Merge branches 'master', 'master' and 'master' of http://oss.tresys.com/git/refpolicy
Conflicts: policy/modules/admin/alsa.fc policy/modules/admin/alsa.if policy/modules/kernel/filesystem.fc
This commit is contained in:
commit
cdda8feee0
@ -12,9 +12,7 @@ HOME_DIR/\.asoundrc -- gen_context(system_u:object_r:alsa_home_t,s0)
|
|||||||
|
|
||||||
/usr/bin/ainit -- gen_context(system_u:object_r:alsa_exec_t,s0)
|
/usr/bin/ainit -- gen_context(system_u:object_r:alsa_exec_t,s0)
|
||||||
|
|
||||||
ifdef(`distro_debian', `
|
|
||||||
/usr/share/alsa/alsa\.conf gen_context(system_u:object_r:alsa_etc_rw_t,s0)
|
/usr/share/alsa/alsa\.conf gen_context(system_u:object_r:alsa_etc_rw_t,s0)
|
||||||
/usr/share/alsa/pcm(/.*)? gen_context(system_u:object_r:alsa_etc_rw_t,s0)
|
/usr/share/alsa/pcm(/.*)? gen_context(system_u:object_r:alsa_etc_rw_t,s0)
|
||||||
')
|
|
||||||
|
|
||||||
/var/lib/alsa(/.*)? gen_context(system_u:object_r:alsa_var_lib_t,s0)
|
/var/lib/alsa(/.*)? gen_context(system_u:object_r:alsa_var_lib_t,s0)
|
||||||
|
@ -1,8 +1,8 @@
|
|||||||
## <summary>Ainit ALSA configuration tool</summary>
|
## <summary>Ainit ALSA configuration tool.</summary>
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Domain transition to alsa
|
## Execute a domain transition to run Alsa.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
@ -15,13 +15,13 @@ interface(`alsa_domtrans',`
|
|||||||
type alsa_t, alsa_exec_t;
|
type alsa_t, alsa_exec_t;
|
||||||
')
|
')
|
||||||
|
|
||||||
domtrans_pattern($1, alsa_exec_t, alsa_t)
|
|
||||||
corecmd_search_bin($1)
|
corecmd_search_bin($1)
|
||||||
|
domtrans_pattern($1, alsa_exec_t, alsa_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Allow read and write access to alsa semaphores.
|
## Read and write Alsa semaphores.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
@ -39,7 +39,7 @@ interface(`alsa_rw_semaphores',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Allow read and write access to alsa shared memory.
|
## Read and write Alsa shared memory.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
@ -57,7 +57,7 @@ interface(`alsa_rw_shared_mem',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Read alsa writable config files.
|
## Read writable Alsa config files.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
@ -70,15 +70,20 @@ interface(`alsa_read_rw_config',`
|
|||||||
type alsa_etc_rw_t;
|
type alsa_etc_rw_t;
|
||||||
')
|
')
|
||||||
|
|
||||||
|
files_search_etc($1)
|
||||||
allow $1 alsa_etc_rw_t:dir list_dir_perms;
|
allow $1 alsa_etc_rw_t:dir list_dir_perms;
|
||||||
read_files_pattern($1, alsa_etc_rw_t, alsa_etc_rw_t)
|
read_files_pattern($1, alsa_etc_rw_t, alsa_etc_rw_t)
|
||||||
read_lnk_files_pattern($1, alsa_etc_rw_t, alsa_etc_rw_t)
|
read_lnk_files_pattern($1, alsa_etc_rw_t, alsa_etc_rw_t)
|
||||||
files_search_etc($1)
|
files_search_etc($1)
|
||||||
|
|
||||||
|
ifdef(`distro_debian',`
|
||||||
|
files_search_usr($1)
|
||||||
|
')
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Manage alsa writable config files.
|
## Manage writable Alsa config files.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
@ -91,15 +96,40 @@ interface(`alsa_manage_rw_config',`
|
|||||||
type alsa_etc_rw_t;
|
type alsa_etc_rw_t;
|
||||||
')
|
')
|
||||||
|
|
||||||
|
files_search_etc($1)
|
||||||
allow $1 alsa_etc_rw_t:dir list_dir_perms;
|
allow $1 alsa_etc_rw_t:dir list_dir_perms;
|
||||||
manage_files_pattern($1, alsa_etc_rw_t, alsa_etc_rw_t)
|
manage_files_pattern($1, alsa_etc_rw_t, alsa_etc_rw_t)
|
||||||
read_lnk_files_pattern($1, alsa_etc_rw_t, alsa_etc_rw_t)
|
read_lnk_files_pattern($1, alsa_etc_rw_t, alsa_etc_rw_t)
|
||||||
files_search_etc($1)
|
files_search_etc($1)
|
||||||
|
|
||||||
|
ifdef(`distro_debian',`
|
||||||
|
files_search_usr($1)
|
||||||
|
')
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Read alsa lib files.
