On Sat, Jan 12, 2019 at 04:19:09PM +1100, Russell Coker wrote:
> This patch as requested renames mozilla to webbrowser and adds appropriate
> typealias rules.
Hm. the mozilla and chrome policies are pretty different tho. I dont
like this merging thing, I think we should keep mozilla_t and chromium_t
separate. I'm fixing up the gentoo chromium policy and i'll send it in a
couple hrs.
-- Jason
>
> Index: refpolicy-2.20180701/policy/modules/apps/mozilla.te
> ===================================================================
> --- refpolicy-2.20180701.orig/policy/modules/apps/mozilla.te
> +++ refpolicy-2.20180701/policy/modules/apps/mozilla.te
> @@ -7,335 +7,346 @@ policy_module(mozilla, 2.14.1)
>
> ## <desc>
> ## <p>
> -## Determine whether mozilla can
> +## Determine whether web browser can
> ## make its stack executable.
> ## </p>
> ## </desc>
> -gen_tunable(mozilla_execstack, false)
> +gen_tunable(webbrowser_execstack, false)
>
> -attribute_role mozilla_roles;
> -attribute_role mozilla_plugin_roles;
> -attribute_role mozilla_plugin_config_roles;
> +attribute_role webbrowser_roles;
> +attribute_role webbrowser_plugin_roles;
> +attribute_role webbrowser_plugin_config_roles;
>
> -type mozilla_t;
> -type mozilla_exec_t;
> -typealias mozilla_t alias { user_mozilla_t staff_mozilla_t sysadm_mozilla_t };
> -typealias mozilla_t alias { auditadm_mozilla_t secadm_mozilla_t };
> -userdom_user_application_domain(mozilla_t, mozilla_exec_t)
> -role mozilla_roles types mozilla_t;
> +type webbrowser_t;
> +type webbrowser_exec_t;
> +typealias webbrowser_t alias { user_mozilla_t staff_mozilla_t sysadm_mozilla_t };
> +typealias webbrowser_t alias { auditadm_mozilla_t secadm_mozilla_t mozilla_t };
> +typealias webbrowser_exec_t alias { mozilla_exec_t };
> +userdom_user_application_domain(webbrowser_t, webbrowser_exec_t)
> +role webbrowser_roles types webbrowser_t;
>
> optional_policy(`
> - wm_application_domain(mozilla_t, mozilla_exec_t)
> + wm_application_domain(webbrowser_t, webbrowser_exec_t)
> ')
>
> -type mozilla_home_t;
> -typealias mozilla_home_t alias { user_mozilla_home_t staff_mozilla_home_t sysadm_mozilla_home_t };
> -typealias mozilla_home_t alias { auditadm_mozilla_home_t secadm_mozilla_home_t };
> -userdom_user_home_content(mozilla_home_t)
> +type webbrowser_home_t;
> +typealias webbrowser_home_t alias { user_mozilla_home_t staff_mozilla_home_t sysadm_mozilla_home_t };
> +typealias webbrowser_home_t alias { auditadm_mozilla_home_t secadm_mozilla_home_t mozilla_home_t };
> +userdom_user_home_content(webbrowser_home_t)
>
> -type mozilla_plugin_t;
> -type mozilla_plugin_exec_t;
> -userdom_user_application_domain(mozilla_plugin_t, mozilla_plugin_exec_t)
> -role mozilla_plugin_roles types mozilla_plugin_t;
> +type webbrowser_plugin_t;
> +type webbrowser_plugin_exec_t;
> +typealias webbrowser_plugin_t alias { mozilla_plugin_t };
> +typealias webbrowser_plugin_exec_t alias { mozilla_plugin_exec_t };
> +userdom_user_application_domain(webbrowser_plugin_t, webbrowser_plugin_exec_t)
> +role webbrowser_plugin_roles types webbrowser_plugin_t;
>
> -type mozilla_plugin_home_t;
> -userdom_user_home_content(mozilla_plugin_home_t)
> +type webbrowser_plugin_home_t;
> +typealias webbrowser_plugin_home_t alias { mozilla_plugin_home_t };
> +userdom_user_home_content(webbrowser_plugin_home_t)
>
> -type mozilla_plugin_tmp_t;
> -userdom_user_tmp_file(mozilla_plugin_tmp_t)
> +type webbrowser_plugin_tmp_t;
> +typealias webbrowser_plugin_tmp_t alias { mozilla_plugin_tmp_t };
> +userdom_user_tmp_file(webbrowser_plugin_tmp_t)
>
> -type mozilla_plugin_tmpfs_t;
> -userdom_user_tmpfs_file(mozilla_plugin_tmpfs_t)
> +type webbrowser_plugin_tmpfs_t;
> +typealias webbrowser_plugin_tmpfs_t alias { mozilla_plugin_tmpfs_t };
> +userdom_user_tmpfs_file(webbrowser_plugin_tmpfs_t)
>
> optional_policy(`
> - pulseaudio_tmpfs_content(mozilla_plugin_tmpfs_t)
> + pulseaudio_tmpfs_content(webbrowser_plugin_tmpfs_t)
> ')
>
> -type mozilla_plugin_rw_t;
> -files_type(mozilla_plugin_rw_t)
> +type webbrowser_plugin_rw_t;
> +typealias webbrowser_plugin_rw_t alias { mozilla_plugin_rw_t };
> +files_type(webbrowser_plugin_rw_t)
>
> -type mozilla_plugin_config_t;
> -type mozilla_plugin_config_exec_t;
> -userdom_user_application_domain(mozilla_plugin_config_t, mozilla_plugin_config_exec_t)
> -role mozilla_plugin_config_roles types mozilla_plugin_config_t;
> +type webbrowser_plugin_config_t;
> +typealias webbrowser_plugin_config_t alias { mozilla_plugin_config_t };
> +type webbrowser_plugin_config_exec_t;
> +typealias webbrowser_plugin_config_exec_t alias { mozilla_plugin_config_exec_t };
> +userdom_user_application_domain(webbrowser_plugin_config_t, webbrowser_plugin_config_exec_t)
> +role webbrowser_plugin_config_roles types webbrowser_plugin_config_t;
>
> -type mozilla_tmp_t;
> -userdom_user_tmp_file(mozilla_tmp_t)
> +type webbrowser_tmp_t;
> +typealias webbrowser_tmp_t alias { mozilla_tmp_t };
> +userdom_user_tmp_file(webbrowser_tmp_t)
>
> -type mozilla_tmpfs_t;
> -typealias mozilla_tmpfs_t alias { user_mozilla_tmpfs_t staff_mozilla_tmpfs_t sysadm_mozilla_tmpfs_t };
> -typealias mozilla_tmpfs_t alias { auditadm_mozilla_tmpfs_t secadm_mozilla_tmpfs_t };
> -userdom_user_tmpfs_file(mozilla_tmpfs_t)
> +type webbrowser_tmpfs_t;
> +typealias webbrowser_tmpfs_t alias { mozilla_tmpfs_t };
> +typealias webbrowser_tmpfs_t alias { user_mozilla_tmpfs_t staff_mozilla_tmpfs_t sysadm_mozilla_tmpfs_t };
> +typealias webbrowser_tmpfs_t alias { auditadm_mozilla_tmpfs_t secadm_mozilla_tmpfs_t };
> +userdom_user_tmpfs_file(webbrowser_tmpfs_t)
>
> optional_policy(`
> - pulseaudio_tmpfs_content(mozilla_tmpfs_t)
> + pulseaudio_tmpfs_content(webbrowser_tmpfs_t)
> ')
>
> -type mozilla_xdg_cache_t;
> -xdg_cache_content(mozilla_xdg_cache_t)
> +type webbrowser_xdg_cache_t;
> +xdg_cache_content(webbrowser_xdg_cache_t)
>
> ########################################
> #
> # Local policy
> #
>
> -allow mozilla_t self:capability { setgid setuid sys_nice };
> -allow mozilla_t self:process { sigkill signal setsched getsched setrlimit };
> -allow mozilla_t self:fifo_file rw_fifo_file_perms;
> -allow mozilla_t self:shm create_shm_perms;
> -allow mozilla_t self:sem create_sem_perms;
> -allow mozilla_t self:socket create_socket_perms;
> -allow mozilla_t self:unix_stream_socket { accept listen };
> -
> -allow mozilla_t mozilla_plugin_t:unix_stream_socket rw_socket_perms;
> -allow mozilla_t mozilla_plugin_t:fd use;
> -
> -allow mozilla_t { mozilla_home_t mozilla_plugin_home_t }:dir manage_dir_perms;
> -allow mozilla_t { mozilla_home_t mozilla_plugin_home_t }:file { manage_file_perms map };
> -allow mozilla_t mozilla_home_t:lnk_file manage_lnk_file_perms;
> -userdom_user_home_dir_filetrans(mozilla_t, mozilla_home_t, dir, ".galeon")
> -userdom_user_home_dir_filetrans(mozilla_t, mozilla_home_t, dir, ".mozilla")
> -userdom_user_home_dir_filetrans(mozilla_t, mozilla_home_t, dir, ".netscape")
> -userdom_user_home_dir_filetrans(mozilla_t, mozilla_home_t, dir, ".phoenix")
> -
> -filetrans_pattern(mozilla_t, mozilla_home_t, mozilla_plugin_home_t, dir, "plugins")
> -
> -manage_files_pattern(mozilla_t, mozilla_tmp_t, mozilla_tmp_t)
> -manage_lnk_files_pattern(mozilla_t, mozilla_tmp_t, mozilla_tmp_t)
> -manage_dirs_pattern(mozilla_t, mozilla_tmp_t, mozilla_tmp_t)
> -allow mozilla_t mozilla_tmp_t:file map;
> -files_tmp_filetrans(mozilla_t, mozilla_tmp_t, { file dir })
> -
> -manage_files_pattern(mozilla_t, mozilla_tmpfs_t, mozilla_tmpfs_t)
> -manage_lnk_files_pattern(mozilla_t, mozilla_tmpfs_t, mozilla_tmpfs_t)
> -manage_fifo_files_pattern(mozilla_t, mozilla_tmpfs_t, mozilla_tmpfs_t)
> -manage_sock_files_pattern(mozilla_t, mozilla_tmpfs_t, mozilla_tmpfs_t)
> -fs_tmpfs_filetrans(mozilla_t, mozilla_tmpfs_t, { file lnk_file sock_file fifo_file })
> -allow mozilla_t mozilla_plugin_tmpfs_t:file map;
> -
> -allow mozilla_t mozilla_plugin_rw_t:dir list_dir_perms;
> -allow mozilla_t mozilla_plugin_rw_t:file read_file_perms;
> -allow mozilla_t mozilla_plugin_rw_t:lnk_file read_lnk_file_perms;
> -
> -stream_connect_pattern(mozilla_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t, mozilla_plugin_t)
> -
> -manage_files_pattern(mozilla_t, mozilla_xdg_cache_t, mozilla_xdg_cache_t)
> -manage_dirs_pattern(mozilla_t, mozilla_xdg_cache_t, mozilla_xdg_cache_t)
> -xdg_cache_filetrans(mozilla_t, mozilla_xdg_cache_t, dir, "mozilla")
> -
> -can_exec(mozilla_t, { mozilla_exec_t mozilla_plugin_rw_t mozilla_plugin_home_t })
> -
> -kernel_read_kernel_sysctls(mozilla_t)
> -kernel_read_network_state(mozilla_t)
> -kernel_read_system_state(mozilla_t)
> -kernel_read_net_sysctls(mozilla_t)
> -
> -corecmd_list_bin(mozilla_t)
> -corecmd_exec_shell(mozilla_t)
> -corecmd_exec_bin(mozilla_t)
> -
> -corenet_all_recvfrom_unlabeled(mozilla_t)
> -corenet_all_recvfrom_netlabel(mozilla_t)
> -corenet_tcp_sendrecv_generic_if(mozilla_t)
> -corenet_tcp_sendrecv_generic_node(mozilla_t)
> -
> -corenet_sendrecv_http_client_packets(mozilla_t)
> -corenet_tcp_connect_http_port(mozilla_t)
> -corenet_tcp_sendrecv_http_port(mozilla_t)
> -
> -corenet_sendrecv_http_cache_client_packets(mozilla_t)
> -corenet_tcp_connect_http_cache_port(mozilla_t)
> -corenet_tcp_sendrecv_http_cache_port(mozilla_t)
> -
> -corenet_sendrecv_squid_client_packets(mozilla_t)
> -corenet_tcp_connect_squid_port(mozilla_t)
> -corenet_tcp_sendrecv_squid_port(mozilla_t)
> -
> -corenet_sendrecv_ftp_client_packets(mozilla_t)
> -corenet_tcp_connect_ftp_port(mozilla_t)
> -corenet_tcp_sendrecv_ftp_port(mozilla_t)
> -
> -corenet_sendrecv_ipp_client_packets(mozilla_t)
> -corenet_tcp_connect_ipp_port(mozilla_t)
> -corenet_tcp_sendrecv_ipp_port(mozilla_t)
> -
> -corenet_sendrecv_soundd_client_packets(mozilla_t)
> -corenet_tcp_connect_soundd_port(mozilla_t)
> -corenet_tcp_sendrecv_soundd_port(mozilla_t)
> -
> -corenet_sendrecv_speech_client_packets(mozilla_t)
> -corenet_tcp_connect_speech_port(mozilla_t)
> -corenet_tcp_sendrecv_speech_port(mozilla_t)
> -
> -dev_getattr_sysfs_dirs(mozilla_t)
> -dev_read_sysfs(mozilla_t)
> -dev_read_sound(mozilla_t)
> -dev_read_rand(mozilla_t)
> -dev_read_urand(mozilla_t)
> -dev_rw_dri(mozilla_t)
> -dev_write_sound(mozilla_t)
> -
> -domain_dontaudit_read_all_domains_state(mozilla_t)
> -
> -files_read_etc_runtime_files(mozilla_t)
> -files_map_usr_files(mozilla_t)
> -files_read_usr_files(mozilla_t)
> -files_read_var_files(mozilla_t)
> -files_read_var_lib_files(mozilla_t)
> -files_read_var_symlinks(mozilla_t)
> -files_dontaudit_getattr_boot_dirs(mozilla_t)
> -
> -fs_getattr_all_fs(mozilla_t)
> -fs_search_auto_mountpoints(mozilla_t)
> -fs_list_inotifyfs(mozilla_t)
> -fs_rw_tmpfs_files(mozilla_t)
> -
> -term_dontaudit_getattr_pty_dirs(mozilla_t)
> -
> -auth_use_nsswitch(mozilla_t)
> -
> -logging_send_syslog_msg(mozilla_t)
> -
> -miscfiles_read_fonts(mozilla_t)
> -miscfiles_read_generic_certs(mozilla_t)
> -miscfiles_read_localization(mozilla_t)
> -miscfiles_dontaudit_setattr_fonts_dirs(mozilla_t)
> -miscfiles_dontaudit_setattr_fonts_cache_dirs(mozilla_t)
> -
> -userdom_use_user_ptys(mozilla_t)
> -
> -userdom_manage_user_tmp_dirs(mozilla_t)
> -userdom_manage_user_tmp_files(mozilla_t)
> -userdom_map_user_tmp_files(mozilla_t)
> -
> -userdom_user_content_access_template(mozilla, { mozilla_t mozilla_plugin_t })
