Implement alsa_home_t for asoundrc. Clean up Alsa module.

Signed-off-by: Dominick Grift <domg472@gmail.com>
This commit is contained in:
Dominick Grift 2010-09-03 16:26:40 +02:00 committed by Chris PeBenito
parent 5675107ff9
commit e411968dff
3 changed files with 47 additions and 12 deletions

View File

@ -1,3 +1,5 @@
HOME_DIR/\.asoundrc -- gen_context(system_u:object_r:alsa_home_t,s0)
/bin/alsaunmute -- gen_context(system_u:object_r:alsa_exec_t,s0) /bin/alsaunmute -- gen_context(system_u:object_r:alsa_exec_t,s0)
/etc/alsa/asound\.state -- gen_context(system_u:object_r:alsa_etc_rw_t,s0) /etc/alsa/asound\.state -- gen_context(system_u:object_r:alsa_etc_rw_t,s0)
@ -10,9 +12,7 @@
/usr/bin/ainit -- gen_context(system_u:object_r:alsa_exec_t,s0) /usr/bin/ainit -- gen_context(system_u:object_r:alsa_exec_t,s0)
ifdef(`distro_debian', `
/usr/share/alsa/alsa\.conf gen_context(system_u:object_r:alsa_etc_rw_t,s0) /usr/share/alsa/alsa\.conf gen_context(system_u:object_r:alsa_etc_rw_t,s0)
/usr/share/alsa/pcm(/.*)? gen_context(system_u:object_r:alsa_etc_rw_t,s0) /usr/share/alsa/pcm(/.*)? gen_context(system_u:object_r:alsa_etc_rw_t,s0)
')
/var/lib/alsa(/.*)? gen_context(system_u:object_r:alsa_var_lib_t,s0) /var/lib/alsa(/.*)? gen_context(system_u:object_r:alsa_var_lib_t,s0)

