From: dac.override@gmail.com (Dominick Grift) Date: Fri, 12 Aug 2016 09:02:41 +0200 Subject: [refpolicy] [PATCH] Update the pulseaudio module for usability and ORC support In-Reply-To: <1470953060.25389.1.camel@trentalancia.net> References: <1470953060.25389.1.camel@trentalancia.net> Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 08/12/2016 12:04 AM, Guido Trentalancia wrote: > Update the pulseaudio module so that it is usable (tested with > latest version pulseaudio 9.0). > > Support for the OIL Runtime Compiler (OIL) optimized code > execution is added to the pulseaudio module by using a few > newly created interfaces and file contexts in the gnome > module. > > Signed-off-by: Guido Trentalancia Will not work for various reasons. > --- > policy/modules/contrib/gnome.fc | 4 + > policy/modules/contrib/gnome.if | 91 +++++++++++++++++++++++++++++++++++ > policy/modules/contrib/gnome.te | 3 + > policy/modules/contrib/pulseaudio.fc | 1 > policy/modules/contrib/pulseaudio.if | 1 > policy/modules/contrib/pulseaudio.te | 23 +++++++- > 6 files changed, 119 insertions(+), 4 deletions(-) > > --- refpolicy-git-06082016-orig/policy/modules/contrib/gnome.fc 2016-08-06 21:27:11.354094337 +0200 > +++ refpolicy-git-06082016/policy/modules/contrib/gnome.fc 2016-08-11 21:42:20.520989284 +0200 > @@ -4,13 +4,17 @@ HOME_DIR/\.gnome(/.*)? gen_context(syste > HOME_DIR/\.gnome2(/.*)? gen_context(system_u:object_r:gnome_home_t,s0) > HOME_DIR/\.gnome2/keyrings(/.*)? gen_context(system_u:object_r:gnome_keyring_home_t,s0) > HOME_DIR/\.gnome2_private(/.*)? gen_context(system_u:object_r:gnome_home_t,s0) > +HOME_DIR/orcexec.* gen_context(system_u:object_r:gstreamer_orcexec_t,s0) is a plain file but this still wouldnt work. liborc is linked to by various programs. some of these programs already maintain files in ~ with a automatic file type transition. Therefore you may not be able to take this approach because you would end up with conflicting type transition rules. Besides. liborc defaults to $XDG_RUNTIM_DIR (that means it will first try in this order: /run/user/UID , ~/.cache , /tmp not sure if it still even tries ~ at all anymore (although it did in the past) if all else fails it will use "process execmem" > > /etc/gconf(/.*)? gen_context(system_u:object_r:gconf_etc_t,s0) > > /tmp/gconfd-USER/.* -- gen_context(system_u:object_r:gconf_tmp_t,s0) > +/tmp/orcexec.* gen_context(system_u:object_r:gstreamer_orcexec_t,s0) its a plain file, but this file context will cause issues. What if a program running on s1 that is linked to liborc maintains this? then restorecon might declassify it to s0 > > /usr/bin/gnome-keyring-daemon -- gen_context(system_u:object_r:gkeyringd_exec_t,s0) > /usr/bin/mate-keyring-daemon -- gen_context(system_u:object_r:gkeyringd_exec_t,s0) > > /usr/lib/[^/]*/gconf/gconfd-2 -- gen_context(system_u:object_r:gconfd_exec_t,s0) > /usr/libexec/gconfd-2 -- gen_context(system_u:object_r:gconfd_exec_t,s0) > + > +/var/run/user/[^/]*/orcexec.