> -userdom_user_home_dir_filetrans_user_home_content(mozilla_t, { dir file })
> -
> -userdom_write_user_tmp_sockets(mozilla_t)
> -
> -mozilla_run_plugin(mozilla_t, mozilla_roles)
> -mozilla_run_plugin_config(mozilla_t, mozilla_roles)
> -
> -xdg_read_config_files(mozilla_t)
> -xdg_read_data_files(mozilla_t)
> -xdg_manage_downloads(mozilla_t)
> -
> -xserver_rw_mesa_shader_cache(mozilla_t)
> -xserver_user_x_domain_template(mozilla, mozilla_t, mozilla_tmpfs_t)
> -xserver_dontaudit_read_xdm_tmp_files(mozilla_t)
> -xserver_dontaudit_getattr_xdm_tmp_sockets(mozilla_t)
> +allow webbrowser_t self:capability { setgid setuid sys_nice };
> +allow webbrowser_t self:process { sigkill signal setsched getsched setrlimit };
> +allow webbrowser_t self:fifo_file rw_fifo_file_perms;
> +allow webbrowser_t self:shm create_shm_perms;
> +allow webbrowser_t self:sem create_sem_perms;
> +allow webbrowser_t self:socket create_socket_perms;
> +allow webbrowser_t self:unix_stream_socket { accept listen };
> +
> +allow webbrowser_t webbrowser_plugin_t:unix_stream_socket rw_socket_perms;
> +allow webbrowser_t webbrowser_plugin_t:fd use;
> +
> +allow webbrowser_t { webbrowser_home_t webbrowser_plugin_home_t }:dir manage_dir_perms;
> +allow webbrowser_t { webbrowser_home_t webbrowser_plugin_home_t }:file { manage_file_perms map };
> +allow webbrowser_t webbrowser_home_t:lnk_file manage_lnk_file_perms;
> +userdom_user_home_dir_filetrans(webbrowser_t, webbrowser_home_t, dir, ".galeon")
> +userdom_user_home_dir_filetrans(webbrowser_t, webbrowser_home_t, dir, ".mozilla")
> +userdom_user_home_dir_filetrans(webbrowser_t, webbrowser_home_t, dir, ".netscape")
> +userdom_user_home_dir_filetrans(webbrowser_t, webbrowser_home_t, dir, ".phoenix")
> +
> +filetrans_pattern(webbrowser_t, webbrowser_home_t, webbrowser_plugin_home_t, dir, "plugins")
> +
> +manage_files_pattern(webbrowser_t, webbrowser_tmp_t, webbrowser_tmp_t)
> +manage_lnk_files_pattern(webbrowser_t, webbrowser_tmp_t, webbrowser_tmp_t)
> +manage_dirs_pattern(webbrowser_t, webbrowser_tmp_t, webbrowser_tmp_t)
> +allow webbrowser_t webbrowser_tmp_t:file map;
> +files_tmp_filetrans(webbrowser_t, webbrowser_tmp_t, { file dir })
> +
> +manage_files_pattern(webbrowser_t, webbrowser_tmpfs_t, webbrowser_tmpfs_t)
> +manage_lnk_files_pattern(webbrowser_t, webbrowser_tmpfs_t, webbrowser_tmpfs_t)
> +manage_fifo_files_pattern(webbrowser_t, webbrowser_tmpfs_t, webbrowser_tmpfs_t)
> +manage_sock_files_pattern(webbrowser_t, webbrowser_tmpfs_t, webbrowser_tmpfs_t)
> +fs_tmpfs_filetrans(webbrowser_t, webbrowser_tmpfs_t, { file lnk_file sock_file fifo_file })
> +allow webbrowser_t webbrowser_plugin_tmpfs_t:file map;
> +
> +allow webbrowser_t webbrowser_plugin_rw_t:dir list_dir_perms;
> +allow webbrowser_t webbrowser_plugin_rw_t:file read_file_perms;
> +allow webbrowser_t webbrowser_plugin_rw_t:lnk_file read_lnk_file_perms;
> +
> +stream_connect_pattern(webbrowser_t, webbrowser_plugin_tmpfs_t, webbrowser_plugin_tmpfs_t, webbrowser_plugin_t)
> +
> +manage_files_pattern(webbrowser_t, webbrowser_xdg_cache_t, webbrowser_xdg_cache_t)
> +manage_dirs_pattern(webbrowser_t, webbrowser_xdg_cache_t, webbrowser_xdg_cache_t)
> +xdg_cache_filetrans(webbrowser_t, webbrowser_xdg_cache_t, dir, "mozilla")
> +
> +can_exec(webbrowser_t, { webbrowser_exec_t webbrowser_plugin_rw_t webbrowser_plugin_home_t })
> +
> +kernel_read_kernel_sysctls(webbrowser_t)
> +kernel_read_network_state(webbrowser_t)
> +kernel_read_system_state(webbrowser_t)
> +kernel_read_net_sysctls(webbrowser_t)
> +
> +corecmd_list_bin(webbrowser_t)
> +corecmd_exec_shell(webbrowser_t)
> +corecmd_exec_bin(webbrowser_t)
> +
> +corenet_all_recvfrom_unlabeled(webbrowser_t)
> +corenet_all_recvfrom_netlabel(webbrowser_t)
> +corenet_tcp_sendrecv_generic_if(webbrowser_t)
> +corenet_tcp_sendrecv_generic_node(webbrowser_t)
> +
> +corenet_sendrecv_http_client_packets(webbrowser_t)
> +corenet_tcp_connect_http_port(webbrowser_t)
> +corenet_tcp_sendrecv_http_port(webbrowser_t)
> +
> +corenet_sendrecv_http_cache_client_packets(webbrowser_t)
> +corenet_tcp_connect_http_cache_port(webbrowser_t)
> +corenet_tcp_sendrecv_http_cache_port(webbrowser_t)
> +
> +corenet_sendrecv_squid_client_packets(webbrowser_t)
> +corenet_tcp_connect_squid_port(webbrowser_t)
> +corenet_tcp_sendrecv_squid_port(webbrowser_t)
> +
> +corenet_sendrecv_ftp_client_packets(webbrowser_t)
> +corenet_tcp_connect_ftp_port(webbrowser_t)
> +corenet_tcp_sendrecv_ftp_port(webbrowser_t)
> +
> +corenet_sendrecv_ipp_client_packets(webbrowser_t)
> +corenet_tcp_connect_ipp_port(webbrowser_t)
> +corenet_tcp_sendrecv_ipp_port(webbrowser_t)
> +
> +corenet_sendrecv_soundd_client_packets(webbrowser_t)
> +corenet_tcp_connect_soundd_port(webbrowser_t)
> +corenet_tcp_sendrecv_soundd_port(webbrowser_t)
> +
> +corenet_sendrecv_speech_client_packets(webbrowser_t)
> +corenet_tcp_connect_speech_port(webbrowser_t)
> +corenet_tcp_sendrecv_speech_port(webbrowser_t)
> +
> +dev_getattr_sysfs_dirs(webbrowser_t)
> +dev_read_sysfs(webbrowser_t)
> +dev_read_sound(webbrowser_t)
> +dev_read_rand(webbrowser_t)
> +dev_read_urand(webbrowser_t)
> +dev_rw_dri(webbrowser_t)
> +dev_write_sound(webbrowser_t)
> +
> +domain_dontaudit_read_all_domains_state(webbrowser_t)
> +
> +files_read_etc_runtime_files(webbrowser_t)
> +files_map_usr_files(webbrowser_t)
> +files_read_usr_files(webbrowser_t)
> +files_read_var_files(webbrowser_t)
> +files_read_var_lib_files(webbrowser_t)
> +files_read_var_symlinks(webbrowser_t)
> +files_dontaudit_getattr_boot_dirs(webbrowser_t)
> +
> +fs_getattr_all_fs(webbrowser_t)
> +fs_search_auto_mountpoints(webbrowser_t)
> +fs_list_inotifyfs(webbrowser_t)
> +fs_rw_tmpfs_files(webbrowser_t)
> +
> +term_dontaudit_getattr_pty_dirs(webbrowser_t)
> +
> +auth_use_nsswitch(webbrowser_t)
> +
> +logging_send_syslog_msg(webbrowser_t)
> +
> +miscfiles_read_fonts(webbrowser_t)
> +miscfiles_read_generic_certs(webbrowser_t)
> +miscfiles_read_localization(webbrowser_t)
> +miscfiles_dontaudit_setattr_fonts_dirs(webbrowser_t)
> +miscfiles_dontaudit_setattr_fonts_cache_dirs(webbrowser_t)
> +
> +userdom_use_user_ptys(webbrowser_t)
> +
> +userdom_manage_user_tmp_dirs(webbrowser_t)
> +userdom_manage_user_tmp_files(webbrowser_t)
> +userdom_map_user_tmp_files(webbrowser_t)
> +
> +userdom_user_content_access_template(webbrowser, { webbrowser_t webbrowser_plugin_t })
> +userdom_user_home_dir_filetrans_user_home_content(webbrowser_t, { dir file })
> +
> +userdom_write_user_tmp_sockets(webbrowser_t)
> +
> +webbrowser_run_plugin(webbrowser_t, webbrowser_roles)
> +webbrowser_run_plugin_config(webbrowser_t, webbrowser_roles)
> +
> +xdg_read_config_files(webbrowser_t)
> +xdg_read_data_files(webbrowser_t)
> +xdg_manage_downloads(webbrowser_t)
> +
> +xserver_rw_mesa_shader_cache(webbrowser_t)
> +xserver_user_x_domain_template(webbrowser, webbrowser_t, webbrowser_tmpfs_t)
> +xserver_dontaudit_read_xdm_tmp_files(webbrowser_t)
> +xserver_dontaudit_getattr_xdm_tmp_sockets(webbrowser_t)
>
> ifndef(`enable_mls',`
> - fs_list_dos(mozilla_t)
> - fs_read_dos_files(mozilla_t)
> + fs_list_dos(webbrowser_t)
> + fs_read_dos_files(webbrowser_t)
>
> - fs_search_removable(mozilla_t)
> - fs_read_removable_files(mozilla_t)
> - fs_read_removable_symlinks(mozilla_t)
> + fs_search_removable(webbrowser_t)
> + fs_read_removable_files(webbrowser_t)
> + fs_read_removable_symlinks(webbrowser_t)
>
> - fs_read_iso9660_files(mozilla_t)
> + fs_read_iso9660_files(webbrowser_t)
> ')
>
> tunable_policy(`allow_execmem',`
> - allow mozilla_t self:process execmem;
> + allow webbrowser_t self:process execmem;
> ')
>
> -tunable_policy(`mozilla_execstack',`
> - allow mozilla_t self:process { execmem execstack };
> +tunable_policy(`webbrowser_execstack',`
> + allow webbrowser_t self:process { execmem execstack };
> ')
>
> tunable_policy(`use_nfs_home_dirs',`
> - fs_manage_nfs_dirs(mozilla_t)
> - fs_manage_nfs_files(mozilla_t)
> - fs_manage_nfs_symlinks(mozilla_t)
> + fs_manage_nfs_dirs(webbrowser_t)
> + fs_manage_nfs_files(webbrowser_t)
> + fs_manage_nfs_symlinks(webbrowser_t)
> ')
>
> tunable_policy(`use_samba_home_dirs',`
> - fs_manage_cifs_dirs(mozilla_t)
> - fs_manage_cifs_files(mozilla_t)
> - fs_manage_cifs_symlinks(mozilla_t)
> + fs_manage_cifs_dirs(webbrowser_t)
> + fs_manage_cifs_files(webbrowser_t)
> + fs_manage_cifs_symlinks(webbrowser_t)
> ')
>
> optional_policy(`
> - alsa_read_config(mozilla_t)
> - alsa_read_home_files(mozilla_t)
> + alsa_read_config(webbrowser_t)
> + alsa_read_home_files(webbrowser_t)
> ')
>
> optional_policy(`
> - apache_read_user_scripts(mozilla_t)
> - apache_read_user_content(mozilla_t)
> + apache_read_user_scripts(webbrowser_t)
> + apache_read_user_content(webbrowser_t)
> ')
>
> optional_policy(`
> - automount_dontaudit_getattr_tmp_dirs(mozilla_t)
> + automount_dontaudit_getattr_tmp_dirs(webbrowser_t)
> ')
>
> optional_policy(`
> - cups_read_rw_config(mozilla_t)
> - cups_stream_connect(mozilla_t)
> + cups_read_rw_config(webbrowser_t)
> + cups_stream_connect(webbrowser_t)
> ')
>
> optional_policy(`
> - dbus_all_session_bus_client(mozilla_t)
> - dbus_connect_all_session_bus(mozilla_t)
> - dbus_system_bus_client(mozilla_t)
> + dbus_all_session_bus_client(webbrowser_t)
> + dbus_connect_all_session_bus(webbrowser_t)
> + dbus_system_bus_client(webbrowser_t)
>
> optional_policy(`
> - cups_dbus_chat(mozilla_t)
> + cups_dbus_chat(webbrowser_t)
> ')
>
> optional_policy(`
> - mozilla_dbus_chat_plugin(mozilla_t)
> + webbrowser_dbus_chat_plugin(webbrowser_t)
> ')
>
> optional_policy(`
> - networkmanager_dbus_chat(mozilla_t)
> + networkmanager_dbus_chat(webbrowser_t)
> ')
> ')
>
> optional_policy(`
> - evolution_domtrans(mozilla_t)
> + evolution_domtrans(webbrowser_t)
> ')
>
> optional_policy(`
> - gnome_stream_connect_gconf(mozilla_t)
> - gnome_manage_generic_gconf_home_content(mozilla_t)
> - gnome_home_filetrans_gconf_home(mozilla_t, dir, ".gconf")
> - gnome_home_filetrans_gconf_home(mozilla_t, dir, ".gconfd")
> - gnome_manage_generic_home_content(mozilla_t)
> - gnome_home_filetrans_gnome_home(mozilla_t, dir, ".gnome")
> - gnome_home_filetrans_gnome_home(mozilla_t, dir, ".gnome2")
> - gnome_home_filetrans_gnome_home(mozilla_t, dir, ".gnome2_private")
> + gnome_stream_connect_gconf(webbrowser_t)
> + gnome_manage_generic_gconf_home_content(webbrowser_t)
> + gnome_home_filetrans_gconf_home(webbrowser_t, dir, ".gconf")
> + gnome_home_filetrans_gconf_home(webbrowser_t, dir, ".gconfd")
> + gnome_manage_generic_home_content(webbrowser_t)
> + gnome_home_filetrans_gnome_home(webbrowser_t, dir, ".gnome")
> + gnome_home_filetrans_gnome_home(webbrowser_t, dir, ".gnome2")
> + gnome_home_filetrans_gnome_home(webbrowser_t, dir, ".gnome2_private")
> ')
>
> optional_policy(`
> - java_exec(mozilla_t)
> - java_manage_generic_home_content(mozilla_t)
> - java_manage_java_tmp(mozilla_t)
> - java_home_filetrans_java_home(mozilla_t, dir, ".java")
> + java_exec(webbrowser_t)
> + java_manage_generic_home_content(webbrowser_t)
> + java_manage_java_tmp(webbrowser_t)
> + java_home_filetrans_java_home(webbrowser_t, dir, ".java")
> ')
>
> optional_policy(`
> - lpd_run_lpr(mozilla_t, mozilla_roles)
> + lpd_run_lpr(webbrowser_t, webbrowser_roles)
> ')
>
> optional_policy(`
> - mplayer_exec(mozilla_t)
> - mplayer_manage_generic_home_content(mozilla_t)
