> optional_policy(` >> - automount_dontaudit_getattr_tmp_dirs(mozilla_t) >> + automount_dontaudit_getattr_tmp_dirs(webbrowser_t) >> ') >> >> optional_policy(` >> - cups_read_rw_config(mozilla_t) >> - cups_stream_connect(mozilla_t) >> + cups_read_rw_config(webbrowser_t) >> + cups_stream_connect(webbrowser_t) >> ') >> >> optional_policy(` >> - dbus_all_session_bus_client(mozilla_t) >> - dbus_connect_all_session_bus(mozilla_t) >> - dbus_system_bus_client(mozilla_t) >> + dbus_all_session_bus_client(webbrowser_t) >> + dbus_connect_all_session_bus(webbrowser_t) >> + dbus_system_bus_client(webbrowser_t) >> >> optional_policy(` >> - cups_dbus_chat(mozilla_t) >> + cups_dbus_chat(webbrowser_t) >> ') >> >> optional_policy(` >> - mozilla_dbus_chat_plugin(mozilla_t) >> + webbrowser_dbus_chat_plugin(webbrowser_t) >> ') >> >> optional_policy(` >> - networkmanager_dbus_chat(mozilla_t) >> + networkmanager_dbus_chat(webbrowser_t) >> ') >> ') >> >> optional_policy(` >> - evolution_domtrans(mozilla_t) >> + evolution_domtrans(webbrowser_t) >> ') >> >> optional_policy(` >> - gnome_stream_connect_gconf(mozilla_t) >> - gnome_manage_generic_gconf_home_content(mozilla_t) >> - gnome_home_filetrans_gconf_home(mozilla_t, dir, ".gconf") >> - gnome_home_filetrans_gconf_home(mozilla_t, dir, ".gconfd") >> - gnome_manage_generic_home_content(mozilla_t) >> - gnome_home_filetrans_gnome_home(mozilla_t, dir, ".gnome") >> - gnome_home_filetrans_gnome_home(mozilla_t, dir, ".gnome2") >> - gnome_home_filetrans_gnome_home(mozilla_t, dir, ".gnome2_private") >> + gnome_stream_connect_gconf(webbrowser_t) >> + gnome_manage_generic_gconf_home_content(webbrowser_t) >> + gnome_home_filetrans_gconf_home(webbrowser_t, dir, ".gconf") >> + gnome_home_filetrans_gconf_home(webbrowser_t, dir, ".gconfd") >> + gnome_manage_generic_home_content(webbrowser_t) >> + gnome_home_filetrans_gnome_home(webbrowser_t, dir, ".gnome") >> + gnome_home_filetrans_gnome_home(webbrowser_t, dir, ".gnome2") >> + gnome_home_filetrans_gnome_home(webbrowser_t, dir, ".gnome2_private") >> ') >> >> optional_policy(` >> - java_exec(mozilla_t) >> - java_manage_generic_home_content(mozilla_t) >> - java_manage_java_tmp(mozilla_t) >> - java_home_filetrans_java_home(mozilla_t, dir, ".java") >> + java_exec(webbrowser_t) >> + java_manage_generic_home_content(webbrowser_t) >> + java_manage_java_tmp(webbrowser_t) >> + java_home_filetrans_java_home(webbrowser_t, dir, ".java") >> ') >> >> optional_policy(` >> - lpd_run_lpr(mozilla_t, mozilla_roles) >> + lpd_run_lpr(webbrowser_t, webbrowser_roles) >> ') >> >> optional_policy(` >> - mplayer_exec(mozilla_t) >> - mplayer_manage_generic_home_content(mozilla_t) >> - mplayer_home_filetrans_mplayer_home(mozilla_t, dir, ".mplayer") >> + mplayer_exec(webbrowser_t) >> + mplayer_manage_generic_home_content(webbrowser_t) >> + mplayer_home_filetrans_mplayer_home(webbrowser_t, dir, ".mplayer") >> ') >> >> optional_policy(` >> - ooffice_domtrans(mozilla_t) >> - ooffice_rw_tmp_files(mozilla_t) >> + ooffice_domtrans(webbrowser_t) >> + ooffice_rw_tmp_files(webbrowser_t) >> ') >> >> optional_policy(` >> - pulseaudio_run(mozilla_t, mozilla_roles) >> + pulseaudio_run(webbrowser_t, webbrowser_roles) >> ') >> >> optional_policy(` >> - thunderbird_domtrans(mozilla_t) >> + thunderbird_domtrans(webbrowser_t) >> ') >> >> ######################################## >> @@ -343,282 +354,282 @@ optional_policy(` >> # Plugin local policy >> # >> >> -dontaudit mozilla_plugin_t self:capability { ipc_lock sys_nice sys_ptrace sys_tty_config }; >> -allow mozilla_plugin_t self:process { setpgid getsched setsched signal_perms setrlimit }; >> -allow mozilla_plugin_t self:fifo_file manage_fifo_file_perms; >> -allow mozilla_plugin_t self:netlink_kobject_uevent_socket create_socket_perms; >> -allow mozilla_plugin_t self:sem create_sem_perms; >> -allow mozilla_plugin_t self:shm create_shm_perms; >> -allow mozilla_plugin_t self:tcp_socket { accept listen }; >> -allow mozilla_plugin_t self:unix_stream_socket { accept connectto listen }; >> - >> -allow mozilla_plugin_t mozilla_t:unix_stream_socket rw_socket_perms; >> -allow mozilla_plugin_t mozilla_t:unix_dgram_socket rw_socket_perms; >> -allow mozilla_plugin_t mozilla_t:shm { rw_shm_perms destroy }; >> -allow mozilla_plugin_t mozilla_t:sem create_sem_perms; >> - >> -manage_dirs_pattern(mozilla_plugin_t, { mozilla_home_t mozilla_plugin_home_t }, { mozilla_home_t mozilla_plugin_home_t }) >> -manage_files_pattern(mozilla_plugin_t, { mozilla_home_t mozilla_plugin_home_t }, mozilla_plugin_home_t) >> -manage_lnk_files_pattern(mozilla_plugin_t, { mozilla_home_t mozilla_plugin_home_t }, mozilla_plugin_home_t) >> -allow mozilla_plugin_t mozilla_home_t:file map; >> - >> -userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_home_t, dir, ".galeon") >> -userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_home_t, dir, ".mozilla") >> -userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_home_t, dir, ".netscape") >> -userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_home_t, dir, ".phoenix") >> - >> -userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_plugin_home_t, dir, ".adobe") >> -userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_plugin_home_t, dir, ".macromedia") >> -userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_plugin_home_t, dir, ".gnash") >> -userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_plugin_home_t, dir, ".gcjwebplugin") >> -userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_plugin_home_t, dir, ".icedteaplugin") >> -userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_plugin_home_t, dir, ".spicec") >> -userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_plugin_home_t, dir, ".ICAClient") >> -userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_plugin_home_t, dir, "zimbrauserdata") >> - >> -filetrans_pattern(mozilla_plugin_t, mozilla_home_t, mozilla_plugin_home_t, dir, "plugins") >> - >> -manage_dirs_pattern(mozilla_plugin_t, mozilla_plugin_tmp_t, mozilla_plugin_tmp_t) >> -manage_files_pattern(mozilla_plugin_t, mozilla_plugin_tmp_t, mozilla_plugin_tmp_t) >> -manage_fifo_files_pattern(mozilla_plugin_t, mozilla_plugin_tmp_t, mozilla_plugin_tmp_t) >> -files_tmp_filetrans(mozilla_plugin_t, mozilla_plugin_tmp_t, { dir file fifo_file }) >> -userdom_user_tmp_filetrans(mozilla_plugin_t, mozilla_plugin_tmp_t, { dir file fifo_file }) >> - >> -allow mozilla_plugin_t mozilla_tmp_t:file rw_file_perms; >> - >> -manage_files_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t) >> -manage_lnk_files_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t) >> -manage_fifo_files_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t) >> -manage_sock_files_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t) >> -fs_tmpfs_filetrans(mozilla_plugin_t, mozilla_plugin_tmpfs_t, { file lnk_file sock_file fifo_file }) >> - >> -allow mozilla_plugin_t mozilla_plugin_rw_t:dir list_dir_perms; >> -allow mozilla_plugin_t mozilla_plugin_rw_t:file read_file_perms; >> -allow mozilla_plugin_t mozilla_plugin_rw_t:lnk_file read_lnk_file_perms; >> - >> -dgram_send_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t, mozilla_t) >> -stream_connect_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t, mozilla_t) >> - >> -can_exec(mozilla_plugin_t, { mozilla_exec_t mozilla_plugin_home_t mozilla_plugin_tmp_t }) >> - >> -kernel_read_all_sysctls(mozilla_plugin_t) >> -kernel_read_system_state(mozilla_plugin_t) >> -kernel_read_network_state(mozilla_plugin_t) >> -kernel_request_load_module(mozilla_plugin_t) >> -kernel_dontaudit_getattr_core_if(mozilla_plugin_t) >> - >> -corecmd_exec_bin(mozilla_plugin_t) >> -corecmd_exec_shell(mozilla_plugin_t) >> - >> -corenet_all_recvfrom_netlabel(mozilla_plugin_t) >> -corenet_all_recvfrom_unlabeled(mozilla_plugin_t) >> -corenet_tcp_sendrecv_generic_if(mozilla_plugin_t) >> -corenet_tcp_sendrecv_generic_node(mozilla_plugin_t) >> - >> -corenet_sendrecv_asterisk_client_packets(mozilla_plugin_t) >> -corenet_tcp_connect_asterisk_port(mozilla_plugin_t) >> -corenet_tcp_sendrecv_asterisk_port(mozilla_plugin_t) >> - >> -corenet_sendrecv_ftp_client_packets(mozilla_plugin_t) >> -corenet_tcp_connect_ftp_port(mozilla_plugin_t) >> -corenet_tcp_sendrecv_ftp_port(mozilla_plugin_t) >> - >> -corenet_sendrecv_gatekeeper_client_packets(mozilla_plugin_t) >> -corenet_tcp_connect_gatekeeper_port(mozilla_plugin_t) >> -corenet_tcp_sendrecv_gatekeeper_port(mozilla_plugin_t) >> - >> -corenet_sendrecv_http_client_packets(mozilla_plugin_t) >> -corenet_tcp_connect_http_port(mozilla_plugin_t) >> -corenet_tcp_sendrecv_http_port(mozilla_plugin_t) >> - >> -corenet_sendrecv_http_cache_client_packets(mozilla_plugin_t) >> -corenet_tcp_connect_http_cache_port(mozilla_plugin_t) >> -corenet_tcp_sendrecv_http_cache_port(mozilla_plugin_t) >> - >> -corenet_sendrecv_ipp_client_packets(mozilla_plugin_t) >> -corenet_tcp_connect_ipp_port(mozilla_plugin_t) >> -corenet_tcp_sendrecv_ipp_port(mozilla_plugin_t) >> - >> -corenet_sendrecv_ircd_client_packets(mozilla_plugin_t) >> -corenet_tcp_connect_ircd_port(mozilla_plugin_t) >> -corenet_tcp_sendrecv_ircd_port(mozilla_plugin_t) >> - >> -corenet_sendrecv_jabber_client_client_packets(mozilla_plugin_t) >> -corenet_tcp_connect_jabber_client_port(mozilla_plugin_t) >> -corenet_tcp_sendrecv_jabber_client_port(mozilla_plugin_t) >> - >> -corenet_sendrecv_mmcc_client_packets(mozilla_plugin_t) >> -corenet_tcp_connect_mmcc_port(mozilla_plugin_t) >> -corenet_tcp_sendrecv_mmcc_port(mozilla_plugin_t) >> - >> -corenet_sendrecv_monopd_client_packets(mozilla_plugin_t) >> -corenet_tcp_connect_monopd_port(mozilla_plugin_t) >> -corenet_tcp_sendrecv_monopd_port(mozilla_plugin_t) >> - >> -corenet_sendrecv_soundd_client_packets(mozilla_plugin_t) >> -corenet_tcp_connect_soundd_port(mozilla_plugin_t) >> -corenet_tcp_sendrecv_soundd_port(mozilla_plugin_t) >> - >> -corenet_sendrecv_speech_client_packets(mozilla_plugin_t) >> -corenet_tcp_connect_speech_port(mozilla_plugin_t) >> -corenet_tcp_sendrecv_speech_port(mozilla_plugin_t) >> - >> -corenet_sendrecv_squid_client_packets(mozilla_plugin_t) >> -corenet_tcp_connect_squid_port(mozilla_plugin_t) >> -corenet_tcp_sendrecv_squid_port(mozilla_plugin_t) >> - >> -corenet_sendrecv_vnc_client_packets(mozilla_plugin_t) >> -corenet_tcp_connect_vnc_port(mozilla_plugin_t) >> -corenet_tcp_sendrecv_vnc_port(mozilla_plugin_t) >> - >> -dev_read_generic_usb_dev(mozilla_plugin_t) >> -dev_read_rand(mozilla_plugin_t) >> -dev_read_realtime_clock(mozilla_plugin_t) >> -dev_read_sound(mozilla_plugin_t) >> -dev_read_sysfs(mozilla_plugin_t) >> -dev_read_urand(mozilla_plugin_t) >> -dev_read_video_dev(mozilla_plugin_t) >> -dev_write_sound(mozilla_plugin_t) >> -dev_write_video_dev(mozilla_plugin_t) >> -dev_rw_dri(mozilla_plugin_t) >> -dev_rw_xserver_misc(mozilla_plugin_t) >> - >> -dev_dontaudit_getattr_generic_files(mozilla_plugin_t) >> -dev_dontaudit_getattr_generic_pipes(mozilla_plugin_t) >> -dev_dontaudit_getattr_all_blk_files(mozilla_plugin_t) >> -dev_dontaudit_getattr_all_chr_files(mozilla_plugin_t) >> - >> -domain_use_interactive_fds(mozilla_plugin_t) >> -domain_dontaudit_read_all_domains_state(mozilla_plugin_t) >> - >> -files_exec_usr_files(mozilla_plugin_t) >> -files_list_mnt(mozilla_plugin_t) >> -files_read_config_files(mozilla_plugin_t) >> -files_read_usr_files(mozilla_plugin_t) >> -files_map_usr_files(mozilla_plugin_t) >> - >> -fs_getattr_all_fs(mozilla_plugin_t) >> -# fs_read_hugetlbfs_files(mozilla_plugin_t) >> -fs_search_auto_mountpoints(mozilla_plugin_t) >> - >> -term_getattr_all_ttys(mozilla_plugin_t) >> -term_getattr_all_ptys(mozilla_plugin_t) >> - >> -application_exec(mozilla_plugin_t) >> - >> -auth_use_nsswitch(mozilla_plugin_t) >> - >> -libs_exec_ld_so(mozilla_plugin_t) >> -libs_exec_lib_files(mozilla_plugin_t) >> - >> -logging_send_syslog_msg(mozilla_plugin_t) >> - >> -miscfiles_read_localization(mozilla_plugin_t) >> -miscfiles_read_fonts(mozilla_plugin_t) >> -miscfiles_read_generic_certs(mozilla_plugin_t) >> -miscfiles_dontaudit_setattr_fonts_dirs(mozilla_plugin_t) >> -miscfiles_dontaudit_setattr_fonts_cache_dirs(mozilla_plugin_t) >> - >> -userdom_manage_user_tmp_dirs(mozilla_plugin_t) >> -userdom_manage_user_tmp_files(mozilla_plugin_t) >> -userdom_map_user_tmp_files(mozilla_plugin_t) >> +dontaudit webbrowser_plugin_t self:capability { ipc_lock sys_nice sys_ptrace sys_tty_config }; >> +allow webbrowser_plugin_t self:process { setpgid getsched setsched signal_perms setrlimit }; >> +allow webbrowser_plugin_t self:fifo_file manage_fifo_file_perms; >> +allow webbrowser_plugin_t self:netlink_kobject_uevent_socket create_socket_perms; >> +allow webbrowser_plugin_t self:sem create_sem_perms; >> +allow webbrowser_plugin_t self:shm create_shm_perms; >> +allow webbrowser_plugin_t self:tcp_socket { accept listen }; >> +allow webbrowser_plugin_t self:unix_stream_socket { accept connectto listen }; >> + >> +allow webbrowser_plugin_t webbrowser_t:unix_stream_socket rw_socket_perms; >> +allow webbrowser_plugin_t webbrowser_t:unix_dgram_socket rw_socket_perms; >> +allow webbrowser_plugin_t webbrowser_t:shm { rw_shm_perms destroy }; >> +allow webbrowser_plugin_t webbrowser_t:sem create_sem_perms; >> + >> +manage_dirs_pattern(webbrowser_plugin_t, { webbrowser_home_t webbrowser_plugin_home_t }, { webbrowser_home_t webbrowser_plugin_home_t }) >> +manage_files_pattern(webbrowser_plugin_t, { webbrowser_home_t webbrowser_plugin_home_t }, webbrowser_plugin_home_t) >> +manage_lnk_files_pattern(webbrowser_plugin_t, { webbrowser_home_t webbrowser_plugin_home_t }, webbrowser_plugin_home_t) >> +allow webbrowser_plugin_t webbrowser_home_t:file map; >> + >> +userdom_user_home_dir_filetrans(webbrowser_plugin_t, webbrowser_home_t, dir, ".galeon") >> +userdom_user_home_dir_filetrans(webbrowser_plugin_t, webbrowser_home_t, dir, ".mozilla") >> +userdom_user_home_dir_filetrans(webbrowser_plugin_t, webbrowser_home_t, dir, ".netscape") >> +userdom_user_home_dir_filetrans(webbrowser_plugin_t, webbrowser_home_t, dir, ".phoenix") >> + >> +userdom_user_home_dir_filetrans(webbrowser_plugin_t, webbrowser_plugin_home_t, dir, ".adobe") >> +userdom_user_home_dir_filetrans(webbrowser_plugin_t, webbrowser_plugin_home_t, dir, ".macromedia") >> +userdom_user_home_dir_filetrans(webbrowser_plugin_t, webbrowser_plugin_home_t, dir, ".gnash") >> +userdom_user_home_dir_filetrans(webbrowser_plugin_t, webbrowser_plugin_home_t, dir, ".gcjwebplugin") >> +userdom_user_home_dir_filetrans(webbrowser_plugin_t, webbrowser_plugin_home_t, dir, ".icedteaplugin") >> +userdom_user_home_dir_filetrans(webbrowser_plugin_t, webbrowser_plugin_home_t, dir, ".spicec") >> +userdom_user_home_dir_filetrans(webbrowser_plugin_t, webbrowser_plugin_home_t, dir, ".ICAClient") >> +userdom_user_home_dir_filetrans(webbrowser_plugin_t, webbrowser_plugin_home_t, dir, "zimbrauserdata") >> + >> +filetrans_pattern(webbrowser_plugin_t, webbrowser_home_t, webbrowser_plugin_home_t, dir, "plugins") >> + >> +manage_dirs_pattern(webbrowser_plugin_t, webbrowser_plugin_tmp_t, webbrowser_plugin_tmp_t) >> +manage_files_pattern(webbrowser_plugin_t, webbrowser_plugin_tmp_t, webbrowser_plugin_tmp_t) >> +manage_fifo_files_pattern(webbrowser_plugin_t, webbrowser_plugin_tmp_t, webbrowser_plugin_tmp_t) >> +files_tmp_filetrans(webbrowser_plugin_t, webbrowser_plugin_tmp_t, { dir file fifo_file }) >> +userdom_user_tmp_filetrans(webbrowser_plugin_t, webbrowser_plugin_tmp_t, { dir file fifo_file }) >> + >> +allow webbrowser_plugin_t webbrowser_tmp_t:file rw_file_perms; >> + >> +manage_files_pattern(webbrowser_plugin_t, webbrowser_plugin_tmpfs_t, webbrowser_plugin_tmpfs_t) >> +manage_lnk_files_pattern(webbrowser_plugin_t, webbrowser_plugin_tmpfs_t, webbrowser_plugin_tmpfs_t) >> +manage_fifo_files_pattern(webbrowser_plugin_t, webbrowser_plugin_tmpfs_t, webbrowser_plugin_tmpfs_t) >> +manage_sock_files_pattern(webbrowser_plugin_t, webbrowser_plugin_tmpfs_t, webbrowser_plugin_tmpfs_t) >> +fs_tmpfs_filetrans(webbrowser_plugin_t, webbrowser_plugin_tmpfs_t, { file lnk_file sock_file fifo_file }) >> + >> +allow webbrowser_plugin_t webbrowser_plugin_rw_t:dir list_dir_perms; >> +allow webbrowser_plugin_t webbrowser_plugin_rw_t:file read_file_perms; >> +allow webbrowser_plugin_t webbrowser_plugin_rw_t:lnk_file read_lnk_file_perms; >> + >> +dgram_send_pattern(webbrowser_plugin_t, webbrowser_plugin_tmpfs_t, webbrowser_plugin_tmpfs_t, webbrowser_t) >> +stream_connect_pattern(webbrowser_plugin_t, webbrowser_plugin_tmpfs_t, webbrowser_plugin_tmpfs_t, webbrowser_t) >> + >> +can_exec(webbrowser_plugin_t, { webbrowser_exec_t webbrowser_plugin_home_t webbrowser_plugin_tmp_t }) >> + >> +kernel_read_all_sysctls(webbrowser_plugin_t) >> +kernel_read_system_state(webbrowser_plugin_t) >> +kernel_read_network_state(webbrowser_plugin_t) >> +kernel_request_load_module(webbrowser_plugin_t) >> +kernel_dontaudit_getattr_core_if(webbrowser_plugin_t) >> + >> +corecmd_exec_bin(webbrowser_plugin_t) >> +corecmd_exec_shell(webbrowser_plugin_t) >> + >> +corenet_all_recvfrom_netlabel(webbrowser_plugin_t) >> +corenet_all_recvfrom_unlabeled(webbrowser_plugin_t) >> +corenet_tcp_sendrecv_generic_if(webbrowser_plugin_t) >> +corenet_tcp_sendrecv_generic_node(webbrowser_plugin_t) >> + >> +corenet_sendrecv_asterisk_client_packets(webbrowser_plugin_t) >> +corenet_tcp_connect_asterisk_port(webbrowser_plugin_t) >> +corenet_tcp_sendrecv_asterisk_port(webbrowser_plugin_t) >> + >> +corenet_sendrecv_ftp_client_packets(webbrowser_plugin_t) >> +corenet_tcp_connect_ftp_port(webbrowser_plugin_t) >> +corenet_tcp_sendrecv_ftp_port(webbrowser_plugin_t) >> + >> +corenet_sendrecv_gatekeeper_client_packets(webbrowser_plugin_t) >> +corenet_tcp_connect_gatekeeper_port(webbrowser_plugin_t) >> +corenet_tcp_sendrecv_gatekeeper_port(webbrowser_plugin_t) >> + >> +corenet_sendrecv_http_client_packets(webbrowser_plugin_t) >> +corenet_tcp_connect_http_port(webbrowser_plugin_t) >> +corenet_tcp_sendrecv_http_port(webbrowser_plugin_t) >> + >> +corenet_sendrecv_http_cache_client_packets(webbrowser_plugin_t) >> +corenet_tcp_connect_http_cache_port(webbrowser_plugin_t) >> +corenet_tcp_sendrecv_http_cache_port(webbrowser_plugin_t) >> + >> +corenet_sendrecv_ipp_client_packets(webbrowser_plugin_t) >> +corenet_tcp_connect_ipp_port(webbrowser_plugin_t) >> +corenet_tcp_sendrecv_ipp_port(webbrowser_plugin_t) >> + >> +corenet_sendrecv_ircd_client_packets(webbrowser_plugin_t) >> +corenet_tcp_connect_ircd_port(webbrowser_plugin_t) >> +corenet_tcp_sendrecv_ircd_port(webbrowser_plugin_t) >> + >> +corenet_sendrecv_jabber_client_client_packets(webbrowser_plugin_t) >> +corenet_tcp_connect_jabber_client_port(webbrowser_plugin_t) >> +corenet_tcp_sendrecv_jabber_client_port(webbrowser_plugin_t) >> + >> +corenet_sendrecv_mmcc_client_packets(webbrowser_plugin_t) >> +corenet_tcp_connect_mmcc_port(webbrowser_plugin_t) >> +corenet_tcp_sendrecv_mmcc_port(webbrowser_plugin_t) >> + >> +corenet_sendrecv_monopd_client_packets(webbrowser_plugin_t) >> +corenet_tcp_connect_monopd_port(webbrowser_plugin_t) >> +corenet_tcp_sendrecv_monopd_port(webbrowser_plugin_t) >> + >> +corenet_sendrecv_soundd_client_packets(webbrowser_plugin_t) >> +corenet_tcp_connect_soundd_port(webbrowser_plugin_t) >> +corenet_tcp_sendrecv_soundd_port(webbrowser_plugin_t) >> + >> +corenet_sendrecv_speech_client_packets(webbrowser_plugin_t) >> +corenet_tcp_connect_speech_port(webbrowser_plugin_t) >> +corenet_tcp_sendrecv_speech_port(webbrowser_plugin_t) >> + >> +corenet_sendrecv_squid_client_packets(webbrowser_plugin_t) >> +corenet_tcp_connect_squid_port(webbrowser_plugin_t) >> +corenet_tcp_sendrecv_squid_port(webbrowser_plugin_t) >> + >> +corenet_sendrecv_vnc_client_packets(webbrowser_plugin_t) >> +corenet_tcp_connect_vnc_port(webbrowser_plugin_t) >> +corenet_tcp_sendrecv_vnc_port(webbrowser_plugin_t) >> + >> +dev_read_generic_usb_dev(webbrowser_plugin_t) >> +dev_read_rand(webbrowser_plugin_t) >> +dev_read_realtime_clock(webbrowser_plugin_t) >> +dev_read_sound(webbrowser_plugin_t) >> +dev_read_sysfs(webbrowser_plugin_t) >> +dev_read_urand(webbrowser_plugin_t) >> +dev_read_video_dev(webbrowser_plugin_t) >> +dev_write_sound(webbrowser_plugin_t) >> +dev_write_video_dev(webbrowser_plugin_t) >> +dev_rw_dri(webbrowser_plugin_t) >> +dev_rw_xserver_misc(webbrowser_plugin_t) >> + >> +dev_dontaudit_getattr_generic_files(webbrowser_plugin_t) >> +dev_dontaudit_getattr_generic_pipes(webbrowser_plugin_t) >> +dev_dontaudit_getattr_all_blk_files(webbrowser_plugin_t) >> +dev_dontaudit_getattr_all_chr_files(webbrowser_plugin_t) >> + >> +domain_use_interactive_fds(webbrowser_plugin_t) >> +domain_dontaudit_read_all_domains_state(webbrowser_plugin_t) >> + >> +files_exec_usr_files(webbrowser_plugin_t) >> +files_list_mnt(webbrowser_plugin_t) >> +files_read_config_files(webbrowser_plugin_t) >> +files_read_usr_files(webbrowser_plugin_t) >> +files_map_usr_files(webbrowser_plugin_t) >> + >> +fs_getattr_all_fs(webbrowser_plugin_t) >> +# fs_read_hugetlbfs_files(webbrowser_plugin_t) >> +fs_search_auto_mountpoints(webbrowser_plugin_t) >> + >> +term_getattr_all_ttys(webbrowser_plugin_t) >> +term_getattr_all_ptys(webbrowser_plugin_t) >> + >> +application_exec(webbrowser_plugin_t) >> + >> +auth_use_nsswitch(webbrowser_plugin_t) >> + >> +libs_exec_ld_so(webbrowser_plugin_t) >> +libs_exec_lib_files(webbrowser_plugin_t) >> + >> +logging_send_syslog_msg(webbrowser_plugin_t) >> + >> +miscfiles_read_localization(webbrowser_plugin_t) >> +miscfiles_read_fonts(webbrowser_plugin_t) >> +miscfiles_read_generic_certs(webbrowser_plugin_t) >> +miscfiles_dontaudit_setattr_fonts_dirs(webbrowser_plugin_t) >> +miscfiles_dontaudit_setattr_fonts_cache_dirs(webbrowser_plugin_t) >> + >> +userdom_manage_user_tmp_dirs(webbrowser_plugin_t) >> +userdom_manage_user_tmp_files(webbrowser_plugin_t) >> +userdom_map_user_tmp_files(webbrowser_plugin_t) >> >> -userdom_user_home_dir_filetrans_user_home_content(mozilla_plugin_t, { dir file }) >> +userdom_user_home_dir_filetrans_user_home_content(webbrowser_plugin_t, { dir file }) >> >> -userdom_write_user_tmp_sockets(mozilla_plugin_t) >> +userdom_write_user_tmp_sockets(webbrowser_plugin_t) >> >> -userdom_dontaudit_use_user_terminals(mozilla_plugin_t) >> +userdom_dontaudit_use_user_terminals(webbrowser_plugin_t) >> >> -xdg_read_config_files(mozilla_plugin_t) >> +xdg_read_config_files(webbrowser_plugin_t) >> >> ifndef(`enable_mls',` >> - fs_list_dos(mozilla_plugin_t) >> - fs_read_dos_files(mozilla_plugin_t) >> + fs_list_dos(webbrowser_plugin_t) >> + fs_read_dos_files(webbrowser_plugin_t) >> >> - fs_search_removable(mozilla_plugin_t) >> - fs_read_removable_files(mozilla_plugin_t) >> - fs_read_removable_symlinks(mozilla_plugin_t) >> + fs_search_removable(webbrowser_plugin_t) >> + fs_read_removable_files(webbrowser_plugin_t) >> + fs_read_removable_symlinks(webbrowser_plugin_t) >> >> - fs_read_iso9660_files(mozilla_plugin_t) >> + fs_read_iso9660_files(webbrowser_plugin_t) >> ') >> >> tunable_policy(`allow_execmem',` >> - allow mozilla_plugin_t self:process execmem; >> + allow webbrowser_plugin_t self:process execmem; >> ') >> >> -tunable_policy(`mozilla_execstack',` >> - allow mozilla_plugin_t self:process { execmem execstack }; >> +tunable_policy(`webbrowser_execstack',` >> + allow webbrowser_plugin_t self:process { execmem execstack }; >> ') >> >> tunable_policy(`use_nfs_home_dirs',` >> - fs_manage_nfs_dirs(mozilla_plugin_t) >> - fs_manage_nfs_files(mozilla_plugin_t) >> - fs_manage_nfs_symlinks(mozilla_plugin_t) >> + fs_manage_nfs_dirs(webbrowser_plugin_t) >> + fs_manage_nfs_files(webbrowser_plugin_t) >> + fs_manage_nfs_symlinks(webbrowser_plugin_t) >> ') >> >> tunable_policy(`use_samba_home_dirs',` >> - fs_manage_cifs_dirs(mozilla_plugin_t) >> - fs_manage_cifs_files(mozilla_plugin_t) >> - fs_manage_cifs_symlinks(mozilla_plugin_t) >> + fs_manage_cifs_dirs(webbrowser_plugin_t) >> + fs_manage_cifs_files(webbrowser_plugin_t) >> + fs_manage_cifs_symlinks(webbrowser_plugin_t) >> ') >> >> optional_policy(` >> - alsa_read_config(mozilla_plugin_t) >> - alsa_read_home_files(mozilla_plugin_t) >> + alsa_read_config(webbrowser_plugin_t) >> + alsa_read_home_files(webbrowser_plugin_t) >> ') >> >> optional_policy(` >> - automount_dontaudit_getattr_tmp_dirs(mozilla_plugin_t) >> + automount_dontaudit_getattr_tmp_dirs(webbrowser_plugin_t) >> ') >> >> optional_policy(` >> - dbus_all_session_bus_client(mozilla_plugin_t) >> - dbus_connect_all_session_bus(mozilla_plugin_t) >> - dbus_system_bus_client(mozilla_plugin_t) >> + dbus_all_session_bus_client(webbrowser_plugin_t) >> + dbus_connect_all_session_bus(webbrowser_plugin_t) >> + dbus_system_bus_client(webbrowser_plugin_t) >> ') >> >> optional_policy(` >> - gnome_manage_generic_home_content(mozilla_plugin_t) >> - gnome_home_filetrans_gnome_home(mozilla_plugin_t, dir, ".gnome") >> - gnome_home_filetrans_gnome_home(mozilla_plugin_t, dir, ".gnome2") >> - gnome_home_filetrans_gnome_home(mozilla_plugin_t, dir, ".gnome2_private") >> + gnome_manage_generic_home_content(webbrowser_plugin_t) >> + gnome_home_filetrans_gnome_home(webbrowser_plugin_t, dir, ".gnome") >> + gnome_home_filetrans_gnome_home(webbrowser_plugin_t, dir, ".gnome2") >> + gnome_home_filetrans_gnome_home(webbrowser_plugin_t, dir, ".gnome2_private") >> ') >> >> optional_policy(` >> - java_exec(mozilla_plugin_t) >> - java_manage_generic_home_content(mozilla_plugin_t) >> - java_manage_java_tmp(mozilla_plugin_t) >> - java_home_filetrans_java_home(mozilla_plugin_t, dir, ".java") >> + java_exec(webbrowser_plugin_t) >> + java_manage_generic_home_content(webbrowser_plugin_t) >> + java_manage_java_tmp(webbrowser_plugin_t) >> + java_home_filetrans_java_home(webbrowser_plugin_t, dir, ".java") >> ') >> >> optional_policy(` >> - lpd_run_lpr(mozilla_plugin_t, mozilla_plugin_roles) >> + lpd_run_lpr(webbrowser_plugin_t, webbrowser_plugin_roles) >> ') >> >> optional_policy(` >> - mplayer_exec(mozilla_plugin_t) >> - mplayer_manage_generic_home_content(mozilla_plugin_t) >> - mplayer_home_filetrans_mplayer_home(mozilla_plugin_t, dir, ".mplayer") >> + mplayer_exec(webbrowser_plugin_t) >> + mplayer_manage_generic_home_content(webbrowser_plugin_t) >> + mplayer_home_filetrans_mplayer_home(webbrowser_plugin_t, dir, ".mplayer") >> ') >> >> optional_policy(` >> - pcscd_stream_connect(mozilla_plugin_t) >> + pcscd_stream_connect(webbrowser_plugin_t) >> ') >> >> optional_policy(` >> - pulseaudio_run(mozilla_plugin_t, mozilla_plugin_roles) >> + pulseaudio_run(webbrowser_plugin_t, webbrowser_plugin_roles) >> ') >> >> optional_policy(` >> - udev_read_db(mozilla_plugin_t) >> + udev_read_db(webbrowser_plugin_t) >> ') >> >> optional_policy(` >> - xserver_read_user_xauth(mozilla_plugin_t) >> - xserver_read_xdm_pid(mozilla_plugin_t) >> - xserver_stream_connect(mozilla_plugin_t) >> - xserver_use_user_fonts(mozilla_plugin_t) >> - xserver_dontaudit_read_xdm_tmp_files(mozilla_plugin_t) >> + xserver_read_user_xauth(webbrowser_plugin_t) >> + xserver_read_xdm_pid(webbrowser_plugin_t) >> + xserver_stream_connect(webbrowser_plugin_t) >> + xserver_use_user_fonts(webbrowser_plugin_t) >> + xserver_dontaudit_read_xdm_tmp_files(webbrowser_plugin_t) >> ') >> >> ######################################## >> @@ -626,96 +637,96 @@ optional_policy(` >> # Plugin config local policy >> # >> >> -allow mozilla_plugin_config_t self:capability { dac_override dac_read_search setgid setuid sys_nice }; >> -allow mozilla_plugin_config_t self:process { setsched signal_perms getsched }; >> -allow mozilla_plugin_config_t self:fifo_file rw_fifo_file_perms; >> -allow mozilla_plugin_config_t self:unix_stream_socket create_stream_socket_perms; >> +allow webbrowser_plugin_config_t self:capability { dac_override dac_read_search setgid setuid sys_nice }; >> +allow webbrowser_plugin_config_t self:process { setsched signal_perms getsched }; >> +allow webbrowser_plugin_config_t self:fifo_file rw_fifo_file_perms; >> +allow webbrowser_plugin_config_t self:unix_stream_socket create_stream_socket_perms; >> >> -allow mozilla_plugin_config_t mozilla_plugin_rw_t:dir manage_dir_perms; >> -allow mozilla_plugin_config_t mozilla_plugin_rw_t:file manage_file_perms; >> -allow mozilla_plugin_config_t mozilla_plugin_rw_t:lnk_file manage_lnk_file_perms; >> +allow webbrowser_plugin_config_t webbrowser_plugin_rw_t:dir manage_dir_perms; >> +allow webbrowser_plugin_config_t webbrowser_plugin_rw_t:file manage_file_perms; >> +allow webbrowser_plugin_config_t webbrowser_plugin_rw_t:lnk_file manage_lnk_file_perms; >> >> -manage_dirs_pattern(mozilla_plugin_config_t, { mozilla_home_t mozilla_plugin_home_t }, { mozilla_home_t mozilla_plugin_home_t }) >> -manage_files_pattern(mozilla_plugin_config_t, { mozilla_home_t mozilla_plugin_home_t }, mozilla_plugin_home_t) >> -manage_lnk_files_pattern(mozilla_plugin_config_t, { mozilla_home_t mozilla_plugin_home_t }, mozilla_plugin_home_t) >> +manage_dirs_pattern(webbrowser_plugin_config_t, { webbrowser_home_t webbrowser_plugin_home_t }, { webbrowser_home_t webbrowser_plugin_home_t }) >> +manage_files_pattern(webbrowser_plugin_config_t, { webbrowser_home_t webbrowser_plugin_home_t }, webbrowser_plugin_home_t) >> +manage_lnk_files_pattern(webbrowser_plugin_config_t, { webbrowser_home_t webbrowser_plugin_home_t }, webbrowser_plugin_home_t) >> >> -userdom_user_home_dir_filetrans(mozilla_plugin_config_t, mozilla_home_t, dir, ".galeon") >> -userdom_user_home_dir_filetrans(mozilla_plugin_config_t, mozilla_home_t, dir, ".mozilla") >> -userdom_user_home_dir_filetrans(mozilla_plugin_config_t, mozilla_home_t, dir, ".netscape") >> -userdom_user_home_dir_filetrans(mozilla_plugin_config_t, mozilla_home_t, dir, ".phoenix") >> +userdom_user_home_dir_filetrans(webbrowser_plugin_config_t, webbrowser_home_t, dir, ".galeon") >> +userdom_user_home_dir_filetrans(webbrowser_plugin_config_t, webbrowser_home_t, dir, ".mozilla") >> +userdom_user_home_dir_filetrans(webbrowser_plugin_config_t, webbrowser_home_t, dir, ".netscape") >> +userdom_user_home_dir_filetrans(webbrowser_plugin_config_t, webbrowser_home_t, dir, ".phoenix") >> >> -userdom_user_home_dir_filetrans(mozilla_plugin_config_t, mozilla_plugin_home_t, dir, ".adobe") >> -userdom_user_home_dir_filetrans(mozilla_plugin_config_t, mozilla_plugin_home_t, dir, ".macromedia") >> -userdom_user_home_dir_filetrans(mozilla_plugin_config_t, mozilla_plugin_home_t, dir, ".gnash") >> -userdom_user_home_dir_filetrans(mozilla_plugin_config_t, mozilla_plugin_home_t, dir, ".gcjwebplugin") >> -userdom_user_home_dir_filetrans(mozilla_plugin_config_t, mozilla_plugin_home_t, dir, ".icedteaplugin") >> -userdom_user_home_dir_filetrans(mozilla_plugin_config_t, mozilla_plugin_home_t, dir, ".spicec") >> -userdom_user_home_dir_filetrans(mozilla_plugin_config_t, mozilla_plugin_home_t, dir, ".ICAClient") >> -userdom_user_home_dir_filetrans(mozilla_plugin_config_t, mozilla_plugin_home_t, dir, "zimbrauserdata") >> +userdom_user_home_dir_filetrans(webbrowser_plugin_config_t, webbrowser_plugin_home_t, dir, ".adobe") >> +userdom_user_home_dir_filetrans(webbrowser_plugin_config_t, webbrowser_plugin_home_t, dir, ".macromedia") >> +userdom_user_home_dir_filetrans(webbrowser_plugin_config_t, webbrowser_plugin_home_t, dir, ".gnash") >> +userdom_user_home_dir_filetrans(webbrowser_plugin_config_t, webbrowser_plugin_home_t, dir, ".gcjwebplugin") >> +userdom_user_home_dir_filetrans(webbrowser_plugin_config_t, webbrowser_plugin_home_t, dir, ".icedteaplugin") >> +userdom_user_home_dir_filetrans(webbrowser_plugin_config_t, webbrowser_plugin_home_t, dir, ".spicec") >> +userdom_user_home_dir_filetrans(webbrowser_plugin_config_t, webbrowser_plugin_home_t, dir, ".ICAClient") >> +userdom_user_home_dir_filetrans(webbrowser_plugin_config_t, webbrowser_plugin_home_t, dir, "zimbrauserdata") >> >> -filetrans_pattern(mozilla_plugin_config_t, mozilla_home_t, mozilla_plugin_home_t, dir, "plugins") >> +filetrans_pattern(webbrowser_plugin_config_t, webbrowser_home_t, webbrowser_plugin_home_t, dir, "plugins") >> >> -can_exec(mozilla_plugin_config_t, { mozilla_plugin_rw_t mozilla_plugin_home_t }) >> +can_exec(webbrowser_plugin_config_t, { webbrowser_plugin_rw_t webbrowser_plugin_home_t }) >> >> -ps_process_pattern(mozilla_plugin_config_t, mozilla_plugin_t) >> +ps_process_pattern(webbrowser_plugin_config_t, webbrowser_plugin_t) >> >> -kernel_read_system_state(mozilla_plugin_config_t) >> -kernel_request_load_module(mozilla_plugin_config_t) >> +kernel_read_system_state(webbrowser_plugin_config_t) >> +kernel_request_load_module(webbrowser_plugin_config_t) >> >> -corecmd_exec_bin(mozilla_plugin_config_t) >> -corecmd_exec_shell(mozilla_plugin_config_t) >> +corecmd_exec_bin(webbrowser_plugin_config_t) >> +corecmd_exec_shell(webbrowser_plugin_config_t) >> >> -dev_read_urand(mozilla_plugin_config_t) >> -dev_rw_dri(mozilla_plugin_config_t) >> -dev_search_sysfs(mozilla_plugin_config_t) >> -dev_dontaudit_read_rand(mozilla_plugin_config_t) >> +dev_read_urand(webbrowser_plugin_config_t) >> +dev_rw_dri(webbrowser_plugin_config_t) >> +dev_search_sysfs(webbrowser_plugin_config_t) >> +dev_dontaudit_read_rand(webbrowser_plugin_config_t) >> >> -domain_use_interactive_fds(mozilla_plugin_config_t) >> +domain_use_interactive_fds(webbrowser_plugin_config_t) >> >> -files_list_tmp(mozilla_plugin_config_t) >> -files_read_usr_files(mozilla_plugin_config_t) >> -files_dontaudit_search_home(mozilla_plugin_config_t) >> +files_list_tmp(webbrowser_plugin_config_t) >> +files_read_usr_files(webbrowser_plugin_config_t) >> +files_dontaudit_search_home(webbrowser_plugin_config_t) >> >> -fs_getattr_all_fs(mozilla_plugin_config_t) >> -fs_search_auto_mountpoints(mozilla_plugin_config_t) >> -fs_list_inotifyfs(mozilla_plugin_config_t) >> +fs_getattr_all_fs(webbrowser_plugin_config_t) >> +fs_search_auto_mountpoints(webbrowser_plugin_config_t) >> +fs_list_inotifyfs(webbrowser_plugin_config_t) >> >> -auth_use_nsswitch(mozilla_plugin_config_t) >> +auth_use_nsswitch(webbrowser_plugin_config_t) >> >> -miscfiles_read_localization(mozilla_plugin_config_t) >> -miscfiles_read_fonts(mozilla_plugin_config_t) >> +miscfiles_read_localization(webbrowser_plugin_config_t) >> +miscfiles_read_fonts(webbrowser_plugin_config_t) >> >> -userdom_read_user_home_content_symlinks(mozilla_plugin_config_t) >> -userdom_read_user_home_content_files(mozilla_plugin_config_t) >> +userdom_read_user_home_content_symlinks(webbrowser_plugin_config_t) >> +userdom_read_user_home_content_files(webbrowser_plugin_config_t) >> >> -userdom_use_user_ptys(mozilla_plugin_config_t) >> +userdom_use_user_ptys(webbrowser_plugin_config_t) >> >> -mozilla_run_plugin(mozilla_plugin_config_t, mozilla_plugin_config_roles) >> +webbrowser_run_plugin(webbrowser_plugin_config_t, webbrowser_plugin_config_roles) >> >> tunable_policy(`allow_execmem',` >> - allow mozilla_plugin_config_t self:process execmem; >> + allow webbrowser_plugin_config_t self:process execmem; >> ') >> >> -tunable_policy(`mozilla_execstack',` >> - allow mozilla_plugin_config_t self:process { execmem execstack }; >> +tunable_policy(`webbrowser_execstack',` >> + allow webbrowser_plugin_config_t self:process { execmem execstack }; >> ') >> >> tunable_policy(`use_nfs_home_dirs',` >> - fs_manage_nfs_dirs(mozilla_plugin_config_t) >> - fs_manage_nfs_files(mozilla_plugin_config_t) >> - fs_manage_nfs_symlinks(mozilla_plugin_config_t) >> + fs_manage_nfs_dirs(webbrowser_plugin_config_t) >> + fs_manage_nfs_files(webbrowser_plugin_config_t) >> + fs_manage_nfs_symlinks(webbrowser_plugin_config_t) >> ') >> >> tunable_policy(`use_samba_home_dirs',` >> - fs_manage_cifs_dirs(mozilla_plugin_config_t) >> - fs_manage_cifs_files(mozilla_plugin_config_t) >> - fs_manage_cifs_symlinks(mozilla_plugin_config_t) >> + fs_manage_cifs_dirs(webbrowser_plugin_config_t) >> + fs_manage_cifs_files(webbrowser_plugin_config_t) >> + fs_manage_cifs_symlinks(webbrowser_plugin_config_t) >> ') >> >> optional_policy(` >> - automount_dontaudit_getattr_tmp_dirs(mozilla_plugin_config_t) >> + automount_dontaudit_getattr_tmp_dirs(webbrowser_plugin_config_t) >> ') >> >> optional_policy(` >> - xserver_use_user_fonts(mozilla_plugin_config_t) >> + xserver_use_user_fonts(webbrowser_plugin_config_t) >> ') >> Index: refpolicy-2.20180701/policy/modules/apps/mozilla.fc >> =================================================================== >> --- refpolicy-2.20180701.orig/policy/modules/apps/mozilla.fc >> +++ refpolicy-2.20180701/policy/modules/apps/mozilla.fc >> @@ -1,42 +1,42 @@ >> -HOME_DIR/\.cache/mozilla(/.