From: guido@trentalancia.net (Guido Trentalancia)
Date: Fri, 12 Aug 2016 21:56:46 +0200
Subject: [refpolicy] [PATCH v3] Update the pulseaudio module for usability
 and ORC support
In-Reply-To: <1471021082.23869.7.camel@trentalancia.net>
References: <1470953060.25389.1.camel@trentalancia.net>
	<1471021082.23869.7.camel@trentalancia.net>
Message-ID: <1471031806.30650.0.camel@trentalancia.net>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Update the pulseaudio module so that it is usable (tested with
latest version pulseaudio 9.0).

Support for the OIL Runtime Compiler (OIL) optimized code
execution is added to the pulseaudio module by using a few
newly created interfaces and file contexts in the gnome
module.

Supports the execmem permission only through a boolean which
defaults to false.

This third version fixes an error introduced with the second
version (cannot execute ORC file).

Thanks to Dominick Grift for the useful suggestions that
permitted to create this new improved version of the patch.

Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
---
 policy/modules/contrib/gnome.fc      |    5 +
 policy/modules/contrib/gnome.if      |   91 +++++++++++++++++++++++++++++++++++
 policy/modules/contrib/gnome.te      |    3 +
 policy/modules/contrib/pulseaudio.fc |    1
 policy/modules/contrib/pulseaudio.if |    1
 policy/modules/contrib/pulseaudio.te |   35 +++++++++++--
 6 files changed, 132 insertions(+), 4 deletions(-)

--- refpolicy-git-06082016-orig/policy/modules/contrib/gnome.fc	2016-08-06 21:27:11.354094337 +0200
+++ refpolicy-git-06082016/policy/modules/contrib/gnome.fc	2016-08-12 17:39:35.069146107 +0200
@@ -4,13 +4,18 @@ HOME_DIR/\.gnome(/.*)?	gen_context(syste
 HOME_DIR/\.gnome2(/.*)?	gen_context(system_u:object_r:gnome_home_t,s0)
 HOME_DIR/\.gnome2/keyrings(/.*)?	gen_context(system_u:object_r:gnome_keyring_home_t,s0)
 HOME_DIR/\.gnome2_private(/.*)?	gen_context(system_u:object_r:gnome_home_t,s0)
+HOME_DIR/orcexec\..*	gen_context(system_u:object_r:gstreamer_orcexec_t,s0)
 
 /etc/gconf(/.*)?	gen_context(system_u:object_r:gconf_etc_t,s0)
 
 /tmp/gconfd-USER/.*	--	gen_context(system_u:object_r:gconf_tmp_t,s0)
+/tmp/orcexec\..*	gen_context(system_u:object_r:gstreamer_orcexec_t,s0)
 
 /usr/bin/gnome-keyring-daemon	--	gen_context(system_u:object_r:gkeyringd_exec_t,s0)
 /usr/bin/mate-keyring-daemon	--	gen_context(system_u:object_r:gkeyringd_exec_t,s0)
 
 /usr/lib/[^/]*/gconf/gconfd-2	--	gen_context(system_u:object_r:gconfd_exec_t,s0)
 /usr/libexec/gconfd-2	--	gen_context(system_u:object_r:gconfd_exec_t,s0)
+
+/var/run/user/[^/]*/orcexec\..*	gen_context(system_u:object_r:gstreamer_orcexec_t,s0)
+/var/run/user/%{USERID}/orcexec\..*	gen_context(system_u:object_r:gstreamer_orcexec_t,s0)
--- refpolicy-git-06082016-orig/policy/modules/contrib/gnome.if	2016-08-06 21:27:11.354094337 +0200
+++ refpolicy-git-06082016/policy/modules/contrib/gnome.if	2016-08-11 23:19:10.190331107 +0200
@@ -569,6 +569,36 @@ interface(`gnome_home_filetrans_gnome_ho
 
 ########################################
 ## <summary>
+##	Create objects in user home
+##	directories with the gstreamer
+##	orcexec type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	Class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+interface(`gnome_home_filetrans_gstreamer_orcexec',`
+	gen_require(`
+		type gstreamer_orcexec_t;
+	')
+
+	userdom_user_home_dir_filetrans($1, gstreamer_orcexec_t, $2, $3)
+')
+
+########################################
+## <summary>
 ##	Create objects in gnome gconf home
 ##	directories with a private type.
 ## </summary>
@@ -603,6 +633,67 @@ interface(`gnome_gconf_home_filetrans',`
 ')
 
 ########################################
+## <summary>
+##	Create objects in the user
+##	runtime directories with the
+##	gstreamer orcexec type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	Class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+interface(`gnome_user_runtime_filetrans_gstreamer_orcexec',`
+	gen_require(`
+		type gstreamer_orcexec_t;
+	')
+
+	userdom_user_runtime_filetrans($1, gstreamer_orcexec_t, $2, $3)
+')
+
+
+########################################
+## <summary>
+##	Create objects in the tmp
+##	directories with the gstreamer
+##	orcexec type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	Class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+interface(`gnome_tmp_filetrans_gstreamer_orcexec',`
+	gen_require(`
+		type gstreamer_orcexec_t;
+	')
+
+	files_tmp_filetrans($1, gstreamer_orcexec_t, $2, $3)
+')
+
+########################################
 ## <summary>
 ##	Read generic gnome keyring home files.
 ## </summary>
--- refpolicy-git-06082016-orig/policy/modules/contrib/gnome.te	2016-08-06 21:27:11.354094337 +0200
+++ refpolicy-git-06082016/policy/modules/contrib/gnome.te	2016-08-12 21:49:04.510250552 +0200
@@ -46,6 +46,9 @@ userdom_user_home_content(gnome_keyring_
 type gnome_keyring_tmp_t;
 userdom_user_tmp_file(gnome_keyring_tmp_t)
 
