- Make alsa work

2007-10-12 11:00:35 +00:00 · 2007-10-12 11:00:35 +00:00 · ce77000b95
parent c27b2bd6ae
commit ce77000b95
1 changed files with 45 additions and 28 deletions
--- a/policy-20070703.patch
+++ b/policy-20070703.patch
@ -2231,25 +2231,34 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.te serefpolicy-3.0.8/policy/modules/apps/java.te
 --- nsaserefpolicy/policy/modules/apps/java.te	2007-07-25 10:37:37.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/apps/java.te	2007-10-11 09:15:19.000000000 -0400
-@@ -23,11 +23,16 @@
+++ serefpolicy-3.0.8/policy/modules/apps/java.te	2007-10-11 15:13:23.000000000 -0400
+@@ -23,11 +23,23 @@
 #
 
 # execheap is needed for itanium/BEA jrocket
 -allow java_t self:process { execstack execmem execheap };
 +allow java_t self:process { getsched sigkill execheap execmem execstack };
 
- init_dbus_chat_script(java_t)
-+hal_dbus_chat(java_t)
+-init_dbus_chat_script(java_t)
+optional_policy(`
+	init_dbus_chat_script(java_t)
+	optional_policy(`
+		hal_dbus_chat(java_t)
+	')
+
+	optional_policy(`
+		unconfined_dbus_chat(java_t)
+	')
+')
 
 optional_policy(`
 	unconfined_domain_noaudit(java_t)
- 	unconfined_dbus_chat(java_t)
- ')
+-	unconfined_dbus_chat(java_t)
+')
 +
 +optional_policy(`
-+	xserver_xdm_rw_shm(java_t)
-+')
+		xserver_xdm_rw_shm(java_t)
+ ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.if serefpolicy-3.0.8/policy/modules/apps/mono.if
 --- nsaserefpolicy/policy/modules/apps/mono.if	2007-05-29 14:10:48.000000000 -0400
 +++ serefpolicy-3.0.8/policy/modules/apps/mono.if	2007-10-04 13:08:55.000000000 -0400
@ -6099,7 +6108,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
 ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-3.0.8/policy/modules/services/dbus.if
 --- nsaserefpolicy/policy/modules/services/dbus.if	2007-07-03 07:06:27.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/dbus.if	2007-10-10 15:18:23.000000000 -0400
+++ serefpolicy-3.0.8/policy/modules/services/dbus.if	2007-10-12 06:48:45.000000000 -0400
@@ -50,6 +50,12 @@
 ## </param>
 #
@ -6257,7 +6266,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
 +#
 +interface(`dbus_system_domain',`
 +	gen_require(`
-+		type system_dbus_t;
+		type system_dbusd_t;
 +		role system_r;
 +	')
 +
@ -6266,7 +6275,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
 +
 +	role system_r types $1;
 +
-+	domtrans_pattern(initrc_t,$2,$1)
+	domtrans_pattern(system_dbusd_t,$2,$1)
 +
 +')
 +
@ -15126,7 +15135,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
 /tmp/gconfd-USER -d	gen_context(system_u:object_r:ROLE_tmp_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.0.8/policy/modules/system/userdomain.if
 --- nsaserefpolicy/policy/modules/system/userdomain.if	2007-08-27 09:18:17.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/userdomain.if	2007-10-10 16:01:13.000000000 -0400
+++ serefpolicy-3.0.8/policy/modules/system/userdomain.if	2007-10-11 16:34:44.000000000 -0400
@@ -29,8 +29,9 @@
 	')
 
@ -16029,19 +16038,21 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
 
 	kernel_read_software_raid_state($1_t)
 	kernel_getattr_core_if($1_t)
-@@ -1642,9 +1733,11 @@
+@@ -1642,9 +1733,13 @@
 template(`userdom_user_home_content',`
 	gen_require(`
 		attribute $1_file_type;
 +		attribute user_home_type;
+		attribute home_type;
 	')
 
 	typeattribute $2 $1_file_type;
 +	typeattribute $2 user_home_type;
+	typeattribute $2 home_type;
 	files_type($2)
 ')
 
-@@ -1894,10 +1987,46 @@
+@@ -1894,10 +1989,46 @@
 template(`userdom_manage_user_home_content_dirs',`
 	gen_require(`
 		type $1_home_dir_t, $1_home_t;
@ -16089,7 +16100,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
 ')
 
 ########################################
-@@ -3078,7 +3207,7 @@
+@@ -3078,7 +3209,7 @@
 #
 template(`userdom_tmp_filetrans_user_tmp',`
 	gen_require(`
@ -16098,10 +16109,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
 	')
 
 	files_tmp_filetrans($2,$1_tmp_t,$3)
-@@ -4615,6 +4744,24 @@
- 	files_list_home($1)
- 	allow $1 home_dir_type:dir search_dir_perms;
- ')
+@@ -4609,11 +4740,29 @@
+ #
+ interface(`userdom_search_all_users_home_dirs',`
+ 	gen_require(`
+		attribute user_home_dir_type;
+	')
+
+	files_list_home($1)
+	allow $1 user_home_dir_type:dir search_dir_perms;
+')
 +########################################
 +## <summary>
 +##	Read all users home directories symlinks.
@ -16114,16 +16131,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
 +#
 +interface(`userdom_read_all_users_home_dirs_symlinks',`
 +	gen_require(`
-+		attribute home_dir_type;
-+	')
-+
-+	files_list_home($1)
+ 		attribute home_dir_type;
+ 	')
+ 
+ 	files_list_home($1)
+-	allow $1 home_dir_type:dir search_dir_perms;
 +	allow $1 home_dir_type:lnk_file read_lnk_file_perms;
-+')
+ ')
 
 ########################################
- ## <summary>
-@@ -4633,6 +4780,14 @@
+@@ -4633,6 +4782,14 @@
 
 	files_list_home($1)
 	allow $1 home_dir_type:dir list_dir_perms;
@ -16138,7 +16155,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
 ')
 
 ########################################
-@@ -5323,7 +5478,7 @@
+@@ -5323,7 +5480,7 @@
 		attribute user_tmpfile;
 	')
 
@ -16147,7 +16164,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
 ')
 
 ########################################
-@@ -5559,3 +5714,380 @@
+@@ -5559,3 +5716,380 @@
 interface(`userdom_unconfined',`
 	refpolicywarn(`$0($*) has been deprecated.')
 ')