*)? gen_context(system_u:object_r:mozilla_xdg_cache_t,s0) >> -HOME_DIR/\.galeon(/.*)? gen_context(system_u:object_r:mozilla_home_t,s0) >> -HOME_DIR/\.mozilla(/.*)? gen_context(system_u:object_r:mozilla_home_t,s0) >> -HOME_DIR/\.mozilla/plugins(/.*)? gen_context(system_u:object_r:mozilla_plugin_home_t,s0) >> -HOME_DIR/\.netscape(/.*)? gen_context(system_u:object_r:mozilla_home_t,s0) >> -HOME_DIR/\.phoenix(/.*)? gen_context(system_u:object_r:mozilla_home_t,s0) >> -HOME_DIR/\.vimperator.* gen_context(system_u:object_r:mozilla_home_t,s0) >> +HOME_DIR/\.cache/mozilla(/.*)? gen_context(system_u:object_r:webbrowser_xdg_cache_t,s0) >> +HOME_DIR/\.galeon(/.*)? gen_context(system_u:object_r:webbrowser_home_t,s0) >> +HOME_DIR/\.mozilla(/.*)? gen_context(system_u:object_r:webbrowser_home_t,s0) >> +HOME_DIR/\.mozilla/plugins(/.*)? gen_context(system_u:object_r:webbrowser_plugin_home_t,s0) >> +HOME_DIR/\.netscape(/.*)? gen_context(system_u:object_r:webbrowser_home_t,s0) >> +HOME_DIR/\.phoenix(/.*)? gen_context(system_u:object_r:webbrowser_home_t,s0) >> +HOME_DIR/\.vimperator.* gen_context(system_u:object_r:webbrowser_home_t,s0) >> >> -HOME_DIR/\.adobe(/.*)? gen_context(system_u:object_r:mozilla_plugin_home_t,s0) >> -HOME_DIR/\.macromedia(/.*)? gen_context(system_u:object_r:mozilla_plugin_home_t,s0) >> -HOME_DIR/\.gnash(/.*)? gen_context(system_u:object_r:mozilla_plugin_home_t,s0) >> -HOME_DIR/\.gcjwebplugin(/.*)? gen_context(system_u:object_r:mozilla_plugin_home_t,s0) >> -HOME_DIR/\.icedteaplugin(/.*)? gen_context(system_u:object_r:mozilla_plugin_home_t,s0) >> -HOME_DIR/\.spicec(/.*)? gen_context(system_u:object_r:mozilla_plugin_home_t,s0) >> -HOME_DIR/\.ICAClient(/.*)? gen_context(system_u:object_r:mozilla_plugin_home_t,s0) >> -HOME_DIR/zimbrauserdata(/.*)? gen_context(system_u:object_r:mozilla_plugin_home_t,s0) >> +HOME_DIR/\.adobe(/.*)? gen_context(system_u:object_r:webbrowser_plugin_home_t,s0) >> +HOME_DIR/\.macromedia(/.*)? gen_context(system_u:object_r:webbrowser_plugin_home_t,s0) >> +HOME_DIR/\.gnash(/.*)? gen_context(system_u:object_r:webbrowser_plugin_home_t,s0) >> +HOME_DIR/\.gcjwebplugin(/.*)? gen_context(system_u:object_r:webbrowser_plugin_home_t,s0) >> +HOME_DIR/\.icedteaplugin(/.*)? gen_context(system_u:object_r:webbrowser_plugin_home_t,s0) >> +HOME_DIR/\.spicec(/.*)? gen_context(system_u:object_r:webbrowser_plugin_home_t,s0) >> +HOME_DIR/\.ICAClient(/.*)? gen_context(system_u:object_r:webbrowser_plugin_home_t,s0) >> +HOME_DIR/zimbrauserdata(/.*)? gen_context(system_u:object_r:webbrowser_plugin_home_t,s0) >> >> -/usr/bin/epiphany -- gen_context(system_u:object_r:mozilla_exec_t,s0) >> -/usr/bin/epiphany-bin -- gen_context(system_u:object_r:mozilla_exec_t,s0) >> -/usr/bin/mozilla -- gen_context(system_u:object_r:mozilla_exec_t,s0) >> -/usr/bin/mozilla-snapshot -- gen_context(system_u:object_r:mozilla_exec_t,s0) >> -/usr/bin/mozilla-[0-9].* -- gen_context(system_u:object_r:mozilla_exec_t,s0) >> -/usr/bin/mozilla-bin-[0-9].* -- gen_context(system_u:object_r:mozilla_exec_t,s0) >> -/usr/bin/netscape -- gen_context(system_u:object_r:mozilla_exec_t,s0) >> -/usr/bin/nspluginscan -- gen_context(system_u:object_r:mozilla_plugin_exec_t,s0) >> -/usr/bin/nspluginviewer -- gen_context(system_u:object_r:mozilla_plugin_exec_t,s0) >> +/usr/bin/epiphany -- gen_context(system_u:object_r:webbrowser_exec_t,s0) >> +/usr/bin/epiphany-bin -- gen_context(system_u:object_r:webbrowser_exec_t,s0) >> +/usr/bin/mozilla -- gen_context(system_u:object_r:webbrowser_exec_t,s0) >> +/usr/bin/mozilla-snapshot -- gen_context(system_u:object_r:webbrowser_exec_t,s0) >> +/usr/bin/mozilla-[0-9].* -- gen_context(system_u:object_r:webbrowser_exec_t,s0) >> +/usr/bin/mozilla-bin-[0-9].* -- gen_context(system_u:object_r:webbrowser_exec_t,s0) >> +/usr/bin/netscape -- gen_context(system_u:object_r:webbrowser_exec_t,s0) >> +/usr/bin/nspluginscan -- gen_context(system_u:object_r:webbrowser_plugin_exec_t,s0) >> +/usr/bin/nspluginviewer -- gen_context(system_u:object_r:webbrowser_plugin_exec_t,s0) >> >> -/usr/lib/[^/]*firefox[^/]*/firefox -- gen_context(system_u:object_r:mozilla_exec_t,s0) >> -/usr/lib/[^/]*firefox[^/]*/firefox-bin -- gen_context(system_u:object_r:mozilla_exec_t,s0) >> -/usr/lib/firefox[^/]*/firefox-.* -- gen_context(system_u:object_r:mozilla_exec_t,s0) >> -/usr/lib/firefox[^/]*/mozilla-.* -- gen_context(system_u:object_r:mozilla_exec_t,s0) >> -/usr/lib/galeon/galeon -- gen_context(system_u:object_r:mozilla_exec_t,s0) >> -/usr/lib/iceweasel/iceweasel -- gen_context(system_u:object_r:mozilla_exec_t,s0) >> -/usr/lib/iceweasel/plugin-container -- gen_context(system_u:object_r:mozilla_plugin_exec_t,s0) >> -/usr/lib/mozilla[^/]*/reg.+ -- gen_context(system_u:object_r:mozilla_exec_t,s0) >> -/usr/lib/mozilla[^/]*/mozilla-.* -- gen_context(system_u:object_r:mozilla_exec_t,s0) >> -/usr/lib/mozilla/plugins-wrapped(/.*)? gen_context(system_u:object_r:mozilla_plugin_rw_t,s0) >> -/usr/lib/netscape/base-4/wrapper -- gen_context(system_u:object_r:mozilla_exec_t,s0) >> -/usr/lib/netscape/.+/communicator/communicator-smotif\.real -- gen_context(system_u:object_r:mozilla_exec_t,s0) >> -/usr/lib/nspluginwrapper/npviewer.bin -- gen_context(system_u:object_r:mozilla_plugin_exec_t,s0) >> -/usr/lib/nspluginwrapper/plugin-config -- gen_context(system_u:object_r:mozilla_plugin_config_exec_t,s0) >> -/usr/lib/xulrunner[^/]*/plugin-container -- gen_context(system_u:object_r:mozilla_plugin_exec_t,s0) >> +/usr/lib/[^/]*firefox[^/]*/firefox -- gen_context(system_u:object_r:webbrowser_exec_t,s0) >> +/usr/lib/[^/]*firefox[^/]*/firefox-bin -- gen_context(system_u:object_r:webbrowser_exec_t,s0) >> +/usr/lib/firefox[^/]*/firefox-.* -- gen_context(system_u:object_r:webbrowser_exec_t,s0) >> +/usr/lib/firefox[^/]*/mozilla-.* -- gen_context(system_u:object_r:webbrowser_exec_t,s0) >> +/usr/lib/galeon/galeon -- gen_context(system_u:object_r:webbrowser_exec_t,s0) >> +/usr/lib/iceweasel/iceweasel -- gen_context(system_u:object_r:webbrowser_exec_t,s0) >> +/usr/lib/iceweasel/plugin-container -- gen_context(system_u:object_r:webbrowser_plugin_exec_t,s0) >> +/usr/lib/mozilla[^/]*/reg.+ -- gen_context(system_u:object_r:webbrowser_exec_t,s0) >> +/usr/lib/mozilla[^/]*/mozilla-.* -- gen_context(system_u:object_r:webbrowser_exec_t,s0) >> +/usr/lib/mozilla/plugins-wrapped(/.*)? gen_context(system_u:object_r:webbrowser_plugin_rw_t,s0) >> +/usr/lib/netscape/base-4/wrapper -- gen_context(system_u:object_r:webbrowser_exec_t,s0) >> +/usr/lib/netscape/.+/communicator/communicator-smotif\.real -- gen_context(system_u:object_r:webbrowser_exec_t,s0) >> +/usr/lib/nspluginwrapper/npviewer.bin -- gen_context(system_u:object_r:webbrowser_plugin_exec_t,s0) >> +/usr/lib/nspluginwrapper/plugin-config -- gen_context(system_u:object_r:webbrowser_plugin_config_exec_t,s0) >> +/usr/lib/xulrunner[^/]*/plugin-container -- gen_context(system_u:object_r:webbrowser_plugin_exec_t,s0) >> Index: refpolicy-2.20180701/policy/modules/apps/mozilla.if >> =================================================================== >> --- refpolicy-2.20180701.orig/policy/modules/apps/mozilla.if >> +++ refpolicy-2.20180701/policy/modules/apps/mozilla.if >> @@ -2,7 +2,7 @@ >> >> ######################################## >> ## >> -## Role access for mozilla. >> +## Role access for graphical web browser. >> ## >> ## >> ## >> @@ -15,12 +15,12 @@ >> ## >> ## >> # >> -interface(`mozilla_role',` >> +interface(`webbrowser_role',` >> gen_require(` >> - type mozilla_t, mozilla_exec_t, mozilla_home_t; >> - type mozilla_tmp_t, mozilla_tmpfs_t, mozilla_plugin_tmp_t; >> - type mozilla_plugin_tmpfs_t, mozilla_plugin_home_t; >> - attribute_role mozilla_roles; >> + type webbrowser_t, webbrowser_exec_t, webbrowser_home_t; >> + type webbrowser_tmp_t, webbrowser_tmpfs_t, webbrowser_plugin_tmp_t; >> + type webbrowser_plugin_tmpfs_t, webbrowser_plugin_home_t; >> + attribute_role webbrowser_roles; >> ') >> >> ######################################## >> @@ -28,53 +28,53 @@ interface(`mozilla_role',` >> # Declarations >> # >> >> - roleattribute $1 mozilla_roles; >> + roleattribute $1 webbrowser_roles; >> >> ######################################## >> # >> # Policy >> # >> >> - domtrans_pattern($2, mozilla_exec_t, mozilla_t) >> + domtrans_pattern($2, webbrowser_exec_t, webbrowser_t) >> >> - allow $2 mozilla_t:process { noatsecure siginh rlimitinh ptrace signal_perms }; >> - ps_process_pattern($2, mozilla_t) >> + allow $2 webbrowser_t:process { noatsecure siginh rlimitinh ptrace signal_perms }; >> + ps_process_pattern($2, webbrowser_t) >> >> - allow mozilla_t $2:process signull; >> - allow mozilla_t $2:unix_stream_socket connectto; >> + allow webbrowser_t $2:process signull; >> + allow webbrowser_t $2:unix_stream_socket connectto; >> >> - allow $2 mozilla_t:fd use; >> - allow $2 mozilla_t:shm rw_shm_perms; >> + allow $2 webbrowser_t:fd use; >> + allow $2 webbrowser_t:shm