Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp1666511ybb; Thu, 9 Apr 2020 06:49:47 -0700 (PDT) X-Google-Smtp-Source: APiQypIYUwNh/ld8pmHUmhgY+IVJl4mZ0rsGIzqisJpRrB1B71CY7WtY3XvMvgPtGwAgT/XiKfy5 X-Received: by 2002:a37:c403:: with SMTP id d3mr11891863qki.448.1586440187601; Thu, 09 Apr 2020 06:49:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1586440187; cv=none; d=google.com; s=arc-20160816; b=mjK0HQta4nWtVGQLc5xkJE/ojKdFGZlvqIvg6QR2gyT6obHLCL0MkH2PctBrcCDBwe 41/DdcfTv4ZjRQSWJbwnMfw5INgp0far4wIfa19wo7Zk5SJVd3BHHRq9+vV3SmQvX45y NqtM/oAq61gkTJV2W9c8CLdx4HzwJY/mKiv/KWO8vFqzu+hrAz9HgnGvCz9y9ydUtMZE 60T6lFdZsiryuw8z2q9X3RXziWVkCYEmFnsQ4i9r2kO1u7fBqsRJyYBDABsvVmMZ6WZl Aa6t5iUihZ/djstu/nwr/cFS/wACRdvSahea5mbPHQaRvIk1N4ZGBMsk/I9o4YVvViET N8gA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:references:to:subject:from:dkim-signature; bh=QUE0UqvSF9DmNyxtaA+axNmtLUaev+FXh3RmjodG4rc=; b=nLJt6SI/EZxD4AdUq++yzktvG8nb9R6X2qNlKxhZMvc5G0GCRkOBbDFxxKyHvC0WoA h/7UH01xzqYkepd3jAN9BmPcBW2ZYLtu+qPTldhBa0tXpXr6jWsRfmiT9q7VFYGjGeJY xqCOdix64JN+trtLLJDXRMa0//tqLpsKroPD0H0rCGsXnc1j3rRWknRXmhrMzhLavpyy rG83Z4fNiTUok9anICyjXEDTNsPeaqeEZuj/UNktRHWRiQJfV1PqLlC2DXiCi0r759nM pDWcfGJJYFLzDH+vqXTZ6UiNmP8EiRiDVSR4HfUVYdp9wrV+0yDjsGoOcW99+PEsBMru QDpQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ieee.org header.s=google header.b=RHvWgNCS; spf=pass (google.com: best guess record for domain of selinux-refpolicy-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ieee.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 70si5792315qkk.278.2020.04.09.06.49.45; Thu, 09 Apr 2020 06:49:47 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of selinux-refpolicy-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@ieee.org header.s=google header.b=RHvWgNCS; spf=pass (google.com: best guess record for domain of selinux-refpolicy-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ieee.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726949AbgDINtQ (ORCPT + 13 others); Thu, 9 Apr 2020 09:49:16 -0400 Received: from mail-qv1-f49.google.com ([209.85.219.49]:33658 "EHLO mail-qv1-f49.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726641AbgDINtQ (ORCPT ); Thu, 9 Apr 2020 09:49:16 -0400 Received: by mail-qv1-f49.google.com with SMTP id p19so5501585qve.0 for ; Thu, 09 Apr 2020 06:49:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ieee.org; s=google; h=from:subject:to:references:message-id:date:user-agent:mime-version :in-reply-to:content-language:content-transfer-encoding; bh=QUE0UqvSF9DmNyxtaA+axNmtLUaev+FXh3RmjodG4rc=; b=RHvWgNCSM/My1epzou5pQYAnqrg/30692MlziWGw2wwQwT925QrysOGqfNlkgjniLG IiYAkqU0pwWYwOO//Mh7Wz8NZbDL5SZoSW7ThO1RS+N6YHtl9ES9GLuKwmnj29LHhJUw vT7Fn1R/3iafup+4uWOKpCQNUF+IpFc4Ar3DQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:subject:to:references:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=QUE0UqvSF9DmNyxtaA+axNmtLUaev+FXh3RmjodG4rc=; b=fmvl2UPoDHXlitNejY2T/SISXH3k4GrhZOmjKV2gpXebpmmGhZbz7J81FgI3iyiyN8 Aa73NsTtEpJbfxrOUH+UlC2smcWfWIrmr9aphaKQTI+YHR+HPc+B1BKVkZaJCT5Bo363 XFANqSn70qzjvkHUUTDU6MSsS8FvyWRtNfa/XcBRIkcFL9Yg4H2k6kzQQVZN3lVu+vDH 