From: guido@trentalancia.net (Guido Trentalancia)
Date: Fri, 09 Dec 2016 17:58:55 +0100
Subject: [refpolicy] [PATCH 1/2] games: general update and improved
 pulseaudio integration
In-Reply-To: <23921624-9a6c-e27e-9c96-eaf27b42e329@gmail.com>
References: <1481216996.20182.5.camel@trentalancia.net>
	<6f6a7bd9-45f2-9f77-b8d8-ff2c93301acc@gmail.com>
	<1481297005.21097.2.camel@trentalancia.net>
	<23921624-9a6c-e27e-9c96-eaf27b42e329@gmail.com>
Message-ID: <1481302735.15060.2.camel@trentalancia.net>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Fri, 09/12/2016 at 16.27 +0100, Dominick Grift via refpolicy wrote:
> On 12/09/2016 04:23 PM, Guido Trentalancia via refpolicy wrote:
> > 
> > Hello.
> > 
> > On Thu, 08/12/2016 at 18.36 +0100, Dominick Grift via refpolicy
> > wrote:
> > > 
> > > On 12/08/2016 06:09 PM, Guido Trentalancia via refpolicy wrote:
> > > > 
> > > > 
> > > > Update for the games module and improved integration with
> > > > pulseaudio.
> > > > 
> > > > This patch also introduces a new interface needed by later
> > > > versions
> > > > of a recently posted window manager (wm) patch.
> > > > 
> > > 
> > > It has been a while since i looked at the pulseaudio policy but i
> > > suspect you only need:
> > > 
> > > pulseaudio_tmpfs_content(games_tmpfs_t)
> > > pulseaudio_run(games_t, games_roles)
> > 
> > The pulseaudio_tmpfs_content() interface does not work. It keeps
> > creating files with the games_tmpfs_t type...
> 
> that is how it should behave.
> 
> processes sometimes use tmpfs content for various purposes. like for
> example games does. So pulseaudio_tmpfs_content() just tells selinux:
> games_tmpfs_t is also used for pulseaudio tmpfs files.
> 
> this then allows other pulseaudio clients to r/w and delete files
> with
> that type.
> 
> Because pa clients need to be able to r/w and delete eachothers files
> in
> /dev/shm

A full file transition to pulseaudio_tmpfs_t is needed instead of
the?pulseaudio_tmpfs_content() interface.

The latter is limited and the games module is showing that.

> > > The above should take care of everything except
> > > dbus_all_session_bus_client(games_t). It relies heavily on the
> > > use of
> > > type attributes.
> > > 
> > > have a close look at pulseaudio module, and focus on the
> > > pulseaudio_client and pulseaudio_tmpfsfile type attributes
> > 

Guido