Update the pulseaudio module, so that:
- the pulseaudio server can send the signull signal to its clients;
- the pulseaudio server can manage not only pulseaudio_tmpfs files
but all pulseaudio_tmpfs_content;
- pulseaudio clients can also write and not just read pulseaudio
content files in the temporary filesystems (tmpfs);
- pulseaudio clients can use file descriptors for pulseaudio.
This patch has been triggered by recent testing of the games module
and it makes the following patch obsolete (not applied yet):
[PATCH 2/2] pulseaudio: improve the support for Gnome games
http://oss.tresys.com/pipermail/refpolicy/2016-December/008651.html
It also makes obsolete interface calls to the following interfaces
in addition to pulseaudio_run(): pulseaudio_rw_tmpfs_files() and
pulseaudio_use_fds(). These are currently used in the mozilla
module (removed in part 2/2 of this patchset).
Signed-off-by: Guido Trentalancia <[email protected]>
---
policy/modules/contrib/pulseaudio.if | 1 +
policy/modules/contrib/pulseaudio.te | 5 +++--
2 files changed, 4 insertions(+), 2 deletions(-)
diff -pruN refpolicy-git-07122016-orig/policy/modules/contrib/pulseaudio.if refpolicy-git-07122016/policy/modules/contrib/pulseaudio.if
--- refpolicy-git-07122016-orig/policy/modules/contrib/pulseaudio.if 2016-09-27 16:28:51.964139648 +0200
+++ refpolicy-git-07122016/policy/modules/contrib/pulseaudio.if 2016-12-09 21:37:37.848562623 +0100
@@ -40,6 +40,7 @@ interface(`pulseaudio_role',`
allow $2 pulseaudio_tmp_t:sock_file { manage_sock_file_perms relabel_sock_file_perms };
allow pulseaudio_t $2:unix_stream_socket connectto;
+ allow pulseaudio_t $2:process signull;
')
########################################
diff -pruN refpolicy-git-07122016-orig/policy/modules/contrib/pulseaudio.te refpolicy-git-07122016/policy/modules/contrib/pulseaudio.te
--- refpolicy-git-07122016-orig/policy/modules/contrib/pulseaudio.te 2016-12-08 18:23:09.689033221 +0100
+++ refpolicy-git-07122016/policy/modules/contrib/pulseaudio.te 2016-12-09 21:48:58.706665014 +0100
@@ -72,7 +72,7 @@ userdom_user_tmp_filetrans(pulseaudio_t,
userdom_user_tmp_filetrans(pulseaudio_t, pulseaudio_tmp_t, sock_file, "native")
manage_dirs_pattern(pulseaudio_t, pulseaudio_tmpfs_t, pulseaudio_tmpfs_t)
-manage_files_pattern(pulseaudio_t, pulseaudio_tmpfs_t, pulseaudio_tmpfs_t)
+manage_files_pattern(pulseaudio_t, pulseaudio_tmpfs_t, { pulseaudio_tmpfs_t pulseaudio_tmpfsfile })
fs_tmpfs_filetrans(pulseaudio_t, pulseaudio_tmpfs_t, { dir file })
manage_dirs_pattern(pulseaudio_t, pulseaudio_var_lib_t, pulseaudio_var_lib_t)
@@ -237,7 +237,7 @@ allow pulseaudio_client pulseaudio_tmp_t
allow pulseaudio_client pulseaudio_tmp_t:file manage_file_perms;
allow pulseaudio_client pulseaudio_tmp_t:sock_file manage_sock_file_perms;
-read_files_pattern(pulseaudio_client, { pulseaudio_tmpfsfile pulseaudio_tmpfs_t }, { pulseaudio_tmpfsfile pulseaudio_tmpfs_t })
+rw_files_pattern(pulseaudio_client, { pulseaudio_tmpfsfile pulseaudio_tmpfs_t }, { pulseaudio_tmpfsfile pulseaudio_tmpfs_t })
delete_files_pattern(pulseaudio_client, pulseaudio_tmpfsfile, pulseaudio_tmpfsfile)
fs_getattr_tmpfs(pulseaudio_client)
@@ -257,6 +257,7 @@ pulseaudio_home_filetrans_pulseaudio_hom
pulseaudio_home_filetrans_pulseaudio_home(pulseaudio_client, file, ".esd_auth")
pulseaudio_home_filetrans_pulseaudio_home(pulseaudio_client, file, ".pulse-cookie")
pulseaudio_signull(pulseaudio_client)
+pulseaudio_use_fds(pulseaudio_client)
userdom_read_user_tmpfs_files(pulseaudio_client)
userdom_user_runtime_filetrans(pulseaudio_client, pulseaudio_tmp_t, dir, "pulse")
Remove two pulseaudio interface calls from the mozilla module
that have been made redundant by part 1/2 of this patchset.
