From: guido@trentalancia.net (Guido Trentalancia)
Date: Fri, 09 Dec 2016 18:10:06 +0100
Subject: [refpolicy] [PATCH v2 1/2] games: general update and improved
 pulseaudio integration
In-Reply-To: <1481302735.15060.2.camel@trentalancia.net>
References: <1481216996.20182.5.camel@trentalancia.net>
	<6f6a7bd9-45f2-9f77-b8d8-ff2c93301acc@gmail.com>
	<1481297005.21097.2.camel@trentalancia.net>
	<23921624-9a6c-e27e-9c96-eaf27b42e329@gmail.com>
	<1481302735.15060.2.camel@trentalancia.net>
Message-ID: <1481303406.15060.6.camel@trentalancia.net>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Fri, 09/12/2016 at 17.58 +0100, Guido Trentalancia via refpolicy
wrote:
> On Fri, 09/12/2016 at 16.27 +0100, Dominick Grift via refpolicy
> wrote:
> > 
> > On 12/09/2016 04:23 PM, Guido Trentalancia via refpolicy wrote:
> > > 
> > > 
> > > Hello.
> > > 
> > > On Thu, 08/12/2016 at 18.36 +0100, Dominick Grift via refpolicy
> > > wrote:
> > > > 
> > > > 
> > > > On 12/08/2016 06:09 PM, Guido Trentalancia via refpolicy wrote:
> > > > > 
> > > > > 
> > > > > 
> > > > > Update for the games module and improved integration with
> > > > > pulseaudio.
> > > > > 
> > > > > This patch also introduces a new interface needed by later
> > > > > versions
> > > > > of a recently posted window manager (wm) patch.
> > > > > 
> > > > 
> > > > It has been a while since i looked at the pulseaudio policy but
> > > > i
> > > > suspect you only need:
> > > > 
> > > > pulseaudio_tmpfs_content(games_tmpfs_t)
> > > > pulseaudio_run(games_t, games_roles)
> > > 
> > > The pulseaudio_tmpfs_content() interface does not work. It keeps
> > > creating files with the games_tmpfs_t type...
> > 
> > that is how it should behave.
> > 
> > processes sometimes use tmpfs content for various purposes. like
> > for
> > example games does. So pulseaudio_tmpfs_content() just tells
> > selinux:
> > games_tmpfs_t is also used for pulseaudio tmpfs files.
> > 
> > this then allows other pulseaudio clients to r/w and delete files
> > with
> > that type.
> > 
> > Because pa clients need to be able to r/w and delete eachothers
> > files
> > in
> > /dev/shm
> 
> A full file transition to pulseaudio_tmpfs_t is needed instead of
> the?pulseaudio_tmpfs_content() interface.
> 
> The latter is limited and the games module is showing that.

I am going to change (v2) the patch as you suggested just to make it
coherent with the rest of the policy.

However, the pulseaudio module needs to be tackled soon because it has
limitations that are showing up...

[cut]

Update for the games module and improved integration with pulseaudio.

This patch introduces a new interface needed by later versions of a
recently posted window manager (wm) patch.

In the second version of this patch, two existing pulseaudio interfaces
are used (pulseaudio_tmpfs_content and pulseaudio_run).

The second part of this patch (2/2, tackling the pulseaudio module
only) remains unchanged.

Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
---
 policy/modules/contrib/games.if |   79 +++++++++++++++++++++++++++++++++++++++-
 policy/modules/contrib/games.te |   20 ++++++++++
 2 files changed, 98 insertions(+), 1 deletion(-)

