From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Mon, 14 Mar 2011 11:29:05 -0400 Subject: [refpolicy] [PATCH 07/15] Allow mozilla to read the alsa config files In-Reply-To: <1299757900.4243.12.camel@tesla.lan> References: <20110309211357.GA4709@siphos.be> <1299710762.2974.31.camel@tesla.lan> <4D788A12.7030700@gmail.com> <1299757900.4243.12.camel@tesla.lan> Message-ID: <4D7E3441.6040701@tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 03/10/11 06:51, Guido Trentalancia wrote: > Hello Dominick ! > > On Thu, 10/03/2011 at 09.21 +0100, Dominick Grift wrote: >> On 03/09/2011 11:46 PM, Guido Trentalancia wrote: >>> I have the same question as for [PATCH 05/15]. Tested at least with the >>> moonlight plugin and with the totem plugin. Sounds strange... >> >> probably because you were using pulseaudio? > > Indeed. Just do not consider that then. This makes me think that we need a more abstract pulseaudio interface, perhaps pulseaudio_client(), which has this access and also others. It looks like the interface should include: pulseaudio_stream_connect() pulseaudio_exec() optional_policy(`alsa_read_rw_config()') and possibly corenet_tcp_connect_pulseaudio_port() corenet_sendrecv_pulseaudio_client_packets() though we probably want to make those conditional. >>> Regards, >>> >>> Guido >>> >>> On Wed, 09/03/2011 at 22.13 +0100, Sven Vermeulen wrote: >>>> In order to allow firefox plugins playing music through ALSA, the mozilla >>>> domain needs read access on the alsa_rw_config files. >>>> >>>> Signed-off-by: Sven Vermeulen >>>> --- >>>> policy/modules/apps/mozilla.te | 4 ++++ >>>> 1 files changed, 4 insertions(+), 0 deletions(-) >>>> >>>> diff --git a/policy/modules/apps/mozilla.te b/policy/modules/apps/mozilla.te >>>> index c8c459c..6e0f04f 100644 >>>> --- a/policy/modules/apps/mozilla.te >>>> +++ b/policy/modules/apps/mozilla.te >>>> @@ -223,6 +223,10 @@ tunable_policy(`mozilla_read_content',` >>>> ') >>>> >>>> optional_policy(` >>>> + alsa_read_rw_config(mozilla_t) >>>> +') >>>> + >>>> +optional_policy(` >>>> apache_read_user_scripts(mozilla_t) >>>> apache_read_user_content(mozilla_t) >>>> ') -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com