From: guido@trentalancia.net (Guido Trentalancia) Date: Sat, 13 Aug 2016 16:34:06 +0200 Subject: [refpolicy] [PATCH v3] Update the pulseaudio module for usability and ORC support In-Reply-To: References: <1470953060.25389.1.camel@trentalancia.net> <1471021082.23869.7.camel@trentalancia.net> <1471031806.30650.0.camel@trentalancia.net> Message-ID: <1471098846.21480.22.camel@trentalancia.net> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Hello Christopher, thanks for getting back on this... On Sat, 13/08/2016 at 09.50 -0400, Chris PeBenito wrote: > On 08/12/16 15:56, Guido Trentalancia wrote: > > Update the pulseaudio module so that it is usable (tested with > > latest version pulseaudio 9.0). > > > > Support for the OIL Runtime Compiler (OIL) optimized code > > execution is added to the pulseaudio module by using a few > > newly created interfaces and file contexts in the gnome > > module. > > > > Supports the execmem permission only through a boolean which > > defaults to false. > > > > This third version fixes an error introduced with the second > > version (cannot execute ORC file). > > > > Thanks to Dominick Grift for the useful suggestions that > > permitted to create this new improved version of the patch. > > > > Signed-off-by: Guido Trentalancia > > --- > > ?policy/modules/contrib/gnome.fc??????|????5 + > > ?policy/modules/contrib/gnome.if??????|???91 > > +++++++++++++++++++++++++++++++++++ > > ?policy/modules/contrib/gnome.te??????|????3 + > > ?policy/modules/contrib/pulseaudio.fc |????1 > > ?policy/modules/contrib/pulseaudio.if |????1 > > ?policy/modules/contrib/pulseaudio.te |???35 +++++++++++-- > > ?6 files changed, 132 insertions(+), 4 deletions(-) > > > > --- refpolicy-git-06082016-orig/policy/modules/contrib/gnome.fc > > 2016-08-06 21:27:11.354094337 +0200 > > +++ refpolicy-git-06082016/policy/modules/contrib/gnome.fc 2 > > 016-08-12 17:39:35.069146107 +0200 > > @@ -4,13 +4,18 @@ HOME_DIR/\.gnome(/.*)? gen_context(syste > > ?HOME_DIR/\.gnome2(/.*)? gen_context(system_u:object_r:gnome > > _home_t,s0) > > ?HOME_DIR/\.gnome2/keyrings(/.*)? gen_context(system_u:objec > > t_r:gnome_keyring_home_t,s0) > > ?HOME_DIR/\.gnome2_private(/.*)? gen_context(system_u:object > > _r:gnome_home_t,s0) > > +HOME_DIR/orcexec\..* gen_context(system_u:object_r:gstreame > > r_orcexec_t,s0) > > > > ?/etc/gconf(/.*)? gen_context(system_u:object_r:gconf_etc_t, > > s0) > > > > ?/tmp/gconfd-USER/.* -- gen_context(system_u:object_r > > :gconf_tmp_t,s0) > > +/tmp/orcexec\..* gen_context(system_u:object_r:gstreamer_or > > cexec_t,s0) > > I agree with Dominick that this labeling is problematic.??I'd prefer > to? > avoid putting fc entries for /tmp.??The ones that we have already > should? > probably be revisited. That's fine to me. I was also not very keen on letting pulseaudio execute stuff in /tmp. I have now dropped the support for the last alternative ORC runtime executable location (in /tmp). > > ?/usr/bin/gnome-keyring-daemon -- gen_context(system_ > > u:object_r:gkeyringd_exec_t,s0) > > ?/usr/bin/mate-keyring-daemon -- gen_context(system_u > > :object_r:gkeyringd_exec_t,s0) > > > > ?/usr/lib/[^/]*/gconf/gconfd-2 -- gen_context(system_ > > u:object_r:gconfd_exec_t,s0) > > ?