[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/

Jason Zaman Wed, 01 Jun 2016 23:33:19 -0700

commit:     ccd334f66ed8b61c6fc43223ff504a9511eab158
Author:     Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Wed Jun  1 16:12:39 2016 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Wed Jun  1 18:32:45 2016 +0000
URL:        
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=ccd334f6


pulseaudio: fcontext and filetrans for runtime

 policy/modules/contrib/pulseaudio.fc | 1 +
 policy/modules/contrib/pulseaudio.te | 7 ++++++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/policy/modules/contrib/pulseaudio.fc 
b/policy/modules/contrib/pulseaudio.fc
index 9cc63f6..cde5a80 100644
--- a/policy/modules/contrib/pulseaudio.fc
+++ b/policy/modules/contrib/pulseaudio.fc
@@ -7,6 +7,7 @@ HOME_DIR/\.pulse-cookie --      
gen_context(system_u:object_r:pulseaudio_home_t,s0)
 /var/lib/pulse(/.*)?   gen_context(system_u:object_r:pulseaudio_var_lib_t,s0)
 
 /var/run/pulse(/.*)?   gen_context(system_u:object_r:pulseaudio_var_run_t,s0)
+/var/run/%{USERID}/pulse(/.*)? 
gen_context(system_u:object_r:pulseaudio_tmp_t,s0)
 
 
 ifdef(`distro_gentoo',`

diff --git a/policy/modules/contrib/pulseaudio.te 
b/policy/modules/contrib/pulseaudio.te
index 9b8d84e..94b7ef4 100644
--- a/policy/modules/contrib/pulseaudio.te
+++ b/policy/modules/contrib/pulseaudio.te
@@ -56,6 +56,7 @@ manage_dirs_pattern(pulseaudio_t, pulseaudio_tmp_t, 
pulseaudio_tmp_t)
 manage_files_pattern(pulseaudio_t, pulseaudio_tmp_t, pulseaudio_tmp_t)
 manage_sock_files_pattern(pulseaudio_t, pulseaudio_tmp_t, pulseaudio_tmp_t)
 files_tmp_filetrans(pulseaudio_t, pulseaudio_tmp_t, dir)
+userdom_user_runtime_filetrans(pulseaudio_t, pulseaudio_tmp_t, dir)
 userdom_user_tmp_filetrans(pulseaudio_t, pulseaudio_tmp_t, file, 
"autospawn.lock")
 userdom_user_tmp_filetrans(pulseaudio_t, pulseaudio_tmp_t, file, "pid")
 userdom_user_tmp_filetrans(pulseaudio_t, pulseaudio_tmp_t, sock_file, 
"dbus-socket")
@@ -203,8 +204,11 @@ optional_policy(`
 #
 
 allow pulseaudio_client self:unix_dgram_socket sendto;
+allow pulseaudio_client self:process signull;
 
-allow pulseaudio_client pulseaudio_client:process signull;
+allow pulseaudio_client pulseaudio_tmp_t:dir manage_dir_perms;
+allow pulseaudio_client pulseaudio_tmp_t:file manage_file_perms;
+allow pulseaudio_client pulseaudio_tmp_t:sock_file manage_sock_file_perms;
 
 read_files_pattern(pulseaudio_client, { pulseaudio_tmpfsfile 
pulseaudio_tmpfs_t }, { pulseaudio_tmpfsfile pulseaudio_tmpfs_t })
 delete_files_pattern(pulseaudio_client, pulseaudio_tmpfsfile, 
pulseaudio_tmpfsfile)
@@ -228,6 +232,7 @@ 
pulseaudio_home_filetrans_pulseaudio_home(pulseaudio_client, file, ".pulse-cooki
 pulseaudio_signull(pulseaudio_client)
 
 userdom_read_user_tmpfs_files(pulseaudio_client)
+userdom_user_runtime_filetrans(pulseaudio_client, pulseaudio_tmp_t, dir, 
"pulse")
 # userdom_delete_user_tmpfs_files(pulseaudio_client)
 
 tunable_policy(`use_nfs_home_dirs',`

[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/

Reply via email to