> - mplayer_home_filetrans_mplayer_home(mozilla_t, dir, ".mplayer")
> + mplayer_exec(webbrowser_t)
> + mplayer_manage_generic_home_content(webbrowser_t)
> + mplayer_home_filetrans_mplayer_home(webbrowser_t, dir, ".mplayer")
> ')
>
> optional_policy(`
> - ooffice_domtrans(mozilla_t)
> - ooffice_rw_tmp_files(mozilla_t)
> + ooffice_domtrans(webbrowser_t)
> + ooffice_rw_tmp_files(webbrowser_t)
> ')
>
> optional_policy(`
> - pulseaudio_run(mozilla_t, mozilla_roles)
> + pulseaudio_run(webbrowser_t, webbrowser_roles)
> ')
>
> optional_policy(`
> - thunderbird_domtrans(mozilla_t)
> + thunderbird_domtrans(webbrowser_t)
> ')
>
> ########################################
> @@ -343,282 +354,282 @@ optional_policy(`
> # Plugin local policy
> #
>
> -dontaudit mozilla_plugin_t self:capability { ipc_lock sys_nice sys_ptrace sys_tty_config };
> -allow mozilla_plugin_t self:process { setpgid getsched setsched signal_perms setrlimit };
> -allow mozilla_plugin_t self:fifo_file manage_fifo_file_perms;
> -allow mozilla_plugin_t self:netlink_kobject_uevent_socket create_socket_perms;
> -allow mozilla_plugin_t self:sem create_sem_perms;
> -allow mozilla_plugin_t self:shm create_shm_perms;
> -allow mozilla_plugin_t self:tcp_socket { accept listen };
> -allow mozilla_plugin_t self:unix_stream_socket { accept connectto listen };
> -
> -allow mozilla_plugin_t mozilla_t:unix_stream_socket rw_socket_perms;
> -allow mozilla_plugin_t mozilla_t:unix_dgram_socket rw_socket_perms;
> -allow mozilla_plugin_t mozilla_t:shm { rw_shm_perms destroy };
> -allow mozilla_plugin_t mozilla_t:sem create_sem_perms;
> -
> -manage_dirs_pattern(mozilla_plugin_t, { mozilla_home_t mozilla_plugin_home_t }, { mozilla_home_t mozilla_plugin_home_t })
> -manage_files_pattern(mozilla_plugin_t, { mozilla_home_t mozilla_plugin_home_t }, mozilla_plugin_home_t)
> -manage_lnk_files_pattern(mozilla_plugin_t, { mozilla_home_t mozilla_plugin_home_t }, mozilla_plugin_home_t)
> -allow mozilla_plugin_t mozilla_home_t:file map;
> -
> -userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_home_t, dir, ".galeon")
> -userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_home_t, dir, ".mozilla")
> -userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_home_t, dir, ".netscape")
> -userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_home_t, dir, ".phoenix")
> -
> -userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_plugin_home_t, dir, ".adobe")
> -userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_plugin_home_t, dir, ".macromedia")
> -userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_plugin_home_t, dir, ".gnash")
> -userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_plugin_home_t, dir, ".gcjwebplugin")
> -userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_plugin_home_t, dir, ".icedteaplugin")
> -userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_plugin_home_t, dir, ".spicec")
> -userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_plugin_home_t, dir, ".ICAClient")
> -userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_plugin_home_t, dir, "zimbrauserdata")
> -
> -filetrans_pattern(mozilla_plugin_t, mozilla_home_t, mozilla_plugin_home_t, dir, "plugins")
> -
> -manage_dirs_pattern(mozilla_plugin_t, mozilla_plugin_tmp_t, mozilla_plugin_tmp_t)
> -manage_files_pattern(mozilla_plugin_t, mozilla_plugin_tmp_t, mozilla_plugin_tmp_t)
> -manage_fifo_files_pattern(mozilla_plugin_t, mozilla_plugin_tmp_t, mozilla_plugin_tmp_t)
> -files_tmp_filetrans(mozilla_plugin_t, mozilla_plugin_tmp_t, { dir file fifo_file })
> -userdom_user_tmp_filetrans(mozilla_plugin_t, mozilla_plugin_tmp_t, { dir file fifo_file })
> -
> -allow mozilla_plugin_t mozilla_tmp_t:file rw_file_perms;
> -
> -manage_files_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t)
> -manage_lnk_files_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t)
> -manage_fifo_files_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t)
> -manage_sock_files_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t)
> -fs_tmpfs_filetrans(mozilla_plugin_t, mozilla_plugin_tmpfs_t, { file lnk_file sock_file fifo_file })
> -
> -allow mozilla_plugin_t mozilla_plugin_rw_t:dir list_dir_perms;
> -allow mozilla_plugin_t mozilla_plugin_rw_t:file read_file_perms;
> -allow mozilla_plugin_t mozilla_plugin_rw_t:lnk_file read_lnk_file_perms;
> -
> -dgram_send_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t, mozilla_t)
> -stream_connect_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t, mozilla_t)
> -
> -can_exec(mozilla_plugin_t, { mozilla_exec_t mozilla_plugin_home_t mozilla_plugin_tmp_t })
> -
> -kernel_read_all_sysctls(mozilla_plugin_t)
> -kernel_read_system_state(mozilla_plugin_t)
> -kernel_read_network_state(mozilla_plugin_t)
> -kernel_request_load_module(mozilla_plugin_t)
> -kernel_dontaudit_getattr_core_if(mozilla_plugin_t)
> -
> -corecmd_exec_bin(mozilla_plugin_t)
> -corecmd_exec_shell(mozilla_plugin_t)
> -
> -corenet_all_recvfrom_netlabel(mozilla_plugin_t)
> -corenet_all_recvfrom_unlabeled(mozilla_plugin_t)
> -corenet_tcp_sendrecv_generic_if(mozilla_plugin_t)
> -corenet_tcp_sendrecv_generic_node(mozilla_plugin_t)
> -
> -corenet_sendrecv_asterisk_client_packets(mozilla_plugin_t)
> -corenet_tcp_connect_asterisk_port(mozilla_plugin_t)
> -corenet_tcp_sendrecv_asterisk_port(mozilla_plugin_t)
> -
> -corenet_sendrecv_ftp_client_packets(mozilla_plugin_t)
> -corenet_tcp_connect_ftp_port(mozilla_plugin_t)
> -corenet_tcp_sendrecv_ftp_port(mozilla_plugin_t)
> -
> -corenet_sendrecv_gatekeeper_client_packets(mozilla_plugin_t)
> -corenet_tcp_connect_gatekeeper_port(mozilla_plugin_t)
> -corenet_tcp_sendrecv_gatekeeper_port(mozilla_plugin_t)
> -
> -corenet_sendrecv_http_client_packets(mozilla_plugin_t)
> -corenet_tcp_connect_http_port(mozilla_plugin_t)
> -corenet_tcp_sendrecv_http_port(mozilla_plugin_t)
> -
> -corenet_sendrecv_http_cache_client_packets(mozilla_plugin_t)
> -corenet_tcp_connect_http_cache_port(mozilla_plugin_t)
> -corenet_tcp_sendrecv_http_cache_port(mozilla_plugin_t)
> -
> -corenet_sendrecv_ipp_client_packets(mozilla_plugin_t)
> -corenet_tcp_connect_ipp_port(mozilla_plugin_t)
> -corenet_tcp_sendrecv_ipp_port(mozilla_plugin_t)
> -
> -corenet_sendrecv_ircd_client_packets(mozilla_plugin_t)
> -corenet_tcp_connect_ircd_port(mozilla_plugin_t)
> -corenet_tcp_sendrecv_ircd_port(mozilla_plugin_t)
> -
> -corenet_sendrecv_jabber_client_client_packets(mozilla_plugin_t)
> -corenet_tcp_connect_jabber_client_port(mozilla_plugin_t)
> -corenet_tcp_sendrecv_jabber_client_port(mozilla_plugin_t)
> -
> -corenet_sendrecv_mmcc_client_packets(mozilla_plugin_t)
> -corenet_tcp_connect_mmcc_port(mozilla_plugin_t)
> -corenet_tcp_sendrecv_mmcc_port(mozilla_plugin_t)
> -
> -corenet_sendrecv_monopd_client_packets(mozilla_plugin_t)
> -corenet_tcp_connect_monopd_port(mozilla_plugin_t)
> -corenet_tcp_sendrecv_monopd_port(mozilla_plugin_t)
> -
> -corenet_sendrecv_soundd_client_packets(mozilla_plugin_t)
> -corenet_tcp_connect_soundd_port(mozilla_plugin_t)
> -corenet_tcp_sendrecv_soundd_port(mozilla_plugin_t)
> -
> -corenet_sendrecv_speech_client_packets(mozilla_plugin_t)
> -corenet_tcp_connect_speech_port(mozilla_plugin_t)
> -corenet_tcp_sendrecv_speech_port(mozilla_plugin_t)
> -
> -corenet_sendrecv_squid_client_packets(mozilla_plugin_t)
> -corenet_tcp_connect_squid_port(mozilla_plugin_t)
> -corenet_tcp_sendrecv_squid_port(mozilla_plugin_t)
> -
> -corenet_sendrecv_vnc_client_packets(mozilla_plugin_t)
> -corenet_tcp_connect_vnc_port(mozilla_plugin_t)
> -corenet_tcp_sendrecv_vnc_port(mozilla_plugin_t)
> -
> -dev_read_generic_usb_dev(mozilla_plugin_t)
> -dev_read_rand(mozilla_plugin_t)
> -dev_read_realtime_clock(mozilla_plugin_t)
> -dev_read_sound(mozilla_plugin_t)
> -dev_read_sysfs(mozilla_plugin_t)
> -dev_read_urand(mozilla_plugin_t)
> -dev_read_video_dev(mozilla_plugin_t)
> -dev_write_sound(mozilla_plugin_t)
> -dev_write_video_dev(mozilla_plugin_t)
> -dev_rw_dri(mozilla_plugin_t)
> -dev_rw_xserver_misc(mozilla_plugin_t)
> -
> -dev_dontaudit_getattr_generic_files(mozilla_plugin_t)
> -dev_dontaudit_getattr_generic_pipes(mozilla_plugin_t)
> -dev_dontaudit_getattr_all_blk_files(mozilla_plugin_t)
> -dev_dontaudit_getattr_all_chr_files(mozilla_plugin_t)
> -
> -domain_use_interactive_fds(mozilla_plugin_t)
> -domain_dontaudit_read_all_domains_state(mozilla_plugin_t)
> -
> -files_exec_usr_files(mozilla_plugin_t)
> -files_list_mnt(mozilla_plugin_t)
> -files_read_config_files(mozilla_plugin_t)
> -files_read_usr_files(mozilla_plugin_t)
> -files_map_usr_files(mozilla_plugin_t)
> -
> -fs_getattr_all_fs(mozilla_plugin_t)
> -# fs_read_hugetlbfs_files(mozilla_plugin_t)
> -fs_search_auto_mountpoints(mozilla_plugin_t)
> -
> -term_getattr_all_ttys(mozilla_plugin_t)
> -term_getattr_all_ptys(mozilla_plugin_t)
> -
> -application_exec(mozilla_plugin_t)
> -
> -auth_use_nsswitch(mozilla_plugin_t)
> -
> -libs_exec_ld_so(mozilla_plugin_t)
> -libs_exec_lib_files(mozilla_plugin_t)
> -
> -logging_send_syslog_msg(mozilla_plugin_t)
> -
> -miscfiles_read_localization(mozilla_plugin_t)
> -miscfiles_read_fonts(mozilla_plugin_t)
> -miscfiles_read_generic_certs(mozilla_plugin_t)
> -miscfiles_dontaudit_setattr_fonts_dirs(mozilla_plugin_t)
> -miscfiles_dontaudit_setattr_fonts_cache_dirs(mozilla_plugin_t)
> -
> -userdom_manage_user_tmp_dirs(mozilla_plugin_t)
> -userdom_manage_user_tmp_files(mozilla_plugin_t)
> -userdom_map_user_tmp_files(mozilla_plugin_t)
> +dontaudit webbrowser_plugin_t self:capability { ipc_lock sys_nice sys_ptrace sys_tty_config };
> +allow webbrowser_plugin_t self:process { setpgid getsched setsched signal_perms setrlimit };
> +allow webbrowser_plugin_t self:fifo_file manage_fifo_file_perms;
> +allow webbrowser_plugin_t self:netlink_kobject_uevent_socket create_socket_perms;
> +allow webbrowser_plugin_t self:sem create_sem_perms;
> +allow webbrowser_plugin_t self:shm create_shm_perms;
> +allow webbrowser_plugin_t self:tcp_socket { accept listen };
> +allow webbrowser_plugin_t self:unix_stream_socket { accept connectto listen };
> +
> +allow webbrowser_plugin_t webbrowser_t:unix_stream_socket rw_socket_perms;
> +allow webbrowser_plugin_t webbrowser_t:unix_dgram_socket rw_socket_perms;
> +allow webbrowser_plugin_t webbrowser_t:shm { rw_shm_perms destroy };
> +allow webbrowser_plugin_t webbrowser_t:sem create_sem_perms;
> +
> +manage_dirs_pattern(webbrowser_plugin_t, { webbrowser_home_t webbrowser_plugin_home_t }, { webbrowser_home_t webbrowser_plugin_home_t })
> +manage_files_pattern(webbrowser_plugin_t, { webbrowser_home_t webbrowser_plugin_home_t }, webbrowser_plugin_home_t)
> +manage_lnk_files_pattern(webbrowser_plugin_t, { webbrowser_home_t webbrowser_plugin_home_t }, webbrowser_plugin_home_t)
> +allow webbrowser_plugin_t webbrowser_home_t:file map;
> +
> +userdom_user_home_dir_filetrans(webbrowser_plugin_t, webbrowser_home_t, dir, ".galeon")
> +userdom_user_home_dir_filetrans(webbrowser_plugin_t, webbrowser_home_t, dir, ".mozilla")
> +userdom_user_home_dir_filetrans(webbrowser_plugin_t, webbrowser_home_t, dir, ".netscape")
> +userdom_user_home_dir_filetrans(webbrowser_plugin_t, webbrowser_home_t, dir, ".phoenix")
> +
> +userdom_user_home_dir_filetrans(webbrowser_plugin_t, webbrowser_plugin_home_t, dir, ".adobe")
> +userdom_user_home_dir_filetrans(webbrowser_plugin_t, webbrowser_plugin_home_t, dir, ".macromedia")
