From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1019379-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 8A4FC1382C5
	for <garchives@archives.gentoo.org>; Sun, 22 Apr 2018 12:00:57 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 14839E0921;
	Sun, 22 Apr 2018 12:00:50 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id DBDFEE091F
	for <gentoo-commits@lists.gentoo.org>; Sun, 22 Apr 2018 12:00:49 +0000 (UTC)
Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id BBB5C335C7D
	for <gentoo-commits@lists.gentoo.org>; Sun, 22 Apr 2018 12:00:48 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id 159982A5
	for <gentoo-commits@lists.gentoo.org>; Sun, 22 Apr 2018 12:00:45 +0000 (UTC)
From: "Jason Zaman" <perfinion@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Jason Zaman" <perfinion@gentoo.org>
Message-ID: <1524398039.5daa9a0ca0dd357ea6b06fa3cadd6a4bd5f772c4.perfinion@gentoo>
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/
X-VCS-Repository: proj/hardened-refpolicy
X-VCS-Files: policy/modules/contrib/mozilla.te
X-VCS-Directories: policy/modules/contrib/
X-VCS-Committer: perfinion
X-VCS-Committer-Name: Jason Zaman
X-VCS-Revision: 5daa9a0ca0dd357ea6b06fa3cadd6a4bd5f772c4
X-VCS-Branch: master
Date: Sun, 22 Apr 2018 12:00:45 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Archives-Salt: 023cf436-62b5-4929-9bc0-05c2b467eaa8
X-Archives-Hash: 268751781943070d6d9ef56b6f423ec0

commit:     5daa9a0ca0dd357ea6b06fa3cadd6a4bd5f772c4
Author:     Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Thu Apr 12 11:38:04 2018 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sun Apr 22 11:53:59 2018 +0000
URL:        https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=5daa9a0c

mozilla: allow map usr, home, tmp files

 policy/modules/contrib/mozilla.te | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/policy/modules/contrib/mozilla.te b/policy/modules/contrib/mozilla.te
index d7a7be05..b17ab878 100644
--- a/policy/modules/contrib/mozilla.te
+++ b/policy/modules/contrib/mozilla.te
@@ -113,6 +113,7 @@ manage_lnk_files_pattern(mozilla_t, mozilla_tmpfs_t, mozilla_tmpfs_t)
 manage_fifo_files_pattern(mozilla_t, mozilla_tmpfs_t, mozilla_tmpfs_t)
 manage_sock_files_pattern(mozilla_t, mozilla_tmpfs_t, mozilla_tmpfs_t)
 fs_tmpfs_filetrans(mozilla_t, mozilla_tmpfs_t, { file lnk_file sock_file fifo_file })
+allow mozilla_t mozilla_plugin_tmpfs_t:file map;
 
 allow mozilla_t mozilla_plugin_rw_t:dir list_dir_perms;
 allow mozilla_t mozilla_plugin_rw_t:file read_file_perms;
@@ -324,6 +325,7 @@ allow mozilla_plugin_t mozilla_t:sem create_sem_perms;
 manage_dirs_pattern(mozilla_plugin_t, { mozilla_home_t mozilla_plugin_home_t }, { mozilla_home_t mozilla_plugin_home_t })
 manage_files_pattern(mozilla_plugin_t, { mozilla_home_t mozilla_plugin_home_t }, mozilla_plugin_home_t)
 manage_lnk_files_pattern(mozilla_plugin_t, { mozilla_home_t mozilla_plugin_home_t }, mozilla_plugin_home_t)
+allow mozilla_plugin_t mozilla_home_t:file map;
 
 userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_home_t, dir, ".galeon")
 userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_home_t, dir, ".mozilla")
@@ -338,6 +340,8 @@ manage_fifo_files_pattern(mozilla_plugin_t, mozilla_plugin_tmp_t, mozilla_plugin
 files_tmp_filetrans(mozilla_plugin_t, mozilla_plugin_tmp_t, { dir file fifo_file })
 userdom_user_tmp_filetrans(mozilla_plugin_t, mozilla_plugin_tmp_t, { dir file fifo_file })
 
+allow mozilla_plugin_t mozilla_tmp_t:file rw_file_perms;
+
 manage_files_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t)
 manage_lnk_files_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t)
 manage_fifo_files_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t)
@@ -444,6 +448,7 @@ domain_dontaudit_read_all_domains_state(mozilla_plugin_t)
 files_list_mnt(mozilla_plugin_t)
 files_read_config_files(mozilla_plugin_t)
 files_read_usr_files(mozilla_plugin_t)
+files_map_usr_files(mozilla_plugin_t)
 
 fs_getattr_all_fs(mozilla_plugin_t)
 # fs_read_hugetlbfs_files(mozilla_plugin_t)