From: dac.override@gmail.com (Dominick Grift) Date: Tue, 9 Aug 2016 21:44:15 +0200 Subject: [refpolicy] [PATCH] Update policy and file contexts for the alsa module In-Reply-To: <1470771217.3770.2.camel@trentalancia.net> References: <1470771217.3770.2.camel@trentalancia.net> Message-ID: <89ebee6b-8605-678d-e323-28d6e99778cd@gmail.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 08/09/2016 09:33 PM, Guido Trentalancia wrote: > Update the alsa module: > > - the alsa_etc_rw_t file context is widened to the whole share > directory, instead of just a couple of files; > - alsa_t can manage var_lock_t files. > > Signed-off-by: Guido Trentalancia > --- > policy/modules/contrib/alsa.fc | 3 +-- > policy/modules/contrib/alsa.te | 3 ++- > 2 files changed, 3 insertions(+), 3 deletions(-) > > --- refpolicy-git-06082016-orig/policy/modules/contrib/alsa.fc 2016-08-06 21:27:11.326094018 +0200 > +++ refpolicy-git-06082016/policy/modules/contrib/alsa.fc 2016-08-09 21:03:34.117512342 +0200 > @@ -25,8 +25,7 @@ ifdef(`distro_debian',` > /usr/sbin/alsactl -- gen_context(system_u:object_r:alsa_exec_t,s0) > /usr/sbin/salsa -- gen_context(system_u:object_r:alsa_exec_t,s0) > > -/usr/share/alsa/alsa\.conf gen_context(system_u:object_r:alsa_etc_rw_t,s0) > -/usr/share/alsa/pcm(/.*)? gen_context(system_u:object_r:alsa_etc_rw_t,s0) > +/usr/share/alsa(/.*)? gen_context(system_u:object_r:alsa_etc_rw_t,s0) > > /var/lib/alsa(/.*)? gen_context(system_u:object_r:alsa_var_lib_t,s0) > > --- refpolicy-git-06082016-orig/policy/modules/contrib/alsa.te 2016-08-06 21:27:11.326094018 +0200 > +++ refpolicy-git-06082016/policy/modules/contrib/alsa.te 2016-08-09 21:30:37.291043389 +0200 > @@ -64,7 +64,8 @@ manage_dirs_pattern(alsa_t, alsa_var_lib > manage_files_pattern(alsa_t, alsa_var_lib_t, alsa_var_lib_t) > > allow alsa_t alsa_var_lock_t:file manage_file_perms; > -files_lock_filetrans(alsa_t, alsa_var_lock_t, file); > +files_search_locks(alsa_t) redundant: files_lock_filetrans() already provides the above > +files_lock_filetrans(alsa_t, alsa_var_lock_t, file) > > kernel_read_system_state(alsa_t) > > _______________________________________________ > refpolicy mailing list > refpolicy at oss.tresys.com > http://oss.tresys.com/mailman/listinfo/refpolicy > -- Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02 https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02 Dominick Grift -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 648 bytes Desc: OpenPGP digital signature Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20160809/9f499699/attachment.bin