From: dac.override@gmail.com (Dominick Grift) Date: Sat, 28 May 2016 12:14:37 +0200 Subject: [refpolicy] [PATCH v3 2/7] pulseaudio: fcontext and filetrans for /run/user/ID/pulse/ In-Reply-To: <1464381389-24284-2-git-send-email-jason@perfinion.com> References: <1464381389-24284-1-git-send-email-jason@perfinion.com> <1464381389-24284-2-git-send-email-jason@perfinion.com> Message-ID: <2c071edf-cf8a-0ce4-a133-824317ef4445@gmail.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 05/27/2016 10:36 PM, Jason Zaman wrote: > --- pulseaudio.te | 5 ++++- 1 file changed, 4 insertions(+), 1 > deletion(-) > > diff --git a/pulseaudio.te b/pulseaudio.te index 169d0bc..bfdf36d > 100644 --- a/pulseaudio.te +++ b/pulseaudio.te @@ -56,6 +56,7 @@ > manage_dirs_pattern(pulseaudio_t, pulseaudio_tmp_t, > pulseaudio_tmp_t) manage_files_pattern(pulseaudio_t, > pulseaudio_tmp_t, pulseaudio_tmp_t) > manage_sock_files_pattern(pulseaudio_t, pulseaudio_tmp_t, > pulseaudio_tmp_t) files_tmp_filetrans(pulseaudio_t, > pulseaudio_tmp_t, dir) > +userdom_user_runtime_dir_filetrans(pulseaudio_t, pulseaudio_tmp_t, > dir) userdom_user_tmp_filetrans(pulseaudio_t, pulseaudio_tmp_t, > file, "autospawn.lock") userdom_user_tmp_filetrans(pulseaudio_t, > pulseaudio_tmp_t, file, "pid") > userdom_user_tmp_filetrans(pulseaudio_t, pulseaudio_tmp_t, > sock_file, "dbus-socket") @@ -203,8 +204,9 @@ optional_policy(` # > > allow pulseaudio_client self:unix_dgram_socket sendto; +allow > pulseaudio_client self:process signull; > > -allow pulseaudio_client pulseaudio_client:process signull; +allow > pulseaudio_client pulseaudio_tmp_t:dir list_dir_perms; I suspect that above is redundant because it is probably already allowed by: userdom_user_runtime_dir_filetrans(pulseaudio_client, pulseaudio_tmp_t, dir, "pulse") > > read_files_pattern(pulseaudio_client, { pulseaudio_tmpfsfile > pulseaudio_tmpfs_t }, { pulseaudio_tmpfsfile pulseaudio_tmpfs_t }) > delete_files_pattern(pulseaudio_client, pulseaudio_tmpfsfile, > pulseaudio_tmpfsfile) @@ -228,6 +230,7 @@ > pulseaudio_home_filetrans_pulseaudio_home(pulseaudio_client, file, > ".pulse-cooki pulseaudio_signull(pulseaudio_client) > > userdom_read_user_tmpfs_files(pulseaudio_client) > +userdom_user_runtime_dir_filetrans(pulseaudio_client, > pulseaudio_tmp_t, dir, "pulse") # > userdom_delete_user_tmpfs_files(pulseaudio_client) > > tunable_policy(`use_nfs_home_dirs',` > - -- Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02 https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02 Dominick Grift -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQGcBAEBCAAGBQJXSW+IAAoJECV0jlU3+UdpFQ8L/AohW5fWIc6w8I2Fmuos5SeM GUFK4iFU9SB6bE6pLdvKVf+rueb6/74+Nj5YXmuxH4+by3TKqFb2tZk7qLO54h+F mjNek2m6KE2CiaasZf64pejwnYklUJVZNQM5IlEyjqGLhIFGz11xjYH/DB8vvKym rRc62NPXoFA3E9SBbi1Sidz+sICqnYu1bh9BnutQktk16k1sTrz6ehARMDyTmovx luiWhU1EDXl4Sc7MwuxzV6I4Bc3POgd2ymGn557q4JeW+V5aiFwqXra+wfRkaDOS 4zc3GwXKu6NTTdA7QZLNPm09Qrm0YRhKEuofjcHJDMgtPFtfDcHnTT7ayxNBTNSC RJCa29vPF6+np5UkaD7QM9+tk761PDpGpVfgCmNlcGZ6PEcMiTD7h0mENizJOTj7 sUPpY5C/KBz2hL42KJlS/WVY7UQCPeG3uTIvROHPvUpqeKl/3MYH+JWYE/L0RaI8 pVp1XVNoHxcyE5AtFgymhjTfaXUxSHo01vBgOt2c8Q== =kX7F -----END PGP SIGNATURE-----