Description of problem:

The recent update to selinux-policy causes many more denials. In particular, using Okular with kpartsplugin in Firefox triggers a denial if one tries to save a copy of the PDF. This behaviour is new: previously, this functionality worked fine with the default settings.

The details of the denial show, I think, that it is selinux-policy-targeted which causes the denial. (But I don't know much about selinux yet, I'm afraid.)

Version-Release number of selected component (if applicable):

selinux-policy-3.10.0-169.fc17.noarch
xulrunner-21.0-4.fc17.x86_64

How reproducible:

Happens every time since the update.

Steps to Reproduce:
1. Ensure system is updated and that Firefox, Okular and kpartsplugin are available.
2. Open Firefox.
3. Ensure that Firefox is set to open PDF files with kpartsplugin and that Okular is the default PDF viewer in system settings.
4. In Firefox, find a PDF somewhere.
5. Open the PDF.
6. Save a copy.

Actual results:

The PDF is not downloaded or saved and that an alert is triggered for selinux. (But no permissions error is generated by Okular/Firefox/kpartsplugin.)

Expected results:

Based on previous behaviour, I expected the PDF to be saved. Failing this, I would expect some kind of informative error message from Okular/Firefox/kpartsplugin.

I am not sure whether the change in behaviour is intended or not.

Additional info:

Secondary click on a link to the PDF allows the PDF to be saved in cases where this is permitted by the website concerned. So the issue is not with saving a PDF to e.g. a directory under ~ per se but only doing so via Okular/kpartsplugin.