> +userdom_user_home_dir_filetrans(webbrowser_plugin_t, webbrowser_plugin_home_t, dir, ".gnash")
> +userdom_user_home_dir_filetrans(webbrowser_plugin_t, webbrowser_plugin_home_t, dir, ".gcjwebplugin")
> +userdom_user_home_dir_filetrans(webbrowser_plugin_t, webbrowser_plugin_home_t, dir, ".icedteaplugin")
> +userdom_user_home_dir_filetrans(webbrowser_plugin_t, webbrowser_plugin_home_t, dir, ".spicec")
> +userdom_user_home_dir_filetrans(webbrowser_plugin_t, webbrowser_plugin_home_t, dir, ".ICAClient")
> +userdom_user_home_dir_filetrans(webbrowser_plugin_t, webbrowser_plugin_home_t, dir, "zimbrauserdata")
> +
> +filetrans_pattern(webbrowser_plugin_t, webbrowser_home_t, webbrowser_plugin_home_t, dir, "plugins")
> +
> +manage_dirs_pattern(webbrowser_plugin_t, webbrowser_plugin_tmp_t, webbrowser_plugin_tmp_t)
> +manage_files_pattern(webbrowser_plugin_t, webbrowser_plugin_tmp_t, webbrowser_plugin_tmp_t)
> +manage_fifo_files_pattern(webbrowser_plugin_t, webbrowser_plugin_tmp_t, webbrowser_plugin_tmp_t)
> +files_tmp_filetrans(webbrowser_plugin_t, webbrowser_plugin_tmp_t, { dir file fifo_file })
> +userdom_user_tmp_filetrans(webbrowser_plugin_t, webbrowser_plugin_tmp_t, { dir file fifo_file })
> +
> +allow webbrowser_plugin_t webbrowser_tmp_t:file rw_file_perms;
> +
> +manage_files_pattern(webbrowser_plugin_t, webbrowser_plugin_tmpfs_t, webbrowser_plugin_tmpfs_t)
> +manage_lnk_files_pattern(webbrowser_plugin_t, webbrowser_plugin_tmpfs_t, webbrowser_plugin_tmpfs_t)
> +manage_fifo_files_pattern(webbrowser_plugin_t, webbrowser_plugin_tmpfs_t, webbrowser_plugin_tmpfs_t)
> +manage_sock_files_pattern(webbrowser_plugin_t, webbrowser_plugin_tmpfs_t, webbrowser_plugin_tmpfs_t)
> +fs_tmpfs_filetrans(webbrowser_plugin_t, webbrowser_plugin_tmpfs_t, { file lnk_file sock_file fifo_file })
> +
> +allow webbrowser_plugin_t webbrowser_plugin_rw_t:dir list_dir_perms;
> +allow webbrowser_plugin_t webbrowser_plugin_rw_t:file read_file_perms;
> +allow webbrowser_plugin_t webbrowser_plugin_rw_t:lnk_file read_lnk_file_perms;
> +
> +dgram_send_pattern(webbrowser_plugin_t, webbrowser_plugin_tmpfs_t, webbrowser_plugin_tmpfs_t, webbrowser_t)
> +stream_connect_pattern(webbrowser_plugin_t, webbrowser_plugin_tmpfs_t, webbrowser_plugin_tmpfs_t, webbrowser_t)
> +
> +can_exec(webbrowser_plugin_t, { webbrowser_exec_t webbrowser_plugin_home_t webbrowser_plugin_tmp_t })
> +
> +kernel_read_all_sysctls(webbrowser_plugin_t)
> +kernel_read_system_state(webbrowser_plugin_t)
> +kernel_read_network_state(webbrowser_plugin_t)
> +kernel_request_load_module(webbrowser_plugin_t)
> +kernel_dontaudit_getattr_core_if(webbrowser_plugin_t)
> +
> +corecmd_exec_bin(webbrowser_plugin_t)
> +corecmd_exec_shell(webbrowser_plugin_t)
> +
> +corenet_all_recvfrom_netlabel(webbrowser_plugin_t)
> +corenet_all_recvfrom_unlabeled(webbrowser_plugin_t)
> +corenet_tcp_sendrecv_generic_if(webbrowser_plugin_t)
> +corenet_tcp_sendrecv_generic_node(webbrowser_plugin_t)
> +
> +corenet_sendrecv_asterisk_client_packets(webbrowser_plugin_t)
> +corenet_tcp_connect_asterisk_port(webbrowser_plugin_t)
> +corenet_tcp_sendrecv_asterisk_port(webbrowser_plugin_t)
> +
> +corenet_sendrecv_ftp_client_packets(webbrowser_plugin_t)
> +corenet_tcp_connect_ftp_port(webbrowser_plugin_t)
> +corenet_tcp_sendrecv_ftp_port(webbrowser_plugin_t)
> +
> +corenet_sendrecv_gatekeeper_client_packets(webbrowser_plugin_t)
> +corenet_tcp_connect_gatekeeper_port(webbrowser_plugin_t)
> +corenet_tcp_sendrecv_gatekeeper_port(webbrowser_plugin_t)
> +
> +corenet_sendrecv_http_client_packets(webbrowser_plugin_t)
> +corenet_tcp_connect_http_port(webbrowser_plugin_t)
> +corenet_tcp_sendrecv_http_port(webbrowser_plugin_t)
> +
> +corenet_sendrecv_http_cache_client_packets(webbrowser_plugin_t)
> +corenet_tcp_connect_http_cache_port(webbrowser_plugin_t)
> +corenet_tcp_sendrecv_http_cache_port(webbrowser_plugin_t)
> +
> +corenet_sendrecv_ipp_client_packets(webbrowser_plugin_t)
> +corenet_tcp_connect_ipp_port(webbrowser_plugin_t)
> +corenet_tcp_sendrecv_ipp_port(webbrowser_plugin_t)
> +
> +corenet_sendrecv_ircd_client_packets(webbrowser_plugin_t)
> +corenet_tcp_connect_ircd_port(webbrowser_plugin_t)
> +corenet_tcp_sendrecv_ircd_port(webbrowser_plugin_t)
> +
> +corenet_sendrecv_jabber_client_client_packets(webbrowser_plugin_t)
> +corenet_tcp_connect_jabber_client_port(webbrowser_plugin_t)
> +corenet_tcp_sendrecv_jabber_client_port(webbrowser_plugin_t)
> +
> +corenet_sendrecv_mmcc_client_packets(webbrowser_plugin_t)
> +corenet_tcp_connect_mmcc_port(webbrowser_plugin_t)
> +corenet_tcp_sendrecv_mmcc_port(webbrowser_plugin_t)
> +
> +corenet_sendrecv_monopd_client_packets(webbrowser_plugin_t)
> +corenet_tcp_connect_monopd_port(webbrowser_plugin_t)
> +corenet_tcp_sendrecv_monopd_port(webbrowser_plugin_t)
> +
> +corenet_sendrecv_soundd_client_packets(webbrowser_plugin_t)
> +corenet_tcp_connect_soundd_port(webbrowser_plugin_t)
> +corenet_tcp_sendrecv_soundd_port(webbrowser_plugin_t)
> +
> +corenet_sendrecv_speech_client_packets(webbrowser_plugin_t)
> +corenet_tcp_connect_speech_port(webbrowser_plugin_t)
> +corenet_tcp_sendrecv_speech_port(webbrowser_plugin_t)
> +
> +corenet_sendrecv_squid_client_packets(webbrowser_plugin_t)
> +corenet_tcp_connect_squid_port(webbrowser_plugin_t)
> +corenet_tcp_sendrecv_squid_port(webbrowser_plugin_t)
> +
> +corenet_sendrecv_vnc_client_packets(webbrowser_plugin_t)
> +corenet_tcp_connect_vnc_port(webbrowser_plugin_t)
> +corenet_tcp_sendrecv_vnc_port(webbrowser_plugin_t)
> +
> +dev_read_generic_usb_dev(webbrowser_plugin_t)
> +dev_read_rand(webbrowser_plugin_t)
> +dev_read_realtime_clock(webbrowser_plugin_t)
> +dev_read_sound(webbrowser_plugin_t)
> +dev_read_sysfs(webbrowser_plugin_t)
> +dev_read_urand(webbrowser_plugin_t)
> +dev_read_video_dev(webbrowser_plugin_t)
> +dev_write_sound(webbrowser_plugin_t)
> +dev_write_video_dev(webbrowser_plugin_t)
> +dev_rw_dri(webbrowser_plugin_t)
> +dev_rw_xserver_misc(webbrowser_plugin_t)
> +
> +dev_dontaudit_getattr_generic_files(webbrowser_plugin_t)
> +dev_dontaudit_getattr_generic_pipes(webbrowser_plugin_t)
> +dev_dontaudit_getattr_all_blk_files(webbrowser_plugin_t)
> +dev_dontaudit_getattr_all_chr_files(webbrowser_plugin_t)
> +
> +domain_use_interactive_fds(webbrowser_plugin_t)
> +domain_dontaudit_read_all_domains_state(webbrowser_plugin_t)
> +
> +files_exec_usr_files(webbrowser_plugin_t)
> +files_list_mnt(webbrowser_plugin_t)
> +files_read_config_files(webbrowser_plugin_t)
> +files_read_usr_files(webbrowser_plugin_t)
> +files_map_usr_files(webbrowser_plugin_t)
> +
> +fs_getattr_all_fs(webbrowser_plugin_t)
> +# fs_read_hugetlbfs_files(webbrowser_plugin_t)
> +fs_search_auto_mountpoints(webbrowser_plugin_t)
> +
> +term_getattr_all_ttys(webbrowser_plugin_t)
> +term_getattr_all_ptys(webbrowser_plugin_t)
> +
> +application_exec(webbrowser_plugin_t)
> +
> +auth_use_nsswitch(webbrowser_plugin_t)
> +
> +libs_exec_ld_so(webbrowser_plugin_t)
> +libs_exec_lib_files(webbrowser_plugin_t)
> +
> +logging_send_syslog_msg(webbrowser_plugin_t)
> +
> +miscfiles_read_localization(webbrowser_plugin_t)
> +miscfiles_read_fonts(webbrowser_plugin_t)
> +miscfiles_read_generic_certs(webbrowser_plugin_t)
> +miscfiles_dontaudit_setattr_fonts_dirs(webbrowser_plugin_t)
> +miscfiles_dontaudit_setattr_fonts_cache_dirs(webbrowser_plugin_t)
> +
> +userdom_manage_user_tmp_dirs(webbrowser_plugin_t)
> +userdom_manage_user_tmp_files(webbrowser_plugin_t)
> +userdom_map_user_tmp_files(webbrowser_plugin_t)
>
> -userdom_user_home_dir_filetrans_user_home_content(mozilla_plugin_t, { dir file })
> +userdom_user_home_dir_filetrans_user_home_content(webbrowser_plugin_t, { dir file })
>
> -userdom_write_user_tmp_sockets(mozilla_plugin_t)
> +userdom_write_user_tmp_sockets(webbrowser_plugin_t)
>
> -userdom_dontaudit_use_user_terminals(mozilla_plugin_t)
> +userdom_dontaudit_use_user_terminals(webbrowser_plugin_t)
>
> -xdg_read_config_files(mozilla_plugin_t)
> +xdg_read_config_files(webbrowser_plugin_t)
>
> ifndef(`enable_mls',`
> - fs_list_dos(mozilla_plugin_t)
> - fs_read_dos_files(mozilla_plugin_t)
> + fs_list_dos(webbrowser_plugin_t)
> + fs_read_dos_files(webbrowser_plugin_t)
>
> - fs_search_removable(mozilla_plugin_t)
> - fs_read_removable_files(mozilla_plugin_t)
> - fs_read_removable_symlinks(mozilla_plugin_t)
> + fs_search_removable(webbrowser_plugin_t)
> + fs_read_removable_files(webbrowser_plugin_t)
> + fs_read_removable_symlinks(webbrowser_plugin_t)
>
> - fs_read_iso9660_files(mozilla_plugin_t)
> + fs_read_iso9660_files(webbrowser_plugin_t)
> ')
>
> tunable_policy(`allow_execmem',`
> - allow mozilla_plugin_t self:process execmem;
> + allow webbrowser_plugin_t self:process execmem;
> ')
>
> -tunable_policy(`mozilla_execstack',`
> - allow mozilla_plugin_t self:process { execmem execstack };
> +tunable_policy(`webbrowser_execstack',`
> + allow webbrowser_plugin_t self:process { execmem execstack };
> ')
>
> tunable_policy(`use_nfs_home_dirs',`
> - fs_manage_nfs_dirs(mozilla_plugin_t)
> - fs_manage_nfs_files(mozilla_plugin_t)
> - fs_manage_nfs_symlinks(mozilla_plugin_t)
> + fs_manage_nfs_dirs(webbrowser_plugin_t)
> + fs_manage_nfs_files(webbrowser_plugin_t)
> + fs_manage_nfs_symlinks(webbrowser_plugin_t)
> ')
>
> tunable_policy(`use_samba_home_dirs',`
> - fs_manage_cifs_dirs(mozilla_plugin_t)
> - fs_manage_cifs_files(mozilla_plugin_t)
> - fs_manage_cifs_symlinks(mozilla_plugin_t)
> + fs_manage_cifs_dirs(webbrowser_plugin_t)
> + fs_manage_cifs_files(webbrowser_plugin_t)
> + fs_manage_cifs_symlinks(webbrowser_plugin_t)
> ')
>
> optional_policy(`
> - alsa_read_config(mozilla_plugin_t)
> - alsa_read_home_files(mozilla_plugin_t)
> + alsa_read_config(webbrowser_plugin_t)
> + alsa_read_home_files(webbrowser_plugin_t)
> ')
>
> optional_policy(`
> - automount_dontaudit_getattr_tmp_dirs(mozilla_plugin_t)
> + automount_dontaudit_getattr_tmp_dirs(webbrowser_plugin_t)
> ')
>
> optional_policy(`
> - dbus_all_session_bus_client(mozilla_plugin_t)
> - dbus_connect_all_session_bus(mozilla_plugin_t)
> - dbus_system_bus_client(mozilla_plugin_t)
> + dbus_all_session_bus_client(webbrowser_plugin_t)
> + dbus_connect_all_session_bus(webbrowser_plugin_t)
> + dbus_system_bus_client(webbrowser_plugin_t)
> ')
>
> optional_policy(`
> - gnome_manage_generic_home_content(mozilla_plugin_t)
> - gnome_home_filetrans_gnome_home(mozilla_plugin_t, dir, ".gnome")
> - gnome_home_filetrans_gnome_home(mozilla_plugin_t, dir, ".gnome2")
> - gnome_home_filetrans_gnome_home(mozilla_plugin_t, dir, ".gnome2_private")
> + gnome_manage_generic_home_content(webbrowser_plugin_t)
> + gnome_home_filetrans_gnome_home(webbrowser_plugin_t, dir, ".gnome")
> + gnome_home_filetrans_gnome_home(webbrowser_plugin_t, dir, ".gnome2")
> + gnome_home_filetrans_gnome_home(webbrowser_plugin_t, dir, ".gnome2_private")
> ')
>
> optional_policy(`
> - java_exec(mozilla_plugin_t)
> - java_manage_generic_home_content(mozilla_plugin_t)
> - java_manage_java_tmp(mozilla_plugin_t)
> - java_home_filetrans_java_home(mozilla_plugin_t, dir, ".java")
> + java_exec(webbrowser_plugin_t)
> + java_manage_generic_home_content(webbrowser_plugin_t)
> + java_manage_java_tmp(webbrowser_plugin_t)
> + java_home_filetrans_java_home(webbrowser_plugin_t, dir, ".java")
> ')
>
> optional_policy(`