/usr/libexec/gconfd-2 -- gen_context(system_u:object > > _r:gconfd_exec_t,s0) > > + > > +/var/run/user/[^/]*/orcexec\..* gen_context(system_u:object > > _r:gstreamer_orcexec_t,s0) > > +/var/run/user/%{USERID}/orcexec\..* gen_context(system_u:ob > > ject_r:gstreamer_orcexec_t,s0) > > [...] > > > --- refpolicy-git-06082016- > > orig/policy/modules/contrib/pulseaudio.te 2016-08-06 > > 21:27:11.412094999 +0200 > > +++ refpolicy-git-06082016/policy/modules/contrib/pulseaudio.te > > 2016-08-12 21:33:49.231266389 +0200 > > @@ -5,6 +5,14 @@ policy_module(pulseaudio, 1.8.1) > > ?# Declarations > > ?# > > > > +## > > +##

> > +## Allow pulseaudio to execute code in > > +## writable memory > > +##

> > +## > > +gen_tunable(pulseaudio_execmem, false) > > + > > ?attribute pulseaudio_client; > > ?attribute pulseaudio_tmpfsfile; > > > > @@ -37,7 +45,12 @@ files_pid_file(pulseaudio_var_run_t) > > ?# > > > > ?allow pulseaudio_t self:capability { fowner fsetid chown setgid > > setuid sys_nice sys_resource sys_tty_config }; > > -allow pulseaudio_t self:process { getcap setcap setrlimit setsched > > getsched signal signull }; > > +allow pulseaudio_t self:process { getcap getsched setcap setrlimit > > setsched signal signull }; > > + > > +tunable_policy(`pulseaudio_execmem',` > > + allow pulseaudio_t self:process execmem; > > +') > > This should be moved down with the other tunables (in alphabetical > order? > by tunable name) The update for this module now depends on a forthcoming gnome update. Please apply the forthcoming patch for the gnome module first and then the next version of this patch. > > ?allow pulseaudio_t self:fifo_file rw_fifo_file_perms; > > ?allow pulseaudio_t self:unix_stream_socket { accept connectto > > listen }; > > ?allow pulseaudio_t self:unix_dgram_socket sendto; > > @@ -129,9 +142,11 @@ logging_send_syslog_msg(pulseaudio_t) > > ?miscfiles_read_localization(pulseaudio_t) > > > > ?userdom_read_user_tmpfs_files(pulseaudio_t) > > - > > +userdom_delete_user_tmpfs_files(pulseaudio_t) > > ?userdom_search_user_home_dirs(pulseaudio_t) > > -userdom_write_user_tmp_sockets(pulseaudio_t) > > +userdom_search_user_home_content(pulseaudio_t) > > + > > +userdom_manage_user_tmp_sockets(pulseaudio_t) > > > > ?tunable_policy(`use_nfs_home_dirs',` > > ? fs_manage_nfs_dirs(pulseaudio_t) > > @@ -146,7 +161,8 @@ tunable_policy(`use_samba_home_dirs',` > > ?') > > > > ?optional_policy(` > > - alsa_read_rw_config(pulseaudio_t) > > + alsa_read_config(pulseaudio_t) > > + alsa_read_home_files(pulseaudio_t) > > ?') > > > > ?optional_policy(` > > @@ -176,6 +192,16 @@ optional_policy(` > > ?') > > > > ?optional_policy(` > > + gnome_stream_connect_gconf(pulseaudio_t) > > + > > + # OIL Runtime Compiler (ORC) optimized code execution > > + allow pulseaudio_t gstreamer_orcexec_t:file { > > manage_file_perms mmap_file_perms }; > > + gnome_user_runtime_filetrans_gstreamer_orcexec(pulseaudio_ > > t, file) > > + gnome_home_filetrans_gstreamer_orcexec(pulseaudio_t, file) > > + gnome_tmp_filetrans_gstreamer_orcexec(pulseaudio_t, file) > > +') > > + > > +optional_policy(` > > ? rtkit_scheduled(pulseaudio_t) > > ?') > > > > @@ -186,6 +212,7 @@ optional_policy(` > > ?') > > > > ?optional_policy(` > > + udev_read_pid_files(pulseaudio_t) > > ? udev_read_state(pulseaudio_t) > > ? udev_read_db(pulseaudio_t) > > ?') Guido