- Make alsa work
This commit is contained in:
parent
c27b2bd6ae
commit
ce77000b95
@ -2231,25 +2231,34 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if
|
|||||||
+')
|
+')
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.te serefpolicy-3.0.8/policy/modules/apps/java.te
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.te serefpolicy-3.0.8/policy/modules/apps/java.te
|
||||||
--- nsaserefpolicy/policy/modules/apps/java.te 2007-07-25 10:37:37.000000000 -0400
|
--- nsaserefpolicy/policy/modules/apps/java.te 2007-07-25 10:37:37.000000000 -0400
|
||||||
+++ serefpolicy-3.0.8/policy/modules/apps/java.te 2007-10-11 09:15:19.000000000 -0400
|
+++ serefpolicy-3.0.8/policy/modules/apps/java.te 2007-10-11 15:13:23.000000000 -0400
|
||||||
@@ -23,11 +23,16 @@
|
@@ -23,11 +23,23 @@
|
||||||
#
|
#
|
||||||
|
|
||||||
# execheap is needed for itanium/BEA jrocket
|
# execheap is needed for itanium/BEA jrocket
|
||||||
-allow java_t self:process { execstack execmem execheap };
|
-allow java_t self:process { execstack execmem execheap };
|
||||||
+allow java_t self:process { getsched sigkill execheap execmem execstack };
|
+allow java_t self:process { getsched sigkill execheap execmem execstack };
|
||||||
|
|
||||||
init_dbus_chat_script(java_t)
|
-init_dbus_chat_script(java_t)
|
||||||
|
+optional_policy(`
|
||||||
|
+ init_dbus_chat_script(java_t)
|
||||||
|
+ optional_policy(`
|
||||||
+ hal_dbus_chat(java_t)
|
+ hal_dbus_chat(java_t)
|
||||||
|
+ ')
|
||||||
|
+
|
||||||
|
+ optional_policy(`
|
||||||
|
+ unconfined_dbus_chat(java_t)
|
||||||
|
+ ')
|
||||||
|
+')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
unconfined_domain_noaudit(java_t)
|
unconfined_domain_noaudit(java_t)
|
||||||
unconfined_dbus_chat(java_t)
|
- unconfined_dbus_chat(java_t)
|
||||||
')
|
+')
|
||||||
+
|
+
|
||||||
+optional_policy(`
|
+optional_policy(`
|
||||||
+ xserver_xdm_rw_shm(java_t)
|
+ xserver_xdm_rw_shm(java_t)
|
||||||
+')
|
')
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.if serefpolicy-3.0.8/policy/modules/apps/mono.if
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.if serefpolicy-3.0.8/policy/modules/apps/mono.if
|
||||||
--- nsaserefpolicy/policy/modules/apps/mono.if 2007-05-29 14:10:48.000000000 -0400
|
--- nsaserefpolicy/policy/modules/apps/mono.if 2007-05-29 14:10:48.000000000 -0400
|
||||||
+++ serefpolicy-3.0.8/policy/modules/apps/mono.if 2007-10-04 13:08:55.000000000 -0400
|
+++ serefpolicy-3.0.8/policy/modules/apps/mono.if 2007-10-04 13:08:55.000000000 -0400
|
||||||
@ -6099,7 +6108,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
|
|||||||
')
|
')
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-3.0.8/policy/modules/services/dbus.if
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-3.0.8/policy/modules/services/dbus.if
|
||||||
--- nsaserefpolicy/policy/modules/services/dbus.if 2007-07-03 07:06:27.000000000 -0400
|
--- nsaserefpolicy/policy/modules/services/dbus.if 2007-07-03 07:06:27.000000000 -0400
|
||||||
+++ serefpolicy-3.0.8/policy/modules/services/dbus.if 2007-10-10 15:18:23.000000000 -0400
|
+++ serefpolicy-3.0.8/policy/modules/services/dbus.if 2007-10-12 06:48:45.000000000 -0400
|
||||||
@@ -50,6 +50,12 @@
|
@@ -50,6 +50,12 @@
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
@ -6257,7 +6266,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
|
|||||||
+#
|
+#
|
||||||
+interface(`dbus_system_domain',`
|
+interface(`dbus_system_domain',`
|
||||||
+ gen_require(`
|
+ gen_require(`
|
||||||
+ type system_dbus_t;
|
+ type system_dbusd_t;
|
||||||
+ role system_r;
|
+ role system_r;
|
||||||
+ ')
|
+ ')
|
||||||
+
|
+
|
||||||
@ -6266,7 +6275,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
|
|||||||
+
|
+
|
||||||
+ role system_r types $1;
|
+ role system_r types $1;
|
||||||
+
|
+
|
||||||
+ domtrans_pattern(initrc_t,$2,$1)
|
+ domtrans_pattern(system_dbusd_t,$2,$1)
|
||||||
+
|
+
|
||||||
+')
|
+')
|
||||||
+
|
+
|
||||||
@ -15126,7 +15135,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
/tmp/gconfd-USER -d gen_context(system_u:object_r:ROLE_tmp_t,s0)
|
/tmp/gconfd-USER -d gen_context(system_u:object_r:ROLE_tmp_t,s0)
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.0.8/policy/modules/system/userdomain.if
