[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/ - gentoo-commits

From:	Sven Vermeulen <sven.vermeulen@××××××.be>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/
Date:	Thu, 01 Nov 2012 21:42:12
Message-Id:	`1351802285.4f0d7b11dabef8643cf60cf68376d4085549d079.SwifT@gentoo`

1

commit:     4f0d7b11dabef8643cf60cf68376d4085549d079

2

Author:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>

3

AuthorDate: Thu Nov  1 20:38:05 2012 +0000

4

Commit:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>

5

CommitDate: Thu Nov  1 20:38:05 2012 +0000

6

URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=4f0d7b11

7

8

Reshuffle Gentoo-specific alsa-changes

9

10

---

11

 policy/modules/contrib/alsa.if |   60 ++++++++++++++++++++--------------------

12

 policy/modules/contrib/alsa.te |   26 +++++++++--------

13

 2 files changed, 44 insertions(+), 42 deletions(-)

14

15

diff --git a/policy/modules/contrib/alsa.if b/policy/modules/contrib/alsa.if

16

index f6ca3d4..f46c4a2 100644

17

--- a/policy/modules/contrib/alsa.if

18

+++ b/policy/modules/contrib/alsa.if

19

@@ -2,36 +2,6 @@

20

21

 ########################################

22

 ## <summary>

23

-##	Mark the selected domain as an alsa-capable domain

24

-## </summary>

25

-## <param name="domain">

26

-##	<summary>

27

-##	Domain that links with alsa

28

-##	</summary>

29

-## </param>

30

-## <param name="tmpfstype">

31

-##	<summary>

32

-##	Tmpfs type used for shared memory of the given domain

33

-##	</summary>

34

-## </param>

35

-#

36

-interface(`alsa_domain',`

37

-	gen_require(`

38

-		attribute alsadomain;

39

-		attribute alsatmpfsfile;

40

-	')

41

-

42

-	typeattribute $1 alsadomain;

43

-	typeattribute $2 alsatmpfsfile;

44

-

45

-	# Perhaps we can introduce a tunable for the next?

46

-	allow $1 alsadomain:sem create_sem_perms;

47

-	allow $1 alsadomain:shm rw_shm_perms;

48

-	allow $1 alsatmpfsfile:file rw_file_perms;

49

-')

50

-

51

-########################################

52

-## <summary>

53

 ##	Role access for alsa.

54

 ## </summary>

55

 ## <param name="role">

56

@@ -286,3 +256,33 @@ interface(`alsa_read_lib',`

57

 	files_search_var_lib($1)

58

 	read_files_pattern($1, alsa_var_lib_t, alsa_var_lib_t)

59

')

60

+

61

+########################################

62

+## <summary>

63

+##	Mark the selected domain as an alsa-capable domain

64

+## </summary>

65

+## <param name="domain">

66

+##	<summary>

67

+##	Domain that links with alsa

68

+##	</summary>

69

+## </param>

70

+## <param name="tmpfstype">

71

+##	<summary>

72

+##	Tmpfs type used for shared memory of the given domain

73

+##	</summary>

74

+## </param>

75

+#

76

+interface(`alsa_domain',`

77

+	gen_require(`

78

+		attribute alsadomain;

79

+		attribute alsatmpfsfile;

80

+	')

81

+

82

+	typeattribute $1 alsadomain;

83

+	typeattribute $2 alsatmpfsfile;

84

+

85

+	# Perhaps we can introduce a tunable for the next?

86

+	allow $1 alsadomain:sem create_sem_perms;

87

+	allow $1 alsadomain:shm rw_shm_perms;

88

+	allow $1 alsatmpfsfile:file rw_file_perms;

89

+')

90

91

diff --git a/policy/modules/contrib/alsa.te b/policy/modules/contrib/alsa.te

92

index 69912f0..59146a2 100644

93

--- a/policy/modules/contrib/alsa.te

94

+++ b/policy/modules/contrib/alsa.te

95

@@ -5,13 +5,9 @@ policy_module(alsa, 1.11.4)

96

 # Declarations

97

#

98

99

-attribute alsadomain;

100

-

101

-attribute alsatmpfsfile;

102

-

103

 attribute_role alsa_roles;

104

105

-type alsa_t, alsadomain;

106

+type alsa_t;

107

 type alsa_exec_t;

108

 init_system_domain(alsa_t, alsa_exec_t)

109

 role alsa_roles types alsa_t;

110

@@ -82,14 +78,20 @@ userdom_manage_unpriv_user_semaphores(alsa_t)

111

 userdom_manage_unpriv_user_shared_mem(alsa_t)

112

 userdom_search_user_home_dirs(alsa_t)

113

114

+ifdef(`distro_gentoo',`

115

+	attribute alsadomain;

116

+	attribute alsatmpfsfile;

117

+

118

+	typeattribute alsa_t alsadomain;

119

+

120

+	################################

121

+	#

122

+	# alsadomain policy

123

+	#

124

+	allow alsadomain self:sem create_sem_perms;

125

+')

126

+

127

 optional_policy(`

128

 	hal_use_fds(alsa_t)

129

 	hal_write_log(alsa_t)