diff -pruN refpolicy-git-07122016-orig/policy/modules/contrib/games.if refpolicy-git-07122016/policy/modules/contrib/games.if
--- refpolicy-git-07122016-orig/policy/modules/contrib/games.if	2016-12-08 18:23:14.044084368 +0100
+++ refpolicy-git-07122016/policy/modules/contrib/games.if	2016-12-08 22:30:41.355242647 +0100
@@ -42,7 +42,6 @@ interface(`games_role',`
 ########################################
 ## <summary>
 ##	Read and write games data files.
-##	games data.
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -58,3 +57,81 @@ interface(`games_rw_data',`
 	files_search_var_lib($1)
 	rw_files_pattern($1, games_data_t, games_data_t)
 ')
+
+########################################
+## <summary>
+##	Read games tmpfs files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`games_read_tmpfs_files',`
+	gen_require(`
+		type games_tmpfs_t;
+	')
+
+	fs_search_tmpfs($1)
+	read_files_pattern($1, games_tmpfs_t, games_tmpfs_t)
+')
+
+########################################
+## <summary>
+##	Run a game in the game domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+interface(`games_domtrans',`
+	gen_require(`
+		type games_t, games_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, games_exec_t, games_t)
+')
+
+########################################
+## <summary>
+##	Send null signals to games
+##	processes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`games_signull',`
+	gen_require(`
+		type games_t;
+	')
+
+	allow $1 games_t:process signull;
+')
+
+########################################
+## <summary>
+##	Send and receive messages from
+##	games over dbus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`games_dbus_chat',`
+	gen_require(`
+		type games_t;
+		class dbus send_msg;
+	')
+
+	allow $1 games_t:dbus send_msg;
+	allow games_t $1:dbus send_msg;
+')
diff -pruN refpolicy-git-07122016-orig/policy/modules/contrib/games.te refpolicy-git-07122016/policy/modules/contrib/games.te
--- refpolicy-git-07122016-orig/policy/modules/contrib/games.te	2016-12-08 18:23:14.044084368 +0100
+++ refpolicy-git-07122016/policy/modules/contrib/games.te	2016-12-09 17:36:59.751649604 +0100
@@ -42,6 +42,10 @@ typealias games_tmpfs_t alias { user_gam
 typealias games_tmpfs_t alias { auditadm_games_tmpfs_t secadm_games_tmpfs_t };
 userdom_user_tmpfs_file(games_tmpfs_t)
 
+optional_policy(`
+	pulseaudio_tmpfs_content(games_tmpfs_t)
+')
+
 ########################################
 #
 # Server local policy
@@ -95,6 +99,7 @@ optional_policy(`
 # Client local policy
 #
 
+allow games_t self:fifo_file rw_file_perms;
 allow games_t self:sem create_sem_perms;
 allow games_t self:tcp_socket { accept listen };
 
@@ -137,6 +142,7 @@ dev_read_sound(games_t)
 dev_read_input(games_t)
 dev_read_mouse(games_t)
 dev_read_urand(games_t)
+dev_rw_dri(games_t)
 dev_write_sound(games_t)
 
 files_list_var(games_t)
@@ -146,6 +152,9 @@ files_read_etc_files(games_t)
 files_read_usr_files(games_t)
 files_read_var_files(games_t)
 
+fs_dontaudit_getattr_xattr_fs(games_t)
+fs_getattr_tmpfs(games_t)
+
 init_dontaudit_rw_utmp(games_t)
 
 logging_dontaudit_search_logs(games_t)
@@ -166,10 +175,21 @@ tunable_policy(`allow_execmem',`
 ')
 
 optional_policy(`
+	dbus_all_session_bus_client(games_t)
+	dbus_connect_all_session_bus(games_t)
+')
+
+optional_policy(`
 	nscd_use(games_t)
 ')
 
 optional_policy(`
+	pulseaudio_run(games_t, games_roles)
+	pulseaudio_rw_tmpfs_files(mozilla_t)
+	pulseaudio_use_fds(mozilla_t)
+')
+
+optional_policy(`
 	xserver_user_x_domain_template(games, games_t, games_tmpfs_t)
 	xserver_create_xdm_tmp_sockets(games_t)
 	xserver_read_xdm_lib_files(games_t)