From: domg472@gmail.com (Dominick Grift) Date: Mon, 14 Mar 2011 16:42:10 +0100 Subject: [refpolicy] [PATCH 07/15] Allow mozilla to read the alsa config files In-Reply-To: <4D7E36CE.1080302@gmail.com> References: <20110309211357.GA4709@siphos.be> <1299710762.2974.31.camel@tesla.lan> <4D788A12.7030700@gmail.com> <1299757900.4243.12.camel@tesla.lan> <4D7E3441.6040701@tresys.com> <4D7E361B.1020707@gmail.com> <4D7E36CE.1080302@gmail.com> Message-ID: <4D7E3752.9040607@gmail.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03/14/2011 04:39 PM, Dominick Grift wrote: > On 03/14/2011 04:36 PM, Dominick Grift wrote: >> On 03/14/2011 04:29 PM, Christopher J. PeBenito wrote: >>> On 03/10/11 06:51, Guido Trentalancia wrote: >>>> Hello Dominick ! >>>> >>>> On Thu, 10/03/2011 at 09.21 +0100, Dominick Grift wrote: >>>>> On 03/09/2011 11:46 PM, Guido Trentalancia wrote: >>>>>> I have the same question as for [PATCH 05/15]. Tested at least with the >>>>>> moonlight plugin and with the totem plugin. Sounds strange... >>>>> >>>>> probably because you were using pulseaudio? >>>> >>>> Indeed. Just do not consider that then. > >>> This makes me think that we need a more abstract pulseaudio interface, >>> perhaps pulseaudio_client(), which has this access and also others. It >>> looks like the interface should include: > >>> pulseaudio_stream_connect() >>> pulseaudio_exec() I do not think one wants pulseaudio_exec, i think clients need to be able to (re) start pulseaudio in the pulseaudio domain. >>> optional_policy(`alsa_read_rw_config()') > >>> and possibly >>> corenet_tcp_connect_pulseaudio_port() >>> corenet_sendrecv_pulseaudio_client_packets() > >>> though we probably want to make those conditional. > > >> i do have a pulseaudio_client_template() implemented in my personal policy: > >> http://fedorapeople.org/gitweb?p=domg472/public_git/refpolicy.git;a=blob;f=policy/modules/apps/pulseaudio.if;h=44312194ff98ff1f04ce50fa182314076d95de77;hb=HEAD > >> problem is that, to do this right in my view, we would need to rethink >> pulseaudio policy. I did only the gnome-pulseaudio part in my personal >> policy and i do not know how other desktop environments deal with >> pulseaudio, i also have not implemented pulseaudio as a system service >> policy. > > > And becuase pulseaudio is so tightly integrated with gnome, in my view, > it would be best to implement policy for gnome as well (gconf, gnome > settings daemon etc) > > problem is that with gnome 3 coming up, things may (or may not) change > dramatically... so i do not know where to draw the line. > >>>>>> Regards, >>>>>> >>>>>> Guido >>>>>> >>>>>> On Wed, 09/03/2011 at 22.13 +0100, Sven Vermeulen wrote: >>>>>>> In order to allow firefox plugins playing music through ALSA, the mozilla >>>>>>> domain needs read access on the alsa_rw_config files. >>>>>>> >>>>>>> Signed-off-by: Sven Vermeulen >>>>>>> --- >>>>>>> policy/modules/apps/mozilla.te | 4 ++++ >>>>>>> 1 files changed, 4 insertions(+), 0 deletions(-) >>>>>>> >>>>>>> diff --git a/policy/modules/apps/mozilla.te b/policy/modules/apps/mozilla.te >>>>>>> index c8c459c..6e0f04f 100644 >>>>>>> --- a/policy/modules/apps/mozilla.te >>>>>>> +++ b/policy/modules/apps/mozilla.te >>>>>>> @@ -223,6 +223,10 @@ tunable_policy(`mozilla_read_content',` >>>>>>> ') >>>>>>> >>>>>>> optional_policy(` >>>>>>> + alsa_read_rw_config(mozilla_t) >>>>>>> +') >>>>>>> + >>>>>>> +optional_policy(` >>>>>>> apache_read_user_scripts(mozilla_t) >>>>>>> apache_read_user_content(mozilla_t) >>>>>>> ') > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk1+N1IACgkQMlxVo39jgT9aMACginVYJjp7FffStk6lfVlrZrZs xzcAn2nLDhznyqyk0rjYSfYlHKfTl9o4 =6eUT -----END PGP SIGNATURE-----