[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/ - gentoo-commits

From:	Sven Vermeulen <sven.vermeulen@××××××.be>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/
Date:	Mon, 31 Dec 2012 23:19:53
Message-Id:	`1356994940.800aca70015984c79ede594699e54fd45ac49ffe.SwifT@gentoo`

1

commit:     800aca70015984c79ede594699e54fd45ac49ffe

2

Author:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>

3

AuthorDate: Mon Dec 31 22:59:33 2012 +0000

4

Commit:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>

5

CommitDate: Mon Dec 31 23:02:20 2012 +0000

6

URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=800aca70

7

8

Support using googletalk

9

10

---

11

 policy/modules/contrib/mozilla.te |   41 +++++++++++++++++++++++++++++++++++++

12

 1 files changed, 41 insertions(+), 0 deletions(-)

13

14

diff --git a/policy/modules/contrib/mozilla.te b/policy/modules/contrib/mozilla.te

15

index 37fe3e7..b1bf188 100644

16

--- a/policy/modules/contrib/mozilla.te

17

+++ b/policy/modules/contrib/mozilla.te

18

@@ -620,6 +620,23 @@ optional_policy(`

19

')

20

21

 ifdef(`distro_gentoo',`

22

+## <desc>

23

+##	<p>

24

+##	Determine whether mozilla firefox can bind TCP sockets to all

25

+##	unreserved ports (for instance used with various Proxy

26

+##	management extensions).

27

+##	</p>

28

+## </desc>

29

+gen_tunable(mozilla_bind_all_unreserved_ports, false)

30

+

31

+## <desc>

32

+##	<p>

33

+##	Determine whether mozilla firefox plugins can connect to

34

+##	unreserved ports (for instance when dealing with Google Talk)

35

+##	</p>

36

+## </desc>

37

+gen_tunable(mozilla_plugin_connect_all_unreserved, false)

38

+

39

 	#####################

40

#

41

 	# Mozilla policy

42

@@ -635,6 +652,8 @@ ifdef(`distro_gentoo',`

43

 	corenet_tcp_connect_tor_port(mozilla_t)

44

 	corenet_tcp_sendrecv_tor_port(mozilla_t)

45

46

+	domain_use_interactive_fds(mozilla_t)

47

+

48

 	userdom_search_user_home_dirs(mozilla_t)

49

 	# This deprecates userdom_use_user_ptys(mozilla_t) mentioned earlier

50

 	userdom_use_user_terminals(mozilla_t)

51

@@ -650,6 +669,12 @@ ifdef(`distro_gentoo',`

52

 	# (allows manage rights automatically)

53

 	userdom_user_content_access_template(mozilla, { mozilla_t mozilla_plugin_t })

54

55

+	tunable_policy(`mozilla_bind_all_unreserved_ports',`

56

+		corenet_sendrecv_all_server_packets(mozilla_t)

57

+		corenet_tcp_bind_all_unreserved_ports(mozilla_t)

58

+		corenet_tcp_sendrecv_all_ports(mozilla_t)

59

+	')

60

+

61

 	optional_policy(`

62

 		tunable_policy(`mozilla_use_java',`

63

 			#java_noatsecure_domtrans(mozilla_t)

64

@@ -683,6 +708,9 @@ ifdef(`distro_gentoo',`

65

66

 	read_files_pattern(mozilla_plugin_t, mozilla_home_t, mozilla_home_t)

67

68

+	# Stupid google talk plugin runs find against /etc

69

+	files_dontaudit_getattr_all_dirs(mozilla_plugin_t)

70

+

71

 	corenet_sendrecv_pulseaudio_client_packets(mozilla_plugin_t)

72

 	corenet_tcp_connect_pulseaudio_port(mozilla_plugin_t)

73

 	corenet_tcp_sendrecv_pulseaudio_port(mozilla_plugin_t)

74

@@ -697,6 +725,11 @@ ifdef(`distro_gentoo',`

75

76

 	xserver_user_x_domain_template(mozilla_plugin, mozilla_plugin_t, mozilla_plugin_tmpfs_t)

77

78

+	tunable_policy(`mozilla_plugin_connect_all_unreserved', `

79

+		corenet_sendrecv_all_client_packets(mozilla_plugin_t)

80

+		corenet_tcp_connect_all_unreserved_ports(mozilla_plugin_t)

81

+	')

82

+

83

 	optional_policy(`

84

 		alsa_domain(mozilla_plugin_t, mozilla_plugin_tmpfs_t)

85

')

86

@@ -704,4 +737,12 @@ ifdef(`distro_gentoo',`

87

 	optional_policy(`

88

 		flash_manage_home(mozilla_plugin_t)

89

')

90

+

91

+	optional_policy(`

92

+		googletalk_domtrans_plugin(mozilla_plugin_t)

93

+		googletalk_generic_xdg_config_home_filetrans_plugin_xdg_config(mozilla_plugin_t, dir, "google-googletalkplugin")

94

+		googletalk_manage_plugin_xdg_config(mozilla_plugin_t)