rw_shm_perms; >> >> - stream_connect_pattern($2, mozilla_tmpfs_t, mozilla_tmpfs_t, mozilla_t) >> + stream_connect_pattern($2, webbrowser_tmpfs_t, webbrowser_tmpfs_t, webbrowser_t) >> >> - allow $2 { mozilla_home_t mozilla_plugin_home_t }:dir { manage_dir_perms relabel_dir_perms }; >> - allow $2 { mozilla_home_t mozilla_plugin_home_t }:file { manage_file_perms relabel_file_perms }; >> - allow $2 mozilla_home_t:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms }; >> - userdom_user_home_dir_filetrans($2, mozilla_home_t, dir, ".galeon") >> - userdom_user_home_dir_filetrans($2, mozilla_home_t, dir, ".mozilla") >> - userdom_user_home_dir_filetrans($2, mozilla_home_t, dir, ".netscape") >> - userdom_user_home_dir_filetrans($2, mozilla_home_t, dir, ".phoenix") >> + allow $2 { webbrowser_home_t webbrowser_plugin_home_t }:dir { manage_dir_perms relabel_dir_perms }; >> + allow $2 { webbrowser_home_t webbrowser_plugin_home_t }:file { manage_file_perms relabel_file_perms }; >> + allow $2 webbrowser_home_t:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms }; >> + userdom_user_home_dir_filetrans($2, webbrowser_home_t, dir, ".galeon") >> + userdom_user_home_dir_filetrans($2, webbrowser_home_t, dir, ".mozilla") >> + userdom_user_home_dir_filetrans($2, webbrowser_home_t, dir, ".netscape") >> + userdom_user_home_dir_filetrans($2, webbrowser_home_t, dir, ".phoenix") >> >> - filetrans_pattern($2, mozilla_home_t, mozilla_plugin_home_t, dir, "plugins") >> + filetrans_pattern($2, webbrowser_home_t, webbrowser_plugin_home_t, dir, "plugins") >> >> - allow $2 { mozilla_tmp_t mozilla_plugin_tmp_t }:dir { manage_dir_perms relabel_dir_perms }; >> - allow $2 { mozilla_tmp_t mozilla_plugin_tmp_t }:file { manage_file_perms relabel_file_perms }; >> - allow $2 mozilla_plugin_tmp_t:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms }; >> + allow $2 { webbrowser_tmp_t webbrowser_plugin_tmp_t }:dir { manage_dir_perms relabel_dir_perms }; >> + allow $2 { webbrowser_tmp_t webbrowser_plugin_tmp_t }:file { manage_file_perms relabel_file_perms }; >> + allow $2 webbrowser_plugin_tmp_t:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms }; >> >> - allow $2 { mozilla_tmpfs_t mozilla_plugin_tmpfs_t }:dir { manage_dir_perms relabel_dir_perms }; >> - allow $2 { mozilla_tmpfs_t mozilla_plugin_tmpfs_t }:file { manage_file_perms relabel_file_perms }; >> - allow $2 { mozilla_tmpfs_t mozilla_plugin_tmpfs_t }:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms }; >> - allow $2 { mozilla_tmpfs_t mozilla_plugin_tmpfs_t }:sock_file { manage_sock_file_perms relabel_sock_file_perms }; >> + allow $2 { webbrowser_tmpfs_t webbrowser_plugin_tmpfs_t }:dir { manage_dir_perms relabel_dir_perms }; >> + allow $2 { webbrowser_tmpfs_t webbrowser_plugin_tmpfs_t }:file { manage_file_perms relabel_file_perms }; >> + allow $2 { webbrowser_tmpfs_t webbrowser_plugin_tmpfs_t }:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms }; >> + allow $2 { webbrowser_tmpfs_t webbrowser_plugin_tmpfs_t }:sock_file { manage_sock_file_perms relabel_sock_file_perms }; >> >> optional_policy(` >> - mozilla_dbus_chat($2) >> + webbrowser_dbus_chat($2) >> ') >> ') >> >> ######################################## >> ## >> -## Role access for mozilla plugin. >> +## Role access for web browser plugin. >> ## >> ## >> ## >> @@ -87,60 +87,60 @@ interface(`mozilla_role',` >> ## >> ## >> # >> -interface(`mozilla_role_plugin',` >> +interface(`webbrowser_role_plugin',` >> gen_require(` >> - type mozilla_plugin_tmp_t, mozilla_plugin_tmpfs_t, mozilla_plugin_rw_t; >> - type mozilla_home_t; >> + type webbrowser_plugin_tmp_t, webbrowser_plugin_tmpfs_t, webbrowser_plugin_rw_t; >> + type webbrowser_home_t; >> ') >> >> - mozilla_run_plugin($2, $1) >> - mozilla_run_plugin_config($2, $1) >> + webbrowser_run_plugin($2, $1) >> + webbrowser_run_plugin_config($2, $1) >> >> - allow $2 { mozilla_plugin_t mozilla_plugin_config_t }:process { ptrace signal_perms }; >> - ps_process_pattern($2, { mozilla_plugin_t mozilla_plugin_config_t }) >> + allow $2 { webbrowser_plugin_t webbrowser_plugin_config_t }:process { ptrace signal_perms }; >> + ps_process_pattern($2, { webbrowser_plugin_t webbrowser_plugin_config_t }) >> >> - allow $2 mozilla_plugin_t:unix_stream_socket rw_socket_perms; >> - allow $2 mozilla_plugin_t:fd use; >> + allow $2 webbrowser_plugin_t:unix_stream_socket rw_socket_perms; >> + allow $2 webbrowser_plugin_t:fd use; >> >> - stream_connect_pattern($2, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t, mozilla_plugin_t) >> + stream_connect_pattern($2, webbrowser_plugin_tmpfs_t, webbrowser_plugin_tmpfs_t, webbrowser_plugin_t) >> >> - allow mozilla_plugin_t $2:process signull; >> - allow mozilla_plugin_t $2:unix_stream_socket { connectto rw_socket_perms }; >> - allow mozilla_plugin_t $2:unix_dgram_socket { sendto rw_socket_perms }; >> - allow mozilla_plugin_t $2:shm { rw_shm_perms destroy }; >> - allow mozilla_plugin_t $2:sem create_sem_perms; >> + allow webbrowser_plugin_t $2:process signull; >> + allow webbrowser_plugin_t $2:unix_stream_socket { connectto rw_socket_perms }; >> + allow webbrowser_plugin_t $2:unix_dgram_socket { sendto rw_socket_perms }; >> + allow webbrowser_plugin_t $2:shm { rw_shm_perms destroy }; >> + allow webbrowser_plugin_t $2:sem create_sem_perms; >> >> - allow $2 mozilla_home_t:dir { manage_dir_perms relabel_dir_perms }; >> - allow $2 mozilla_home_t:file { manage_file_perms relabel_file_perms }; >> - allow $2 mozilla_home_t:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms }; >> - userdom_user_home_dir_filetrans($2, mozilla_home_t, dir, ".galeon") >> - userdom_user_home_dir_filetrans($2, mozilla_home_t, dir, ".mozilla") >> - userdom_user_home_dir_filetrans($2, mozilla_home_t, dir, ".netscape") >> - userdom_user_home_dir_filetrans($2, mozilla_home_t, dir, ".phoenix") >> + allow $2 webbrowser_home_t:dir { manage_dir_perms relabel_dir_perms }; >> + allow $2 webbrowser_home_t:file { manage_file_perms relabel_file_perms }; >> + allow $2 webbrowser_home_t:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms }; >> + userdom_user_home_dir_filetrans($2, webbrowser_home_t, dir, ".galeon") >> + userdom_user_home_dir_filetrans($2, webbrowser_home_t, dir, ".mozilla") >> + userdom_user_home_dir_filetrans($2, webbrowser_home_t, dir, ".netscape") >> + userdom_user_home_dir_filetrans($2, webbrowser_home_t, dir, ".phoenix") >> >> - allow $2 mozilla_plugin_tmp_t:dir { manage_dir_perms relabel_dir_perms }; >> - allow $2 mozilla_plugin_tmp_t:file { manage_file_perms relabel_file_perms }; >> - allow $2 mozilla_plugin_tmp_t:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms }; >> + allow $2 webbrowser_plugin_tmp_t:dir { manage_dir_perms relabel_dir_perms }; >> + allow $2 webbrowser_plugin_tmp_t:file { manage_file_perms relabel_file_perms }; >> + allow $2 webbrowser_plugin_tmp_t:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms }; >> >> - allow $2 mozilla_plugin_tmpfs_t:dir { manage_dir_perms relabel_dir_perms }; >> - allow $2 mozilla_plugin_tmpfs_t:file { manage_file_perms relabel_file_perms }; >> - allow $2 mozilla_plugin_tmpfs_t:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms }; >> - allow $2 mozilla_plugin_tmpfs_t:sock_file { manage_sock_file_perms relabel_sock_file_perms }; >> + allow $2 webbrowser_plugin_tmpfs_t:dir { manage_dir_perms relabel_dir_perms }; >> + allow $2 webbrowser_plugin_tmpfs_t:file { manage_file_perms relabel_file_perms }; >> + allow $2 webbrowser_plugin_tmpfs_t:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms }; >> + allow $2 webbrowser_plugin_tmpfs_t:sock_file { manage_sock_file_perms relabel_sock_file_perms }; >> >> - allow $2 mozilla_plugin_rw_t:dir list_dir_perms; >> - allow $2 mozilla_plugin_rw_t:file read_file_perms; >> - allow $2 mozilla_plugin_rw_t:lnk_file read_lnk_file_perms; >> + allow $2 webbrowser_plugin_rw_t:dir list_dir_perms; >> + allow $2 webbrowser_plugin_rw_t:file read_file_perms; >> + allow $2 webbrowser_plugin_rw_t:lnk_file read_lnk_file_perms; >> >> - can_exec($2, mozilla_plugin_rw_t) >> + can_exec($2, webbrowser_plugin_rw_t) >> >> optional_policy(` >> - mozilla_dbus_chat_plugin($2) >> + webbrowser_dbus_chat_plugin($2) >> ') >> ') >> >> ######################################## >> ## >> -## Read mozilla home directory content. >> +## Read web browser home directory content. >> ## >> ## >> ## >> @@ -148,20 +148,20 @@ interface(`mozilla_role_plugin',` >> ## >> ## >> # >> -interface(`mozilla_read_user_home_files',` >> +interface(`webbrowser_read_user_home_files',` >> gen_require(` >> - type mozilla_home_t; >> + type webbrowser_home_t; >> ') >> >> userdom_search_user_home_dirs($1) >> - allow $1 mozilla_home_t:dir list_dir_perms; >> - allow $1 mozilla_home_t:file read_file_perms; >> - allow $1 mozilla_home_t:lnk_file read_lnk_file_perms; >> + allow $1 webbrowser_home_t:dir list_dir_perms; >> + allow $1 webbrowser_home_t:file read_file_perms; >> + allow $1 webbrowser_home_t:lnk_file read_lnk_file_perms; >> ') >> >> ######################################## >> ## >> -## Write mozilla home directory files. >> +## Write web browser home directory files. >> ## >> ## >> ## >> @@ -169,19 +169,19 @@ interface(`mozilla_read_user_home_files' >> ## >> ## >> # >> -interface(`mozilla_write_user_home_files',` >> +interface(`webbrowser_write_user_home_files',` >> gen_require(` >> - type mozilla_home_t; >> + type webbrowser_home_t; >> ') >> >> userdom_search_user_home_dirs($1) >> - write_files_pattern($1, mozilla_home_t, mozilla_home_t) >> + write_files_pattern($1, webbrowser_home_t, webbrowser_home_t) >> ') >> >> ######################################## >> ## >> ## Do not audit attempts to read and >> -## write mozilla home directory files. >> +## write web browser home directory files. >> ## >> ## >> ## >> @@ -189,18 +189,18 @@ interface(`mozilla_write_user_home_files >> ## >> ## >> # >> -interface(`mozilla_dontaudit_rw_user_home_files',` >> +interface(`webbrowser_dontaudit_rw_user_home_files',` >> gen_require(` >> - type mozilla_home_t; >> + type webbrowser_home_t; >> ') >> >> - dontaudit $1 mozilla_home_t:file rw_file_perms; >> + dontaudit $1 webbrowser_home_t:file rw_file_perms; >> ') >> >> ######################################## >> ## >> ## Do not audit attempt to Create, >> -## read, write, and delete mozilla >> +## read, write, and delete web browser >> ## home directory content. >> ## >> ## >> @@ -209,19 +209,19 @@ interface(`mozilla_dontaudit_rw_user_hom >> ## >> ## >> # >> -interface(`mozilla_dontaudit_manage_user_home_files',` >> +interface(`webbrowser_dontaudit_manage_user_home_files',` >> gen_require(` >> - type mozilla_home_t; >> + type webbrowser_home_t; >> ') >> >> - dontaudit $1 mozilla_home_t:dir manage_dir_perms; >> - dontaudit $1 mozilla_home_t:file manage_file_perms; >> - dontaudit $1 mozilla_home_t:lnk_file manage_lnk_file_perms; >> + dontaudit $1 webbrowser_home_t:dir manage_dir_perms; >> + dontaudit $1 webbrowser_home_t:file manage_file_perms; >> + dontaudit $1 webbrowser_home_t:lnk_file manage_lnk_file_perms; >> ') >> >> ######################################## >> ## >> -## Execute mozilla plugin home directory files. >> +## Execute web browser plugin home directory files. >> ## >> ## >> ## >> @@ -229,13 +229,13 @@ interface(`mozilla_dontaudit_manage_user >> ## >> ## >> # >> -interface(`mozilla_exec_user_plugin_home_files',` >> +interface(`webbrowser_exec_user_plugin_home_files',` >> gen_require(` >> - type mozilla_home_t, mozilla_plugin_home_t; >> + type webbrowser_home_t, webbrowser_plugin_home_t; >> ') >> >> userdom_search_user_home_dirs($1) >> - exec_files_pattern($1, { mozilla_home_t mozilla_plugin_home_t }, mozilla_plugin_home_t) >> + exec_files_pattern($1, { webbrowser_home_t webbrowser_plugin_home_t }, webbrowser_plugin_home_t) >> ') >> >> ######################################## >> @@ -249,17 +249,17 @@ interface(`mozilla_exec_user_plugin_home >> ## >> ## >> # >> -interface(`mozilla_execmod_user_plugin_home_files',` >> +interface(`webbrowser_execmod_user_plugin_home_files',` >> gen_require(` >> - type mozilla_plugin_home_t; >> + type webbrowser_plugin_home_t; >> ') >> >> - allow $1 mozilla_plugin_home_t:file execmod; >> + allow $1 webbrowser_plugin_home_t:file execmod; >> ') >> >> ####################################### >> ## >> -## Read temporary mozilla files. >> +## Read temporary web browser files. >> ## >> ## >> ## >> @@ -267,17 +267,17 @@ interface(`mozilla_execmod_user_plugin_h >> ## >> ## >> # >> -interface(`mozilla_read_tmp_files',` >> +interface(`webbrowser_read_tmp_files',` >> gen_require(` >> - type mozilla_tmp_t; >> + type webbrowser_tmp_t; >> ') >> >> - read_files_pattern($1, mozilla_tmp_t, mozilla_tmp_t) >> + read_files_pattern($1, webbrowser_tmp_t, webbrowser_tmp_t) >> ') >> >> ######################################## >> ## >> -## Run mozilla in the mozilla domain. >> +## Run web browser in the web browser domain. >> ## >> ## >> ## >> @@ -285,19 +285,19 @@ interface(`mozilla_read_tmp_files',` >> ## >> ## >> # >> -interface(`mozilla_domtrans',` >> +interface(`webbrowser_domtrans',` >> gen_require(` >> - type mozilla_t, mozilla_exec_t; >> + type webbrowser_t, webbrowser_exec_t; >> ') >> >> corecmd_search_bin($1) >> - domtrans_pattern($1, mozilla_exec_t, mozilla_t) >> + domtrans_pattern($1, webbrowser_exec_t, webbrowser_t) >> ') >> >> ######################################## >> ## >> ## Execute a domain transition to >> -## run mozilla plugin. >> +## run web browser plugin. >> ## >> ## >> ## >> @@ -305,20 +305,20 @@ interface(`mozilla_domtrans',` >> ## >> ## >> # >> -interface(`mozilla_domtrans_plugin',` >> +interface(`webbrowser_domtrans_plugin',` >> gen_require(` >> - type mozilla_plugin_t, mozilla_plugin_exec_t; >> + type webbrowser_plugin_t, webbrowser_plugin_exec_t; >> ') >> >> corecmd_search_bin($1) >> - domtrans_pattern($1, mozilla_plugin_exec_t, mozilla_plugin_t) >> + domtrans_pattern($1, webbrowser_plugin_exec_t, webbrowser_plugin_t) >> ') >> >> ######################################## >> ## >> -## Execute mozilla plugin in the >> -## mozilla plugin domain, and allow >> -## the specified role the mozilla >> +## Execute web browser plugin in the >> +## web browser plugin domain, and allow >> +## the specified role the web browser >> ## plugin domain. >> ## >> ## >> @@ -332,19 +332,19 @@ interface(`mozilla_domtrans_plugin',` >> ## >> ## >> # >> -interface(`mozilla_run_plugin',` >> +interface(`webbrowser_run_plugin',` >> gen_require(` >> - attribute_role mozilla_plugin_roles; >> + attribute_role webbrowser_plugin_roles; >> ') >> >> - mozilla_domtrans_plugin($1) >> - roleattribute $2 mozilla_plugin_roles; >> + webbrowser_domtrans_plugin($1) >> + roleattribute $2 webbrowser_plugin_roles; >> ') >> >> ######################################## >> ## >> ## Execute a domain transition to >> -## run mozilla plugin config. >> +## run web browser plugin config. >> ## >> ## >> ## >> @@ -352,21 +352,21 @@ interface(`mozilla_run_plugin',` >> ## >> ## >> # >> -interface(`mozilla_domtrans_plugin_config',` >> +interface(`webbrowser_domtrans_plugin_config',` >> gen_require(` >> - type mozilla_plugin_config_t, mozilla_plugin_config_exec_t; >> + type webbrowser_plugin_config_t, webbrowser_plugin_config_exec_t; >> ') >> >> corecmd_search_bin($1) >> - domtrans_pattern($1, mozilla_plugin_config_exec_t, mozilla_plugin_config_t) >> + domtrans_pattern($1, webbrowser_plugin_config_exec_t, webbrowser_plugin_config_t) >> ') >> >> ######################################## >> ## >> -## Execute mozilla plugin config in >> -## the mozilla plugin config domain, >> +## Execute web browser plugin config in >> +## the web browser plugin config domain, >> ## and allow the specified role the >> -## mozilla plugin config domain. >> +## web browser plugin config domain. >> ## >> ## >> ## >> @@ -379,19 +379,19 @@ interface(`mozilla_domtrans_plugin_confi >> ## >> ## >> # >> -interface(`mozilla_run_plugin_config',` >> +interface(`webbrowser_run_plugin_config',` >> gen_require(` >> - attribute_role mozilla_plugin_config_roles; >> + attribute_role webbrowser_plugin_config_roles; >> ') >> >> - mozilla_domtrans_plugin_config($1) >> - roleattribute $2 mozilla_plugin_config_roles; >> + webbrowser_domtrans_plugin_config($1) >> + roleattribute $2 webbrowser_plugin_config_roles; >> ') >> >> ######################################## >> ## >> ## Send and receive messages from >> -## mozilla over dbus. >> +## web browser over dbus. >> ## >> ## >> ## >> @@ -399,20 +399,20 @@ interface(`mozilla_run_plugin_config',` >> ## >> ## >> # >> -interface(`mozilla_dbus_chat',` >> +interface(`webbrowser_dbus_chat',` >> gen_require(` >> - type mozilla_t; >> + type webbrowser_t; >> class dbus send_msg; >> ') >> >> - allow $1 mozilla_t:dbus send_msg; >> - allow mozilla_t $1:dbus send_msg; >> + allow $1 webbrowser_t:dbus send_msg; >> + allow webbrowser_t $1:dbus send_msg; >> ') >> >> ######################################## >> ## >> ## Send and receive messages from >> -## mozilla plugin over dbus. >> +## web browser plugin over dbus. >> ## >> ## >> ## >> @@ -420,19 +420,19 @@ interface(`mozilla_dbus_chat',` >> ## >> ## >> # >> -interface(`mozilla_dbus_chat_plugin',` >> +interface(`webbrowser_dbus_chat_plugin',` >> gen_require(` >> - type mozilla_plugin_t; >> + type webbrowser_plugin_t; >> class dbus send_msg; >> ') >> >> - allow $1 mozilla_plugin_t:dbus send_msg; >> - allow mozilla_plugin_t $1:dbus send_msg; >> + allow $1 webbrowser_plugin_t:dbus send_msg; >> + allow webbrowser_plugin_t $1:dbus send_msg; >> ') >> >> ######################################## >> ## >> -## Read and write mozilla TCP sockets. >> +## Read and write web browser TCP sockets. >> ## >> ## >> ## >> @@ -440,18 +440,18 @@ interface(`mozilla_dbus_chat_plugin',` >> ## >> ## >> # >> -interface(`mozilla_rw_tcp_sockets',` >> +interface(`webbrowser_rw_tcp_sockets',` >> gen_require(` >> - type mozilla_t; >> + type webbrowser_t; >> ') >> >> - allow $1 mozilla_t:tcp_socket rw_socket_perms; >> + allow $1 webbrowser_t:tcp_socket rw_socket_perms; >> ') >> >> ######################################## >> ## >> ## Create, read, write, and delete >> -## mozilla plugin rw files. >> +## web browser plugin rw files. >> ## >> ## >> ## >> @@ -459,18 +459,18 @@ interface(`mozilla_rw_tcp_sockets',` >> ## >> ## >> # >> -interface(`mozilla_manage_plugin_rw_files',` >> +interface(`webbrowser_manage_plugin_rw_files',` >> gen_require(` >> - type mozilla_plugin_rw_t; >> + type webbrowser_plugin_rw_t; >> ') >> >> libs_search_lib($1) >> - manage_files_pattern($1, mozilla_plugin_rw_t, mozilla_plugin_rw_t) >> + manage_files_pattern($1, webbrowser_plugin_rw_t, webbrowser_plugin_rw_t) >> ') >> >> ######################################## >> ## >> -## Read mozilla_plugin tmpfs files. >> +## Read webbrowser_plugin tmpfs files. >> ## >> ## >> ## >> @@ -478,18 +478,18 @@ interface(`mozilla_manage_plugin_rw_file >> ## >> ## >> # >> -interface(`mozilla_plugin_read_tmpfs_files',` >> +interface(`webbrowser_plugin_read_tmpfs_files',` >> gen_require(` >> - type mozilla_plugin_tmpfs_t; >> + type webbrowser_plugin_tmpfs_t; >> ') >> >> fs_search_tmpfs($1) >> - allow $1 mozilla_plugin_tmpfs_t:file read_file_perms; >> + allow $1 webbrowser_plugin_tmpfs_t:file read_file_perms; >> ') >> >> ######################################## >> ## >> -## Delete mozilla_plugin tmpfs files. >> +## Delete webbrowser_plugin tmpfs files. >> ## >> ## >> ## >> @@ -497,19 +497,19 @@ interface(`mozilla_plugin_read_tmpfs_fil >> ## >> ## >> # >> -interface(`mozilla_plugin_delete_tmpfs_files',` >> +interface(`webbrowser_plugin_delete_tmpfs_files',` >> gen_require(` >> - type mozilla_plugin_tmpfs_t; >> + type webbrowser_plugin_tmpfs_t; >> ') >> >> fs_search_tmpfs($1) >> - allow $1 mozilla_plugin_tmpfs_t:file delete_file_perms; >> + allow $1 webbrowser_plugin_tmpfs_t:file delete_file_perms; >> ') >> >> ######################################## >> ## >> ## Create, read, write, and delete >> -## generic mozilla plugin home content. >> +## generic web browser plugin home content. >> ## >> ## >> ## >> @@ -517,23 +517,23 @@ interface(`mozilla_plugin_delete_tmpfs_f >> ## >> ## >> # >> -interface(`mozilla_manage_generic_plugin_home_content',` >> +interface(`webbrowser_manage_generic_plugin_home_content',` >> gen_require(` >> - type mozilla_plugin_home_t; >> + type webbrowser_plugin_home_t; >> ') >> >> userdom_search_user_home_dirs($1) >> - allow $1 mozilla_plugin_home_t:dir manage_dir_perms; >> - allow $1 mozilla_plugin_home_t:file manage_file_perms; >> - allow $1 mozilla_plugin_home_t:fifo_file manage_fifo_file_perms; >> - allow $1 mozilla_plugin_home_t:lnk_file manage_lnk_file_perms; >> - allow $1 mozilla_plugin_home_t:sock_file manage_sock_file_perms; >> + allow $1 webbrowser_plugin_home_t:dir manage_dir_perms; >> + allow $1 webbrowser_plugin_home_t:file manage_file_perms; >> + allow $1 webbrowser_plugin_home_t:fifo_file manage_fifo_file_perms; >> + allow $1 webbrowser_plugin_home_t:lnk_file manage_lnk_file_perms; >> + allow $1 webbrowser_plugin_home_t:sock_file manage_sock_file_perms; >> ') >> >> ######################################## >> ## >> ## Create objects in user home >> -## directories with the generic mozilla >> +## directories with the generic web browser >> ## plugin home type. >> ## >> ## >> @@ -552,10 +552,10 @@ interface(`mozilla_manage_generic_plugin >> ## >> ## >> # >> -interface(`mozilla_home_filetrans_plugin_home',` >> +interface(`webbrowser_home_filetrans_plugin_home',` >> gen_require(` >> - type mozilla_plugin_home_t; >> + type webbrowser_plugin_home_t; >> ') >> >> - userdom_user_home_dir_filetrans($1, mozilla_plugin_home_t, $2, $3) >> + userdom_user_home_dir_filetrans($1, webbrowser_plugin_home_t, $2, $3) >> ') >> Index: refpolicy-2.20180701/policy/modules/roles/staff.te >> =================================================================== >> --- refpolicy-2.20180701.orig/policy/modules/roles/staff.te >> +++ refpolicy-2.20180701/policy/modules/roles/staff.te >> @@ -142,7 +142,7 @@ ifndef(`distro_redhat',` >> ') >> >> optional_policy(` >> - mozilla_role(staff_r, staff_t) >> + webbrowser_role(staff_r, staff_t) >> ') >> >> optional_policy(` >> Index: refpolicy-2.20180701/policy/modules/roles/sysadm.te >> =================================================================== >> --- refpolicy-2.20180701.orig/policy/modules/roles/sysadm.te >> +++ refpolicy-2.20180701/policy/modules/roles/sysadm.te >> @@ -652,7 +652,7 @@ optional_policy(` >> ') >> >> optional_policy(` >> - mozilla_role(sysadm_r, sysadm_t) >> + webbrowser_role(sysadm_r, sysadm_t) >> ') >> >> optional_policy(` >> Index: refpolicy-2.20180701/policy/modules/roles/unprivuser.te >> =================================================================== >> --- refpolicy-2.20180701.orig/policy/modules/roles/unprivuser.te >> +++ refpolicy-2.20180701/policy/modules/roles/unprivuser.te >> @@ -114,7 +114,7 @@ ifndef(`distro_redhat',` >> ') >> >> optional_policy(` >> - mozilla_role(user_r, user_t) >> + webbrowser_role(user_r, user_t) >> ') >> >> optional_policy(` >> Index: refpolicy-2.20180701/policy/modules/roles/xguest.te >> =================================================================== >> --- refpolicy-2.20180701.orig/policy/modules/roles/xguest.te >> +++ refpolicy-2.20180701/policy/modules/roles/xguest.te >> @@ -103,7 +103,7 @@ optional_policy(` >> ') >> >> optional_policy(` >> - mozilla_role(xguest_r, xguest_t) >> + webbrowser_role(xguest_r, xguest_t) >> ') >> >> optional_policy(` >> Index: refpolicy-2.20180701/policy/modules/admin/prelink.te >> =================================================================== >> --- refpolicy-2.20180701.orig/policy/modules/admin/prelink.te >> +++ refpolicy-2.20180701/policy/modules/admin/prelink.te >> @@ -141,7 +141,7 @@ optional_policy(` >> ') >> >> optional_policy(` >> - mozilla_manage_plugin_rw_files(prelink_t) >> + webbrowser_manage_plugin_rw_files(prelink_t) >> ') >> >> optional_policy(` >> Index: refpolicy-2.20180701/policy/modules/apps/evolution.te >> =================================================================== >> --- refpolicy-2.20180701.orig/policy/modules/apps/evolution.te >> +++ refpolicy-2.20180701/policy/modules/apps/evolution.te >> @@ -291,8 +291,8 @@ optional_policy(` >> ') >> >> optional_policy(` >> - mozilla_read_user_home_files(evolution_t) >> - mozilla_domtrans(evolution_t) >> + webbrowser_read_user_home_files(evolution_t) >> + webbrowser_domtrans(evolution_t) >> ') >> >> optional_policy(` >> Index: refpolicy-2.20180701/policy/modules/apps/gpg.te >> =================================================================== >> --- refpolicy-2.20180701.orig/policy/modules/apps/gpg.te >> +++ refpolicy-2.20180701/policy/modules/apps/gpg.te >> @@ -171,7 +171,7 @@ optional_policy(` >> ') >> >> optional_policy(` >> - mozilla_dontaudit_rw_user_home_files(gpg_t) >> + webbrowser_dontaudit_rw_user_home_files(gpg_t) >> ') >> >> optional_policy(` >> @@ -306,7 +306,7 @@ optional_policy(` >> ') >> >> optional_policy(` >> - mozilla_dontaudit_rw_user_home_files(gpg_agent_t) >> + webbrowser_dontaudit_rw_user_home_files(gpg_agent_t) >> ') >> >> optional_policy(` >> Index: refpolicy-2.20180701/policy/modules/apps/openoffice.te >> =================================================================== >> --- refpolicy-2.20180701.orig/policy/modules/apps/openoffice.te >> +++ refpolicy-2.20180701/policy/modules/apps/openoffice.te >> @@ -140,8 +140,8 @@ optional_policy(` >> ') >> >> optional_policy(` >> - mozilla_domtrans(ooffice_t) >> - mozilla_read_tmp_files(ooffice_t) >> + webbrowser_domtrans(ooffice_t) >> + webbrowser_read_tmp_files(ooffice_t) >> ') >> >> optional_policy(` >> Index: refpolicy-2.20180701/policy/modules/apps/seunshare.te >> =================================================================== >> --- refpolicy-2.20180701.orig/policy/modules/apps/seunshare.te >> +++ refpolicy-2.20180701/policy/modules/apps/seunshare.te >> @@ -39,6 +39,6 @@ ifdef(`hide_broken_symptoms', ` >> fs_dontaudit_rw_anon_inodefs_files(seunshare_t) >> >> optional_policy(` >> - mozilla_dontaudit_manage_user_home_files(seunshare_t) >> + webbrowser_dontaudit_manage_user_home_files(seunshare_t) >> ') >> ') >> Index: refpolicy-2.20180701/policy/modules/apps/thunderbird.te >> =================================================================== >> --- refpolicy-2.20180701.orig/policy/modules/apps/thunderbird.te >> +++ refpolicy-2.20180701/policy/modules/apps/thunderbird.te >> @@ -151,7 +151,7 @@ optional_policy(` >> ') >> >> optional_policy(` >> - mozilla_dbus_chat(thunderbird_t) >> + webbrowser_dbus_chat(thunderbird_t) >> ') >> ') >> >> @@ -175,8 +175,8 @@ optional_policy(` >> ') >> >> optional_policy(` >> - mozilla_read_user_home_files(thunderbird_t) >> - mozilla_domtrans(thunderbird_t) >> + webbrowser_read_user_home_files(thunderbird_t) >> + webbrowser_domtrans(thunderbird_t) >> ') >> >> optional_policy(` >> Index: refpolicy-2.20180701/policy/modules/apps/wm.te >> =================================================================== >> --- refpolicy-2.20180701.orig/policy/modules/apps/wm.te >> +++ refpolicy-2.20180701/policy/modules/apps/wm.te >> @@ -126,7 +126,7 @@ optional_policy(` >> ') >> >> optional_policy(` >> - mozilla_dbus_chat(wm_domain) >> + webbrowser_dbus_chat(wm_domain) >> ') >> >> optional_policy(` -- Chris PeBenito