From: pebenito@ieee.org (Chris PeBenito) Date: Sun, 11 Sep 2016 09:03:30 -0400 Subject: [refpolicy] [PATCH] mozilla: let mozilla play audio In-Reply-To: <1473524806.18488.3.camel@trentalancia.net> References: <1473524806.18488.3.camel@trentalancia.net> Message-ID: <2fcb4ef6-03a8-87cc-879d-5d1f8781e5ff@ieee.org> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 09/10/16 12:26, Guido Trentalancia via refpolicy wrote: > Let mozilla play audio: > > - add new interfaces to the pulseaudio module; > - let mozilla read alsa configuration files; > - add further permissions to mozilla needed to use > pulseaudio to play audio. Merged. > Signed-off-by: Guido Trentalancia > --- > policy/modules/contrib/mozilla.te | 9 ++++ > policy/modules/contrib/pulseaudio.if | 77 +++++++++++++++++++++++++++++++++++ > 2 files changed, 86 insertions(+) > > --- refpolicy-git-06082016-orig/policy/modules/contrib/mozilla.te 2016-09-10 18:09:13.357710355 +0200 > +++ refpolicy-git-06082016/policy/modules/contrib/mozilla.te 2016-09-10 18:07:16.322739208 +0200 > @@ -234,6 +239,11 @@ tunable_policy(`use_samba_home_dirs',` > ') > > optional_policy(` > + alsa_read_config(mozilla_t) > + alsa_read_home_files(mozilla_t) > +') > + > +optional_policy(` > apache_read_user_scripts(mozilla_t) > apache_read_user_content(mozilla_t) > ') > @@ -292,6 +305,8 @@ optional_policy(` > > optional_policy(` > pulseaudio_run(mozilla_t, mozilla_roles) > + pulseaudio_rw_tmpfs_files(mozilla_t) > + pulseaudio_use_fds(mozilla_t) > ') > > optional_policy(` > @@ -561,6 +580,8 @@ optional_policy(` > > optional_policy(` > pulseaudio_run(mozilla_plugin_t, mozilla_plugin_roles) > + pulseaudio_rw_tmpfs_files(mozilla_plugin_t) > + pulseaudio_use_fds(mozilla_plugin_t) > ') > > optional_policy(` > --- refpolicy-git-06082016-orig/policy/modules/contrib/pulseaudio.if 2016-08-20 03:45:31.740027060 +0200 > +++ refpolicy-git-06082016/policy/modules/contrib/pulseaudio.if 2016-08-20 00:25:39.112517500 +0200 > @@ -346,3 +347,80 @@ interface(`pulseaudio_tmpfs_content',` > > typeattribute $1 pulseaudio_tmpfsfile; > ') > + > +####################################### > +## > +## Read pulseaudio tmpfs files. > +## > +## > +## > +## Domain allowed access. > +## > +## > +# > +interface(`pulseaudio_read_tmpfs_files',` > + gen_require(` > + type pulseaudio_tmpfs_t; > + ') > + > + fs_search_tmpfs($1) > + read_files_pattern($1, pulseaudio_tmpfs_t, pulseaudio_tmpfs_t) > +') > + > +####################################### > +## > +## Read and write pulseaudio tmpfs > +## files. > +## > +## > +## > +## Domain allowed access. > +## > +## > +# > +interface(`pulseaudio_rw_tmpfs_files',` > + gen_require(` > + type pulseaudio_tmpfs_t; > + ') > + > + fs_search_tmpfs($1) > + rw_files_pattern($1, pulseaudio_tmpfs_t, pulseaudio_tmpfs_t) > +') > + > +######################################## > +## > +## Use file descriptors for > +## pulseaudio. > +## > +## > +## > +## Domain allowed access. > +## > +## > +# > +interface(`pulseaudio_use_fds',` > + gen_require(` > + type pulseaudio_t; > + ') > + > + allow $1 pulseaudio_t:fd use; > +') > + > +######################################## > +## > +## Do not audit attempts to use the > +## file descriptors for pulseaudio. > +## > +## > +## > +## Domain allowed access. > +## > +## > +# > +interface(`pulseaudio_dontaudit_use_fds',` > + gen_require(` > + type pulseaudio_t; > + ') > + > + dontaudit $1 pulseaudio_t:fd use; > +') > _______________________________________________ > refpolicy mailing list > refpolicy at oss.tresys.com > http://oss.tresys.com/mailman/listinfo/refpolicy > -- Chris PeBenito