commit: e7eb672259ff2b2955cbd5f991182de9c7464c31
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Thu Mar 16 08:14:39 2017 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Thu Mar 16 08:14:39 2017 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=e7eb6722
pulseaudio: alias pulseaudio_xdg_config_t to pulseaudio_home_t
pulseaudio_home_t was added upstream on ~/.config/pulse/ so our
_xdg_config_t can be removed
policy/modules/contrib/pulseaudio.fc | 7 +------
policy/modules/contrib/pulseaudio.te | 24 ++++--------------------
2 files changed, 5 insertions(+), 26 deletions(-)
diff --git a/policy/modules/contrib/pulseaudio.fc
b/policy/modules/contrib/pulseaudio.fc
index 2ee04dce..78ae21c1 100644
--- a/policy/modules/contrib/pulseaudio.fc
+++ b/policy/modules/contrib/pulseaudio.fc
@@ -1,7 +1,7 @@
HOME_DIR/\.esd_auth --
gen_context(system_u:object_r:pulseaudio_home_t,s0)
HOME_DIR/\.pulse(/.*)? gen_context(system_u:object_r:pulseaudio_home_t,s0)
HOME_DIR/\.pulse-cookie --
gen_context(system_u:object_r:pulseaudio_home_t,s0)
-HOME_DIR/\.config/pulse(/.*)? --
gen_context(system_u:object_r:pulseaudio_home_t,s0)
+HOME_DIR/\.config/pulse(/.*)?
gen_context(system_u:object_r:pulseaudio_home_t,s0)
/usr/bin/pulseaudio --
gen_context(system_u:object_r:pulseaudio_exec_t,s0)
@@ -9,8 +9,3 @@ HOME_DIR/\.config/pulse(/.*)? --
gen_context(system_u:object_r:pulseaudio_home_t
/run/pulse(/.*)? gen_context(system_u:object_r:pulseaudio_var_run_t,s0)
/run/user/%{USERID}/pulse(/.*)?
gen_context(system_u:object_r:pulseaudio_tmp_t,s0)
-
-
-ifdef(`distro_gentoo',`
-HOME_DIR/\.config/pulse(/.*)?
gen_context(system_u:object_r:pulseaudio_xdg_config_t,s0)
-')
diff --git a/policy/modules/contrib/pulseaudio.te
b/policy/modules/contrib/pulseaudio.te
index ac9811ea..b4154208 100644
--- a/policy/modules/contrib/pulseaudio.te
+++ b/policy/modules/contrib/pulseaudio.te
@@ -290,28 +290,12 @@ optional_policy(`
')
ifdef(`distro_gentoo',`
- type pulseaudio_xdg_config_t;
- xdg_config_home_content(pulseaudio_xdg_config_t)
+ typealias pulseaudio_home_t alias pulseaudio_xdg_config_t;
- # create ~/.config/pulse/
- manage_files_pattern(pulseaudio_t, pulseaudio_xdg_config_t,
pulseaudio_xdg_config_t)
- manage_lnk_files_pattern(pulseaudio_t, pulseaudio_xdg_config_t,
pulseaudio_xdg_config_t)
- manage_dirs_pattern(pulseaudio_t, pulseaudio_xdg_config_t,
pulseaudio_xdg_config_t)
- xdg_config_home_filetrans(pulseaudio_t, pulseaudio_xdg_config_t, dir,
"pulse")
-
- # pulseaudio cannot manage the files from its clients
- allow pulseaudio_t pulseaudio_tmpfsfile:file manage_file_perms;
-
- # pulseaudio client perms on ~/.config/pulse/
- manage_files_pattern(pulseaudio_client, pulseaudio_xdg_config_t,
pulseaudio_xdg_config_t)
- manage_lnk_files_pattern(pulseaudio_client, pulseaudio_xdg_config_t,
pulseaudio_xdg_config_t)
- manage_dirs_pattern(pulseaudio_client, pulseaudio_xdg_config_t,
pulseaudio_xdg_config_t)
- xdg_config_home_filetrans(pulseaudio_client, pulseaudio_xdg_config_t,
dir, "pulse")
+ # ~/.config/pulse/
+ xdg_config_home_filetrans(pulseaudio_t, pulseaudio_home_t, dir, "pulse")
+ xdg_config_home_filetrans(pulseaudio_client, pulseaudio_home_t, dir,
"pulse")
# /tmp/pulse-* gets created by the clients usually as user_tmp_t, bug
556526
userdom_list_user_tmp(pulseaudio_client)
-
- # pulse 7 uses fds
- allow pulseaudio_client pulseaudio_t:fd use;
- allow pulseaudio_client pulseaudio_tmpfs_t:file rw_file_perms;
')
