From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Sat,  5 Jul 2014 18:19:14 +0200
Subject: [refpolicy] [PATCH 1/1] Enable asound.state.lock support
Message-ID: <1404577154-22392-1-git-send-email-sven.vermeulen@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

>From alsa-utils-1.0.28 onwards, the alsactl command will use the
asound.state.lock file when managing alsa state operations.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 alsa.fc | 2 ++
 alsa.te | 6 ++++++
 2 files changed, 8 insertions(+)

diff --git a/alsa.fc b/alsa.fc
index 33d9d31..6c3c0ba 100644
--- a/alsa.fc
+++ b/alsa.fc
@@ -24,3 +24,5 @@ ifdef(`distro_debian',`
 /usr/share/alsa/pcm(/.*)?	gen_context(system_u:object_r:alsa_etc_rw_t,s0)
 
 /var/lib/alsa(/.*)?	gen_context(system_u:object_r:alsa_var_lib_t,s0)
+
+/var/lock/asound\.state\.lock	--	gen_context(system_u:object_r:alsa_var_lock_t,s0)
diff --git a/alsa.te b/alsa.te
index 814b426..6f7f2f9 100644
--- a/alsa.te
+++ b/alsa.te
@@ -24,6 +24,9 @@ files_tmpfs_file(alsa_tmpfs_t)
 type alsa_var_lib_t;
 files_type(alsa_var_lib_t)
 
+type alsa_var_lock_t;
+files_lock_file(alsa_var_lock_t)
+
 type alsa_home_t;
 userdom_user_home_content(alsa_home_t)
 
@@ -57,6 +60,9 @@ fs_tmpfs_filetrans(alsa_t, alsa_tmpfs_t, file)
 manage_dirs_pattern(alsa_t, alsa_var_lib_t, alsa_var_lib_t)
 manage_files_pattern(alsa_t, alsa_var_lib_t, alsa_var_lib_t)
 
+allow alsa_t alsa_var_lock_t:file manage_file_perms;
+files_lock_filetrans(alsa_t, alsa_var_lock_t, file);
+
 kernel_read_system_state(alsa_t)
 
 corecmd_exec_bin(alsa_t)
-- 
1.8.5.5