From: guido@trentalancia.net (Guido Trentalancia) Date: Tue, 09 Aug 2016 21:33:37 +0200 Subject: [refpolicy] [PATCH] Update policy and file contexts for the alsa module Message-ID: <1470771217.3770.2.camel@trentalancia.net> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Update the alsa module: - the alsa_etc_rw_t file context is widened to the whole share directory, instead of just a couple of files; - alsa_t can manage var_lock_t files. Signed-off-by: Guido Trentalancia --- policy/modules/contrib/alsa.fc | 3 +-- policy/modules/contrib/alsa.te | 3 ++- 2 files changed, 3 insertions(+), 3 deletions(-) --- refpolicy-git-06082016-orig/policy/modules/contrib/alsa.fc 2016-08-06 21:27:11.326094018 +0200 +++ refpolicy-git-06082016/policy/modules/contrib/alsa.fc 2016-08-09 21:03:34.117512342 +0200 @@ -25,8 +25,7 @@ ifdef(`distro_debian',` /usr/sbin/alsactl -- gen_context(system_u:object_r:alsa_exec_t,s0) /usr/sbin/salsa -- gen_context(system_u:object_r:alsa_exec_t,s0) -/usr/share/alsa/alsa\.conf gen_context(system_u:object_r:alsa_etc_rw_t,s0) -/usr/share/alsa/pcm(/.*)? gen_context(system_u:object_r:alsa_etc_rw_t,s0) +/usr/share/alsa(/.*)? gen_context(system_u:object_r:alsa_etc_rw_t,s0) /var/lib/alsa(/.*)? gen_context(system_u:object_r:alsa_var_lib_t,s0) --- refpolicy-git-06082016-orig/policy/modules/contrib/alsa.te 2016-08-06 21:27:11.326094018 +0200 +++ refpolicy-git-06082016/policy/modules/contrib/alsa.te 2016-08-09 21:30:37.291043389 +0200 @@ -64,7 +64,8 @@ manage_dirs_pattern(alsa_t, alsa_var_lib manage_files_pattern(alsa_t, alsa_var_lib_t, alsa_var_lib_t) allow alsa_t alsa_var_lock_t:file manage_file_perms; -files_lock_filetrans(alsa_t, alsa_var_lock_t, file); +files_search_locks(alsa_t) +files_lock_filetrans(alsa_t, alsa_var_lock_t, file) kernel_read_system_state(alsa_t)