> - lpd_run_lpr(mozilla_plugin_t, mozilla_plugin_roles)
> + lpd_run_lpr(webbrowser_plugin_t, webbrowser_plugin_roles)
> ')
>
> optional_policy(`
> - mplayer_exec(mozilla_plugin_t)
> - mplayer_manage_generic_home_content(mozilla_plugin_t)
> - mplayer_home_filetrans_mplayer_home(mozilla_plugin_t, dir, ".mplayer")
> + mplayer_exec(webbrowser_plugin_t)
> + mplayer_manage_generic_home_content(webbrowser_plugin_t)
> + mplayer_home_filetrans_mplayer_home(webbrowser_plugin_t, dir, ".mplayer")
> ')
>
> optional_policy(`
> - pcscd_stream_connect(mozilla_plugin_t)
> + pcscd_stream_connect(webbrowser_plugin_t)
> ')
>
> optional_policy(`
> - pulseaudio_run(mozilla_plugin_t, mozilla_plugin_roles)
> + pulseaudio_run(webbrowser_plugin_t, webbrowser_plugin_roles)
> ')
>
> optional_policy(`
> - udev_read_db(mozilla_plugin_t)
> + udev_read_db(webbrowser_plugin_t)
> ')
>
> optional_policy(`
> - xserver_read_user_xauth(mozilla_plugin_t)
> - xserver_read_xdm_pid(mozilla_plugin_t)
> - xserver_stream_connect(mozilla_plugin_t)
> - xserver_use_user_fonts(mozilla_plugin_t)
> - xserver_dontaudit_read_xdm_tmp_files(mozilla_plugin_t)
> + xserver_read_user_xauth(webbrowser_plugin_t)
> + xserver_read_xdm_pid(webbrowser_plugin_t)
> + xserver_stream_connect(webbrowser_plugin_t)
> + xserver_use_user_fonts(webbrowser_plugin_t)
> + xserver_dontaudit_read_xdm_tmp_files(webbrowser_plugin_t)
> ')
>
> ########################################
> @@ -626,96 +637,96 @@ optional_policy(`
> # Plugin config local policy
> #
>
> -allow mozilla_plugin_config_t self:capability { dac_override dac_read_search setgid setuid sys_nice };
> -allow mozilla_plugin_config_t self:process { setsched signal_perms getsched };
> -allow mozilla_plugin_config_t self:fifo_file rw_fifo_file_perms;
> -allow mozilla_plugin_config_t self:unix_stream_socket create_stream_socket_perms;
> +allow webbrowser_plugin_config_t self:capability { dac_override dac_read_search setgid setuid sys_nice };
> +allow webbrowser_plugin_config_t self:process { setsched signal_perms getsched };
> +allow webbrowser_plugin_config_t self:fifo_file rw_fifo_file_perms;
> +allow webbrowser_plugin_config_t self:unix_stream_socket create_stream_socket_perms;
>
> -allow mozilla_plugin_config_t mozilla_plugin_rw_t:dir manage_dir_perms;
> -allow mozilla_plugin_config_t mozilla_plugin_rw_t:file manage_file_perms;
> -allow mozilla_plugin_config_t mozilla_plugin_rw_t:lnk_file manage_lnk_file_perms;
> +allow webbrowser_plugin_config_t webbrowser_plugin_rw_t:dir manage_dir_perms;
> +allow webbrowser_plugin_config_t webbrowser_plugin_rw_t:file manage_file_perms;
> +allow webbrowser_plugin_config_t webbrowser_plugin_rw_t:lnk_file manage_lnk_file_perms;
>
> -manage_dirs_pattern(mozilla_plugin_config_t, { mozilla_home_t mozilla_plugin_home_t }, { mozilla_home_t mozilla_plugin_home_t })
> -manage_files_pattern(mozilla_plugin_config_t, { mozilla_home_t mozilla_plugin_home_t }, mozilla_plugin_home_t)
> -manage_lnk_files_pattern(mozilla_plugin_config_t, { mozilla_home_t mozilla_plugin_home_t }, mozilla_plugin_home_t)
> +manage_dirs_pattern(webbrowser_plugin_config_t, { webbrowser_home_t webbrowser_plugin_home_t }, { webbrowser_home_t webbrowser_plugin_home_t })
> +manage_files_pattern(webbrowser_plugin_config_t, { webbrowser_home_t webbrowser_plugin_home_t }, webbrowser_plugin_home_t)
> +manage_lnk_files_pattern(webbrowser_plugin_config_t, { webbrowser_home_t webbrowser_plugin_home_t }, webbrowser_plugin_home_t)
>
> -userdom_user_home_dir_filetrans(mozilla_plugin_config_t, mozilla_home_t, dir, ".galeon")
> -userdom_user_home_dir_filetrans(mozilla_plugin_config_t, mozilla_home_t, dir, ".mozilla")
> -userdom_user_home_dir_filetrans(mozilla_plugin_config_t, mozilla_home_t, dir, ".netscape")
> -userdom_user_home_dir_filetrans(mozilla_plugin_config_t, mozilla_home_t, dir, ".phoenix")
> +userdom_user_home_dir_filetrans(webbrowser_plugin_config_t, webbrowser_home_t, dir, ".galeon")
> +userdom_user_home_dir_filetrans(webbrowser_plugin_config_t, webbrowser_home_t, dir, ".mozilla")
> +userdom_user_home_dir_filetrans(webbrowser_plugin_config_t, webbrowser_home_t, dir, ".netscape")
> +userdom_user_home_dir_filetrans(webbrowser_plugin_config_t, webbrowser_home_t, dir, ".phoenix")
>
> -userdom_user_home_dir_filetrans(mozilla_plugin_config_t, mozilla_plugin_home_t, dir, ".adobe")
> -userdom_user_home_dir_filetrans(mozilla_plugin_config_t, mozilla_plugin_home_t, dir, ".macromedia")
> -userdom_user_home_dir_filetrans(mozilla_plugin_config_t, mozilla_plugin_home_t, dir, ".gnash")
> -userdom_user_home_dir_filetrans(mozilla_plugin_config_t, mozilla_plugin_home_t, dir, ".gcjwebplugin")
> -userdom_user_home_dir_filetrans(mozilla_plugin_config_t, mozilla_plugin_home_t, dir, ".icedteaplugin")
> -userdom_user_home_dir_filetrans(mozilla_plugin_config_t, mozilla_plugin_home_t, dir, ".spicec")
> -userdom_user_home_dir_filetrans(mozilla_plugin_config_t, mozilla_plugin_home_t, dir, ".ICAClient")
> -userdom_user_home_dir_filetrans(mozilla_plugin_config_t, mozilla_plugin_home_t, dir, "zimbrauserdata")
> +userdom_user_home_dir_filetrans(webbrowser_plugin_config_t, webbrowser_plugin_home_t, dir, ".adobe")
> +userdom_user_home_dir_filetrans(webbrowser_plugin_config_t, webbrowser_plugin_home_t, dir, ".macromedia")
> +userdom_user_home_dir_filetrans(webbrowser_plugin_config_t, webbrowser_plugin_home_t, dir, ".gnash")
> +userdom_user_home_dir_filetrans(webbrowser_plugin_config_t, webbrowser_plugin_home_t, dir, ".gcjwebplugin")
> +userdom_user_home_dir_filetrans(webbrowser_plugin_config_t, webbrowser_plugin_home_t, dir, ".icedteaplugin")
> +userdom_user_home_dir_filetrans(webbrowser_plugin_config_t, webbrowser_plugin_home_t, dir, ".spicec")
> +userdom_user_home_dir_filetrans(webbrowser_plugin_config_t, webbrowser_plugin_home_t, dir, ".ICAClient")
> +userdom_user_home_dir_filetrans(webbrowser_plugin_config_t, webbrowser_plugin_home_t, dir, "zimbrauserdata")
>
> -filetrans_pattern(mozilla_plugin_config_t, mozilla_home_t, mozilla_plugin_home_t, dir, "plugins")
> +filetrans_pattern(webbrowser_plugin_config_t, webbrowser_home_t, webbrowser_plugin_home_t, dir, "plugins")
>
> -can_exec(mozilla_plugin_config_t, { mozilla_plugin_rw_t mozilla_plugin_home_t })
> +can_exec(webbrowser_plugin_config_t, { webbrowser_plugin_rw_t webbrowser_plugin_home_t })
>
> -ps_process_pattern(mozilla_plugin_config_t, mozilla_plugin_t)
> +ps_process_pattern(webbrowser_plugin_config_t, webbrowser_plugin_t)
>
> -kernel_read_system_state(mozilla_plugin_config_t)
> -kernel_request_load_module(mozilla_plugin_config_t)
> +kernel_read_system_state(webbrowser_plugin_config_t)
> +kernel_request_load_module(webbrowser_plugin_config_t)
>
> -corecmd_exec_bin(mozilla_plugin_config_t)
> -corecmd_exec_shell(mozilla_plugin_config_t)
> +corecmd_exec_bin(webbrowser_plugin_config_t)
> +corecmd_exec_shell(webbrowser_plugin_config_t)
>
> -dev_read_urand(mozilla_plugin_config_t)
> -dev_rw_dri(mozilla_plugin_config_t)
> -dev_search_sysfs(mozilla_plugin_config_t)
> -dev_dontaudit_read_rand(mozilla_plugin_config_t)
> +dev_read_urand(webbrowser_plugin_config_t)
> +dev_rw_dri(webbrowser_plugin_config_t)
> +dev_search_sysfs(webbrowser_plugin_config_t)
> +dev_dontaudit_read_rand(webbrowser_plugin_config_t)
>
> -domain_use_interactive_fds(mozilla_plugin_config_t)
> +domain_use_interactive_fds(webbrowser_plugin_config_t)
>
> -files_list_tmp(mozilla_plugin_config_t)
> -files_read_usr_files(mozilla_plugin_config_t)
> -files_dontaudit_search_home(mozilla_plugin_config_t)
> +files_list_tmp(webbrowser_plugin_config_t)
> +files_read_usr_files(webbrowser_plugin_config_t)
> +files_dontaudit_search_home(webbrowser_plugin_config_t)
>
> -fs_getattr_all_fs(mozilla_plugin_config_t)
> -fs_search_auto_mountpoints(mozilla_plugin_config_t)
> -fs_list_inotifyfs(mozilla_plugin_config_t)
> +fs_getattr_all_fs(webbrowser_plugin_config_t)
> +fs_search_auto_mountpoints(webbrowser_plugin_config_t)
> +fs_list_inotifyfs(webbrowser_plugin_config_t)
>
> -auth_use_nsswitch(mozilla_plugin_config_t)
> +auth_use_nsswitch(webbrowser_plugin_config_t)
>
> -miscfiles_read_localization(mozilla_plugin_config_t)
> -miscfiles_read_fonts(mozilla_plugin_config_t)
> +miscfiles_read_localization(webbrowser_plugin_config_t)
> +miscfiles_read_fonts(webbrowser_plugin_config_t)
>
> -userdom_read_user_home_content_symlinks(mozilla_plugin_config_t)
> -userdom_read_user_home_content_files(mozilla_plugin_config_t)
> +userdom_read_user_home_content_symlinks(webbrowser_plugin_config_t)
> +userdom_read_user_home_content_files(webbrowser_plugin_config_t)
>
> -userdom_use_user_ptys(mozilla_plugin_config_t)
> +userdom_use_user_ptys(webbrowser_plugin_config_t)
>
> -mozilla_run_plugin(mozilla_plugin_config_t, mozilla_plugin_config_roles)
> +webbrowser_run_plugin(webbrowser_plugin_config_t, webbrowser_plugin_config_roles)
>
> tunable_policy(`allow_execmem',`
> - allow mozilla_plugin_config_t self:process execmem;
> + allow webbrowser_plugin_config_t self:process execmem;
> ')
>
> -tunable_policy(`mozilla_execstack',`
> - allow mozilla_plugin_config_t self:process { execmem execstack };
> +tunable_policy(`webbrowser_execstack',`
> + allow webbrowser_plugin_config_t self:process { execmem execstack };
> ')
>
> tunable_policy(`use_nfs_home_dirs',`
> - fs_manage_nfs_dirs(mozilla_plugin_config_t)
> - fs_manage_nfs_files(mozilla_plugin_config_t)
> - fs_manage_nfs_symlinks(mozilla_plugin_config_t)
> + fs_manage_nfs_dirs(webbrowser_plugin_config_t)
> + fs_manage_nfs_files(webbrowser_plugin_config_t)
> + fs_manage_nfs_symlinks(webbrowser_plugin_config_t)
> ')
>
> tunable_policy(`use_samba_home_dirs',`
> - fs_manage_cifs_dirs(mozilla_plugin_config_t)
> - fs_manage_cifs_files(mozilla_plugin_config_t)
> - fs_manage_cifs_symlinks(mozilla_plugin_config_t)
> + fs_manage_cifs_dirs(webbrowser_plugin_config_t)
> + fs_manage_cifs_files(webbrowser_plugin_config_t)
> + fs_manage_cifs_symlinks(webbrowser_plugin_config_t)
> ')
>
> optional_policy(`
> - automount_dontaudit_getattr_tmp_dirs(mozilla_plugin_config_t)
> + automount_dontaudit_getattr_tmp_dirs(webbrowser_plugin_config_t)
> ')
>
> optional_policy(`
> - xserver_use_user_fonts(mozilla_plugin_config_t)
> + xserver_use_user_fonts(webbrowser_plugin_config_t)
> ')
> Index: refpolicy-2.20180701/policy/modules/apps/mozilla.fc
> ===================================================================
> --- refpolicy-2.20180701.orig/policy/modules/apps/mozilla.fc
> +++ refpolicy-2.20180701/policy/modules/apps/mozilla.fc
> @@ -1,42 +1,42 @@
> -HOME_DIR/\.cache/mozilla(/.*)? gen_context(system_u:object_r:mozilla_xdg_cache_t,s0)
> -HOME_DIR/\.galeon(/.*)? gen_context(system_u:object_r:mozilla_home_t,s0)
> -HOME_DIR/\.mozilla(/.*)? gen_context(system_u:object_r:mozilla_home_t,s0)
> -HOME_DIR/\.mozilla/plugins(/.*)? gen_context(system_u:object_r:mozilla_plugin_home_t,s0)
> -HOME_DIR/\.netscape(/.*)? gen_context(system_u:object_r:mozilla_home_t,s0)
> -HOME_DIR/\.phoenix(/.*)? gen_context(system_u:object_r:mozilla_home_t,s0)
> -HOME_DIR/\.vimperator.* gen_context(system_u:object_r:mozilla_home_t,s0)
> +HOME_DIR/\.cache/mozilla(/.*)? gen_context(system_u:object_r:webbrowser_xdg_cache_t,s0)
> +HOME_DIR/\.galeon(/.*)? gen_context(system_u:object_r:webbrowser_home_t,s0)
> +HOME_DIR/\.mozilla(/.*)? gen_context(system_u:object_r:webbrowser_home_t,s0)
