LinuxLists.cc - [refpolicy] [PATCH 1/1] Remove pulseaudio filename

2013-03-20 08:53:26

Subject: [refpolicy] [PATCH 1/1] Remove pulseaudio filename_trans conflict

The pulseaudio_role() interface currently defines explicit filename transitions
for three files/directories. However, these are already in effect as the domain
is assigned the pulseaudio_client attribute through the following:

pulseaudio_role()
-> pulseaudio_run
-> pulseaudio_domtrans
-> typeattribute $1 pulseaudio_client

The pulseaudio_client has these file name transitions already (cfr
pulseaudio.te).

Signed-off-by: Sven Vermeulen <[email protected]>
---
pulseaudio.if | 4 ----
1 file changed, 4 deletions(-)

diff --git a/pulseaudio.if b/pulseaudio.if
index fa3dc8e..45843b5 100644
--- a/pulseaudio.if
+++ b/pulseaudio.if
@@ -31,10 +31,6 @@ interface(`pulseaudio_role',`
allow $2 pulseaudio_home_t:file { manage_file_perms relabel_file_perms };
allow $2 pulseaudio_home_t:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms };

- userdom_user_home_dir_filetrans($2, pulseaudio_home_t, dir, ".pulse")
- userdom_user_home_dir_filetrans($2, pulseaudio_home_t, file, ".esd_auth")
- userdom_user_home_dir_filetrans($2, pulseaudio_home_t, file, ".pulse-cookie")
-
allow $2 { pulseaudio_tmpfs_t pulseaudio_tmpfsfile }:dir { manage_dir_perms relabel_dir_perms };
allow $2 { pulseaudio_tmpfs_t pulseaudio_tmpfsfile }:file { manage_file_perms relabel_file_perms };

--
1.8.1.5

2013-04-04 12:58:36

by cpebenito

[permalink] [raw]

Subject: [refpolicy] [PATCH 1/1] Remove pulseaudio filename_trans conflict

On 03/20/13 04:53, Sven Vermeulen wrote:
> The pulseaudio_role() interface currently defines explicit filename transitions
> for three files/directories. However, these are already in effect as the domain
> is assigned the pulseaudio_client attribute through the following:
>
> pulseaudio_role()
> -> pulseaudio_run
> -> pulseaudio_domtrans
> -> typeattribute $1 pulseaudio_client
>
> The pulseaudio_client has these file name transitions already (cfr
> pulseaudio.te).

Merged.

> Signed-off-by: Sven Vermeulen <[email protected]>
> ---
> pulseaudio.if | 4 ----
> 1 file changed, 4 deletions(-)
>
> diff --git a/pulseaudio.if b/pulseaudio.if
> index fa3dc8e..45843b5 100644
> --- a/pulseaudio.if
> +++ b/pulseaudio.if
> @@ -31,10 +31,6 @@ interface(`pulseaudio_role',`
> allow $2 pulseaudio_home_t:file { manage_file_perms relabel_file_perms };
> allow $2 pulseaudio_home_t:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms };
>
> - userdom_user_home_dir_filetrans($2, pulseaudio_home_t, dir, ".pulse")
> - userdom_user_home_dir_filetrans($2, pulseaudio_home_t, file, ".esd_auth")
> - userdom_user_home_dir_filetrans($2, pulseaudio_home_t, file, ".pulse-cookie")
> -
> allow $2 { pulseaudio_tmpfs_t pulseaudio_tmpfsfile }:dir { manage_dir_perms relabel_dir_perms };
> allow $2 { pulseaudio_tmpfs_t pulseaudio_tmpfsfile }:file { manage_file_perms relabel_file_perms };
>
>

--
Chris PeBenito
Tresys Technology, LLC
http://www.tresys.com | oss.tresys.com