9QoMPzQacYL0FQAtsFz7TqRUcsTTXXsrrt9PdAOG2QWVByE//CQR3PmjW31DROkn19TL tIhwlbFziBFG6a7OT4pqRGqLClfJ/I0X0lNDn3syXZ81kv1wlmSUerzCCn8PI4P7xqe7 oatw== X-Gm-Message-State: AGi0Pubj9KpnBuziOBkH3KP894jSnixBtAPmYaQt+AeUuFTJC/rNh5eA ckl4jLU6plwEVub1rSqP8u5UBVGuohs= X-Received: by 2002:a0c:b4aa:: with SMTP id c42mr97670qve.188.1586440155065; Thu, 09 Apr 2020 06:49:15 -0700 (PDT) Received: from fedora.pebenito.net (pool-108-15-23-247.bltmmd.fios.verizon.net. [108.15.23.247]) by smtp.gmail.com with ESMTPSA id s4sm22852080qte.36.2020.04.09.06.49.14 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 09 Apr 2020 06:49:14 -0700 (PDT) From: Chris PeBenito Subject: Re: pulseaudio patch To: Russell Coker , selinux-refpolicy@vger.kernel.org References: <20200405084400.GC177560@xev> Message-ID: <89a9f878-8e6d-644f-6a1d-e1355d882523@ieee.org> Date: Thu, 9 Apr 2020 09:39:46 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.6.0 MIME-Version: 1.0 In-Reply-To: <20200405084400.GC177560@xev> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: selinux-refpolicy-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux-refpolicy@vger.kernel.org On 4/5/20 4:44 AM, Russell Coker wrote: > Patch for pulseaudio against latest GIT > > Signed-off-by: Russell Coker > > > Index: refpolicy-2.20200209/policy/modules/apps/pulseaudio.te > =================================================================== > --- refpolicy-2.20200209.orig/policy/modules/apps/pulseaudio.te > +++ refpolicy-2.20200209/policy/modules/apps/pulseaudio.te > @@ -92,6 +92,8 @@ files_pid_filetrans(pulseaudio_t, pulsea > > manage_dirs_pattern(pulseaudio_t, pulseaudio_xdg_config_t, pulseaudio_xdg_config_t) > manage_files_pattern(pulseaudio_t, pulseaudio_xdg_config_t, pulseaudio_xdg_config_t) > +allow pulseaudio_t pulseaudio_xdg_config_t:file map; > + > xdg_config_filetrans(pulseaudio_t, pulseaudio_xdg_config_t, dir, "pulse") > > allow pulseaudio_t pulseaudio_client:process signull; > @@ -146,7 +148,7 @@ miscfiles_read_localization(pulseaudio_t > > seutil_read_config(pulseaudio_t) > > -userdom_read_user_tmpfs_files(pulseaudio_t) > +userdom_rw_user_tmpfs_files(pulseaudio_t) > userdom_map_user_tmpfs_files(pulseaudio_t) > userdom_delete_user_tmpfs_files(pulseaudio_t) > userdom_search_user_home_dirs(pulseaudio_t) > @@ -155,6 +157,7 @@ userdom_search_user_home_content(pulseau > userdom_manage_user_tmp_dirs(pulseaudio_t) > userdom_manage_user_tmp_files(pulseaudio_t) > userdom_manage_user_tmp_sockets(pulseaudio_t) > +userdom_write_all_user_runtime_named_sockets(pulseaudio_t) Does not exist in refpolicy. > tunable_policy(`pulseaudio_execmem',` > allow pulseaudio_t self:process execmem; > @@ -224,6 +227,13 @@ optional_policy(` > ') > > optional_policy(` > + # for /run/systemd/seats and /run/systemd/sessions > + systemd_read_logind_sessions_files(pulseaudio_t) > + # for /run/systemd/users/$PID > + systemd_read_logind_pids(pulseaudio_t) > +') > + > +optional_policy(` > udev_read_pid_files(pulseaudio_t) > udev_read_state(pulseaudio_t) > udev_read_db(pulseaudio_t) > Merged, though I dropped the one call above which doesn't exist in refpolicy. -- Chris PeBenito