> +HOME_DIR/\.mozilla/plugins(/.*)? gen_context(system_u:object_r:webbrowser_plugin_home_t,s0)
> +HOME_DIR/\.netscape(/.*)? gen_context(system_u:object_r:webbrowser_home_t,s0)
> +HOME_DIR/\.phoenix(/.*)? gen_context(system_u:object_r:webbrowser_home_t,s0)
> +HOME_DIR/\.vimperator.* gen_context(system_u:object_r:webbrowser_home_t,s0)
>
> -HOME_DIR/\.adobe(/.*)? gen_context(system_u:object_r:mozilla_plugin_home_t,s0)
> -HOME_DIR/\.macromedia(/.*)? gen_context(system_u:object_r:mozilla_plugin_home_t,s0)
> -HOME_DIR/\.gnash(/.*)? gen_context(system_u:object_r:mozilla_plugin_home_t,s0)
> -HOME_DIR/\.gcjwebplugin(/.*)? gen_context(system_u:object_r:mozilla_plugin_home_t,s0)
> -HOME_DIR/\.icedteaplugin(/.*)? gen_context(system_u:object_r:mozilla_plugin_home_t,s0)
> -HOME_DIR/\.spicec(/.*)? gen_context(system_u:object_r:mozilla_plugin_home_t,s0)
> -HOME_DIR/\.ICAClient(/.*)? gen_context(system_u:object_r:mozilla_plugin_home_t,s0)
> -HOME_DIR/zimbrauserdata(/.*)? gen_context(system_u:object_r:mozilla_plugin_home_t,s0)
> +HOME_DIR/\.adobe(/.*)? gen_context(system_u:object_r:webbrowser_plugin_home_t,s0)
> +HOME_DIR/\.macromedia(/.*)? gen_context(system_u:object_r:webbrowser_plugin_home_t,s0)
> +HOME_DIR/\.gnash(/.*)? gen_context(system_u:object_r:webbrowser_plugin_home_t,s0)
> +HOME_DIR/\.gcjwebplugin(/.*)? gen_context(system_u:object_r:webbrowser_plugin_home_t,s0)
> +HOME_DIR/\.icedteaplugin(/.*)? gen_context(system_u:object_r:webbrowser_plugin_home_t,s0)
> +HOME_DIR/\.spicec(/.*)? gen_context(system_u:object_r:webbrowser_plugin_home_t,s0)
> +HOME_DIR/\.ICAClient(/.*)? gen_context(system_u:object_r:webbrowser_plugin_home_t,s0)
> +HOME_DIR/zimbrauserdata(/.*)? gen_context(system_u:object_r:webbrowser_plugin_home_t,s0)
>
> -/usr/bin/epiphany -- gen_context(system_u:object_r:mozilla_exec_t,s0)
> -/usr/bin/epiphany-bin -- gen_context(system_u:object_r:mozilla_exec_t,s0)
> -/usr/bin/mozilla -- gen_context(system_u:object_r:mozilla_exec_t,s0)
> -/usr/bin/mozilla-snapshot -- gen_context(system_u:object_r:mozilla_exec_t,s0)
> -/usr/bin/mozilla-[0-9].* -- gen_context(system_u:object_r:mozilla_exec_t,s0)
> -/usr/bin/mozilla-bin-[0-9].* -- gen_context(system_u:object_r:mozilla_exec_t,s0)
> -/usr/bin/netscape -- gen_context(system_u:object_r:mozilla_exec_t,s0)
> -/usr/bin/nspluginscan -- gen_context(system_u:object_r:mozilla_plugin_exec_t,s0)
> -/usr/bin/nspluginviewer -- gen_context(system_u:object_r:mozilla_plugin_exec_t,s0)
> +/usr/bin/epiphany -- gen_context(system_u:object_r:webbrowser_exec_t,s0)
> +/usr/bin/epiphany-bin -- gen_context(system_u:object_r:webbrowser_exec_t,s0)
> +/usr/bin/mozilla -- gen_context(system_u:object_r:webbrowser_exec_t,s0)
> +/usr/bin/mozilla-snapshot -- gen_context(system_u:object_r:webbrowser_exec_t,s0)
> +/usr/bin/mozilla-[0-9].* -- gen_context(system_u:object_r:webbrowser_exec_t,s0)
> +/usr/bin/mozilla-bin-[0-9].* -- gen_context(system_u:object_r:webbrowser_exec_t,s0)
> +/usr/bin/netscape -- gen_context(system_u:object_r:webbrowser_exec_t,s0)
> +/usr/bin/nspluginscan -- gen_context(system_u:object_r:webbrowser_plugin_exec_t,s0)
> +/usr/bin/nspluginviewer -- gen_context(system_u:object_r:webbrowser_plugin_exec_t,s0)
>
> -/usr/lib/[^/]*firefox[^/]*/firefox -- gen_context(system_u:object_r:mozilla_exec_t,s0)
> -/usr/lib/[^/]*firefox[^/]*/firefox-bin -- gen_context(system_u:object_r:mozilla_exec_t,s0)
> -/usr/lib/firefox[^/]*/firefox-.* -- gen_context(system_u:object_r:mozilla_exec_t,s0)
> -/usr/lib/firefox[^/]*/mozilla-.* -- gen_context(system_u:object_r:mozilla_exec_t,s0)
> -/usr/lib/galeon/galeon -- gen_context(system_u:object_r:mozilla_exec_t,s0)
> -/usr/lib/iceweasel/iceweasel -- gen_context(system_u:object_r:mozilla_exec_t,s0)
> -/usr/lib/iceweasel/plugin-container -- gen_context(system_u:object_r:mozilla_plugin_exec_t,s0)
> -/usr/lib/mozilla[^/]*/reg.+ -- gen_context(system_u:object_r:mozilla_exec_t,s0)
> -/usr/lib/mozilla[^/]*/mozilla-.* -- gen_context(system_u:object_r:mozilla_exec_t,s0)
> -/usr/lib/mozilla/plugins-wrapped(/.*)? gen_context(system_u:object_r:mozilla_plugin_rw_t,s0)
> -/usr/lib/netscape/base-4/wrapper -- gen_context(system_u:object_r:mozilla_exec_t,s0)
> -/usr/lib/netscape/.+/communicator/communicator-smotif\.real -- gen_context(system_u:object_r:mozilla_exec_t,s0)
> -/usr/lib/nspluginwrapper/npviewer.bin -- gen_context(system_u:object_r:mozilla_plugin_exec_t,s0)
> -/usr/lib/nspluginwrapper/plugin-config -- gen_context(system_u:object_r:mozilla_plugin_config_exec_t,s0)
> -/usr/lib/xulrunner[^/]*/plugin-container -- gen_context(system_u:object_r:mozilla_plugin_exec_t,s0)
> +/usr/lib/[^/]*firefox[^/]*/firefox -- gen_context(system_u:object_r:webbrowser_exec_t,s0)
> +/usr/lib/[^/]*firefox[^/]*/firefox-bin -- gen_context(system_u:object_r:webbrowser_exec_t,s0)
> +/usr/lib/firefox[^/]*/firefox-.* -- gen_context(system_u:object_r:webbrowser_exec_t,s0)
> +/usr/lib/firefox[^/]*/mozilla-.* -- gen_context(system_u:object_r:webbrowser_exec_t,s0)
> +/usr/lib/galeon/galeon -- gen_context(system_u:object_r:webbrowser_exec_t,s0)
> +/usr/lib/iceweasel/iceweasel -- gen_context(system_u:object_r:webbrowser_exec_t,s0)
> +/usr/lib/iceweasel/plugin-container -- gen_context(system_u:object_r:webbrowser_plugin_exec_t,s0)
> +/usr/lib/mozilla[^/]*/reg.+ -- gen_context(system_u:object_r:webbrowser_exec_t,s0)
> +/usr/lib/mozilla[^/]*/mozilla-.* -- gen_context(system_u:object_r:webbrowser_exec_t,s0)
> +/usr/lib/mozilla/plugins-wrapped(/.*)? gen_context(system_u:object_r:webbrowser_plugin_rw_t,s0)
> +/usr/lib/netscape/base-4/wrapper -- gen_context(system_u:object_r:webbrowser_exec_t,s0)
> +/usr/lib/netscape/.+/communicator/communicator-smotif\.real -- gen_context(system_u:object_r:webbrowser_exec_t,s0)
> +/usr/lib/nspluginwrapper/npviewer.bin -- gen_context(system_u:object_r:webbrowser_plugin_exec_t,s0)
> +/usr/lib/nspluginwrapper/plugin-config -- gen_context(system_u:object_r:webbrowser_plugin_config_exec_t,s0)
> +/usr/lib/xulrunner[^/]*/plugin-container -- gen_context(system_u:object_r:webbrowser_plugin_exec_t,s0)
> Index: refpolicy-2.20180701/policy/modules/apps/mozilla.if
> ===================================================================
> --- refpolicy-2.20180701.orig/policy/modules/apps/mozilla.if
> +++ refpolicy-2.20180701/policy/modules/apps/mozilla.if
> @@ -2,7 +2,7 @@
>
> ########################################
> ## <summary>
> -## Role access for mozilla.
> +## Role access for graphical web browser.
> ## </summary>
> ## <param name="role">
> ## <summary>
> @@ -15,12 +15,12 @@
> ## </summary>
> ## </param>
> #
> -interface(`mozilla_role',`
> +interface(`webbrowser_role',`
> gen_require(`
> - type mozilla_t, mozilla_exec_t, mozilla_home_t;
> - type mozilla_tmp_t, mozilla_tmpfs_t, mozilla_plugin_tmp_t;
> - type mozilla_plugin_tmpfs_t, mozilla_plugin_home_t;
> - attribute_role mozilla_roles;
> + type webbrowser_t, webbrowser_exec_t, webbrowser_home_t;
> + type webbrowser_tmp_t, webbrowser_tmpfs_t, webbrowser_plugin_tmp_t;
> + type webbrowser_plugin_tmpfs_t, webbrowser_plugin_home_t;
> + attribute_role webbrowser_roles;
> ')
>
> ########################################
> @@ -28,53 +28,53 @@ interface(`mozilla_role',`
> # Declarations
> #
>
> - roleattribute $1 mozilla_roles;
> + roleattribute $1 webbrowser_roles;
>
> ########################################
> #
> # Policy
> #
>
> - domtrans_pattern($2, mozilla_exec_t, mozilla_t)
> + domtrans_pattern($2, webbrowser_exec_t, webbrowser_t)
>
> - allow $2 mozilla_t:process { noatsecure siginh rlimitinh ptrace signal_perms };
> - ps_process_pattern($2, mozilla_t)
> + allow $2 webbrowser_t:process { noatsecure siginh rlimitinh ptrace signal_perms };
> + ps_process_pattern($2, webbrowser_t)
>
> - allow mozilla_t $2:process signull;
> - allow mozilla_t $2:unix_stream_socket connectto;
> + allow webbrowser_t $2:process signull;
> + allow webbrowser_t $2:unix_stream_socket connectto;
>
> - allow $2 mozilla_t:fd use;
> - allow $2 mozilla_t:shm rw_shm_perms;
> + allow $2 webbrowser_t:fd use;
> + allow $2 webbrowser_t:shm rw_shm_perms;
>
> - stream_connect_pattern($2, mozilla_tmpfs_t, mozilla_tmpfs_t, mozilla_t)
> + stream_connect_pattern($2, webbrowser_tmpfs_t, webbrowser_tmpfs_t, webbrowser_t)
>
> - allow $2 { mozilla_home_t mozilla_plugin_home_t }:dir { manage_dir_perms relabel_dir_perms };
> - allow $2 { mozilla_home_t mozilla_plugin_home_t }:file { manage_file_perms relabel_file_perms };
> - allow $2 mozilla_home_t:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms };
> - userdom_user_home_dir_filetrans($2, mozilla_home_t, dir, ".galeon")
> - userdom_user_home_dir_filetrans($2, mozilla_home_t, dir, ".mozilla")
> - userdom_user_home_dir_filetrans($2, mozilla_home_t, dir, ".netscape")
> - userdom_user_home_dir_filetrans($2, mozilla_home_t, dir, ".phoenix")
> + allow $2 { webbrowser_home_t webbrowser_plugin_home_t }:dir { manage_dir_perms relabel_dir_perms };
> + allow $2 { webbrowser_home_t webbrowser_plugin_home_t }:file { manage_file_perms relabel_file_perms };
> + allow $2 webbrowser_home_t:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms };
> + userdom_user_home_dir_filetrans($2, webbrowser_home_t, dir, ".galeon")
> + userdom_user_home_dir_filetrans($2, webbrowser_home_t, dir, ".mozilla")
> + userdom_user_home_dir_filetrans($2, webbrowser_home_t, dir, ".netscape")
> + userdom_user_home_dir_filetrans($2, webbrowser_home_t, dir, ".phoenix")
>
> - filetrans_pattern($2, mozilla_home_t, mozilla_plugin_home_t, dir, "plugins")
> + filetrans_pattern($2, webbrowser_home_t, webbrowser_plugin_home_t, dir, "plugins")
>
> - allow $2 { mozilla_tmp_t mozilla_plugin_tmp_t }:dir { manage_dir_perms relabel_dir_perms };
> - allow $2 { mozilla_tmp_t mozilla_plugin_tmp_t }:file { manage_file_perms relabel_file_perms };
> - allow $2 mozilla_plugin_tmp_t:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms };
> + allow $2 { webbrowser_tmp_t webbrowser_plugin_tmp_t }:dir { manage_dir_perms relabel_dir_perms };
> + allow $2 { webbrowser_tmp_t webbrowser_plugin_tmp_t }:file { manage_file_perms relabel_file_perms };
> + allow $2 webbrowser_plugin_tmp_t:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms };
>
> - allow $2 { mozilla_tmpfs_t mozilla_plugin_tmpfs_t }:dir { manage_dir_perms relabel_dir_perms };
> - allow $2 { mozilla_tmpfs_t mozilla_plugin_tmpfs_t }:file { manage_file_perms relabel_file_perms };
> - allow $2 { mozilla_tmpfs_t mozilla_plugin_tmpfs_t }:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms };
> - allow $2 { mozilla_tmpfs_t mozilla_plugin_tmpfs_t }:sock_file { manage_sock_file_perms relabel_sock_file_perms };
> + allow $2 { webbrowser_tmpfs_t webbrowser_plugin_tmpfs_t }:dir { manage_dir_perms relabel_dir_perms };
> + allow $2 { webbrowser_tmpfs_t webbrowser_plugin_tmpfs_t }:file { manage_file_perms relabel_file_perms };
> + allow $2 { webbrowser_tmpfs_t webbrowser_plugin_tmpfs_t }:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms };
> + allow $2 { webbrowser_tmpfs_t webbrowser_plugin_tmpfs_t }:sock_file { manage_sock_file_perms relabel_sock_file_perms };
>
> optional_policy(`
> - mozilla_dbus_chat($2)
> + webbrowser_dbus_chat($2)
> ')
> ')
>
> ########################################
> ## <summary>
> -## Role access for mozilla plugin.
