- Make alsa work

This commit is contained in:
Daniel J Walsh 2007-10-12 11:00:35 +00:00
parent c27b2bd6ae
commit ce77000b95

View File

@ -2231,25 +2231,34 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if
+') +')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.te serefpolicy-3.0.8/policy/modules/apps/java.te diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.te serefpolicy-3.0.8/policy/modules/apps/java.te
--- nsaserefpolicy/policy/modules/apps/java.te 2007-07-25 10:37:37.000000000 -0400 --- nsaserefpolicy/policy/modules/apps/java.te 2007-07-25 10:37:37.000000000 -0400
+++ serefpolicy-3.0.8/policy/modules/apps/java.te 2007-10-11 09:15:19.000000000 -0400 +++ serefpolicy-3.0.8/policy/modules/apps/java.te 2007-10-11 15:13:23.000000000 -0400
@@ -23,11 +23,16 @@ @@ -23,11 +23,23 @@
# #
# execheap is needed for itanium/BEA jrocket # execheap is needed for itanium/BEA jrocket
-allow java_t self:process { execstack execmem execheap }; -allow java_t self:process { execstack execmem execheap };
+allow java_t self:process { getsched sigkill execheap execmem execstack }; +allow java_t self:process { getsched sigkill execheap execmem execstack };
init_dbus_chat_script(java_t) -init_dbus_chat_script(java_t)
+optional_policy(`
+ init_dbus_chat_script(java_t)
+ optional_policy(`
+ hal_dbus_chat(java_t) + hal_dbus_chat(java_t)
+ ')
+
+ optional_policy(`
+ unconfined_dbus_chat(java_t)
+ ')
+')
optional_policy(` optional_policy(`
unconfined_domain_noaudit(java_t) unconfined_domain_noaudit(java_t)
unconfined_dbus_chat(java_t) - unconfined_dbus_chat(java_t)
') +')
+ +
+optional_policy(` +optional_policy(`
+ xserver_xdm_rw_shm(java_t) + xserver_xdm_rw_shm(java_t)
+') ')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.if serefpolicy-3.0.8/policy/modules/apps/mono.if diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.if serefpolicy-3.0.8/policy/modules/apps/mono.if
--- nsaserefpolicy/policy/modules/apps/mono.if 2007-05-29 14:10:48.000000000 -0400 --- nsaserefpolicy/policy/modules/apps/mono.if 2007-05-29 14:10:48.000000000 -0400
+++ serefpolicy-3.0.8/policy/modules/apps/mono.if 2007-10-04 13:08:55.000000000 -0400 +++ serefpolicy-3.0.8/policy/modules/apps/mono.if 2007-10-04 13:08:55.000000000 -0400
@ -6099,7 +6108,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
') ')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-3.0.8/policy/modules/services/dbus.if diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-3.0.8/policy/modules/services/dbus.if
--- nsaserefpolicy/policy/modules/services/dbus.if 2007-07-03 07:06:27.000000000 -0400 --- nsaserefpolicy/policy/modules/services/dbus.if 2007-07-03 07:06:27.000000000 -0400
+++ serefpolicy-3.0.8/policy/modules/services/dbus.if 2007-10-10 15:18:23.000000000 -0400 +++ serefpolicy-3.0.8/policy/modules/services/dbus.if 2007-10-12 06:48:45.000000000 -0400
@@ -50,6 +50,12 @@ @@ -50,6 +50,12 @@
## </param> ## </param>
# #
@ -6257,7 +6266,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
+# +#
+interface(`dbus_system_domain',` +interface(`dbus_system_domain',`
+ gen_require(` + gen_require(`
+ type system_dbus_t; + type system_dbusd_t;
+ role system_r; + role system_r;
+ ') + ')
+ +
@ -6266,7 +6275,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
+ +
+ role system_r types $1; + role system_r types $1;
+ +
+ domtrans_pattern(initrc_t,$2,$1) + domtrans_pattern(system_dbusd_t,$2,$1)
+ +
+') +')
+ +
@ -15126,7 +15135,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
/tmp/gconfd-USER -d gen_context(system_u:object_r:ROLE_tmp_t,s0) /tmp/gconfd-USER -d gen_context(system_u:object_r:ROLE_tmp_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.0.8/policy/modules/system/userdomain.if diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.0.8/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2007-08-27 09:18:17.000000000 -0400 --- nsaserefpolicy/policy/modules/system/userdomain.if 2007-08-27 09:18:17.000000000 -0400
