From: jason@perfinion.com (Jason Zaman)
Date: Sat, 28 May 2016 04:36:24 +0800
Subject: [refpolicy] [PATCH v3 2/7] pulseaudio: fcontext and filetrans for
	/run/user/ID/pulse/
In-Reply-To: <1464381389-24284-1-git-send-email-jason@perfinion.com>
References: <1464381389-24284-1-git-send-email-jason@perfinion.com>
Message-ID: <1464381389-24284-2-git-send-email-jason@perfinion.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

---
 pulseaudio.te | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/pulseaudio.te b/pulseaudio.te
index 169d0bc..bfdf36d 100644
--- a/pulseaudio.te
+++ b/pulseaudio.te
@@ -56,6 +56,7 @@ manage_dirs_pattern(pulseaudio_t, pulseaudio_tmp_t, pulseaudio_tmp_t)
 manage_files_pattern(pulseaudio_t, pulseaudio_tmp_t, pulseaudio_tmp_t)
 manage_sock_files_pattern(pulseaudio_t, pulseaudio_tmp_t, pulseaudio_tmp_t)
 files_tmp_filetrans(pulseaudio_t, pulseaudio_tmp_t, dir)
+userdom_user_runtime_dir_filetrans(pulseaudio_t, pulseaudio_tmp_t, dir)
 userdom_user_tmp_filetrans(pulseaudio_t, pulseaudio_tmp_t, file, "autospawn.lock")
 userdom_user_tmp_filetrans(pulseaudio_t, pulseaudio_tmp_t, file, "pid")
 userdom_user_tmp_filetrans(pulseaudio_t, pulseaudio_tmp_t, sock_file, "dbus-socket")
@@ -203,8 +204,9 @@ optional_policy(`
 #
 
 allow pulseaudio_client self:unix_dgram_socket sendto;
+allow pulseaudio_client self:process signull;
 
-allow pulseaudio_client pulseaudio_client:process signull;
+allow pulseaudio_client pulseaudio_tmp_t:dir list_dir_perms;
 
 read_files_pattern(pulseaudio_client, { pulseaudio_tmpfsfile pulseaudio_tmpfs_t }, { pulseaudio_tmpfsfile pulseaudio_tmpfs_t })
 delete_files_pattern(pulseaudio_client, pulseaudio_tmpfsfile, pulseaudio_tmpfsfile)
@@ -228,6 +230,7 @@ pulseaudio_home_filetrans_pulseaudio_home(pulseaudio_client, file, ".pulse-cooki
 pulseaudio_signull(pulseaudio_client)
 
 userdom_read_user_tmpfs_files(pulseaudio_client)
+userdom_user_runtime_dir_filetrans(pulseaudio_client, pulseaudio_tmp_t, dir, "pulse")
 # userdom_delete_user_tmpfs_files(pulseaudio_client)
 
 tunable_policy(`use_nfs_home_dirs',`
-- 
2.7.3