Signed-off-by: Guido Trentalancia <[email protected]>
---
policy/modules/contrib/mozilla.te | 4 ----
1 file changed, 4 deletions(-)
--- refpolicy-git-07122016-orig/policy/modules/contrib/mozilla.te 2016-12-07 13:39:50.051911134 +0100
+++ refpolicy-git-07122016/policy/modules/contrib/mozilla.te 2016-12-09 21:58:38.937369122 +0100
@@ -302,8 +302,6 @@ optional_policy(`
optional_policy(`
pulseaudio_run(mozilla_t, mozilla_roles)
- pulseaudio_rw_tmpfs_files(mozilla_t)
- pulseaudio_use_fds(mozilla_t)
')
optional_policy(`
@@ -573,8 +571,6 @@ optional_policy(`
optional_policy(`
pulseaudio_run(mozilla_plugin_t, mozilla_plugin_roles)
- pulseaudio_rw_tmpfs_files(mozilla_plugin_t)
- pulseaudio_use_fds(mozilla_plugin_t)
')
optional_policy(`
On 12/09/16 16:10, Guido Trentalancia via refpolicy wrote:
> Update the pulseaudio module, so that:
> - the pulseaudio server can send the signull signal to its clients;
> - the pulseaudio server can manage not only pulseaudio_tmpfs files
> but all pulseaudio_tmpfs_content;
> - pulseaudio clients can also write and not just read pulseaudio
> content files in the temporary filesystems (tmpfs);
> - pulseaudio clients can use file descriptors for pulseaudio.
>
> This patch has been triggered by recent testing of the games module
> and it makes the following patch obsolete (not applied yet):
>
> [PATCH 2/2] pulseaudio: improve the support for Gnome games
> http://oss.tresys.com/pipermail/refpolicy/2016-December/008651.html
>
> It also makes obsolete interface calls to the following interfaces
> in addition to pulseaudio_run(): pulseaudio_rw_tmpfs_files() and
> pulseaudio_use_fds(). These are currently used in the mozilla
> module (removed in part 2/2 of this patchset).
Merged.
> Signed-off-by: Guido Trentalancia <[email protected]>
> ---
> policy/modules/contrib/pulseaudio.if | 1 +
> policy/modules/contrib/pulseaudio.te | 5 +++--
> 2 files changed, 4 insertions(+), 2 deletions(-)
>
> diff -pruN refpolicy-git-07122016-orig/policy/modules/contrib/pulseaudio.if refpolicy-git-07122016/policy/modules/contrib/pulseaudio.if
> --- refpolicy-git-07122016-orig/policy/modules/contrib/pulseaudio.if 2016-09-27 16:28:51.964139648 +0200
> +++ refpolicy-git-07122016/policy/modules/contrib/pulseaudio.if 2016-12-09 21:37:37.848562623 +0100
> @@ -40,6 +40,7 @@ interface(`pulseaudio_role',`
> allow $2 pulseaudio_tmp_t:sock_file { manage_sock_file_perms relabel_sock_file_perms };
>
> allow pulseaudio_t $2:unix_stream_socket connectto;
> + allow pulseaudio_t $2:process signull;
> ')
>
> ########################################
> diff -pruN refpolicy-git-07122016-orig/policy/modules/contrib/pulseaudio.te refpolicy-git-07122016/policy/modules/contrib/pulseaudio.te
> --- refpolicy-git-07122016-orig/policy/modules/contrib/pulseaudio.te 2016-12-08 18:23:09.689033221 +0100
