1 |
commit: 621ad99c174a0b00b178fdb06bdec20a653cdefb |
2 |
Author: Jason Zaman <jason <AT> perfinion <DOT> com> |
3 |
AuthorDate: Sun Aug 31 20:00:17 2014 +0000 |
4 |
Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com> |
5 |
CommitDate: Mon Sep 1 20:39:27 2014 +0000 |
6 |
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=621ad99c |
7 |
|
8 |
add xdg_config support to pulseaudio |
9 |
|
10 |
--- |
11 |
policy/modules/contrib/pulseaudio.fc | 5 +++++ |
12 |
policy/modules/contrib/pulseaudio.te | 20 ++++++++++++++++++++ |
13 |
2 files changed, 25 insertions(+) |
14 |
|
15 |
diff --git a/policy/modules/contrib/pulseaudio.fc b/policy/modules/contrib/pulseaudio.fc |
16 |
index 6864479..9cc63f6 100644 |
17 |
--- a/policy/modules/contrib/pulseaudio.fc |
18 |
+++ b/policy/modules/contrib/pulseaudio.fc |
19 |
@@ -7,3 +7,8 @@ HOME_DIR/\.pulse-cookie -- gen_context(system_u:object_r:pulseaudio_home_t,s0) |
20 |
/var/lib/pulse(/.*)? gen_context(system_u:object_r:pulseaudio_var_lib_t,s0) |
21 |
|
22 |
/var/run/pulse(/.*)? gen_context(system_u:object_r:pulseaudio_var_run_t,s0) |
23 |
+ |
24 |
+ |
25 |
+ifdef(`distro_gentoo',` |
26 |
+HOME_DIR/\.config/pulse(/.*)? gen_context(system_u:object_r:pulseaudio_xdg_config_t,s0) |
27 |
+') |
28 |
|
29 |
diff --git a/policy/modules/contrib/pulseaudio.te b/policy/modules/contrib/pulseaudio.te |
30 |
index 4665af2..dfb06a9 100644 |
31 |
--- a/policy/modules/contrib/pulseaudio.te |
32 |
+++ b/policy/modules/contrib/pulseaudio.te |
33 |
@@ -257,3 +257,23 @@ optional_policy(` |
34 |
optional_policy(` |
35 |
unconfined_signull(pulseaudio_client) |
36 |
') |
37 |
+ |
38 |
+ifdef(`distro_gentoo',` |
39 |
+ type pulseaudio_xdg_config_t; |
40 |
+ xdg_config_home_content(pulseaudio_xdg_config_t) |
41 |
+ |
42 |
+ # create ~/.config/pulse/ |
43 |
+ manage_files_pattern(pulseaudio_t, pulseaudio_xdg_config_t, pulseaudio_xdg_config_t) |
44 |
+ manage_lnk_files_pattern(pulseaudio_t, pulseaudio_xdg_config_t, pulseaudio_xdg_config_t) |
45 |
+ manage_dirs_pattern(pulseaudio_t, pulseaudio_xdg_config_t, pulseaudio_xdg_config_t) |
46 |
+ xdg_config_home_filetrans(pulseaudio_t, pulseaudio_xdg_config_t, dir, "pulse") |
47 |
+ |
48 |
+ # pulseaudio cannot manage the files from its clients |
49 |
+ allow pulseaudio_t pulseaudio_tmpfsfile:file manage_file_perms; |
50 |
+ |
51 |
+ # pulseaudio client perms on ~/.config/pulse/ |
52 |
+ manage_files_pattern(pulseaudio_client, pulseaudio_xdg_config_t, pulseaudio_xdg_config_t) |
53 |
+ manage_lnk_files_pattern(pulseaudio_client, pulseaudio_xdg_config_t, pulseaudio_xdg_config_t) |
54 |
+ manage_dirs_pattern(pulseaudio_client, pulseaudio_xdg_config_t, pulseaudio_xdg_config_t) |
55 |
+ xdg_config_home_filetrans(pulseaudio_client, pulseaudio_xdg_config_t, dir, "pulse") |
56 |
+') |