* gen_context(system_u:object_r:gstreamer_orcexec_t,s0) Sme as above but on top of that you would have to use the genhomedircon keyword for $XDG_RUNTIME_DIR > --- refpolicy-git-06082016-orig/policy/modules/contrib/gnome.if 2016-08-06 21:27:11.354094337 +0200 > +++ refpolicy-git-06082016/policy/modules/contrib/gnome.if 2016-08-11 23:19:10.190331107 +0200 > @@ -569,6 +569,36 @@ interface(`gnome_home_filetrans_gnome_ho > > ######################################## > ## > +## Create objects in user home > +## directories with the gstreamer > +## orcexec type. > +## > +## > +## > +## Domain allowed access. > +## > +## > +## > +## > +## Class of the object being created. > +## > +## > +## > +## > +## The name of the object being created. > +## > +## > +# > +interface(`gnome_home_filetrans_gstreamer_orcexec',` > + gen_require(` > + type gstreamer_orcexec_t; > + ') > + > + userdom_user_home_dir_filetrans($1, gstreamer_orcexec_t, $2, $3) > +') > + > +######################################## > +## > ## Create objects in gnome gconf home > ## directories with a private type. > ## > @@ -603,6 +633,67 @@ interface(`gnome_gconf_home_filetrans',` > ') > > ######################################## > +## > +## Create objects in the user > +## runtime directories with the > +## gstreamer orcexec type. > +## > +## > +## > +## Domain allowed access. > +## > +## > +## > +## > +## Class of the object being created. > +## > +## > +## > +## > +## The name of the object being created. > +## > +## > +# > +interface(`gnome_user_runtime_filetrans_gstreamer_orcexec',` > + gen_require(` > + type gstreamer_orcexec_t; > + ') > + > + userdom_user_runtime_filetrans($1, gstreamer_orcexec_t, $2, $3) > +') > + > + > +######################################## > +## > +## Create objects in the tmp > +## directories with the gstreamer > +## orcexec type. > +## > +## > +## > +## Domain allowed access. > +## > +## > +## > +## > +## Class of the object being created. > +## > +## > +## > +## > +## The name of the object being created. > +## > +## > +# > +interface(`gnome_tmp_filetrans_gstreamer_orcexec',` > + gen_require(` > + type gstreamer_orcexec_t; > + ') > + > + files_tmp_filetrans($1, gstreamer_orcexec_t, $2, $3) > +') > + > +######################################## > ## > ## Read generic gnome keyring home files. > ## > --- refpolicy-git-06082016-orig/policy/modules/contrib/gnome.te 2016-08-06 21:27:11.354094337 +0200 > +++ refpolicy-git-06082016/policy/modules/contrib/gnome.te 2016-08-11 20:16:46.001970644 +0200 > @@ -46,6 +46,9 @@ userdom_user_home_content(gnome_keyring_ > type gnome_keyring_tmp_t; > userdom_user_tmp_file(gnome_keyring_tmp_t) > > +type gstreamer_orcexec_t; > +application_executable_file(gstreamer_orcexec_t) is not a application executable file. its a plain file that is mmap'd by liborc > + > ############################## > # > # Common local Policy > --- refpolicy-git-06082016-orig/policy/modules/contrib/pulseaudio.fc 2016-08-06 21:27:11.411094987 +0200 > +++ refpolicy-git-06082016/policy/modules/contrib/pulseaudio.fc 2016-08-11 20:07:21.338329216 +0200 > @@ -1,6 +1,7 @@ > HOME_DIR/\.esd_auth -- gen_context(system_u:object_r:pulseaudio_home_t,s0) > HOME_DIR/\.pulse(/.*)? gen_context(system_u:object_r:pulseaudio_home_t,s0) > HOME_DIR/\.pulse-cookie -- gen_context(system_u:object_r:pulseaudio_home_t,s0) > +HOME_DIR/\.config/pulse(/.