> +++ refpolicy-git-07122016/policy/modules/contrib/pulseaudio.te 2016-12-09 21:48:58.706665014 +0100
> @@ -72,7 +72,7 @@ userdom_user_tmp_filetrans(pulseaudio_t,
> userdom_user_tmp_filetrans(pulseaudio_t, pulseaudio_tmp_t, sock_file, "native")
>
> manage_dirs_pattern(pulseaudio_t, pulseaudio_tmpfs_t, pulseaudio_tmpfs_t)
> -manage_files_pattern(pulseaudio_t, pulseaudio_tmpfs_t, pulseaudio_tmpfs_t)
> +manage_files_pattern(pulseaudio_t, pulseaudio_tmpfs_t, { pulseaudio_tmpfs_t pulseaudio_tmpfsfile })
> fs_tmpfs_filetrans(pulseaudio_t, pulseaudio_tmpfs_t, { dir file })
>
> manage_dirs_pattern(pulseaudio_t, pulseaudio_var_lib_t, pulseaudio_var_lib_t)
> @@ -237,7 +237,7 @@ allow pulseaudio_client pulseaudio_tmp_t
> allow pulseaudio_client pulseaudio_tmp_t:file manage_file_perms;
> allow pulseaudio_client pulseaudio_tmp_t:sock_file manage_sock_file_perms;
>
> -read_files_pattern(pulseaudio_client, { pulseaudio_tmpfsfile pulseaudio_tmpfs_t }, { pulseaudio_tmpfsfile pulseaudio_tmpfs_t })
> +rw_files_pattern(pulseaudio_client, { pulseaudio_tmpfsfile pulseaudio_tmpfs_t }, { pulseaudio_tmpfsfile pulseaudio_tmpfs_t })
> delete_files_pattern(pulseaudio_client, pulseaudio_tmpfsfile, pulseaudio_tmpfsfile)
>
> fs_getattr_tmpfs(pulseaudio_client)
> @@ -257,6 +257,7 @@ pulseaudio_home_filetrans_pulseaudio_hom
> pulseaudio_home_filetrans_pulseaudio_home(pulseaudio_client, file, ".esd_auth")
> pulseaudio_home_filetrans_pulseaudio_home(pulseaudio_client, file, ".pulse-cookie")
> pulseaudio_signull(pulseaudio_client)
> +pulseaudio_use_fds(pulseaudio_client)
>
> userdom_read_user_tmpfs_files(pulseaudio_client)
> userdom_user_runtime_filetrans(pulseaudio_client, pulseaudio_tmp_t, dir, "pulse")
--
Chris PeBenito
On 12/09/16 16:10, Guido Trentalancia via refpolicy wrote:
> Remove two pulseaudio interface calls from the mozilla module
> that have been made redundant by part 1/2 of this patchset.
>
> Signed-off-by: Guido Trentalancia <[email protected]>
> ---
> policy/modules/contrib/mozilla.te | 4 ----
> 1 file changed, 4 deletions(-)
>
> --- refpolicy-git-07122016-orig/policy/modules/contrib/mozilla.te 2016-12-07 13:39:50.051911134 +0100
> +++ refpolicy-git-07122016/policy/modules/contrib/mozilla.te 2016-12-09 21:58:38.937369122 +0100
> @@ -302,8 +302,6 @@ optional_policy(`
>
> optional_policy(`
> pulseaudio_run(mozilla_t, mozilla_roles)
> - pulseaudio_rw_tmpfs_files(mozilla_t)
> - pulseaudio_use_fds(mozilla_t)
> ')
>
> optional_policy(`
> @@ -573,8 +571,6 @@ optional_policy(`
>
> optional_policy(`
> pulseaudio_run(mozilla_plugin_t, mozilla_plugin_roles)
> - pulseaudio_rw_tmpfs_files(mozilla_plugin_t)
> - pulseaudio_use_fds(mozilla_plugin_t)
> ')
>
> optional_policy(`
Merged.
--
Chris PeBenito