1 |
commit: 4f0d7b11dabef8643cf60cf68376d4085549d079 |
2 |
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be> |
3 |
AuthorDate: Thu Nov 1 20:38:05 2012 +0000 |
4 |
Commit: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be> |
5 |
CommitDate: Thu Nov 1 20:38:05 2012 +0000 |
6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=4f0d7b11 |
7 |
|
8 |
Reshuffle Gentoo-specific alsa-changes |
9 |
|
10 |
--- |
11 |
policy/modules/contrib/alsa.if | 60 ++++++++++++++++++++-------------------- |
12 |
policy/modules/contrib/alsa.te | 26 +++++++++-------- |
13 |
2 files changed, 44 insertions(+), 42 deletions(-) |
14 |
|
15 |
diff --git a/policy/modules/contrib/alsa.if b/policy/modules/contrib/alsa.if |
16 |
index f6ca3d4..f46c4a2 100644 |
17 |
--- a/policy/modules/contrib/alsa.if |
18 |
+++ b/policy/modules/contrib/alsa.if |
19 |
@@ -2,36 +2,6 @@ |
20 |
|
21 |
######################################## |
22 |
## <summary> |
23 |
-## Mark the selected domain as an alsa-capable domain |
24 |
-## </summary> |
25 |
-## <param name="domain"> |
26 |
-## <summary> |
27 |
-## Domain that links with alsa |
28 |
-## </summary> |
29 |
-## </param> |
30 |
-## <param name="tmpfstype"> |
31 |
-## <summary> |
32 |
-## Tmpfs type used for shared memory of the given domain |
33 |
-## </summary> |
34 |
-## </param> |
35 |
-# |
36 |
-interface(`alsa_domain',` |
37 |
- gen_require(` |
38 |
- attribute alsadomain; |
39 |
- attribute alsatmpfsfile; |
40 |
- ') |
41 |
- |
42 |
- typeattribute $1 alsadomain; |
43 |
- typeattribute $2 alsatmpfsfile; |
44 |
- |
45 |
- # Perhaps we can introduce a tunable for the next? |
46 |
- allow $1 alsadomain:sem create_sem_perms; |
47 |
- allow $1 alsadomain:shm rw_shm_perms; |
48 |
- allow $1 alsatmpfsfile:file rw_file_perms; |
49 |
-') |
50 |
- |
51 |
-######################################## |
52 |
-## <summary> |
53 |
## Role access for alsa. |
54 |
## </summary> |
55 |
## <param name="role"> |
56 |
@@ -286,3 +256,33 @@ interface(`alsa_read_lib',` |
57 |
files_search_var_lib($1) |
58 |
read_files_pattern($1, alsa_var_lib_t, alsa_var_lib_t) |
59 |
') |
60 |
+ |
61 |
+######################################## |
62 |
+## <summary> |
63 |
+## Mark the selected domain as an alsa-capable domain |
64 |
+## </summary> |
65 |
+## <param name="domain"> |
66 |
+## <summary> |
67 |
+## Domain that links with alsa |
68 |
+## </summary> |
69 |
+## </param> |
70 |
+## <param name="tmpfstype"> |
71 |
+## <summary> |
72 |
+## Tmpfs type used for shared memory of the given domain |
73 |
+## </summary> |
74 |
+## </param> |
75 |
+# |
76 |
+interface(`alsa_domain',` |
77 |
+ gen_require(` |
78 |
+ attribute alsadomain; |
79 |
+ attribute alsatmpfsfile; |
80 |
+ ') |
81 |
+ |
82 |
+ typeattribute $1 alsadomain; |
83 |
+ typeattribute $2 alsatmpfsfile; |
84 |
+ |
85 |
+ # Perhaps we can introduce a tunable for the next? |
86 |
+ allow $1 alsadomain:sem create_sem_perms; |
87 |
+ allow $1 alsadomain:shm rw_shm_perms; |
88 |
+ allow $1 alsatmpfsfile:file rw_file_perms; |
89 |
+') |
90 |
|
91 |
diff --git a/policy/modules/contrib/alsa.te b/policy/modules/contrib/alsa.te |
92 |
index 69912f0..59146a2 100644 |
93 |
--- a/policy/modules/contrib/alsa.te |
94 |
+++ b/policy/modules/contrib/alsa.te |
95 |
@@ -5,13 +5,9 @@ policy_module(alsa, 1.11.4) |
96 |
# Declarations |
97 |
# |
98 |
|
99 |
-attribute alsadomain; |
100 |
- |
101 |
-attribute alsatmpfsfile; |
102 |
- |
103 |
attribute_role alsa_roles; |
104 |
|
105 |
-type alsa_t, alsadomain; |
106 |
+type alsa_t; |
107 |
type alsa_exec_t; |
108 |
init_system_domain(alsa_t, alsa_exec_t) |
109 |
role alsa_roles types alsa_t; |
110 |
@@ -82,14 +78,20 @@ userdom_manage_unpriv_user_semaphores(alsa_t) |
111 |
userdom_manage_unpriv_user_shared_mem(alsa_t) |
112 |
userdom_search_user_home_dirs(alsa_t) |
113 |
|
114 |
+ifdef(`distro_gentoo',` |
115 |
+ attribute alsadomain; |
116 |
+ attribute alsatmpfsfile; |
117 |
+ |
118 |
+ typeattribute alsa_t alsadomain; |
119 |
+ |
120 |
+ ################################ |
121 |
+ # |
122 |
+ # alsadomain policy |
123 |
+ # |
124 |
+ allow alsadomain self:sem create_sem_perms; |
125 |
+') |
126 |
+ |
127 |
optional_policy(` |
128 |
hal_use_fds(alsa_t) |
129 |
hal_write_log(alsa_t) |
130 |
') |
131 |
- |
132 |
-################################ |
133 |
-# |
134 |
-# alsadomain policy |
135 |
-# |
136 |
-# Used by domains that link with alsa libaries |
137 |
-allow alsadomain self:sem create_sem_perms; |