*)? -- gen_context(system_u:object_r:pulseaudio_home_t,s0) > > /usr/bin/pulseaudio -- gen_context(system_u:object_r:pulseaudio_exec_t,s0) > > --- refpolicy-git-06082016-orig/policy/modules/contrib/pulseaudio.if 2016-08-06 21:27:11.411094987 +0200 > +++ refpolicy-git-06082016/policy/modules/contrib/pulseaudio.if 2016-08-11 17:34:47.778835995 +0200 > @@ -25,6 +25,7 @@ interface(`pulseaudio_role',` > pulseaudio_run($2, $1) > > allow $2 pulseaudio_t:process { ptrace signal_perms }; > + allow $2 pulseaudio_t:fd use; > ps_process_pattern($2, pulseaudio_t) > > allow $2 pulseaudio_home_t:dir { manage_dir_perms relabel_dir_perms }; > --- refpolicy-git-06082016-orig/policy/modules/contrib/pulseaudio.te 2016-08-06 21:27:11.412094999 +0200 > +++ refpolicy-git-06082016/policy/modules/contrib/pulseaudio.te 2016-08-11 23:50:05.921992338 +0200 > @@ -37,7 +37,7 @@ files_pid_file(pulseaudio_var_run_t) > # > > allow pulseaudio_t self:capability { fowner fsetid chown setgid setuid sys_nice sys_resource sys_tty_config }; > -allow pulseaudio_t self:process { getcap setcap setrlimit setsched getsched signal signull }; > +allow pulseaudio_t self:process { execmem getcap getsched setcap setrlimit setsched signal signull }; execmem is optional. it will only resort to execmem if it is unable to mmap the file (failover) > allow pulseaudio_t self:fifo_file rw_fifo_file_perms; > allow pulseaudio_t self:unix_stream_socket { accept connectto listen }; > allow pulseaudio_t self:unix_dgram_socket sendto; > @@ -129,9 +129,11 @@ logging_send_syslog_msg(pulseaudio_t) > miscfiles_read_localization(pulseaudio_t) > > userdom_read_user_tmpfs_files(pulseaudio_t) > - > +userdom_delete_user_tmpfs_files(pulseaudio_t) > userdom_search_user_home_dirs(pulseaudio_t) > -userdom_write_user_tmp_sockets(pulseaudio_t) > +userdom_search_user_home_content(pulseaudio_t) > + > +userdom_manage_user_tmp_sockets(pulseaudio_t) > > tunable_policy(`use_nfs_home_dirs',` > fs_manage_nfs_dirs(pulseaudio_t) > @@ -146,7 +148,8 @@ tunable_policy(`use_samba_home_dirs',` > ') > > optional_policy(` > - alsa_read_rw_config(pulseaudio_t) > + alsa_read_config(pulseaudio_t) > + alsa_read_home_files(pulseaudio_t) > ') > > optional_policy(` > @@ -176,6 +179,17 @@ optional_policy(` > ') > > optional_policy(` > + # OIL Runtime Compiler (ORC) optimized code execution > + can_exec(pulseaudio_t, gstreamer_orcexec_t) > + gnome_user_runtime_filetrans_gstreamer_orcexec(pulseaudio_t, file) > + gnome_home_filetrans_gstreamer_orcexec(pulseaudio_t, file) > + gnome_tmp_filetrans_gstreamer_orcexec(pulseaudio_t, file) > + manage_files_pattern(pulseaudio_t, gstreamer_orcexec_t, gstreamer_orcexec_t) > + > + gnome_stream_connect_gconf(pulseaudio_t) > +') > + > +optional_policy(` > rtkit_scheduled(pulseaudio_t) > ') > > @@ -186,6 +200,7 @@ optional_policy(` > ') > > optional_policy(` > + udev_read_pid_files(pulseaudio_t) > udev_read_state(pulseaudio_t) > udev_read_db(pulseaudio_t) > ') > _______________________________________________ > refpolicy mailing list > refpolicy at oss.tresys.com > http://oss.tresys.com/mailman/listinfo/refpolicy > -- Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02 https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02 Dominick Grift -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 648 bytes Desc: OpenPGP digital signature Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20160812/448d50b6/attachment.bin