View File

@ -1,8 +1,8 @@
## <summary>Ainit ALSA configuration tool</summary> ## <summary>Ainit ALSA configuration tool.</summary>
######################################## ########################################
## <summary> ## <summary>
## Domain transition to alsa ## Execute a domain transition to run Alsa.
## </summary> ## </summary>
## <param name="domain"> ## <param name="domain">
## <summary> ## <summary>
@ -15,12 +15,13 @@ interface(`alsa_domtrans',`
type alsa_t, alsa_exec_t; type alsa_t, alsa_exec_t;
') ')
corecmd_search_bin($1)
domtrans_pattern($1, alsa_exec_t, alsa_t) domtrans_pattern($1, alsa_exec_t, alsa_t)
') ')
######################################## ########################################
## <summary> ## <summary>
## Allow read and write access to alsa semaphores. ## Read and write Alsa semaphores.
## </summary> ## </summary>
## <param name="domain"> ## <param name="domain">
## <summary> ## <summary>
@ -33,12 +34,12 @@ interface(`alsa_rw_semaphores',`
type alsa_t; type alsa_t;
') ')
allow $1 alsa_t:sem { unix_read unix_write associate read write }; allow $1 alsa_t:sem rw_sem_perms;
') ')
######################################## ########################################
## <summary> ## <summary>
## Allow read and write access to alsa shared memory. ## Read and write Alsa shared memory.
## </summary> ## </summary>
## <param name="domain"> ## <param name="domain">
## <summary> ## <summary>
@ -51,12 +52,12 @@ interface(`alsa_rw_shared_mem',`
type alsa_t; type alsa_t;
') ')
allow $1 alsa_t:shm { unix_read unix_write create_shm_perms }; allow $1 alsa_t:shm rw_shm_perms;
') ')
######################################## ########################################
## <summary> ## <summary>
## Read alsa writable config files. ## Read writable Alsa config files.
## </summary> ## </summary>
## <param name="domain"> ## <param name="domain">
## <summary> ## <summary>
@ -69,14 +70,19 @@ interface(`alsa_read_rw_config',`
type alsa_etc_rw_t; type alsa_etc_rw_t;
') ')
files_search_etc($1)
allow $1 alsa_etc_rw_t:dir list_dir_perms; allow $1 alsa_etc_rw_t:dir list_dir_perms;
read_files_pattern($1, alsa_etc_rw_t, alsa_etc_rw_t) read_files_pattern($1, alsa_etc_rw_t, alsa_etc_rw_t)
read_lnk_files_pattern($1, alsa_etc_rw_t, alsa_etc_rw_t) read_lnk_files_pattern($1, alsa_etc_rw_t, alsa_etc_rw_t)
ifdef(`distro_debian',`
files_search_usr($1)
')
') ')
######################################## ########################################
## <summary> ## <summary>
## Manage alsa writable config files. ## Manage writable Alsa config files.
## </summary> ## </summary>
## <param name="domain"> ## <param name="domain">
## <summary> ## <summary>
@ -89,14 +95,19 @@ interface(`alsa_manage_rw_config',`
type alsa_etc_rw_t; type alsa_etc_rw_t;
') ')
files_search_etc($1)
allow $1 alsa_etc_rw_t:dir list_dir_perms; allow $1 alsa_etc_rw_t:dir list_dir_perms;
manage_files_pattern($1, alsa_etc_rw_t, alsa_etc_rw_t) manage_files_pattern($1, alsa_etc_rw_t, alsa_etc_rw_t)
read_lnk_files_pattern($1, alsa_etc_rw_t, alsa_etc_rw_t) read_lnk_files_pattern($1, alsa_etc_rw_t, alsa_etc_rw_t)
ifdef(`distro_debian',`
files_search_usr($1)
')
') ')
######################################## ########################################
## <summary> ## <summary>
## Read alsa lib files. ## Read Alsa lib files.
## </summary> ## </summary>
## <param name="domain"> ## <param name="domain">
## <summary> ## <summary>
@ -109,5 +120,25 @@ interface(`alsa_read_lib',`
type alsa_var_lib_t; type alsa_var_lib_t;
') ')
files_search_var_lib($1)
read_files_pattern($1, alsa_var_lib_t, alsa_var_lib_t) read_files_pattern($1, alsa_var_lib_t, alsa_var_lib_t)
') ')
########################################
## <summary>
## Read Alsa home files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`alsa_read_home_files',`
gen_require(`
type alsa_home_t;
')
userdom_search_user_home_dirs($1)
allow $1 alsa_home_t:file read_file_perms;
')

View File

@ -16,6 +16,9 @@ files_type(alsa_etc_rw_t)
type alsa_var_lib_t; type alsa_var_lib_t;
files_type(alsa_var_lib_t) files_type(alsa_var_lib_t)
type alsa_home_t;
userdom_user_home_content(alsa_home_t)
######################################## ########################################
# #
# Local policy # Local policy
@ -28,6 +31,8 @@ allow alsa_t self:shm create_shm_perms;
allow alsa_t self:unix_stream_socket create_stream_socket_perms; allow alsa_t self:unix_stream_socket create_stream_socket_perms;
allow alsa_t self:unix_dgram_socket create_socket_perms; allow alsa_t self:unix_dgram_socket create_socket_perms;
allow alsa_t alsa_home_t:file read_file_perms;
manage_files_pattern(alsa_t, alsa_etc_rw_t, alsa_etc_rw_t) manage_files_pattern(alsa_t, alsa_etc_rw_t, alsa_etc_rw_t)
manage_lnk_files_pattern(alsa_t, alsa_etc_rw_t, alsa_etc_rw_t) manage_lnk_files_pattern(alsa_t, alsa_etc_rw_t, alsa_etc_rw_t)
files_etc_filetrans(alsa_t, alsa_etc_rw_t, file) files_etc_filetrans(alsa_t, alsa_etc_rw_t, file)
@ -46,7 +51,6 @@ dev_read_sysfs(alsa_t)
corecmd_exec_bin(alsa_t) corecmd_exec_bin(alsa_t)
files_search_home(alsa_t)
files_read_etc_files(alsa_t) files_read_etc_files(alsa_t)
files_read_usr_files(alsa_t) files_read_usr_files(alsa_t)