selinux-policy/strict/domains/program/alsa.te

25 lines
1004 B
Plaintext
Raw Normal View History

#DESC ainit - configuration tool for ALSA
#
# Author: Dan Walsh <dwalsh@redhat.com>
#
#
type alsa_t, domain, privlog, daemon;
type alsa_exec_t, file_type, sysadmfile, exec_type;
uses_shlib(alsa_t)
allow alsa_t { unpriv_userdomain self }:sem create_sem_perms;
allow alsa_t { unpriv_userdomain self }:shm create_shm_perms;
allow alsa_t self:unix_stream_socket create_stream_socket_perms;
allow alsa_t self:unix_dgram_socket create_socket_perms;
allow unpriv_userdomain alsa_t:sem { unix_read unix_write associate read write };
allow unpriv_userdomain alsa_t:shm { unix_read unix_write create_shm_perms };
type alsa_etc_rw_t, file_type, sysadmfile, usercanread;
rw_dir_create_file(alsa_t,alsa_etc_rw_t)
allow alsa_t self:capability { setgid setuid ipc_owner };
dontaudit alsa_t self:capability sys_admin;
allow alsa_t devpts_t:chr_file { read write };
allow alsa_t etc_t:file { getattr read };
domain_auto_trans(pam_console_t, alsa_exec_t, alsa_t)
role system_r types alsa_t;
read_locale(alsa_t)