From: sven.vermeulen@siphos.be (Sven Vermeulen) Date: Sun, 6 Apr 2014 11:45:33 +0200 Subject: [refpolicy] [PATCH 1/3] Introduce alsa domains In-Reply-To: <533F1495.3050305@tresys.com> References: <1396188552-16007-1-git-send-email-sven.vermeulen@siphos.be> <1396188552-16007-2-git-send-email-sven.vermeulen@siphos.be> <533F1495.3050305@tresys.com> Message-ID: <20140406094532.GA24920@siphos.be> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Fri, Apr 04, 2014 at 04:22:45PM -0400, Christopher J. PeBenito wrote: [...] > > As this means that all ALSA enabled domains need access to the > > semaphores of all other ALSA enabled domains, starting to sum up all > > these domains is not manageable. As a result, an attribute called > > "alsadomain" is created which is assigned to all domains that use ALSA. > > Then, we grant the following: > > > > allow alsadomain alsadomain:sem create_sem_perms; > > allow alsadomain alsadomain:shm rw_shm_perms; [...] > > allow alsadomain alsatmpfsfile:file rw_file_perms; > > > > With this in place, we now create an interface called "alsa_domain" that > > assigns the attributes to the ALSA enabled applications, such as this: > > > > alsa_domain(mplayer_t, mplayer_tmpfs_t) > > This is a frightening access. Are you sure there isn't some tool we can (ab)use to run on boot so that the correct IPC objects are created, e.g. with an alsa_t type? There is an "aserver" application but I have no idea if that does what you would want it to do. The only information I found about it was a user that couldn't get it to work, and there is no documentation on it. The code makes me believe it doesn't register the same IPC resources as the ALSA plugins - it seems to be more about proxying requests towards a remote system. The "aserver" application is also not called in any init script here. Another approach we might be interested in taking is to support SELinux transitions for IPC resources based on the provided IPC key. IPC keys are statically used identifiers that applications, who want to access the same IPC resources, use to differentiate one IPC resource from another. So it's similar to a file name in that regards - but of course not the same. Unlike IPC identifiers (which are generated by the Linux kernel upon reservation of an IPC resource) IPC keys remain the same. For instance, in alsa-lib, the default alsa.conf sets: defaults.pcm.ipc_key 5678923 If we would support transitions for IPC resources based on the key, that would be very flexible. But that will need updates on linux/security/selinux as that isn't supported as of yet. Wkr, Sven Vermeulen