130

')

131

-

132

-################################

133

-#

134

-# alsadomain policy

135

-#

136

-# Used by domains that link with alsa libaries

137

-allow alsadomain self:sem create_sem_perms;

1	commit: 4f0d7b11dabef8643cf60cf68376d4085549d079
2	Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
3	AuthorDate: Thu Nov 1 20:38:05 2012 +0000
4	Commit: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
5	CommitDate: Thu Nov 1 20:38:05 2012 +0000
6	URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=4f0d7b11
7
8	Reshuffle Gentoo-specific alsa-changes
9
10	---
11	policy/modules/contrib/alsa.if \| 60 ++++++++++++++++++++--------------------
12	policy/modules/contrib/alsa.te \| 26 +++++++++--------
13	2 files changed, 44 insertions(+), 42 deletions(-)
14
15	diff --git a/policy/modules/contrib/alsa.if b/policy/modules/contrib/alsa.if
16	index f6ca3d4..f46c4a2 100644
17	--- a/policy/modules/contrib/alsa.if
18	+++ b/policy/modules/contrib/alsa.if
19	@@ -2,36 +2,6 @@
20
21	########################################
22	## <summary>
23	-## Mark the selected domain as an alsa-capable domain
24	-## </summary>
25	-## <param name="domain">
26	-## <summary>
27	-## Domain that links with alsa
28	-## </summary>
29	-## </param>
30	-## <param name="tmpfstype">
31	-## <summary>
32	-## Tmpfs type used for shared memory of the given domain
33	-## </summary>
34	-## </param>
35	-#
36	-interface(`alsa_domain',`
37	- gen_require(`
38	- attribute alsadomain;
39	- attribute alsatmpfsfile;
40	- ')
41	-
42	- typeattribute $1 alsadomain;
43	- typeattribute $2 alsatmpfsfile;
44	-
45	- # Perhaps we can introduce a tunable for the next?
46	- allow $1 alsadomain:sem create_sem_perms;
47	- allow $1 alsadomain:shm rw_shm_perms;
48	- allow $1 alsatmpfsfile:file rw_file_perms;
49	-')
50	-
51	-########################################
52	-## <summary>
53	## Role access for alsa.
54	## </summary>
55	## <param name="role">
56	@@ -286,3 +256,33 @@ interface(`alsa_read_lib',`
57	files_search_var_lib($1)
58	read_files_pattern($1, alsa_var_lib_t, alsa_var_lib_t)
59	')
60	+
61	+########################################
62	+## <summary>
63	+## Mark the selected domain as an alsa-capable domain
64	+## </summary>
65	+## <param name="domain">
66	+## <summary>
67	+## Domain that links with alsa
68	+## </summary>
69	+## </param>
70	+## <param name="tmpfstype">
71	+## <summary>
72	+## Tmpfs type used for shared memory of the given domain
73	+## </summary>
74	+## </param>
75	+#
76	+interface(`alsa_domain',`
77	+ gen_require(`
78	+ attribute alsadomain;
79	+ attribute alsatmpfsfile;
80	+ ')
81	+
82	+ typeattribute $1 alsadomain;
83	+ typeattribute $2 alsatmpfsfile;
84	+
85	+ # Perhaps we can introduce a tunable for the next?
86	+ allow $1 alsadomain:sem create_sem_perms;
87	+ allow $1 alsadomain:shm rw_shm_perms;
88	+ allow $1 alsatmpfsfile:file rw_file_perms;
89	+')
90
91	diff --git a/policy/modules/contrib/alsa.te b/policy/modules/contrib/alsa.te
92	index 69912f0..59146a2 100644
93	--- a/policy/modules/contrib/alsa.te
94	+++ b/policy/modules/contrib/alsa.te
95	@@ -5,13 +5,9 @@ policy_module(alsa, 1.11.4)
96	# Declarations
97	#
98
99	-attribute alsadomain;
100	-
101	-attribute alsatmpfsfile;
102	-
103	attribute_role alsa_roles;
104
105	-type alsa_t, alsadomain;
106	+type alsa_t;
107	type alsa_exec_t;
108	init_system_domain(alsa_t, alsa_exec_t)
109	role alsa_roles types alsa_t;
110	@@ -82,14 +78,20 @@ userdom_manage_unpriv_user_semaphores(alsa_t)
111	userdom_manage_unpriv_user_shared_mem(alsa_t)
112	userdom_search_user_home_dirs(alsa_t)
113
114	+ifdef(`distro_gentoo',`
115	+ attribute alsadomain;
116	+ attribute alsatmpfsfile;
117	+
118	+ typeattribute alsa_t alsadomain;
119	+
120	+ ################################
121	+ #
122	+ # alsadomain policy
123	+ #
124	+ allow alsadomain self:sem create_sem_perms;
125	+')
126	+
127	optional_policy(`
128	hal_use_fds(alsa_t)
129	hal_write_log(alsa_t)
130	')
131	-
132	-################################
133	-#
134	-# alsadomain policy
135	-#
136	-# Used by domains that link with alsa libaries
137	-allow alsadomain self:sem create_sem_perms;

Gentoo Archives: gentoo-commits