From c0b18963725e37799e96fbe923ed52381be0df7e Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mar 11 2010 21:52:28 +0000 Subject: - Fix openoffice from unconfined_t --- diff --git a/policy-F13.patch b/policy-F13.patch index 3c5cafc..869c3c2 100644 --- a/policy-F13.patch +++ b/policy-F13.patch @@ -3143,7 +3143,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if ######################################## diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.te serefpolicy-3.7.13/policy/modules/apps/java.te --- nsaserefpolicy/policy/modules/apps/java.te 2010-02-22 08:30:53.000000000 -0500 -+++ serefpolicy-3.7.13/policy/modules/apps/java.te 2010-03-11 08:56:13.000000000 -0500 ++++ serefpolicy-3.7.13/policy/modules/apps/java.te 2010-03-11 16:37:25.000000000 -0500 @@ -147,6 +147,14 @@ init_dbus_chat_script(unconfined_java_t) @@ -4303,7 +4303,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffi + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.if serefpolicy-3.7.13/policy/modules/apps/openoffice.if --- nsaserefpolicy/policy/modules/apps/openoffice.if 1969-12-31 19:00:00.000000000 -0500 -+++ serefpolicy-3.7.13/policy/modules/apps/openoffice.if 2010-03-11 14:42:37.000000000 -0500 ++++ serefpolicy-3.7.13/policy/modules/apps/openoffice.if 2010-03-11 16:39:27.000000000 -0500 @@ -0,0 +1,129 @@ +## Openoffice + @@ -4436,8 +4436,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffi +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.te serefpolicy-3.7.13/policy/modules/apps/openoffice.te --- nsaserefpolicy/policy/modules/apps/openoffice.te 1969-12-31 19:00:00.000000000 -0500 -+++ serefpolicy-3.7.13/policy/modules/apps/openoffice.te 2010-03-11 08:56:13.000000000 -0500 -@@ -0,0 +1,11 @@ ++++ serefpolicy-3.7.13/policy/modules/apps/openoffice.te 2010-03-11 16:38:23.000000000 -0500 +@@ -0,0 +1,17 @@ + +policy_module(openoffice, 1.0.0) + @@ -4449,6 +4449,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffi +type openoffice_t; +type openoffice_exec_t; +application_domain(openoffice_t, openoffice_exec_t) ++ ++######################################## ++# ++# Unconfined java local policy ++# ++ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/podsleuth.te serefpolicy-3.7.13/policy/modules/apps/podsleuth.te --- nsaserefpolicy/policy/modules/apps/podsleuth.te 2009-12-04 09:43:33.000000000 -0500 +++ serefpolicy-3.7.13/policy/modules/apps/podsleuth.te 2010-03-11 08:56:13.000000000 -0500 @@ -4939,8 +4945,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox. +# No types are sandbox_exec_t diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.if serefpolicy-3.7.13/policy/modules/apps/sandbox.if --- nsaserefpolicy/policy/modules/apps/sandbox.if 1969-12-31 19:00:00.000000000 -0500 -+++ serefpolicy-3.7.13/policy/modules/apps/sandbox.if 2010-03-11 08:56:13.000000000 -0500 -@@ -0,0 +1,248 @@ ++++ serefpolicy-3.7.13/policy/modules/apps/sandbox.if 2010-03-11 15:13:16.000000000 -0500 +@@ -0,0 +1,250 @@ + +## policy for sandbox + @@ -5023,6 +5029,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox. + type $1_t, sandbox_domain; + domain_type($1_t) + ++ mls_rangetrans_target($1_t) ++ + type $1_file_t, sandbox_file_type; + files_type($1_file_t) + @@ -5571,8 +5579,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/screen.i fs_cifs_domtrans($1_screen_t, $3) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/seunshare.if serefpolicy-3.7.13/policy/modules/apps/seunshare.if --- nsaserefpolicy/policy/modules/apps/seunshare.if 2009-12-04 09:43:33.000000000 -0500 -+++ serefpolicy-3.7.13/policy/modules/apps/seunshare.if 2010-03-11 08:56:13.000000000 -0500 -@@ -2,59 +2,14 @@ ++++ serefpolicy-3.7.13/policy/modules/apps/seunshare.if 2010-03-11 15:15:33.000000000 -0500 +@@ -2,30 +2,12 @@ ######################################## ## @@ -5599,18 +5607,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/seunshar -## allow the specified role the seunshare domain. -## -## --## --## Domain allowed access. --## --## --## +## ## --## Role allowed access. +-## Domain allowed access. +## The prefix of the user role (e.g., user +## is the prefix for user_r). ## ## + ## +@@ -33,48 +15,34 @@ + ## Role allowed access. + ## + ## -# -interface(`seunshare_run',` - gen_require(` @@ -5633,10 +5641,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/seunshar -## -## Role access for seunshare -## - ## +-## +-## +-## Role allowed access. +-## +-## + ## ## - ## Role allowed access. -@@ -66,15 +21,26 @@ + ## User domain for the role. ## ## # @@ -5652,6 +5664,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/seunshar + type $1_seunshare_t, seunshare_domain; + application_domain($1_seunshare_t, seunshare_exec_t) + role $2 types $1_seunshare_t; ++ ++ mls_process_set_level($1_seunshare_t) - seunshare_domtrans($1) + domtrans_pattern($3, seunshare_exec_t, $1_seunshare_t) @@ -5671,7 +5685,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/seunshar ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/seunshare.te serefpolicy-3.7.13/policy/modules/apps/seunshare.te --- nsaserefpolicy/policy/modules/apps/seunshare.te 2009-12-04 09:43:33.000000000 -0500 -+++ serefpolicy-3.7.13/policy/modules/apps/seunshare.te 2010-03-11 08:56:13.000000000 -0500 ++++ serefpolicy-3.7.13/policy/modules/apps/seunshare.te 2010-03-11 15:15:02.000000000 -0500 @@ -6,40 +6,39 @@ # Declarations # @@ -9592,7 +9606,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfi +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfineduser.te serefpolicy-3.7.13/policy/modules/roles/unconfineduser.te --- nsaserefpolicy/policy/modules/roles/unconfineduser.te 1969-12-31 19:00:00.000000000 -0500 -+++ serefpolicy-3.7.13/policy/modules/roles/unconfineduser.te 2010-03-11 14:11:30.000000000 -0500 ++++ serefpolicy-3.7.13/policy/modules/roles/unconfineduser.te 2010-03-11 16:39:48.000000000 -0500 @@ -0,0 +1,417 @@ +policy_module(unconfineduser, 1.0.0) + @@ -9988,7 +10002,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfi + ') + + optional_policy(` -+ openoffice_role_template(unconfined, unconfined_r, unconfined_usertype) ++ openoffice_exec_domtrans(unconfined_t, unconfined_execmem_t) + ') +') + @@ -32858,7 +32872,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinu +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-3.7.13/policy/modules/system/selinuxutil.te --- nsaserefpolicy/policy/modules/system/selinuxutil.te 2010-02-18 14:06:31.000000000 -0500 -+++ serefpolicy-3.7.13/policy/modules/system/selinuxutil.te 2010-03-11 08:56:13.000000000 -0500 ++++ serefpolicy-3.7.13/policy/modules/system/selinuxutil.te 2010-03-11 15:14:13.000000000 -0500 @@ -23,6 +23,9 @@ type selinux_config_t; files_type(selinux_config_t) diff --git a/selinux-policy.spec b/selinux-policy.spec index 8766d92..8cd9628 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -20,7 +20,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.7.13 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv2+ Group: System Environment/Base Source: serefpolicy-%{version}.tgz