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.0.8/policy/modules/system/userdomain.if
|
||||||
--- nsaserefpolicy/policy/modules/system/userdomain.if 2007-08-27 09:18:17.000000000 -0400
|
--- nsaserefpolicy/policy/modules/system/userdomain.if 2007-08-27 09:18:17.000000000 -0400
|
||||||
+++ serefpolicy-3.0.8/policy/modules/system/userdomain.if 2007-10-10 16:01:13.000000000 -0400
|
+++ serefpolicy-3.0.8/policy/modules/system/userdomain.if 2007-10-11 16:34:44.000000000 -0400
|
||||||
@@ -29,8 +29,9 @@
|
@@ -29,8 +29,9 @@
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -16029,19 +16038,21 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
|
|
||||||
kernel_read_software_raid_state($1_t)
|
kernel_read_software_raid_state($1_t)
|
||||||
kernel_getattr_core_if($1_t)
|
kernel_getattr_core_if($1_t)
|
||||||
@@ -1642,9 +1733,11 @@
|
@@ -1642,9 +1733,13 @@
|
||||||
template(`userdom_user_home_content',`
|
template(`userdom_user_home_content',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
attribute $1_file_type;
|
attribute $1_file_type;
|
||||||
+ attribute user_home_type;
|
+ attribute user_home_type;
|
||||||
|
+ attribute home_type;
|
||||||
')
|
')
|
||||||
|
|
||||||
typeattribute $2 $1_file_type;
|
typeattribute $2 $1_file_type;
|
||||||
+ typeattribute $2 user_home_type;
|
+ typeattribute $2 user_home_type;
|
||||||
|
+ typeattribute $2 home_type;
|
||||||
files_type($2)
|
files_type($2)
|
||||||
')
|
')
|
||||||
|
|
||||||
@@ -1894,10 +1987,46 @@
|
@@ -1894,10 +1989,46 @@
|
||||||
template(`userdom_manage_user_home_content_dirs',`
|
template(`userdom_manage_user_home_content_dirs',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type $1_home_dir_t, $1_home_t;
|
type $1_home_dir_t, $1_home_t;
|
||||||
@ -16089,7 +16100,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -3078,7 +3207,7 @@
|
@@ -3078,7 +3209,7 @@
|
||||||
#
|
#
|
||||||
template(`userdom_tmp_filetrans_user_tmp',`
|
template(`userdom_tmp_filetrans_user_tmp',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
@ -16098,10 +16109,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
|
|
||||||
files_tmp_filetrans($2,$1_tmp_t,$3)
|
files_tmp_filetrans($2,$1_tmp_t,$3)
|
||||||
@@ -4615,6 +4744,24 @@
|
@@ -4609,11 +4740,29 @@
|
||||||
files_list_home($1)
|
#
|
||||||
allow $1 home_dir_type:dir search_dir_perms;
|
interface(`userdom_search_all_users_home_dirs',`
|
||||||
')
|
gen_require(`
|
||||||
|
+ attribute user_home_dir_type;
|
||||||
|
+ ')
|
||||||
|
+
|
||||||
|
+ files_list_home($1)
|
||||||
|
+ allow $1 user_home_dir_type:dir search_dir_perms;
|
||||||
|
+')
|
||||||
+########################################
|
+########################################
|
||||||
+## <summary>
|
+## <summary>
|
||||||
+## Read all users home directories symlinks.
|
+## Read all users home directories symlinks.
|
||||||
@ -16114,16 +16131,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
+#
|
+#
|
||||||
+interface(`userdom_read_all_users_home_dirs_symlinks',`
|
+interface(`userdom_read_all_users_home_dirs_symlinks',`
|
||||||
+ gen_require(`
|
+ gen_require(`
|
||||||
+ attribute home_dir_type;
|
attribute home_dir_type;
|
||||||
+ ')
|
')
|
||||||
+
|
|
||||||
+ files_list_home($1)
|
files_list_home($1)
|
||||||
|
- allow $1 home_dir_type:dir search_dir_perms;
|
||||||
+ allow $1 home_dir_type:lnk_file read_lnk_file_perms;
|
+ allow $1 home_dir_type:lnk_file read_lnk_file_perms;
|
||||||
+')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
@@ -4633,6 +4782,14 @@
|
||||||
@@ -4633,6 +4780,14 @@
|
|
||||||
|
|
||||||
files_list_home($1)
|
files_list_home($1)
|
||||||
allow $1 home_dir_type:dir list_dir_perms;
|
allow $1 home_dir_type:dir list_dir_perms;
|
||||||
@ -16138,7 +16155,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -5323,7 +5478,7 @@
|
@@ -5323,7 +5480,7 @@
|
||||||
attribute user_tmpfile;
|
attribute user_tmpfile;
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -16147,7 +16164,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -5559,3 +5714,380 @@
|
@@ -5559,3 +5716,380 @@
|
||||||
interface(`userdom_unconfined',`
|
interface(`userdom_unconfined',`
|
||||||
refpolicywarn(`$0($*) has been deprecated.')
|
refpolicywarn(`$0($*) has been deprecated.')
|
||||||
')
|
')
|
||||||
|
Loading…
Reference in New Issue
Block a user