From: pebenito@ieee.org (Chris PeBenito)
Date: Sun, 11 Sep 2016 09:03:30 -0400
Subject: [refpolicy] [PATCH] mozilla: let mozilla play audio
In-Reply-To: <1473524806.18488.3.camel@trentalancia.net>
References: <1473524806.18488.3.camel@trentalancia.net>
Message-ID: <2fcb4ef6-03a8-87cc-879d-5d1f8781e5ff@ieee.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 09/10/16 12:26, Guido Trentalancia via refpolicy wrote:
> Let mozilla play audio:
>
> - add new interfaces to the pulseaudio module;
> - let mozilla read alsa configuration files;
> - add further permissions to mozilla needed to use
>   pulseaudio to play audio.

Merged.


> Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
> ---
>  policy/modules/contrib/mozilla.te    |    9 ++++
>  policy/modules/contrib/pulseaudio.if |   77 +++++++++++++++++++++++++++++++++++
>  2 files changed, 86 insertions(+)
>
> --- refpolicy-git-06082016-orig/policy/modules/contrib/mozilla.te	2016-09-10 18:09:13.357710355 +0200
> +++ refpolicy-git-06082016/policy/modules/contrib/mozilla.te	2016-09-10 18:07:16.322739208 +0200
> @@ -234,6 +239,11 @@ tunable_policy(`use_samba_home_dirs',`
>  ')
>
>  optional_policy(`
> +	alsa_read_config(mozilla_t)
> +	alsa_read_home_files(mozilla_t)
> +')
> +
> +optional_policy(`
>  	apache_read_user_scripts(mozilla_t)
>  	apache_read_user_content(mozilla_t)
>  ')
> @@ -292,6 +305,8 @@ optional_policy(`
>
>  optional_policy(`
>  	pulseaudio_run(mozilla_t, mozilla_roles)
> +	pulseaudio_rw_tmpfs_files(mozilla_t)
> +	pulseaudio_use_fds(mozilla_t)
>  ')
>
>  optional_policy(`
> @@ -561,6 +580,8 @@ optional_policy(`
>
>  optional_policy(`
>  	pulseaudio_run(mozilla_plugin_t, mozilla_plugin_roles)
> +	pulseaudio_rw_tmpfs_files(mozilla_plugin_t)
> +	pulseaudio_use_fds(mozilla_plugin_t)
>  ')
>
>  optional_policy(`
> --- refpolicy-git-06082016-orig/policy/modules/contrib/pulseaudio.if	2016-08-20 03:45:31.740027060 +0200
> +++ refpolicy-git-06082016/policy/modules/contrib/pulseaudio.if	2016-08-20 00:25:39.112517500 +0200
> @@ -346,3 +347,80 @@ interface(`pulseaudio_tmpfs_content',`
>
>  	typeattribute $1 pulseaudio_tmpfsfile;
>  ')
> +
> +#######################################
> +## <summary>
> +##	Read pulseaudio tmpfs files.
> +## </summary>
> +## <param name="domain">
> +##	<summary>
> +##	Domain allowed access.
> +##	</summary>
> +## </param>
> +#
> +interface(`pulseaudio_read_tmpfs_files',`
> +	gen_require(`
> +		type pulseaudio_tmpfs_t;
> +	')
> +
> +	fs_search_tmpfs($1)
> +	read_files_pattern($1, pulseaudio_tmpfs_t, pulseaudio_tmpfs_t)
> +')
> +
> +#######################################
> +## <summary>
> +##	Read and write pulseaudio tmpfs
> +##	files.
> +## </summary>
> +## <param name="domain">
> +##	<summary>
> +##	Domain allowed access.
> +##	</summary>
> +## </param>
> +#
> +interface(`pulseaudio_rw_tmpfs_files',`
> +	gen_require(`
> +		type pulseaudio_tmpfs_t;
> +	')
> +
> +	fs_search_tmpfs($1)
> +	rw_files_pattern($1, pulseaudio_tmpfs_t, pulseaudio_tmpfs_t)
> +')
> +
> +########################################
> +## <summary>
> +##	Use file descriptors for
> +##	pulseaudio.
> +## </summary>
> +## <param name="domain">
> +##	<summary>
> +##	Domain allowed access.
> +##	</summary>
> +## </param>
> +#
> +interface(`pulseaudio_use_fds',`
> +	gen_require(`
> +		type pulseaudio_t;
> +	')
> +
> +	allow $1 pulseaudio_t:fd use;
> +')
> +
> +########################################
> +## <summary>
> +##	Do not audit attempts to use the
> +##	file descriptors for pulseaudio.
> +## </summary>
> +## <param name="domain">
> +##      <summary>
> +##      Domain allowed access.
> +##      </summary>
> +## </param>
> +#
> +interface(`pulseaudio_dontaudit_use_fds',`
> +	gen_require(`
> +		type pulseaudio_t;
> +	')
> +
> +	dontaudit $1 pulseaudio_t:fd use;
> +')
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
>


-- 
Chris PeBenito