From: dac.override@gmail.com (Dominick Grift)
Date: Sat, 28 May 2016 12:14:37 +0200
Subject: [refpolicy] [PATCH v3 2/7] pulseaudio: fcontext and filetrans
 for /run/user/ID/pulse/
In-Reply-To: <1464381389-24284-2-git-send-email-jason@perfinion.com>
References: <1464381389-24284-1-git-send-email-jason@perfinion.com>
	<1464381389-24284-2-git-send-email-jason@perfinion.com>
Message-ID: <2c071edf-cf8a-0ce4-a133-824317ef4445@gmail.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 05/27/2016 10:36 PM, Jason Zaman wrote:
> --- pulseaudio.te | 5 ++++- 1 file changed, 4 insertions(+), 1
> deletion(-)
> 
> diff --git a/pulseaudio.te b/pulseaudio.te index 169d0bc..bfdf36d
> 100644 --- a/pulseaudio.te +++ b/pulseaudio.te @@ -56,6 +56,7 @@
> manage_dirs_pattern(pulseaudio_t, pulseaudio_tmp_t,
> pulseaudio_tmp_t) manage_files_pattern(pulseaudio_t,
> pulseaudio_tmp_t, pulseaudio_tmp_t) 
> manage_sock_files_pattern(pulseaudio_t, pulseaudio_tmp_t,
> pulseaudio_tmp_t) files_tmp_filetrans(pulseaudio_t,
> pulseaudio_tmp_t, dir) 
> +userdom_user_runtime_dir_filetrans(pulseaudio_t, pulseaudio_tmp_t,
> dir) userdom_user_tmp_filetrans(pulseaudio_t, pulseaudio_tmp_t,
> file, "autospawn.lock") userdom_user_tmp_filetrans(pulseaudio_t,
> pulseaudio_tmp_t, file, "pid") 
> userdom_user_tmp_filetrans(pulseaudio_t, pulseaudio_tmp_t,
> sock_file, "dbus-socket") @@ -203,8 +204,9 @@ optional_policy(` #
> 
> allow pulseaudio_client self:unix_dgram_socket sendto; +allow
> pulseaudio_client self:process signull;
> 
> -allow pulseaudio_client pulseaudio_client:process signull; +allow
> pulseaudio_client pulseaudio_tmp_t:dir list_dir_perms;

I suspect that above is redundant because it is probably already
allowed by:

userdom_user_runtime_dir_filetrans(pulseaudio_client,
pulseaudio_tmp_t, dir, "pulse")

> 
> read_files_pattern(pulseaudio_client, { pulseaudio_tmpfsfile
> pulseaudio_tmpfs_t }, { pulseaudio_tmpfsfile pulseaudio_tmpfs_t }) 
> delete_files_pattern(pulseaudio_client, pulseaudio_tmpfsfile,
> pulseaudio_tmpfsfile) @@ -228,6 +230,7 @@
> pulseaudio_home_filetrans_pulseaudio_home(pulseaudio_client, file,
> ".pulse-cooki pulseaudio_signull(pulseaudio_client)
> 
> userdom_read_user_tmpfs_files(pulseaudio_client) 
> +userdom_user_runtime_dir_filetrans(pulseaudio_client,
> pulseaudio_tmp_t, dir, "pulse") #
> userdom_delete_user_tmpfs_files(pulseaudio_client)
> 
> tunable_policy(`use_nfs_home_dirs',`
> 


- -- 
Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8  02D5 3B6C 5F1D 2C7B 6B02
https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02
Dominick Grift
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQGcBAEBCAAGBQJXSW+IAAoJECV0jlU3+UdpFQ8L/AohW5fWIc6w8I2Fmuos5SeM
GUFK4iFU9SB6bE6pLdvKVf+rueb6/74+Nj5YXmuxH4+by3TKqFb2tZk7qLO54h+F
mjNek2m6KE2CiaasZf64pejwnYklUJVZNQM5IlEyjqGLhIFGz11xjYH/DB8vvKym
rRc62NPXoFA3E9SBbi1Sidz+sICqnYu1bh9BnutQktk16k1sTrz6ehARMDyTmovx
luiWhU1EDXl4Sc7MwuxzV6I4Bc3POgd2ymGn557q4JeW+V5aiFwqXra+wfRkaDOS
4zc3GwXKu6NTTdA7QZLNPm09Qrm0YRhKEuofjcHJDMgtPFtfDcHnTT7ayxNBTNSC
RJCa29vPF6+np5UkaD7QM9+tk761PDpGpVfgCmNlcGZ6PEcMiTD7h0mENizJOTj7
sUPpY5C/KBz2hL42KJlS/WVY7UQCPeG3uTIvROHPvUpqeKl/3MYH+JWYE/L0RaI8
pVp1XVNoHxcyE5AtFgymhjTfaXUxSHo01vBgOt2c8Q==
=kX7F
-----END PGP SIGNATURE-----