| 1 |
commit: 394b856733a6953b28aa53ee305aea7d5de03ccb |
| 2 |
Author: Jason Zaman <jason <AT> perfinion <DOT> com> |
| 3 |
AuthorDate: Tue Mar 24 12:27:05 2015 +0000 |
| 4 |
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Sun Mar 29 09:54:32 2015 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=394b8567 |
| 7 |
|
| 8 |
skype: policy rules for v4.3 |
| 9 |
|
| 10 |
It now uses pulseaudio and also needs dir permissions in /tmp |
| 11 |
|
| 12 |
policy/modules/contrib/skype.te | 16 +++++++++++++--- |
| 13 |
1 file changed, 13 insertions(+), 3 deletions(-) |
| 14 |
|
| 15 |
diff --git a/policy/modules/contrib/skype.te b/policy/modules/contrib/skype.te |
| 16 |
index 4c71730..be0684f 100644 |
| 17 |
--- a/policy/modules/contrib/skype.te |
| 18 |
+++ b/policy/modules/contrib/skype.te |
| 19 |
@@ -55,9 +55,10 @@ manage_fifo_files_pattern(skype_t, skype_tmpfs_t, skype_tmpfs_t) |
| 20 |
manage_sock_files_pattern(skype_t, skype_tmpfs_t, skype_tmpfs_t) |
| 21 |
fs_tmpfs_filetrans(skype_t, skype_tmpfs_t, { file lnk_file sock_file fifo_file }) |
| 22 |
|
| 23 |
+manage_dirs_pattern(skype_t, skype_tmp_t, skype_tmp_t) |
| 24 |
manage_files_pattern(skype_t, skype_tmp_t, skype_tmp_t) |
| 25 |
manage_sock_files_pattern(skype_t, skype_tmp_t, skype_tmp_t) |
| 26 |
-files_tmp_filetrans(skype_t, skype_tmp_t, { file sock_file }) |
| 27 |
+files_tmp_filetrans(skype_t, skype_tmp_t, { dir file sock_file }) |
| 28 |
|
| 29 |
kernel_dontaudit_search_sysctl(skype_t) |
| 30 |
kernel_dontaudit_read_kernel_sysctls(skype_t) |
| 31 |
@@ -73,15 +74,16 @@ corenet_all_recvfrom_netlabel(skype_t) |
| 32 |
corenet_all_recvfrom_unlabeled(skype_t) |
| 33 |
corenet_sendrecv_http_client_packets(skype_t) |
| 34 |
corenet_tcp_bind_generic_node(skype_t) |
| 35 |
-corenet_tcp_bind_generic_port(skype_t) |
| 36 |
+corenet_tcp_bind_generic_port(skype_t) |
| 37 |
corenet_tcp_connect_all_unreserved_ports(skype_t) |
| 38 |
corenet_tcp_connect_generic_port(skype_t) |
| 39 |
corenet_tcp_connect_http_port(skype_t) |
| 40 |
corenet_tcp_sendrecv_http_port(skype_t) |
| 41 |
corenet_udp_bind_generic_node(skype_t) |
| 42 |
-corenet_udp_bind_generic_port(skype_t) |
| 43 |
+corenet_udp_bind_generic_port(skype_t) |
| 44 |
|
| 45 |
dev_dontaudit_search_sysfs(skype_t) |
| 46 |
+dev_dontaudit_read_sysfs(skype_t) |
| 47 |
dev_read_sound(skype_t) |
| 48 |
dev_read_video_dev(skype_t) |
| 49 |
dev_write_sound(skype_t) |
| 50 |
@@ -112,6 +114,10 @@ tunable_policy(`skype_manage_user_content',` |
| 51 |
') |
| 52 |
|
| 53 |
optional_policy(` |
| 54 |
+ pulseaudio_client_domain(skype_t, skype_tmpfs_t) |
| 55 |
+') |
| 56 |
+ |
| 57 |
+optional_policy(` |
| 58 |
dbus_system_bus_client(skype_t) |
| 59 |
dbus_all_session_bus_client(skype_t) |
| 60 |
') |
| 61 |
@@ -120,6 +126,10 @@ optional_policy(` |
| 62 |
xdg_manage_config_home(skype_t) |
| 63 |
') |
| 64 |
|
| 65 |
+optional_policy(` |
| 66 |
+ mozilla_dontaudit_manage_user_home_files(skype_t) |
| 67 |
+') |
| 68 |
+ |
| 69 |
ifdef(`use_alsa',` |
| 70 |
optional_policy(` |
| 71 |
alsa_domain(skype_t, skype_tmpfs_t) |
Archives