95

+		googletalk_use_plugin_fds(mozilla_plugin_t)

96

+		googletalk_rw_inherited_plugin_unix_stream_sockets(mozilla_plugin_t)

97

+	')

98

')

1	commit: 800aca70015984c79ede594699e54fd45ac49ffe
2	Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
3	AuthorDate: Mon Dec 31 22:59:33 2012 +0000
4	Commit: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
5	CommitDate: Mon Dec 31 23:02:20 2012 +0000
6	URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=800aca70
7
8	Support using googletalk
9
10	---
11	policy/modules/contrib/mozilla.te \| 41 +++++++++++++++++++++++++++++++++++++
12	1 files changed, 41 insertions(+), 0 deletions(-)
13
14	diff --git a/policy/modules/contrib/mozilla.te b/policy/modules/contrib/mozilla.te
15	index 37fe3e7..b1bf188 100644
16	--- a/policy/modules/contrib/mozilla.te
17	+++ b/policy/modules/contrib/mozilla.te
18	@@ -620,6 +620,23 @@ optional_policy(`
19	')
20
21	ifdef(`distro_gentoo',`
22	+## <desc>
23	+## <p>
24	+## Determine whether mozilla firefox can bind TCP sockets to all
25	+## unreserved ports (for instance used with various Proxy
26	+## management extensions).
27	+## </p>
28	+## </desc>
29	+gen_tunable(mozilla_bind_all_unreserved_ports, false)
30	+
31	+## <desc>
32	+## <p>
33	+## Determine whether mozilla firefox plugins can connect to
34	+## unreserved ports (for instance when dealing with Google Talk)
35	+## </p>
36	+## </desc>
37	+gen_tunable(mozilla_plugin_connect_all_unreserved, false)
38	+
39	#####################
40	#
41	# Mozilla policy
42	@@ -635,6 +652,8 @@ ifdef(`distro_gentoo',`
43	corenet_tcp_connect_tor_port(mozilla_t)
44	corenet_tcp_sendrecv_tor_port(mozilla_t)
45
46	+ domain_use_interactive_fds(mozilla_t)
47	+
48	userdom_search_user_home_dirs(mozilla_t)
49	# This deprecates userdom_use_user_ptys(mozilla_t) mentioned earlier
50	userdom_use_user_terminals(mozilla_t)
51	@@ -650,6 +669,12 @@ ifdef(`distro_gentoo',`
52	# (allows manage rights automatically)
53	userdom_user_content_access_template(mozilla, { mozilla_t mozilla_plugin_t })
54
55	+ tunable_policy(`mozilla_bind_all_unreserved_ports',`
56	+ corenet_sendrecv_all_server_packets(mozilla_t)
57	+ corenet_tcp_bind_all_unreserved_ports(mozilla_t)
58	+ corenet_tcp_sendrecv_all_ports(mozilla_t)
59	+ ')
60	+
61	optional_policy(`
62	tunable_policy(`mozilla_use_java',`
63	#java_noatsecure_domtrans(mozilla_t)
64	@@ -683,6 +708,9 @@ ifdef(`distro_gentoo',`
65
66	read_files_pattern(mozilla_plugin_t, mozilla_home_t, mozilla_home_t)
67
68	+ # Stupid google talk plugin runs find against /etc
69	+ files_dontaudit_getattr_all_dirs(mozilla_plugin_t)
70	+
71	corenet_sendrecv_pulseaudio_client_packets(mozilla_plugin_t)
72	corenet_tcp_connect_pulseaudio_port(mozilla_plugin_t)
73	corenet_tcp_sendrecv_pulseaudio_port(mozilla_plugin_t)
74	@@ -697,6 +725,11 @@ ifdef(`distro_gentoo',`
75
76	xserver_user_x_domain_template(mozilla_plugin, mozilla_plugin_t, mozilla_plugin_tmpfs_t)
77
78	+ tunable_policy(`mozilla_plugin_connect_all_unreserved', `
79	+ corenet_sendrecv_all_client_packets(mozilla_plugin_t)
80	+ corenet_tcp_connect_all_unreserved_ports(mozilla_plugin_t)
81	+ ')
82	+
83	optional_policy(`
84	alsa_domain(mozilla_plugin_t, mozilla_plugin_tmpfs_t)
85	')
86	@@ -704,4 +737,12 @@ ifdef(`distro_gentoo',`
87	optional_policy(`
88	flash_manage_home(mozilla_plugin_t)
89	')
90	+
91	+ optional_policy(`
92	+ googletalk_domtrans_plugin(mozilla_plugin_t)
93	+ googletalk_generic_xdg_config_home_filetrans_plugin_xdg_config(mozilla_plugin_t, dir, "google-googletalkplugin")
94	+ googletalk_manage_plugin_xdg_config(mozilla_plugin_t)
95	+ googletalk_use_plugin_fds(mozilla_plugin_t)
96	+ googletalk_rw_inherited_plugin_unix_stream_sockets(mozilla_plugin_t)
97	+ ')
98	')

Gentoo Archives: gentoo-commits