Make java user content access optional

The java_domain attribute covers many java related domains.
Historically, the privileges on the java domain have been quite open,
including the access to the users' personal files. However, this should
not be the case at all times - some administrators might want to reduce
this scope, and only grant specific domains (rather than the generic
java ones) the necessary accesses.

In this patch, the manage rights on the user content is moved under
support of specific java-related booleans.

Changes since v1:
 - Move tunable definition inside template

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>

1 files changed, 7 insertions, 6 deletions

diff --git a/policy/modules/contrib/java.te b/policy/modules/contrib/java.te
index f23a330b..78a994e0 100644
--- a/policy/modules/contrib/java.te
+++ b/policy/modules/contrib/java.te
@@ -109,15 +109,16 @@ miscfiles_read_fonts(java_domain)
 
 userdom_dontaudit_use_user_terminals(java_domain)
 userdom_dontaudit_exec_user_home_content_files(java_domain)
-userdom_manage_user_home_content_dirs(java_domain)
-userdom_manage_user_home_content_files(java_domain)
-userdom_manage_user_home_content_symlinks(java_domain)
-userdom_manage_user_home_content_pipes(java_domain)
-userdom_manage_user_home_content_sockets(java_domain)
-userdom_user_home_dir_filetrans_user_home_content(java_domain, { file lnk_file sock_file fifo_file })
 
+userdom_user_content_access_template(java, java_domain)
 userdom_write_user_tmp_sockets(java_domain)
 
+tunable_policy(`java_manage_generic_user_content',`
+	userdom_manage_user_home_content_pipes(java_domain)
+	userdom_manage_user_home_content_sockets(java_domain)
+	userdom_user_home_dir_filetrans_user_home_content(java_domain, { file lnk_file sock_file fifo_file })
+')
+
 ifdef(`distro_gentoo',`
 	# For java browser plugin accessing internet resources
 	allow java_domain self:netlink_route_socket create_netlink_socket_perms;