From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Tue, 27 Aug 2013 12:42:11 +0200
Subject: [refpolicy] [PATCH 7/7] Alsasound init script writes
	asound.state file
In-Reply-To: <521B509C.4000008@tresys.com>
References: <1376765506-28924-1-git-send-email-sven.vermeulen@siphos.be>
	<1376765506-28924-8-git-send-email-sven.vermeulen@siphos.be>
	<521B509C.4000008@tresys.com>
Message-ID: <CAPzO=Nz5Ayjdeof=XfKauGT2zZ7KqytKTO+tCgaCmphUkwWMhw@mail.gmail.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Mon, Aug 26, 2013 at 2:57 PM, Christopher J. PeBenito
<cpebenito@tresys.com> wrote:
>> diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
>> index a97372a..08dd000 100644
>> --- a/policy/modules/system/init.te
>> +++ b/policy/modules/system/init.te
>> @@ -578,6 +578,10 @@ ifdef(`distro_suse',`
>>  ')
>>
>>  optional_policy(`
>> +     alsa_write_lib(initrc_t)
>> +')
>> +
>> +optional_policy(`
>>       amavis_search_lib(initrc_t)
>>       amavis_setattr_pid_files(initrc_t)
>>  ')
>
> Shouldn't this be handled by alsa_t?
>

It is the /etc/init.d/alsasound init script itself that is writing
into /var/lib/alsa, for instance:

        for ossfile in /proc/asound/card*/pcm*/oss; do
                [ -e "${ossfile}" ] || continue
                local device=${ossfile##/proc/asound/} ; device=${device%%/oss}
                device="$(echo "${device}" | sed -e 's,/,_,g')"
                mkdir -p "${alsastatedir}/oss/"
                cp "${ossfile}" "${alsastatedir}/oss/${device}"
        done

Here, ${alsastatedir} = /var/lib/alsa.

It does seem however that the asound.state itself is handled by
alsactl (and thus through alsa_t). Shall I update the description to
explain that it is for restoring OSS state information instead?

Wkr,
  Sven Vermeulen