> +## Role access for web browser plugin.
> ## </summary>
> ## <param name="role">
> ## <summary>
> @@ -87,60 +87,60 @@ interface(`mozilla_role',`
> ## </summary>
> ## </param>
> #
> -interface(`mozilla_role_plugin',`
> +interface(`webbrowser_role_plugin',`
> gen_require(`
> - type mozilla_plugin_tmp_t, mozilla_plugin_tmpfs_t, mozilla_plugin_rw_t;
> - type mozilla_home_t;
> + type webbrowser_plugin_tmp_t, webbrowser_plugin_tmpfs_t, webbrowser_plugin_rw_t;
> + type webbrowser_home_t;
> ')
>
> - mozilla_run_plugin($2, $1)
> - mozilla_run_plugin_config($2, $1)
> + webbrowser_run_plugin($2, $1)
> + webbrowser_run_plugin_config($2, $1)
>
> - allow $2 { mozilla_plugin_t mozilla_plugin_config_t }:process { ptrace signal_perms };
> - ps_process_pattern($2, { mozilla_plugin_t mozilla_plugin_config_t })
> + allow $2 { webbrowser_plugin_t webbrowser_plugin_config_t }:process { ptrace signal_perms };
> + ps_process_pattern($2, { webbrowser_plugin_t webbrowser_plugin_config_t })
>
> - allow $2 mozilla_plugin_t:unix_stream_socket rw_socket_perms;
> - allow $2 mozilla_plugin_t:fd use;
> + allow $2 webbrowser_plugin_t:unix_stream_socket rw_socket_perms;
> + allow $2 webbrowser_plugin_t:fd use;
>
> - stream_connect_pattern($2, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t, mozilla_plugin_t)
> + stream_connect_pattern($2, webbrowser_plugin_tmpfs_t, webbrowser_plugin_tmpfs_t, webbrowser_plugin_t)
>
> - allow mozilla_plugin_t $2:process signull;
> - allow mozilla_plugin_t $2:unix_stream_socket { connectto rw_socket_perms };
> - allow mozilla_plugin_t $2:unix_dgram_socket { sendto rw_socket_perms };
> - allow mozilla_plugin_t $2:shm { rw_shm_perms destroy };
> - allow mozilla_plugin_t $2:sem create_sem_perms;
> + allow webbrowser_plugin_t $2:process signull;
> + allow webbrowser_plugin_t $2:unix_stream_socket { connectto rw_socket_perms };
> + allow webbrowser_plugin_t $2:unix_dgram_socket { sendto rw_socket_perms };
> + allow webbrowser_plugin_t $2:shm { rw_shm_perms destroy };
> + allow webbrowser_plugin_t $2:sem create_sem_perms;
>
> - allow $2 mozilla_home_t:dir { manage_dir_perms relabel_dir_perms };
> - allow $2 mozilla_home_t:file { manage_file_perms relabel_file_perms };
> - allow $2 mozilla_home_t:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms };
> - userdom_user_home_dir_filetrans($2, mozilla_home_t, dir, ".galeon")
> - userdom_user_home_dir_filetrans($2, mozilla_home_t, dir, ".mozilla")
> - userdom_user_home_dir_filetrans($2, mozilla_home_t, dir, ".netscape")
> - userdom_user_home_dir_filetrans($2, mozilla_home_t, dir, ".phoenix")
> + allow $2 webbrowser_home_t:dir { manage_dir_perms relabel_dir_perms };
> + allow $2 webbrowser_home_t:file { manage_file_perms relabel_file_perms };
> + allow $2 webbrowser_home_t:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms };
> + userdom_user_home_dir_filetrans($2, webbrowser_home_t, dir, ".galeon")
> + userdom_user_home_dir_filetrans($2, webbrowser_home_t, dir, ".mozilla")
> + userdom_user_home_dir_filetrans($2, webbrowser_home_t, dir, ".netscape")
> + userdom_user_home_dir_filetrans($2, webbrowser_home_t, dir, ".phoenix")
>
> - allow $2 mozilla_plugin_tmp_t:dir { manage_dir_perms relabel_dir_perms };
> - allow $2 mozilla_plugin_tmp_t:file { manage_file_perms relabel_file_perms };
> - allow $2 mozilla_plugin_tmp_t:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms };
> + allow $2 webbrowser_plugin_tmp_t:dir { manage_dir_perms relabel_dir_perms };
> + allow $2 webbrowser_plugin_tmp_t:file { manage_file_perms relabel_file_perms };
> + allow $2 webbrowser_plugin_tmp_t:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms };
>
> - allow $2 mozilla_plugin_tmpfs_t:dir { manage_dir_perms relabel_dir_perms };
> - allow $2 mozilla_plugin_tmpfs_t:file { manage_file_perms relabel_file_perms };
> - allow $2 mozilla_plugin_tmpfs_t:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms };
> - allow $2 mozilla_plugin_tmpfs_t:sock_file { manage_sock_file_perms relabel_sock_file_perms };
> + allow $2 webbrowser_plugin_tmpfs_t:dir { manage_dir_perms relabel_dir_perms };
> + allow $2 webbrowser_plugin_tmpfs_t:file { manage_file_perms relabel_file_perms };
> + allow $2 webbrowser_plugin_tmpfs_t:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms };
> + allow $2 webbrowser_plugin_tmpfs_t:sock_file { manage_sock_file_perms relabel_sock_file_perms };
>
> - allow $2 mozilla_plugin_rw_t:dir list_dir_perms;
> - allow $2 mozilla_plugin_rw_t:file read_file_perms;
> - allow $2 mozilla_plugin_rw_t:lnk_file read_lnk_file_perms;
> + allow $2 webbrowser_plugin_rw_t:dir list_dir_perms;
> + allow $2 webbrowser_plugin_rw_t:file read_file_perms;
> + allow $2 webbrowser_plugin_rw_t:lnk_file read_lnk_file_perms;
>
> - can_exec($2, mozilla_plugin_rw_t)
> + can_exec($2, webbrowser_plugin_rw_t)
>
> optional_policy(`
> - mozilla_dbus_chat_plugin($2)
> + webbrowser_dbus_chat_plugin($2)
> ')
> ')
>
> ########################################
> ## <summary>
> -## Read mozilla home directory content.
> +## Read web browser home directory content.
> ## </summary>
> ## <param name="domain">
> ## <summary>
> @@ -148,20 +148,20 @@ interface(`mozilla_role_plugin',`
> ## </summary>
> ## </param>
> #
> -interface(`mozilla_read_user_home_files',`
> +interface(`webbrowser_read_user_home_files',`
> gen_require(`
> - type mozilla_home_t;
> + type webbrowser_home_t;
> ')
>
> userdom_search_user_home_dirs($1)
> - allow $1 mozilla_home_t:dir list_dir_perms;
> - allow $1 mozilla_home_t:file read_file_perms;
> - allow $1 mozilla_home_t:lnk_file read_lnk_file_perms;
> + allow $1 webbrowser_home_t:dir list_dir_perms;
> + allow $1 webbrowser_home_t:file read_file_perms;
> + allow $1 webbrowser_home_t:lnk_file read_lnk_file_perms;
> ')
>
> ########################################
> ## <summary>
> -## Write mozilla home directory files.
> +## Write web browser home directory files.
> ## </summary>
> ## <param name="domain">
> ## <summary>
> @@ -169,19 +169,19 @@ interface(`mozilla_read_user_home_files'
> ## </summary>
> ## </param>
> #
> -interface(`mozilla_write_user_home_files',`
> +interface(`webbrowser_write_user_home_files',`
> gen_require(`
> - type mozilla_home_t;
> + type webbrowser_home_t;
> ')
>
> userdom_search_user_home_dirs($1)
> - write_files_pattern($1, mozilla_home_t, mozilla_home_t)
> + write_files_pattern($1, webbrowser_home_t, webbrowser_home_t)
> ')
>
> ########################################
> ## <summary>
> ## Do not audit attempts to read and
> -## write mozilla home directory files.
> +## write web browser home directory files.
> ## </summary>
> ## <param name="domain">
> ## <summary>
> @@ -189,18 +189,18 @@ interface(`mozilla_write_user_home_files
> ## </summary>
> ## </param>
> #
> -interface(`mozilla_dontaudit_rw_user_home_files',`
> +interface(`webbrowser_dontaudit_rw_user_home_files',`
> gen_require(`
> - type mozilla_home_t;
> + type webbrowser_home_t;
> ')
>
> - dontaudit $1 mozilla_home_t:file rw_file_perms;
> + dontaudit $1 webbrowser_home_t:file rw_file_perms;
> ')
>
> ########################################
> ## <summary>
> ## Do not audit attempt to Create,
> -## read, write, and delete mozilla
> +## read, write, and delete web browser
> ## home directory content.
> ## </summary>
> ## <param name="domain">
> @@ -209,19 +209,19 @@ interface(`mozilla_dontaudit_rw_user_hom
> ## </summary>
> ## </param>
> #
> -interface(`mozilla_dontaudit_manage_user_home_files',`
> +interface(`webbrowser_dontaudit_manage_user_home_files',`
> gen_require(`
> - type mozilla_home_t;
> + type webbrowser_home_t;
> ')
>
> - dontaudit $1 mozilla_home_t:dir manage_dir_perms;
> - dontaudit $1 mozilla_home_t:file manage_file_perms;
> - dontaudit $1 mozilla_home_t:lnk_file manage_lnk_file_perms;
> + dontaudit $1 webbrowser_home_t:dir manage_dir_perms;
> + dontaudit $1 webbrowser_home_t:file manage_file_perms;
> + dontaudit $1 webbrowser_home_t:lnk_file manage_lnk_file_perms;
> ')
>
> ########################################
> ## <summary>
> -## Execute mozilla plugin home directory files.
> +## Execute web browser plugin home directory files.
> ## </summary>
> ## <param name="domain">
> ## <summary>
> @@ -229,13 +229,13 @@ interface(`mozilla_dontaudit_manage_user
> ## </summary>
> ## </param>
> #
> -interface(`mozilla_exec_user_plugin_home_files',`
> +interface(`webbrowser_exec_user_plugin_home_files',`
> gen_require(`
> - type mozilla_home_t, mozilla_plugin_home_t;
> + type webbrowser_home_t, webbrowser_plugin_home_t;
> ')
>
> userdom_search_user_home_dirs($1)
> - exec_files_pattern($1, { mozilla_home_t mozilla_plugin_home_t }, mozilla_plugin_home_t)
> + exec_files_pattern($1, { webbrowser_home_t webbrowser_plugin_home_t }, webbrowser_plugin_home_t)
> ')
>
> ########################################
> @@ -249,17 +249,17 @@ interface(`mozilla_exec_user_plugin_home
> ## </summary>
> ## </param>
> #
> -interface(`mozilla_execmod_user_plugin_home_files',`
> +interface(`webbrowser_execmod_user_plugin_home_files',`
> gen_require(`
> - type mozilla_plugin_home_t;
> + type webbrowser_plugin_home_t;
> ')
>
> - allow $1 mozilla_plugin_home_t:file execmod;
> + allow $1 webbrowser_plugin_home_t:file execmod;
> ')
>
> #######################################
> ## <summary>
> -## Read temporary mozilla files.
> +## Read temporary web browser files.
> ## </summary>
> ## <param name="domain">
> ## <summary>
> @@ -267,17 +267,17 @@ interface(`mozilla_execmod_user_plugin_h
> ## </summary>
> ## </param>
> #
> -interface(`mozilla_read_tmp_files',`
> +interface(`webbrowser_read_tmp_files',`
> gen_require(`
> - type mozilla_tmp_t;
> + type webbrowser_tmp_t;
> ')
>
> - read_files_pattern($1, mozilla_tmp_t, mozilla_tmp_t)
> + read_files_pattern($1, webbrowser_tmp_t, webbrowser_tmp_t)
> ')
>
> ########################################
> ## <summary>
> -## Run mozilla in the mozilla domain.
> +## Run web browser in the web browser domain.
> ## </summary>
> ## <param name="domain">
> ## <summary>
> @@ -285,19 +285,19 @@ interface(`mozilla_read_tmp_files',`
> ## </summary>
> ## </param>
> #
> -interface(`mozilla_domtrans',`
> +interface(`webbrowser_domtrans',`
> gen_require(`
> - type mozilla_t, mozilla_exec_t;
> + type webbrowser_t, webbrowser_exec_t;
> ')
>
> corecmd_search_bin($1)
> - domtrans_pattern($1, mozilla_exec_t, mozilla_t)
> + domtrans_pattern($1, webbrowser_exec_t, webbrowser_t)
> ')
>
> ########################################
> ## <summary>
> ## Execute a domain transition to
> -## run mozilla plugin.
> +## run web browser plugin.
> ## </summary>
> ## <param name="domain">
> ## <summary>
> @@ -305,20 +305,20 @@ interface(`mozilla_domtrans',`
> ## </summary>
> ## </param>
> #
> -interface(`mozilla_domtrans_plugin',`
> +interface(`webbrowser_domtrans_plugin',`
> gen_require(`
> - type mozilla_plugin_t, mozilla_plugin_exec_t;
> + type webbrowser_plugin_t, webbrowser_plugin_exec_t;
> ')
>
> corecmd_search_bin($1)
> - domtrans_pattern($1, mozilla_plugin_exec_t, mozilla_plugin_t)
> + domtrans_pattern($1, webbrowser_plugin_exec_t, webbrowser_plugin_t)
> ')
>
> ########################################
> ## <summary>
> -## Execute mozilla plugin in the
> -## mozilla plugin domain, and allow
> -## the specified role the mozilla
> +## Execute web browser plugin in the
> +## web browser plugin domain, and allow
> +## the specified role the web browser
> ## plugin domain.
> ## </summary>
> ## <param name="domain">
> @@ -332,19 +332,19 @@ interface(`mozilla_domtrans_plugin',`
> ## </summary>
> ## </param>
> #
> -interface(`mozilla_run_plugin',`
> +interface(`webbrowser_run_plugin',`
> gen_require(`
> - attribute_role mozilla_plugin_roles;
> + attribute_role webbrowser_plugin_roles;
> ')
>
> - mozilla_domtrans_plugin($1)
> - roleattribute $2 mozilla_plugin_roles;
> + webbrowser_domtrans_plugin($1)
> + roleattribute $2 webbrowser_plugin_roles;
> ')
>
> ########################################
> ## <summary>
> ## Execute a domain transition to
> -## run mozilla plugin config.
> +## run web browser plugin config.
