From: dominick.grift@gmail.com (Dominick Grift)
Date: Mon, 11 Mar 2013 09:22:17 +0100
Subject: [refpolicy] [PATCH 1/6] mplayer streams HTTP resources
In-Reply-To: <1362927170-31116-2-git-send-email-sven.vermeulen@siphos.be>
References: <1362927170-31116-1-git-send-email-sven.vermeulen@siphos.be>
	<1362927170-31116-2-git-send-email-sven.vermeulen@siphos.be>
Message-ID: <1362990137.8756.0.camel@d30>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Sun, 2013-03-10 at 15:52 +0100, Sven Vermeulen wrote:
> Needed to allow mplayer to stream HTTP resources (like webradios).

Merged with additional networking rules for compatibility, Thanks

> Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
> ---
>  mplayer.te | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/mplayer.te b/mplayer.te
> index 9aca704..802e494 100644
> --- a/mplayer.te
> +++ b/mplayer.te
> @@ -130,6 +130,7 @@ tunable_policy(`use_samba_home_dirs',`
>  allow mplayer_t self:process { signal_perms getsched };
>  allow mplayer_t self:fifo_file rw_fifo_file_perms;
>  allow mplayer_t self:sem create_sem_perms;
> +allow mplayer_t self:udp_socket create_socket_perms;
>  
>  allow mplayer_t mplayer_etc_t:dir list_dir_perms;
>  allow mplayer_t mplayer_etc_t:file read_file_perms;
> @@ -155,6 +156,8 @@ kernel_read_kernel_sysctls(mplayer_t)
>  corecmd_exec_bin(mplayer_t)
>  corecmd_exec_shell(mplayer_t)
>  
> +corenet_tcp_connect_http_port(mplayer_t)
> +
>  dev_read_rand(mplayer_t)
>  dev_read_realtime_clock(mplayer_t)
>  dev_read_sound_mixer(mplayer_t)