+type gstreamer_orcexec_t;
+application_executable_file(gstreamer_orcexec_t)
+
 ##############################
 #
 # Common local Policy
--- refpolicy-git-06082016-orig/policy/modules/contrib/pulseaudio.fc	2016-08-06 21:27:11.411094987 +0200
+++ refpolicy-git-06082016/policy/modules/contrib/pulseaudio.fc	2016-08-11 20:07:21.338329216 +0200
@@ -1,6 +1,7 @@
 HOME_DIR/\.esd_auth	--	gen_context(system_u:object_r:pulseaudio_home_t,s0)
 HOME_DIR/\.pulse(/.*)?	gen_context(system_u:object_r:pulseaudio_home_t,s0)
 HOME_DIR/\.pulse-cookie	--	gen_context(system_u:object_r:pulseaudio_home_t,s0)
+HOME_DIR/\.config/pulse(/.*)?	--	gen_context(system_u:object_r:pulseaudio_home_t,s0)
 
 /usr/bin/pulseaudio	--	gen_context(system_u:object_r:pulseaudio_exec_t,s0)
 
--- refpolicy-git-06082016-orig/policy/modules/contrib/pulseaudio.if	2016-08-06 21:27:11.411094987 +0200
+++ refpolicy-git-06082016/policy/modules/contrib/pulseaudio.if	2016-08-11 17:34:47.778835995 +0200
@@ -25,6 +25,7 @@ interface(`pulseaudio_role',`
 	pulseaudio_run($2, $1)
 
 	allow $2 pulseaudio_t:process { ptrace signal_perms };
+	allow $2 pulseaudio_t:fd use;
 	ps_process_pattern($2, pulseaudio_t)
 
 	allow $2 pulseaudio_home_t:dir { manage_dir_perms relabel_dir_perms };
--- refpolicy-git-06082016-orig/policy/modules/contrib/pulseaudio.te	2016-08-06 21:27:11.412094999 +0200
+++ refpolicy-git-06082016/policy/modules/contrib/pulseaudio.te	2016-08-12 21:33:49.231266389 +0200
@@ -5,6 +5,14 @@ policy_module(pulseaudio, 1.8.1)
 # Declarations
 #
 
+## <desc>
+## <p>
+## Allow pulseaudio to execute code in
+## writable memory 
+## </p>
+## </desc>
+gen_tunable(pulseaudio_execmem, false)
+
 attribute pulseaudio_client;
 attribute pulseaudio_tmpfsfile;
 
@@ -37,7 +45,12 @@ files_pid_file(pulseaudio_var_run_t)
 #
 
 allow pulseaudio_t self:capability { fowner fsetid chown setgid setuid sys_nice sys_resource sys_tty_config };
-allow pulseaudio_t self:process { getcap setcap setrlimit setsched getsched signal signull };
+allow pulseaudio_t self:process { getcap getsched setcap setrlimit setsched signal signull };
+
+tunable_policy(`pulseaudio_execmem',`
+	allow pulseaudio_t self:process execmem;
+')
+
 allow pulseaudio_t self:fifo_file rw_fifo_file_perms;
 allow pulseaudio_t self:unix_stream_socket { accept connectto listen };
 allow pulseaudio_t self:unix_dgram_socket sendto;
@@ -129,9 +142,11 @@ logging_send_syslog_msg(pulseaudio_t)
 miscfiles_read_localization(pulseaudio_t)
 
 userdom_read_user_tmpfs_files(pulseaudio_t)
-
+userdom_delete_user_tmpfs_files(pulseaudio_t)
 userdom_search_user_home_dirs(pulseaudio_t)
-userdom_write_user_tmp_sockets(pulseaudio_t)
+userdom_search_user_home_content(pulseaudio_t)
+
+userdom_manage_user_tmp_sockets(pulseaudio_t)
 
 tunable_policy(`use_nfs_home_dirs',`
 	fs_manage_nfs_dirs(pulseaudio_t)
@@ -146,7 +161,8 @@ tunable_policy(`use_samba_home_dirs',`
 ')
 
 optional_policy(`
-	alsa_read_rw_config(pulseaudio_t)
+	alsa_read_config(pulseaudio_t)
+	alsa_read_home_files(pulseaudio_t)
 ')
 
 optional_policy(`
@@ -176,6 +192,16 @@ optional_policy(`
 ')
 
 optional_policy(`
+	gnome_stream_connect_gconf(pulseaudio_t)
+
+	# OIL Runtime Compiler (ORC) optimized code execution
+	allow pulseaudio_t gstreamer_orcexec_t:file { manage_file_perms mmap_file_perms };
+	gnome_user_runtime_filetrans_gstreamer_orcexec(pulseaudio_t, file)
+	gnome_home_filetrans_gstreamer_orcexec(pulseaudio_t, file)
+	gnome_tmp_filetrans_gstreamer_orcexec(pulseaudio_t, file)
+')
+
+optional_policy(`
 	rtkit_scheduled(pulseaudio_t)
 ')
 
@@ -186,6 +212,7 @@ optional_policy(`
 ')
 
 optional_policy(`
+	udev_read_pid_files(pulseaudio_t)
 	udev_read_state(pulseaudio_t)
 	udev_read_db(pulseaudio_t)
 ')