selinux-policy/fix_java.patch

Index: fedora-policy/policy/modules/contrib/java.te
===================================================================
--- fedora-policy.orig/policy/modules/contrib/java.te	2019-08-05 13:50:32.925673660 +0200
+++ fedora-policy/policy/modules/contrib/java.te	2019-08-05 14:06:51.896425229 +0200
@@ -21,6 +21,7 @@ roleattribute system_r java_roles;
 attribute_role unconfined_java_roles;
 
 type java_t, java_domain;
+typealias java_t alias java_domain_t;
 type java_exec_t;
 userdom_user_application_domain(java_t, java_exec_t)
 typealias java_t alias { staff_javaplugin_t user_javaplugin_t sysadm_javaplugin_t };
@@ -71,19 +72,9 @@ can_exec(java_domain, { java_exec_t java
 kernel_read_all_sysctls(java_domain)
 kernel_search_vm_sysctl(java_domain)
 kernel_read_network_state(java_domain)
-kernel_read_system_state(java_domain)
 
 corecmd_search_bin(java_domain)
 
-corenet_all_recvfrom_unlabeled(java_domain)
-corenet_all_recvfrom_netlabel(java_domain)
-corenet_tcp_sendrecv_generic_if(java_domain)
-corenet_tcp_sendrecv_generic_node(java_domain)
-
-corenet_sendrecv_all_client_packets(java_domain)
-corenet_tcp_connect_all_ports(java_domain)
-corenet_tcp_sendrecv_all_ports(java_domain)
-
 dev_read_sound(java_domain)
 dev_write_sound(java_domain)
 dev_read_urand(java_domain)
@@ -95,8 +86,6 @@ files_read_etc_runtime_files(java_domain
 fs_getattr_all_fs(java_domain)
 fs_dontaudit_rw_tmpfs_files(java_domain)
 
-logging_send_syslog_msg(java_domain)
-
 miscfiles_read_localization(java_domain)
 miscfiles_read_fonts(java_domain)
Accepting request 734854 from home:jsegitz:branches:security:SELinux - Moved back to fedora policy (20190802) - Removed spec file conditionals for old SELinux userland - Removed config.tgz - Removed patches: * label_sysconfig.selinux.patch * label_var_run_rsyslog.patch * suse_additions_obs.patch * suse_additions_sslh.patch * suse_modifications_apache.patch * suse_modifications_cron.patch * suse_modifications_getty.patch * suse_modifications_logging.patch * suse_modifications_ntp.patch * suse_modifications_usermanage.patch * suse_modifications_virt.patch * suse_modifications_xserver.patch * sysconfig_network_scripts.patch * segenxml_interpreter.patch - Added patches: * fix_djbdns.patch * fix_dbus.patch * fix_gift.patch * fix_java.patch * fix_hadoop.patch * fix_thunderbird.patch * postfix_paths.patch * fix_nscd.patch * fix_sysnetwork.patch * fix_logging.patch * fix_xserver.patch OBS-URL: https://build.opensuse.org/request/show/734854 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=73 2019-10-04 04:15:03 +02:00			`Index: fedora-policy/policy/modules/contrib/java.te`
			`===================================================================`
			`--- fedora-policy.orig/policy/modules/contrib/java.te 2019-08-05 13:50:32.925673660 +0200`
			`+++ fedora-policy/policy/modules/contrib/java.te 2019-08-05 14:06:51.896425229 +0200`
			`@@ -21,6 +21,7 @@ roleattribute system_r java_roles;`
			`attribute_role unconfined_java_roles;`

			`type java_t, java_domain;`
			`+typealias java_t alias java_domain_t;`
			`type java_exec_t;`
			`userdom_user_application_domain(java_t, java_exec_t)`
			`typealias java_t alias { staff_javaplugin_t user_javaplugin_t sysadm_javaplugin_t };`
			`@@ -71,19 +72,9 @@ can_exec(java_domain, { java_exec_t java`
			`kernel_read_all_sysctls(java_domain)`
			`kernel_search_vm_sysctl(java_domain)`
			`kernel_read_network_state(java_domain)`
			`-kernel_read_system_state(java_domain)`

			`corecmd_search_bin(java_domain)`

			`-corenet_all_recvfrom_unlabeled(java_domain)`
			`-corenet_all_recvfrom_netlabel(java_domain)`
			`-corenet_tcp_sendrecv_generic_if(java_domain)`
			`-corenet_tcp_sendrecv_generic_node(java_domain)`
			`-`
			`-corenet_sendrecv_all_client_packets(java_domain)`
			`-corenet_tcp_connect_all_ports(java_domain)`
			`-corenet_tcp_sendrecv_all_ports(java_domain)`
			`-`
			`dev_read_sound(java_domain)`
			`dev_write_sound(java_domain)`
			`dev_read_urand(java_domain)`
			`@@ -95,8 +86,6 @@ files_read_etc_runtime_files(java_domain`
			`fs_getattr_all_fs(java_domain)`
			`fs_dontaudit_rw_tmpfs_files(java_domain)`

			`-logging_send_syslog_msg(java_domain)`
			`-`
			`miscfiles_read_localization(java_domain)`
			`miscfiles_read_fonts(java_domain)`