> ## </summary>
> ## <param name="domain">
> ## <summary>
> @@ -352,21 +352,21 @@ interface(`mozilla_run_plugin',`
> ## </summary>
> ## </param>
> #
> -interface(`mozilla_domtrans_plugin_config',`
> +interface(`webbrowser_domtrans_plugin_config',`
> gen_require(`
> - type mozilla_plugin_config_t, mozilla_plugin_config_exec_t;
> + type webbrowser_plugin_config_t, webbrowser_plugin_config_exec_t;
> ')
>
> corecmd_search_bin($1)
> - domtrans_pattern($1, mozilla_plugin_config_exec_t, mozilla_plugin_config_t)
> + domtrans_pattern($1, webbrowser_plugin_config_exec_t, webbrowser_plugin_config_t)
> ')
>
> ########################################
> ## <summary>
> -## Execute mozilla plugin config in
> -## the mozilla plugin config domain,
> +## Execute web browser plugin config in
> +## the web browser plugin config domain,
> ## and allow the specified role the
> -## mozilla plugin config domain.
> +## web browser plugin config domain.
> ## </summary>
> ## <param name="domain">
> ## <summary>
> @@ -379,19 +379,19 @@ interface(`mozilla_domtrans_plugin_confi
> ## </summary>
> ## </param>
> #
> -interface(`mozilla_run_plugin_config',`
> +interface(`webbrowser_run_plugin_config',`
> gen_require(`
> - attribute_role mozilla_plugin_config_roles;
> + attribute_role webbrowser_plugin_config_roles;
> ')
>
> - mozilla_domtrans_plugin_config($1)
> - roleattribute $2 mozilla_plugin_config_roles;
> + webbrowser_domtrans_plugin_config($1)
> + roleattribute $2 webbrowser_plugin_config_roles;
> ')
>
> ########################################
> ## <summary>
> ## Send and receive messages from
> -## mozilla over dbus.
> +## web browser over dbus.
> ## </summary>
> ## <param name="domain">
> ## <summary>
> @@ -399,20 +399,20 @@ interface(`mozilla_run_plugin_config',`
> ## </summary>
> ## </param>
> #
> -interface(`mozilla_dbus_chat',`
> +interface(`webbrowser_dbus_chat',`
> gen_require(`
> - type mozilla_t;
> + type webbrowser_t;
> class dbus send_msg;
> ')
>
> - allow $1 mozilla_t:dbus send_msg;
> - allow mozilla_t $1:dbus send_msg;
> + allow $1 webbrowser_t:dbus send_msg;
> + allow webbrowser_t $1:dbus send_msg;
> ')
>
> ########################################
> ## <summary>
> ## Send and receive messages from
> -## mozilla plugin over dbus.
> +## web browser plugin over dbus.
> ## </summary>
> ## <param name="domain">
> ## <summary>
> @@ -420,19 +420,19 @@ interface(`mozilla_dbus_chat',`
> ## </summary>
> ## </param>
> #
> -interface(`mozilla_dbus_chat_plugin',`
> +interface(`webbrowser_dbus_chat_plugin',`
> gen_require(`
> - type mozilla_plugin_t;
> + type webbrowser_plugin_t;
> class dbus send_msg;
> ')
>
> - allow $1 mozilla_plugin_t:dbus send_msg;
> - allow mozilla_plugin_t $1:dbus send_msg;
> + allow $1 webbrowser_plugin_t:dbus send_msg;
> + allow webbrowser_plugin_t $1:dbus send_msg;
> ')
>
> ########################################
> ## <summary>
> -## Read and write mozilla TCP sockets.
> +## Read and write web browser TCP sockets.
> ## </summary>
> ## <param name="domain">
> ## <summary>
> @@ -440,18 +440,18 @@ interface(`mozilla_dbus_chat_plugin',`
> ## </summary>
> ## </param>
> #
> -interface(`mozilla_rw_tcp_sockets',`
> +interface(`webbrowser_rw_tcp_sockets',`
> gen_require(`
> - type mozilla_t;
> + type webbrowser_t;
> ')
>
> - allow $1 mozilla_t:tcp_socket rw_socket_perms;
> + allow $1 webbrowser_t:tcp_socket rw_socket_perms;
> ')
>
> ########################################
> ## <summary>
> ## Create, read, write, and delete
> -## mozilla plugin rw files.
> +## web browser plugin rw files.
> ## </summary>
> ## <param name="domain">
> ## <summary>
> @@ -459,18 +459,18 @@ interface(`mozilla_rw_tcp_sockets',`
> ## </summary>
> ## </param>
> #
> -interface(`mozilla_manage_plugin_rw_files',`
> +interface(`webbrowser_manage_plugin_rw_files',`
> gen_require(`
> - type mozilla_plugin_rw_t;
> + type webbrowser_plugin_rw_t;
> ')
>
> libs_search_lib($1)
> - manage_files_pattern($1, mozilla_plugin_rw_t, mozilla_plugin_rw_t)
> + manage_files_pattern($1, webbrowser_plugin_rw_t, webbrowser_plugin_rw_t)
> ')
>
> ########################################
> ## <summary>
> -## Read mozilla_plugin tmpfs files.
> +## Read webbrowser_plugin tmpfs files.
> ## </summary>
> ## <param name="domain">
> ## <summary>
> @@ -478,18 +478,18 @@ interface(`mozilla_manage_plugin_rw_file
> ## </summary>
> ## </param>
> #
> -interface(`mozilla_plugin_read_tmpfs_files',`
> +interface(`webbrowser_plugin_read_tmpfs_files',`
> gen_require(`
> - type mozilla_plugin_tmpfs_t;
> + type webbrowser_plugin_tmpfs_t;
> ')
>
> fs_search_tmpfs($1)
> - allow $1 mozilla_plugin_tmpfs_t:file read_file_perms;
> + allow $1 webbrowser_plugin_tmpfs_t:file read_file_perms;
> ')
>
> ########################################
> ## <summary>
> -## Delete mozilla_plugin tmpfs files.
> +## Delete webbrowser_plugin tmpfs files.
> ## </summary>
> ## <param name="domain">
> ## <summary>
> @@ -497,19 +497,19 @@ interface(`mozilla_plugin_read_tmpfs_fil
> ## </summary>
> ## </param>
> #
> -interface(`mozilla_plugin_delete_tmpfs_files',`
> +interface(`webbrowser_plugin_delete_tmpfs_files',`
> gen_require(`
> - type mozilla_plugin_tmpfs_t;
> + type webbrowser_plugin_tmpfs_t;
> ')
>
> fs_search_tmpfs($1)
> - allow $1 mozilla_plugin_tmpfs_t:file delete_file_perms;
> + allow $1 webbrowser_plugin_tmpfs_t:file delete_file_perms;
> ')
>
> ########################################
> ## <summary>
> ## Create, read, write, and delete
> -## generic mozilla plugin home content.
> +## generic web browser plugin home content.
> ## </summary>
> ## <param name="domain">
> ## <summary>
> @@ -517,23 +517,23 @@ interface(`mozilla_plugin_delete_tmpfs_f
> ## </summary>
> ## </param>
> #
> -interface(`mozilla_manage_generic_plugin_home_content',`
> +interface(`webbrowser_manage_generic_plugin_home_content',`
> gen_require(`
> - type mozilla_plugin_home_t;
> + type webbrowser_plugin_home_t;
> ')
>
> userdom_search_user_home_dirs($1)
> - allow $1 mozilla_plugin_home_t:dir manage_dir_perms;
> - allow $1 mozilla_plugin_home_t:file manage_file_perms;
> - allow $1 mozilla_plugin_home_t:fifo_file manage_fifo_file_perms;
> - allow $1 mozilla_plugin_home_t:lnk_file manage_lnk_file_perms;
> - allow $1 mozilla_plugin_home_t:sock_file manage_sock_file_perms;
> + allow $1 webbrowser_plugin_home_t:dir manage_dir_perms;
> + allow $1 webbrowser_plugin_home_t:file manage_file_perms;
> + allow $1 webbrowser_plugin_home_t:fifo_file manage_fifo_file_perms;
> + allow $1 webbrowser_plugin_home_t:lnk_file manage_lnk_file_perms;
> + allow $1 webbrowser_plugin_home_t:sock_file manage_sock_file_perms;
> ')
>
> ########################################
> ## <summary>
> ## Create objects in user home
> -## directories with the generic mozilla
> +## directories with the generic web browser
> ## plugin home type.
> ## </summary>
> ## <param name="domain">
> @@ -552,10 +552,10 @@ interface(`mozilla_manage_generic_plugin
> ## </summary>
> ## </param>
> #
> -interface(`mozilla_home_filetrans_plugin_home',`
> +interface(`webbrowser_home_filetrans_plugin_home',`
> gen_require(`
> - type mozilla_plugin_home_t;
> + type webbrowser_plugin_home_t;
> ')
>
> - userdom_user_home_dir_filetrans($1, mozilla_plugin_home_t, $2, $3)
> + userdom_user_home_dir_filetrans($1, webbrowser_plugin_home_t, $2, $3)
> ')
> Index: refpolicy-2.20180701/policy/modules/roles/staff.te
> ===================================================================
> --- refpolicy-2.20180701.orig/policy/modules/roles/staff.te
> +++ refpolicy-2.20180701/policy/modules/roles/staff.te
> @@ -142,7 +142,7 @@ ifndef(`distro_redhat',`
> ')
>
> optional_policy(`
> - mozilla_role(staff_r, staff_t)
> + webbrowser_role(staff_r, staff_t)
> ')
>
> optional_policy(`
> Index: refpolicy-2.20180701/policy/modules/roles/sysadm.te
> ===================================================================
> --- refpolicy-2.20180701.orig/policy/modules/roles/sysadm.te
> +++ refpolicy-2.20180701/policy/modules/roles/sysadm.te
> @@ -652,7 +652,7 @@ optional_policy(`
> ')
>
> optional_policy(`
> - mozilla_role(sysadm_r, sysadm_t)
> + webbrowser_role(sysadm_r, sysadm_t)
> ')
>
> optional_policy(`
> Index: refpolicy-2.20180701/policy/modules/roles/unprivuser.te
> ===================================================================
> --- refpolicy-2.20180701.orig/policy/modules/roles/unprivuser.te
> +++ refpolicy-2.20180701/policy/modules/roles/unprivuser.te
> @@ -114,7 +114,7 @@ ifndef(`distro_redhat',`
> ')
>
> optional_policy(`
> - mozilla_role(user_r, user_t)
> + webbrowser_role(user_r, user_t)
> ')
>
> optional_policy(`
> Index: refpolicy-2.20180701/policy/modules/roles/xguest.te
> ===================================================================
> --- refpolicy-2.20180701.orig/policy/modules/roles/xguest.te
> +++ refpolicy-2.20180701/policy/modules/roles/xguest.te
> @@ -103,7 +103,7 @@ optional_policy(`
> ')
>
> optional_policy(`
> - mozilla_role(xguest_r, xguest_t)
> + webbrowser_role(xguest_r, xguest_t)
> ')
>
> optional_policy(`
> Index: refpolicy-2.20180701/policy/modules/admin/prelink.te
> ===================================================================
> --- refpolicy-2.20180701.orig/policy/modules/admin/prelink.te
> +++ refpolicy-2.20180701/policy/modules/admin/prelink.te
> @@ -141,7 +141,7 @@ optional_policy(`
> ')
>
> optional_policy(`
> - mozilla_manage_plugin_rw_files(prelink_t)
> + webbrowser_manage_plugin_rw_files(prelink_t)
> ')
>
> optional_policy(`
> Index: refpolicy-2.20180701/policy/modules/apps/evolution.te
> ===================================================================
> --- refpolicy-2.20180701.orig/policy/modules/apps/evolution.te
> +++ refpolicy-2.20180701/policy/modules/apps/evolution.te
> @@ -291,8 +291,8 @@ optional_policy(`
> ')
>
> optional_policy(`
> - mozilla_read_user_home_files(evolution_t)
> - mozilla_domtrans(evolution_t)
> + webbrowser_read_user_home_files(evolution_t)
> + webbrowser_domtrans(evolution_t)
> ')
>
> optional_policy(`
> Index: refpolicy-2.20180701/policy/modules/apps/gpg.te
> ===================================================================
> --- refpolicy-2.20180701.orig/policy/modules/apps/gpg.te
> +++ refpolicy-2.20180701/policy/modules/apps/gpg.te
> @@ -171,7 +171,7 @@ optional_policy(`
> ')
>
> optional_policy(`
> - mozilla_dontaudit_rw_user_home_files(gpg_t)
> + webbrowser_dontaudit_rw_user_home_files(gpg_t)
> ')
>
> optional_policy(`
> @@ -306,7 +306,7 @@ optional_policy(`
> ')
>
> optional_policy(`
> - mozilla_dontaudit_rw_user_home_files(gpg_agent_t)
> + webbrowser_dontaudit_rw_user_home_files(gpg_agent_t)
> ')
>
> optional_policy(`
> Index: refpolicy-2.20180701/policy/modules/apps/openoffice.te
> ===================================================================
> --- refpolicy-2.20180701.orig/policy/modules/apps/openoffice.te
> +++ refpolicy-2.20180701/policy/modules/apps/openoffice.te
> @@ -140,8 +140,8 @@ optional_policy(`
> ')
>
> optional_policy(`
> - mozilla_domtrans(ooffice_t)
> - mozilla_read_tmp_files(ooffice_t)
> + webbrowser_domtrans(ooffice_t)
> + webbrowser_read_tmp_files(ooffice_t)
> ')
>
> optional_policy(`
> Index: refpolicy-2.20180701/policy/modules/apps/seunshare.te
> ===================================================================
> --- refpolicy-2.20180701.orig/policy/modules/apps/seunshare.te
> +++ refpolicy-2.20180701/policy/modules/apps/seunshare.te
> @@ -39,6 +39,6 @@ ifdef(`hide_broken_symptoms', `
> fs_dontaudit_rw_anon_inodefs_files(seunshare_t)
>
> optional_policy(`
> - mozilla_dontaudit_manage_user_home_files(seunshare_t)
> + webbrowser_dontaudit_manage_user_home_files(seunshare_t)
> ')
> ')
> Index: refpolicy-2.20180701/policy/modules/apps/thunderbird.te
> ===================================================================
> --- refpolicy-2.20180701.orig/policy/modules/apps/thunderbird.te
> +++ refpolicy-2.20180701/policy/modules/apps/thunderbird.te
> @@ -151,7 +151,7 @@ optional_policy(`
> ')
>
> optional_policy(`
> - mozilla_dbus_chat(thunderbird_t)
> + webbrowser_dbus_chat(thunderbird_t)
> ')
> ')
>
> @@ -175,8 +175,8 @@ optional_policy(`
> ')
>
> optional_policy(`
> - mozilla_read_user_home_files(thunderbird_t)
> - mozilla_domtrans(thunderbird_t)
> + webbrowser_read_user_home_files(thunderbird_t)
> + webbrowser_domtrans(thunderbird_t)
> ')
>
> optional_policy(`
> Index: refpolicy-2.20180701/policy/modules/apps/wm.te
> ===================================================================
> --- refpolicy-2.20180701.orig/policy/modules/apps/wm.te
> +++ refpolicy-2.20180701/policy/modules/apps/wm.te
> @@ -126,7 +126,7 @@ optional_policy(`
> ')
>
> optional_policy(`
> - mozilla_dbus_chat(wm_domain)
> + webbrowser_dbus_chat(wm_domain)
> ')
>
> optional_policy(`
