From: dominick.grift@gmail.com (Dominick Grift) Date: Mon, 11 Mar 2013 09:22:17 +0100 Subject: [refpolicy] [PATCH 1/6] mplayer streams HTTP resources In-Reply-To: <1362927170-31116-2-git-send-email-sven.vermeulen@siphos.be> References: <1362927170-31116-1-git-send-email-sven.vermeulen@siphos.be> <1362927170-31116-2-git-send-email-sven.vermeulen@siphos.be> Message-ID: <1362990137.8756.0.camel@d30> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Sun, 2013-03-10 at 15:52 +0100, Sven Vermeulen wrote: > Needed to allow mplayer to stream HTTP resources (like webradios). Merged with additional networking rules for compatibility, Thanks > Signed-off-by: Sven Vermeulen > --- > mplayer.te | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/mplayer.te b/mplayer.te > index 9aca704..802e494 100644 > --- a/mplayer.te > +++ b/mplayer.te > @@ -130,6 +130,7 @@ tunable_policy(`use_samba_home_dirs',` > allow mplayer_t self:process { signal_perms getsched }; > allow mplayer_t self:fifo_file rw_fifo_file_perms; > allow mplayer_t self:sem create_sem_perms; > +allow mplayer_t self:udp_socket create_socket_perms; > > allow mplayer_t mplayer_etc_t:dir list_dir_perms; > allow mplayer_t mplayer_etc_t:file read_file_perms; > @@ -155,6 +156,8 @@ kernel_read_kernel_sysctls(mplayer_t) > corecmd_exec_bin(mplayer_t) > corecmd_exec_shell(mplayer_t) > > +corenet_tcp_connect_http_port(mplayer_t) > + > dev_read_rand(mplayer_t) > dev_read_realtime_clock(mplayer_t) > dev_read_sound_mixer(mplayer_t)