+++ serefpolicy-3.0.8/policy/modules/system/userdomain.if 2007-10-10 16:01:13.000000000 -0400 +++ serefpolicy-3.0.8/policy/modules/system/userdomain.if 2007-10-11 16:34:44.000000000 -0400
@@ -29,8 +29,9 @@ @@ -29,8 +29,9 @@
') ')
@ -16029,19 +16038,21 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
kernel_read_software_raid_state($1_t) kernel_read_software_raid_state($1_t)
kernel_getattr_core_if($1_t) kernel_getattr_core_if($1_t)
@@ -1642,9 +1733,11 @@ @@ -1642,9 +1733,13 @@
template(`userdom_user_home_content',` template(`userdom_user_home_content',`
gen_require(` gen_require(`
attribute $1_file_type; attribute $1_file_type;
+ attribute user_home_type; + attribute user_home_type;
+ attribute home_type;
') ')
typeattribute $2 $1_file_type; typeattribute $2 $1_file_type;
+ typeattribute $2 user_home_type; + typeattribute $2 user_home_type;
+ typeattribute $2 home_type;
files_type($2) files_type($2)
') ')
@@ -1894,10 +1987,46 @@ @@ -1894,10 +1989,46 @@
template(`userdom_manage_user_home_content_dirs',` template(`userdom_manage_user_home_content_dirs',`
gen_require(` gen_require(`
type $1_home_dir_t, $1_home_t; type $1_home_dir_t, $1_home_t;
@ -16089,7 +16100,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
') ')
######################################## ########################################
@@ -3078,7 +3207,7 @@ @@ -3078,7 +3209,7 @@
# #
template(`userdom_tmp_filetrans_user_tmp',` template(`userdom_tmp_filetrans_user_tmp',`
gen_require(` gen_require(`
@ -16098,10 +16109,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
') ')
files_tmp_filetrans($2,$1_tmp_t,$3) files_tmp_filetrans($2,$1_tmp_t,$3)
@@ -4615,6 +4744,24 @@ @@ -4609,11 +4740,29 @@
files_list_home($1) #
allow $1 home_dir_type:dir search_dir_perms; interface(`userdom_search_all_users_home_dirs',`
') gen_require(`
+ attribute user_home_dir_type;
+ ')
+
+ files_list_home($1)
+ allow $1 user_home_dir_type:dir search_dir_perms;
+')
+######################################## +########################################
+## <summary> +## <summary>
+## Read all users home directories symlinks. +## Read all users home directories symlinks.
@ -16114,16 +16131,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
+# +#
+interface(`userdom_read_all_users_home_dirs_symlinks',` +interface(`userdom_read_all_users_home_dirs_symlinks',`
+ gen_require(` + gen_require(`
+ attribute home_dir_type; attribute home_dir_type;
+ ') ')
+
+ files_list_home($1) files_list_home($1)
- allow $1 home_dir_type:dir search_dir_perms;
+ allow $1 home_dir_type:lnk_file read_lnk_file_perms; + allow $1 home_dir_type:lnk_file read_lnk_file_perms;
+') ')
######################################## ########################################
## <summary> @@ -4633,6 +4782,14 @@
@@ -4633,6 +4780,14 @@
files_list_home($1) files_list_home($1)
allow $1 home_dir_type:dir list_dir_perms; allow $1 home_dir_type:dir list_dir_perms;
@ -16138,7 +16155,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
') ')
######################################## ########################################
@@ -5323,7 +5478,7 @@ @@ -5323,7 +5480,7 @@
attribute user_tmpfile; attribute user_tmpfile;
') ')
@ -16147,7 +16164,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
') ')
######################################## ########################################
@@ -5559,3 +5714,380 @@ @@ -5559,3 +5716,380 @@
interface(`userdom_unconfined',` interface(`userdom_unconfined',`
refpolicywarn(`$0($*) has been deprecated.') refpolicywarn(`$0($*) has been deprecated.')
') ')