From: dac.override@gmail.com (Dominick Grift) Date: Fri, 9 Dec 2016 18:03:02 +0100 Subject: [refpolicy] [PATCH 1/2] games: general update and improved pulseaudio integration In-Reply-To: <1481302735.15060.2.camel@trentalancia.net> References: <1481216996.20182.5.camel@trentalancia.net> <6f6a7bd9-45f2-9f77-b8d8-ff2c93301acc@gmail.com> <1481297005.21097.2.camel@trentalancia.net> <23921624-9a6c-e27e-9c96-eaf27b42e329@gmail.com> <1481302735.15060.2.camel@trentalancia.net> Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 12/09/2016 05:58 PM, Guido Trentalancia via refpolicy wrote: > On Fri, 09/12/2016 at 16.27 +0100, Dominick Grift via refpolicy wrote: >> On 12/09/2016 04:23 PM, Guido Trentalancia via refpolicy wrote: >>> >>> Hello. >>> >>> On Thu, 08/12/2016 at 18.36 +0100, Dominick Grift via refpolicy >>> wrote: >>>> >>>> On 12/08/2016 06:09 PM, Guido Trentalancia via refpolicy wrote: >>>>> >>>>> >>>>> Update for the games module and improved integration with >>>>> pulseaudio. >>>>> >>>>> This patch also introduces a new interface needed by later >>>>> versions >>>>> of a recently posted window manager (wm) patch. >>>>> >>>> >>>> It has been a while since i looked at the pulseaudio policy but i >>>> suspect you only need: >>>> >>>> pulseaudio_tmpfs_content(games_tmpfs_t) >>>> pulseaudio_run(games_t, games_roles) >>> >>> The pulseaudio_tmpfs_content() interface does not work. It keeps >>> creating files with the games_tmpfs_t type... >> >> that is how it should behave. >> >> processes sometimes use tmpfs content for various purposes. like for >> example games does. So pulseaudio_tmpfs_content() just tells selinux: >> games_tmpfs_t is also used for pulseaudio tmpfs files. >> >> this then allows other pulseaudio clients to r/w and delete files >> with >> that type. >> >> Because pa clients need to be able to r/w and delete eachothers files >> in >> /dev/shm > > A full file transition to pulseaudio_tmpfs_t is needed instead of > the pulseaudio_tmpfs_content() interface. > > The latter is limited and the games module is showing that. > no i think you're missing the point. These files have random names, and processes that are pulseaudio clients might themselves maintain tmpfs files with random names as well so you can not implement name-based type transitions and you don't want to give "non-pulseaudio clients" access to pulseaudio_tmpfs_t type files I know this implementation looks weird, but it was given some thought before it was implemented. This is something i encourage you do as well: before submitting patches, make sure that things work out in the bigger sceme of things so that it does not have to be reverted at a later point in time. >>>> The above should take care of everything except >>>> dbus_all_session_bus_client(games_t). It relies heavily on the >>>> use of >>>> type attributes. >>>> >>>> have a close look at pulseaudio module, and focus on the >>>> pulseaudio_client and pulseaudio_tmpfsfile type attributes >>> > > Guido > > _______________________________________________ > refpolicy mailing list > refpolicy at oss.tresys.com > http://oss.tresys.com/mailman/listinfo/refpolicy > -- Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02 https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02 Dominick Grift -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 648 bytes Desc: OpenPGP digital signature Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20161209/21a6ad8c/attachment.bin