From: guido@trentalancia.net (Guido Trentalancia) Date: Sun, 11 Sep 2016 17:22:19 +0200 Subject: [refpolicy] [PATCH] mozilla: let mozilla play audio In-Reply-To: <88e4da55-6d3a-5d36-a54f-98b83cc86038@gmail.com> References: <1473524806.18488.3.camel@trentalancia.net> <88e4da55-6d3a-5d36-a54f-98b83cc86038@gmail.com> Message-ID: <1473607339.18488.9.camel@trentalancia.net> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Hello Dominick (and cc Chris) ! On Sun, 11/09/2016 at 15.21 +0200, Dominick Grift via refpolicy wrote: > On 09/10/2016 06:26 PM, Guido Trentalancia via refpolicy wrote: > > > > Let mozilla play audio: > > > > - add new interfaces to the pulseaudio module; > > - let mozilla read alsa configuration files; > > - add further permissions to mozilla needed to use > > ? pulseaudio to play audio. > > > > Signed-off-by: Guido Trentalancia > > --- > > ?policy/modules/contrib/mozilla.te????|????9 ++++ > > ?policy/modules/contrib/pulseaudio.if |???77 > > +++++++++++++++++++++++++++++++++++ > > ?2 files changed, 86 insertions(+) [...] > Applies to all pulseaudio clients, so this should have been added to > pulseaudio.te instead: I am fine with improving this. > optional_policy(` > alsa_read_config(pulseaudio_client) > alsa_read_home_files(pulseaudio_client) > ') and this: > > > > + pulseaudio_use_fds(mozilla_t) > > This applies to all pulseaudio_client and thus should be added to > pulseaudio.te as follows instead: > > pulseaudio_use_fds(pulseaudio_client) as long as it is also fine to Christopher. The other change (delete instead of read/write) doesn't make a big difference in my opinion. Here is the small diff: Improvements to the mozilla and pulseaudio modules as suggested by Dominick Grift. policy/modules/contrib/mozilla.te | 14 -------------- policy/modules/contrib/pulseaudio.te | 8 ++++++++ 2 files changed, 8 insertions(+), 14 deletions(-) --- refpolicy-git-06082016-orig/policy/modules/contrib/mozilla.te 2016-09-11 17:05:47.916850416 +0200 +++ refpolicy-git-06082016/policy/modules/contrib/mozilla.te 2016-09-11 17:05:27.911531798 +0200 @@ -234,11 +267,6 @@ tunable_policy(`use_samba_home_dirs',` ') optional_policy(` - alsa_read_config(mozilla_t) - alsa_read_home_files(mozilla_t) -') - -optional_policy(` apache_read_user_scripts(mozilla_t) apache_read_user_content(mozilla_t) ') @@ -297,8 +329,6 @@ optional_policy(` optional_policy(` pulseaudio_run(mozilla_t, mozilla_roles) - pulseaudio_rw_tmpfs_files(mozilla_t) - pulseaudio_use_fds(mozilla_t) ') optional_policy(` @@ -525,11 +569,6 @@ tunable_policy(`use_samba_home_dirs',` ') optional_policy(` - alsa_read_config(mozilla_plugin_t) - alsa_read_home_files(mozilla_plugin_t) -') - -optional_policy(` automount_dontaudit_getattr_tmp_dirs(mozilla_plugin_t) ') @@ -568,8 +607,6 @@ optional_policy(` optional_policy(` pulseaudio_run(mozilla_plugin_t, mozilla_plugin_roles) - pulseaudio_rw_tmpfs_files(mozilla_plugin_t) - pulseaudio_use_fds(mozilla_plugin_t) ') optional_policy(` --- refpolicy-git-06082016-orig/policy/modules/contrib/pulseaudio.te 2016-08-20 03:45:31.741027074 +0200 +++ refpolicy-git-06082016/policy/modules/contrib/pulseaudio.te 2016-09-11 17:15:40.155169246 +0200 @@ -231,6 +258,9 @@ pulseaudio_home_filetrans_pulseaudio_hom pulseaudio_home_filetrans_pulseaudio_home(pulseaudio_client, file, ".pulse-cookie") pulseaudio_signull(pulseaudio_client) +pulseaudio_rw_tmpfs_files(pulseaudio_client) +pulseaudio_use_fds(pulseaudio_client) + userdom_read_user_tmpfs_files(pulseaudio_client) userdom_user_runtime_filetrans(pulseaudio_client, pulseaudio_tmp_t, dir, "pulse") # userdom_delete_user_tmpfs_files(pulseaudio_client) @@ -250,6 +280,11 @@ tunable_policy(`use_samba_home_dirs',` ') optional_policy(` + alsa_read_config(pulseaudio_client) + alsa_read_home_files(pulseaudio_client) +') + +optional_policy(` pulseaudio_dbus_chat(pulseaudio_client) ')