[refpolicy] [PATCH 2/2] Support mozilla

All of lore.kernel.org
 help / color / mirror / Atom feed

* [refpolicy] [PATCH 2/2] Support mozilla_roles
@ 2012-05-01  8:33 Sven Vermeulen
  2012-05-01  8:34 ` Sven Vermeulen
  2012-05-04 15:13 ` Christopher J. PeBenito
  0 siblings, 2 replies; 3+ messages in thread
From: Sven Vermeulen @ 2012-05-01  8:33 UTC (permalink / raw)
  To: refpolicy

The mozilla definition already includes the mozilla_roles role attribute, but missed including the mozilla_plugin in it.
Also, the mozilla_role() interface should add the mozilla_roles attribute to the calling role, not just the mozilla_t type.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 mozilla.if |    3 ++-
 mozilla.te |    2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/mozilla.if b/mozilla.if
index af2ba47..b397fde 100644
--- a/mozilla.if
+++ b/mozilla.if
@@ -18,9 +18,10 @@
 interface(`mozilla_role',`
 	gen_require(`
 		type mozilla_t, mozilla_exec_t, mozilla_home_t;
+		attribute_role mozilla_roles;
 	')
 
-	role $1 types mozilla_t;
+	roleattribute $1 mozilla_roles;
 
 	domain_auto_trans($2, mozilla_exec_t, mozilla_t)
 	# Unrestricted inheritance from the caller.
diff --git a/mozilla.te b/mozilla.te
index c4f425d..d3fad85 100644
--- a/mozilla.te
+++ b/mozilla.te
@@ -32,7 +32,7 @@ userdom_user_home_content(mozilla_home_t)
 type mozilla_plugin_t;
 type mozilla_plugin_exec_t;
 application_domain(mozilla_plugin_t, mozilla_plugin_exec_t)
-role system_r types mozilla_plugin_t;
+role mozilla_roles types mozilla_plugin_t;
 
 type mozilla_plugin_tmp_t;
 userdom_user_tmp_file(mozilla_plugin_tmp_t)
-- 
1.7.3.4

^ permalink raw reply related	[flat|nested] 3+ messages in thread

* [refpolicy] [PATCH 2/2] Support mozilla_roles
  2012-05-01  8:33 [refpolicy] [PATCH 2/2] Support mozilla_roles Sven Vermeulen
@ 2012-05-01  8:34 ` Sven Vermeulen
  2012-05-04 15:13 ` Christopher J. PeBenito
  1 sibling, 0 replies; 3+ messages in thread
From: Sven Vermeulen @ 2012-05-01  8:34 UTC (permalink / raw)
  To: refpolicy

On Tue, May 01, 2012 at 10:33:19AM +0200, Sven Vermeulen wrote:
> The mozilla definition already includes the mozilla_roles role attribute, but missed including the mozilla_plugin in it.
> Also, the mozilla_role() interface should add the mozilla_roles attribute to the calling role, not just the mozilla_t type.
> 
> Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>

The patch is okay, just the title should've said "[PATCH 1/1]", not 2/2. I
had another patch in the queue but that one is not ready yet for
inclusion...

Wkr,
	Sven Vermeulen

^ permalink raw reply	[flat|nested] 3+ messages in thread

* [refpolicy] [PATCH 2/2] Support mozilla_roles
  2012-05-01  8:33 [refpolicy] [PATCH 2/2] Support mozilla_roles Sven Vermeulen
  2012-05-01  8:34 ` Sven Vermeulen
@ 2012-05-04 15:13 ` Christopher J. PeBenito
  1 sibling, 0 replies; 3+ messages in thread
From: Christopher J. PeBenito @ 2012-05-04 15:13 UTC (permalink / raw)
  To: refpolicy

On 05/01/12 04:33, Sven Vermeulen wrote:
> The mozilla definition already includes the mozilla_roles role attribute, but missed including the mozilla_plugin in it.
> Also, the mozilla_role() interface should add the mozilla_roles attribute to the calling role, not just the mozilla_t type.
> 
> Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
> ---
>  mozilla.if |    3 ++-
>  mozilla.te |    2 +-
>  2 files changed, 3 insertions(+), 2 deletions(-)
> 
> diff --git a/mozilla.if b/mozilla.if
> index af2ba47..b397fde 100644
> --- a/mozilla.if
> +++ b/mozilla.if
> @@ -18,9 +18,10 @@
>  interface(`mozilla_role',`
>  	gen_require(`
>  		type mozilla_t, mozilla_exec_t, mozilla_home_t;
> +		attribute_role mozilla_roles;
>  	')
>  
> -	role $1 types mozilla_t;
> +	roleattribute $1 mozilla_roles;
>  
>  	domain_auto_trans($2, mozilla_exec_t, mozilla_t)
>  	# Unrestricted inheritance from the caller.
> diff --git a/mozilla.te b/mozilla.te
> index c4f425d..d3fad85 100644
> --- a/mozilla.te
> +++ b/mozilla.te
> @@ -32,7 +32,7 @@ userdom_user_home_content(mozilla_home_t)
>  type mozilla_plugin_t;
>  type mozilla_plugin_exec_t;
>  application_domain(mozilla_plugin_t, mozilla_plugin_exec_t)
> -role system_r types mozilla_plugin_t;
> +role mozilla_roles types mozilla_plugin_t;
>  
>  type mozilla_plugin_tmp_t;
>  userdom_user_tmp_file(mozilla_plugin_tmp_t)

Merged.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2012-05-04 15:13 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-05-01  8:33 [refpolicy] [PATCH 2/2] Support mozilla_roles Sven Vermeulen
2012-05-01  8:34 ` Sven Vermeulen
2012-05-04 15:13 ` Christopher J. PeBenito

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.