commit: ad9cc622fb5bef6e37054150efd55ecead438889 Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be> AuthorDate: Sat Jul 5 16:19:14 2014 +0000 Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org> CommitDate: Tue Jul 29 14:05:20 2014 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=ad9cc622
Enable asound.state.lock support asound.state.lock file when managing alsa state operations. Signed-off-by: Sven Vermeulen <sven.vermeulen <AT> siphos.be> --- policy/modules/contrib/alsa.fc | 2 ++ policy/modules/contrib/alsa.te | 6 ++++++ 2 files changed, 8 insertions(+) diff --git a/policy/modules/contrib/alsa.fc b/policy/modules/contrib/alsa.fc index 33d9d31..6c3c0ba 100644 --- a/policy/modules/contrib/alsa.fc +++ b/policy/modules/contrib/alsa.fc @@ -24,3 +24,5 @@ ifdef(`distro_debian',` /usr/share/alsa/pcm(/.*)? gen_context(system_u:object_r:alsa_etc_rw_t,s0) /var/lib/alsa(/.*)? gen_context(system_u:object_r:alsa_var_lib_t,s0) + +/var/lock/asound\.state\.lock -- gen_context(system_u:object_r:alsa_var_lock_t,s0) diff --git a/policy/modules/contrib/alsa.te b/policy/modules/contrib/alsa.te index 5b04663..4b818a0 100644 --- a/policy/modules/contrib/alsa.te +++ b/policy/modules/contrib/alsa.te @@ -24,6 +24,9 @@ files_tmpfs_file(alsa_tmpfs_t) type alsa_var_lib_t; files_type(alsa_var_lib_t) +type alsa_var_lock_t; +files_lock_file(alsa_var_lock_t) + type alsa_home_t; userdom_user_home_content(alsa_home_t) @@ -57,6 +60,9 @@ fs_tmpfs_filetrans(alsa_t, alsa_tmpfs_t, file) manage_dirs_pattern(alsa_t, alsa_var_lib_t, alsa_var_lib_t) manage_files_pattern(alsa_t, alsa_var_lib_t, alsa_var_lib_t) +allow alsa_t alsa_var_lock_t:file manage_file_perms; +files_lock_filetrans(alsa_t, alsa_var_lock_t, file); + kernel_read_system_state(alsa_t) corecmd_exec_bin(alsa_t)
