commit: 79a56036f05b18c433e3243f458c2474a20ba241
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Sat Jun 16 04:21:25 2018 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sat Jun 16 14:35:45 2018 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=79a56036
mplayer: migrate to upstream xdg interfaces
policy/modules/contrib/mplayer.te | 44 +++++++--------------------------------
1 file changed, 8 insertions(+), 36 deletions(-)
diff --git a/policy/modules/contrib/mplayer.te
b/policy/modules/contrib/mplayer.te
index a1af29df..91b9569d 100644
--- a/policy/modules/contrib/mplayer.te
+++ b/policy/modules/contrib/mplayer.te
@@ -13,21 +13,6 @@ policy_module(mplayer, 2.7.1)
## </desc>
gen_tunable(allow_mplayer_execstack, false)
-## <desc>
-## <p>
-## Allow mplayer to read user content
-## </p>
-## </desc>
-gen_tunable(mplayer_read_user_content, true)
-
-## <desc>
-## <p>
-## Allow mplayer to manage user content
-## </p>
-## </desc>
-gen_tunable(mplayer_manage_user_content, false)
-
-
attribute_role mencoder_roles;
attribute_role mplayer_roles;
@@ -98,8 +83,6 @@ userdom_use_user_terminals(mencoder_t)
userdom_manage_user_tmp_dirs(mencoder_t)
userdom_manage_user_tmp_files(mencoder_t)
-userdom_tmp_filetrans_user_tmp(mplayer_t, { dir file })
-userdom_user_runtime_filetrans_user_tmp(mplayer_t, { dir file })
userdom_user_content_access_template(mplayer_mencoder, mencoder_t)
@@ -220,8 +203,15 @@ miscfiles_read_fonts(mplayer_t)
userdom_use_user_terminals(mplayer_t)
+userdom_manage_user_tmp_dirs(mplayer_t)
+userdom_manage_user_tmp_files(mplayer_t)
+userdom_tmp_filetrans_user_tmp(mplayer_t, { dir file })
+userdom_user_runtime_filetrans_user_tmp(mplayer_t, { dir file })
+
userdom_user_content_access_template(mplayer, mplayer_t)
+userdom_write_user_tmp_sockets(mplayer_t)
+
xdg_read_music(mplayer_t)
xdg_read_videos(mplayer_t)
@@ -280,26 +270,8 @@ ifdef(`distro_gentoo',`
# Local mplayer_t policy
#
- xdg_manage_videos_home(mplayer_t)
-
- tunable_policy(`mplayer_read_user_content',`
- userdom_read_user_home_content_files(mplayer_t)
- userdom_read_user_home_content_symlinks(mplayer_t)
- ')
-
- tunable_policy(`mplayer_manage_user_content',`
- userdom_manage_user_tmp_dirs(mplayer_t)
- userdom_manage_user_tmp_files(mplayer_t)
+ tunable_policy(`mplayer_manage_generic_user_content',`
userdom_user_home_dir_filetrans_user_home_content(mplayer_t, {
dir file })
-
- userdom_manage_user_home_content_dirs(mplayer_t)
- userdom_manage_user_home_content_files(mplayer_t)
-
- userdom_write_user_tmp_sockets(mplayer_t)
- ')
-
- optional_policy(`
- pulseaudio_client_domain(mplayer_t, mplayer_tmpfs_t)
')
ifdef(`use_alsa',`