|
## Read Alsa home files.
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain allowed access.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`alsa_read_home_files',`
|
||||||
|
gen_require(`
|
||||||
|
type alsa_home_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
userdom_search_user_home_dirs($1)
|
||||||
|
allow $1 alsa_home_t:file read_file_perms;
|
||||||
|
>>>>>>> .merge_file_D1FKe3
|
||||||
|
')
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
## Read Alsa lib files.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
@ -112,6 +142,7 @@ interface(`alsa_read_lib',`
|
|||||||
type alsa_var_lib_t;
|
type alsa_var_lib_t;
|
||||||
')
|
')
|
||||||
|
|
||||||
|
files_search_var_lib($1)
|
||||||
read_files_pattern($1, alsa_var_lib_t, alsa_var_lib_t)
|
read_files_pattern($1, alsa_var_lib_t, alsa_var_lib_t)
|
||||||
files_search_var_lib($1)
|
files_search_var_lib($1)
|
||||||
')
|
')
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
policy_module(alsa, 1.9.1)
|
policy_module(alsa, 1.9.2)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -51,7 +51,6 @@ dev_read_sysfs(alsa_t)
|
|||||||
|
|
||||||
corecmd_exec_bin(alsa_t)
|
corecmd_exec_bin(alsa_t)
|
||||||
|
|
||||||
files_search_home(alsa_t)
|
|
||||||
files_read_etc_files(alsa_t)
|
files_read_etc_files(alsa_t)
|
||||||
files_read_usr_files(alsa_t)
|
files_read_usr_files(alsa_t)
|
||||||
|
|
||||||
|
@ -1,4 +1,5 @@
|
|||||||
/dev/shm -d gen_context(system_u:object_r:tmpfs_t,s0)
|
/dev/shm -d gen_context(system_u:object_r:tmpfs_t,s0)
|
||||||
|
/dev/shm/.* <<none>>
|
||||||
|
|
||||||
/cgroup(/.*)? gen_context(system_u:object_r:cgroup_t,s0)
|
/cgroup(/.*)? gen_context(system_u:object_r:cgroup_t,s0)
|
||||||
/sys/fs/cgroup(/.*)? <<none>>
|
/sys/fs/cgroup(/.*)? <<none>>
|
||||||
|
@ -646,6 +646,7 @@ interface(`fs_search_cgroup_dirs',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
search_dirs_pattern($1, cgroup_t, cgroup_t)
|
search_dirs_pattern($1, cgroup_t, cgroup_t)
|
||||||
|
dev_search_sysfs($1)
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@ -664,6 +665,7 @@ interface(`fs_list_cgroup_dirs', `
|
|||||||
')
|
')
|
||||||
|
|
||||||
list_dirs_pattern($1, cgroup_t, cgroup_t)
|
list_dirs_pattern($1, cgroup_t, cgroup_t)
|
||||||
|
dev_search_sysfs($1)
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@ -682,6 +684,7 @@ interface(`fs_delete_cgroup_dirs', `
|
|||||||
')
|
')
|
||||||
|
|
||||||
delete_dirs_pattern($1, cgroup_t, cgroup_t)
|
delete_dirs_pattern($1, cgroup_t, cgroup_t)
|
||||||
|
dev_search_sysfs($1)
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@ -701,6 +704,7 @@ interface(`fs_manage_cgroup_dirs',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
manage_dirs_pattern($1, cgroup_t, cgroup_t)
|
manage_dirs_pattern($1, cgroup_t, cgroup_t)
|
||||||
|
dev_search_sysfs($1)
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@ -720,6 +724,7 @@ interface(`fs_read_cgroup_files',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
read_files_pattern($1, cgroup_t, cgroup_t)
|
read_files_pattern($1, cgroup_t, cgroup_t)
|
||||||
|
dev_search_sysfs($1)
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@ -738,6 +743,7 @@ interface(`fs_write_cgroup_files', `
|
|||||||
')
|
')
|
||||||
|
|
||||||
write_files_pattern($1, cgroup_t, cgroup_t)
|
write_files_pattern($1, cgroup_t, cgroup_t)
|
||||||
|
dev_search_sysfs($1)
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@ -757,6 +763,7 @@ interface(`fs_rw_cgroup_files',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
rw_files_pattern($1, cgroup_t, cgroup_t)
|
rw_files_pattern($1, cgroup_t, cgroup_t)
|
||||||
|
dev_search_sysfs($1)
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@ -796,6 +803,7 @@ interface(`fs_manage_cgroup_files',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
manage_files_pattern($1, cgroup_t, cgroup_t)
|
manage_files_pattern($1, cgroup_t, cgroup_t)
|
||||||
|
dev_search_sysfs($1)
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
policy_module(filesystem, 1.13.2)
|
policy_module(filesystem, 1.13.3)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
|
Loading…
Reference in New Issue
Block a user