From: domg472@gmail.com (Dominick Grift) Date: Mon, 14 Mar 2011 16:36:59 +0100 Subject: [refpolicy] [PATCH 07/15] Allow mozilla to read the alsa config files In-Reply-To: <4D7E3441.6040701@tresys.com> References: <20110309211357.GA4709@siphos.be> <1299710762.2974.31.camel@tesla.lan> <4D788A12.7030700@gmail.com> <1299757900.4243.12.camel@tesla.lan> <4D7E3441.6040701@tresys.com> Message-ID: <4D7E361B.1020707@gmail.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03/14/2011 04:29 PM, Christopher J. PeBenito wrote: > On 03/10/11 06:51, Guido Trentalancia wrote: >> Hello Dominick ! >> >> On Thu, 10/03/2011 at 09.21 +0100, Dominick Grift wrote: >>> On 03/09/2011 11:46 PM, Guido Trentalancia wrote: >>>> I have the same question as for [PATCH 05/15]. Tested at least with the >>>> moonlight plugin and with the totem plugin. Sounds strange... >>> >>> probably because you were using pulseaudio? >> >> Indeed. Just do not consider that then. > > This makes me think that we need a more abstract pulseaudio interface, > perhaps pulseaudio_client(), which has this access and also others. It > looks like the interface should include: > > pulseaudio_stream_connect() > pulseaudio_exec() > optional_policy(`alsa_read_rw_config()') > > and possibly > corenet_tcp_connect_pulseaudio_port() > corenet_sendrecv_pulseaudio_client_packets() > > though we probably want to make those conditional. i do have a pulseaudio_client_template() implemented in my personal policy: http://fedorapeople.org/gitweb?p=domg472/public_git/refpolicy.git;a=blob;f=policy/modules/apps/pulseaudio.if;h=44312194ff98ff1f04ce50fa182314076d95de77;hb=HEAD problem is that, to do this right in my view, we would need to rethink pulseaudio policy. I did only the gnome-pulseaudio part in my personal policy and i do not know how other desktop environments deal with pulseaudio, i also have not implemented pulseaudio as a system service policy. >>>> Regards, >>>> >>>> Guido >>>> >>>> On Wed, 09/03/2011 at 22.13 +0100, Sven Vermeulen wrote: >>>>> In order to allow firefox plugins playing music through ALSA, the mozilla >>>>> domain needs read access on the alsa_rw_config files. >>>>> >>>>> Signed-off-by: Sven Vermeulen >>>>> --- >>>>> policy/modules/apps/mozilla.te | 4 ++++ >>>>> 1 files changed, 4 insertions(+), 0 deletions(-) >>>>> >>>>> diff --git a/policy/modules/apps/mozilla.te b/policy/modules/apps/mozilla.te >>>>> index c8c459c..6e0f04f 100644 >>>>> --- a/policy/modules/apps/mozilla.te >>>>> +++ b/policy/modules/apps/mozilla.te >>>>> @@ -223,6 +223,10 @@ tunable_policy(`mozilla_read_content',` >>>>> ') >>>>> >>>>> optional_policy(` >>>>> + alsa_read_rw_config(mozilla_t) >>>>> +') >>>>> + >>>>> +optional_policy(` >>>>> apache_read_user_scripts(mozilla_t) >>>>> apache_read_user_content(mozilla_t) >>>>> ') > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk1+NhsACgkQMlxVo39jgT+GnwCbBBy/wL9vmmTrYLi5wX6wr6br 9H8An3JcShBgPymbnkUOzRoT8GZTCL0i =YpWC -----END PGP SIGNATURE-----