From: pebenito@ieee.org (Chris PeBenito) Date: Sat, 13 Aug 2016 09:50:45 -0400 Subject: [refpolicy] [PATCH v3] Update the pulseaudio module for usability and ORC support In-Reply-To: <1471031806.30650.0.camel@trentalancia.net> References: <1470953060.25389.1.camel@trentalancia.net> <1471021082.23869.7.camel@trentalancia.net> <1471031806.30650.0.camel@trentalancia.net> Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 08/12/16 15:56, Guido Trentalancia wrote: > Update the pulseaudio module so that it is usable (tested with > latest version pulseaudio 9.0). > > Support for the OIL Runtime Compiler (OIL) optimized code > execution is added to the pulseaudio module by using a few > newly created interfaces and file contexts in the gnome > module. > > Supports the execmem permission only through a boolean which > defaults to false. > > This third version fixes an error introduced with the second > version (cannot execute ORC file). > > Thanks to Dominick Grift for the useful suggestions that > permitted to create this new improved version of the patch. > > Signed-off-by: Guido Trentalancia > --- > policy/modules/contrib/gnome.fc | 5 + > policy/modules/contrib/gnome.if | 91 +++++++++++++++++++++++++++++++++++ > policy/modules/contrib/gnome.te | 3 + > policy/modules/contrib/pulseaudio.fc | 1 > policy/modules/contrib/pulseaudio.if | 1 > policy/modules/contrib/pulseaudio.te | 35 +++++++++++-- > 6 files changed, 132 insertions(+), 4 deletions(-) > > --- refpolicy-git-06082016-orig/policy/modules/contrib/gnome.fc 2016-08-06 21:27:11.354094337 +0200 > +++ refpolicy-git-06082016/policy/modules/contrib/gnome.fc 2016-08-12 17:39:35.069146107 +0200 > @@ -4,13 +4,18 @@ HOME_DIR/\.gnome(/.*)? gen_context(syste > HOME_DIR/\.gnome2(/.*)? gen_context(system_u:object_r:gnome_home_t,s0) > HOME_DIR/\.gnome2/keyrings(/.*)? gen_context(system_u:object_r:gnome_keyring_home_t,s0) > HOME_DIR/\.gnome2_private(/.*)? gen_context(system_u:object_r:gnome_home_t,s0) > +HOME_DIR/orcexec\..* gen_context(system_u:object_r:gstreamer_orcexec_t,s0) > > /etc/gconf(/.*)? gen_context(system_u:object_r:gconf_etc_t,s0) > > /tmp/gconfd-USER/.* -- gen_context(system_u:object_r:gconf_tmp_t,s0) > +/tmp/orcexec\..* gen_context(system_u:object_r:gstreamer_orcexec_t,s0) I agree with Dominick that this labeling is problematic. I'd prefer to avoid putting fc entries for /tmp. The ones that we have already should probably be revisited. > /usr/bin/gnome-keyring-daemon -- gen_context(system_u:object_r:gkeyringd_exec_t,s0) > /usr/bin/mate-keyring-daemon -- gen_context(system_u:object_r:gkeyringd_exec_t,s0) > > /usr/lib/[^/]*/gconf/gconfd-2 -- gen_context(system_u:object_r:gconfd_exec_t,s0) > /usr/libexec/gconfd-2 -- gen_context(system_u:object_r:gconfd_exec_t,s0) > + > +/var/run/user/[^/]*/orcexec\..* gen_context(system_u:object_r:gstreamer_orcexec_t,s0) > +/var/run/user/%{USERID}/orcexec\..* gen_context(system_u:object_r:gstreamer_orcexec_t,s0) [...] > --- refpolicy-git-06082016-orig/policy/modules/contrib/pulseaudio.te 2016-08-06 21:27:11.412094999 +0200 > +++ refpolicy-git-06082016/policy/modules/contrib/pulseaudio.te 2016-08-12 21:33:49.231266389 +0200 > @@ -5,6 +5,14 @@ policy_module(pulseaudio, 1.8.1) > # Declarations > # > > +## > +##

> +## Allow pulseaudio to execute code in > +## writable memory > +##

> +## > +gen_tunable(pulseaudio_execmem, false) > + > attribute pulseaudio_client; > attribute pulseaudio_tmpfsfile; > > @@ -37,7 +45,12 @@ files_pid_file(pulseaudio_var_run_t) > # > > allow pulseaudio_t self:capability { fowner fsetid chown setgid setuid sys_nice sys_resource sys_tty_config }; > -allow pulseaudio_t self:process { getcap setcap setrlimit setsched getsched signal signull }; > +allow pulseaudio_t self:process { getcap getsched setcap setrlimit setsched signal signull }; > + > +tunable_policy(`pulseaudio_execmem',` > + allow pulseaudio_t self:process execmem; > +') This should be moved down with the other tunables (in alphabetical order by tunable name) > allow pulseaudio_t self:fifo_file rw_fifo_file_perms; > allow pulseaudio_t self:unix_stream_socket { accept connectto listen }; > allow pulseaudio_t self:unix_dgram_socket sendto; > @@ -129,9 +142,11 @@ logging_send_syslog_msg(pulseaudio_t) > miscfiles_read_localization(pulseaudio_t) > > userdom_read_user_tmpfs_files(pulseaudio_t) > - > +userdom_delete_user_tmpfs_files(pulseaudio_t) > userdom_search_user_home_dirs(pulseaudio_t) > -userdom_write_user_tmp_sockets(pulseaudio_t) > +userdom_search_user_home_content(pulseaudio_t) > + > +userdom_manage_user_tmp_sockets(pulseaudio_t) > > tunable_policy(`use_nfs_home_dirs',` > fs_manage_nfs_dirs(pulseaudio_t) > @@ -146,7 +161,8 @@ tunable_policy(`use_samba_home_dirs',` > ') > > optional_policy(` > - alsa_read_rw_config(pulseaudio_t) > + alsa_read_config(pulseaudio_t) > + alsa_read_home_files(pulseaudio_t) > ') > > optional_policy(` > @@ -176,6 +192,16 @@ optional_policy(` > ') > > optional_policy(` > + gnome_stream_connect_gconf(pulseaudio_t) > + > + # OIL Runtime Compiler (ORC) optimized code execution > + allow pulseaudio_t gstreamer_orcexec_t:file { manage_file_perms mmap_file_perms }; > + gnome_user_runtime_filetrans_gstreamer_orcexec(pulseaudio_t, file) > + gnome_home_filetrans_gstreamer_orcexec(pulseaudio_t, file) > + gnome_tmp_filetrans_gstreamer_orcexec(pulseaudio_t, file) > +') > + > +optional_policy(` > rtkit_scheduled(pulseaudio_t) > ') > > @@ -186,6 +212,7 @@ optional_policy(` > ') > > optional_policy(` > + udev_read_pid_files(pulseaudio_t) > udev_read_state(pulseaudio_t) > udev_read_db(pulseaudio_t) > ') -- Chris PeBenito