policy_module(alsa, 1.6.1) ######################################## # # Declarations # type alsa_t; type alsa_exec_t; init_system_domain(alsa_t, alsa_exec_t) role system_r types alsa_t; type alsa_etc_rw_t; files_type(alsa_etc_rw_t) type alsa_var_lib_t; files_type(alsa_var_lib_t) ######################################## # # Local policy # allow alsa_t self:capability { dac_read_search dac_override setgid setuid ipc_owner }; dontaudit alsa_t self:capability sys_admin; allow alsa_t self:sem create_sem_perms; allow alsa_t self:shm create_shm_perms; allow alsa_t self:unix_stream_socket create_stream_socket_perms; allow alsa_t self:unix_dgram_socket create_socket_perms; manage_files_pattern(alsa_t, alsa_etc_rw_t, alsa_etc_rw_t) manage_lnk_files_pattern(alsa_t, alsa_etc_rw_t, alsa_etc_rw_t) files_etc_filetrans(alsa_t, alsa_etc_rw_t, file) can_exec(alsa_t, alsa_exec_t) manage_dirs_pattern(alsa_t, alsa_var_lib_t, alsa_var_lib_t) manage_files_pattern(alsa_t, alsa_var_lib_t, alsa_var_lib_t) files_search_var_lib(alsa_t) kernel_read_system_state(alsa_t) dev_read_sound(alsa_t) dev_write_sound(alsa_t) corecmd_exec_bin(alsa_t) files_search_home(alsa_t) files_read_etc_files(alsa_t) files_read_usr_files(alsa_t) auth_use_nsswitch(alsa_t) init_use_fds(alsa_t) logging_send_syslog_msg(alsa_t) miscfiles_read_localization(alsa_t) userdom_manage_unpriv_user_semaphores(alsa_t) userdom_manage_unpriv_user_shared_mem(alsa_t) userdom_search_user_home_dirs(alsa_t) optional_policy(` hal_use_fds(alsa_t) hal_write_log(alsa_t) ')