[refpolicy] [PATCH 2/2] Support mozilla_roles

[refpolicy] [PATCH 2/2] Support mozilla_roles

[Sven Vermeulen]

The mozilla definition already includes the mozilla_roles role attribute, but missed including the mozilla_plugin in it.
Also, the mozilla_role() interface should add the mozilla_roles attribute to the calling role, not just the mozilla_t type.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 mozilla.if |    3 ++-
 mozilla.te |    2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/mozilla.if b/mozilla.if
index af2ba47..b397fde 100644
--- a/mozilla.if
+++ b/mozilla.if
@@ -18,9 +18,10 @@
 interface(`mozilla_role',`
 	gen_require(`
 		type mozilla_t, mozilla_exec_t, mozilla_home_t;
+		attribute_role mozilla_roles;
 	')
 
-	role $1 types mozilla_t;
+	roleattribute $1 mozilla_roles;
 
 	domain_auto_trans($2, mozilla_exec_t, mozilla_t)
 	# Unrestricted inheritance from the caller.
diff --git a/mozilla.te b/mozilla.te
index c4f425d..d3fad85 100644
--- a/mozilla.te
+++ b/mozilla.te
@@ -32,7 +32,7 @@ userdom_user_home_content(mozilla_home_t)
 type mozilla_plugin_t;
 type mozilla_plugin_exec_t;
 application_domain(mozilla_plugin_t, mozilla_plugin_exec_t)
-role system_r types mozilla_plugin_t;
+role mozilla_roles types mozilla_plugin_t;
 
 type mozilla_plugin_tmp_t;
 userdom_user_tmp_file(mozilla_plugin_tmp_t)
-- 
1.7.3.4

[refpolicy] [PATCH 2/2] Support mozilla_roles

[Sven Vermeulen]

On Tue, May 01, 2012 at 10:33:19AM +0200, Sven Vermeulen wrote:
> The mozilla definition already includes the mozilla_roles role attribute, but missed including the mozilla_plugin in it.
> Also, the mozilla_role() interface should add the mozilla_roles attribute to the calling role, not just the mozilla_t type.
> 
> Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>

The patch is okay, just the title should've said "[PATCH 1/1]", not 2/2. I
had another patch in the queue but that one is not ready yet for
inclusion...

Wkr,
	Sven Vermeulen

[refpolicy] [PATCH 2/2] Support mozilla_roles

[Christopher J. PeBenito]

On 05/01/12 04:33, Sven Vermeulen wrote:
> The mozilla definition already includes the mozilla_roles role attribute, but missed including the mozilla_plugin in it.
> Also, the mozilla_role() interface should add the mozilla_roles attribute to the calling role, not just the mozilla_t type.
> 
> Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
> ---
>  mozilla.if |    3 ++-
>  mozilla.te |    2 +-
>  2 files changed, 3 insertions(+), 2 deletions(-)
> 
> diff --git a/mozilla.if b/mozilla.if
> index af2ba47..b397fde 100644
> --- a/mozilla.if
> +++ b/mozilla.if
> @@ -18,9 +18,10 @@
>  interface(`mozilla_role',`
>  	gen_require(`
>  		type mozilla_t, mozilla_exec_t, mozilla_home_t;
> +		attribute_role mozilla_roles;
>  	')
>  
> -	role $1 types mozilla_t;
> +	roleattribute $1 mozilla_roles;
>  
>  	domain_auto_trans($2, mozilla_exec_t, mozilla_t)
>  	# Unrestricted inheritance from the caller.
> diff --git a/mozilla.te b/mozilla.te
> index c4f425d..d3fad85 100644
> --- a/mozilla.te
> +++ b/mozilla.te
> @@ -32,7 +32,7 @@ userdom_user_home_content(mozilla_home_t)
>  type mozilla_plugin_t;
>  type mozilla_plugin_exec_t;
>  application_domain(mozilla_plugin_t, mozilla_plugin_exec_t)
> -role system_r types mozilla_plugin_t;
> +role mozilla_roles types mozilla_plugin_t;
>  
>  type mozilla_plugin_tmp_t;
>  userdom_user_tmp_file(mozilla_plugin_tmp_t)

Merged.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com