68ac47d8c5
Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes.
111 lines
2.7 KiB
Plaintext
111 lines
2.7 KiB
Plaintext
policy_module(mpd, 1.0.0)
|
|
|
|
########################################
|
|
#
|
|
# Declarations
|
|
#
|
|
|
|
type mpd_t;
|
|
type mpd_exec_t;
|
|
init_daemon_domain(mpd_t, mpd_exec_t)
|
|
|
|
permissive mpd_t;
|
|
|
|
type mpd_initrc_exec_t;
|
|
init_script_file(mpd_initrc_exec_t)
|
|
|
|
type mpd_etc_t;
|
|
files_config_file(mpd_etc_t)
|
|
|
|
# type for music content
|
|
type mpd_data_t;
|
|
files_type(mpd_data_t)
|
|
|
|
type mpd_log_t;
|
|
logging_log_file(mpd_log_t)
|
|
|
|
type mpd_tmp_t;
|
|
files_tmp_file(mpd_tmp_t)
|
|
|
|
type mpd_tmpfs_t;
|
|
files_tmpfs_file(mpd_tmpfs_t)
|
|
|
|
type mpd_var_lib_t;
|
|
files_type(mpd_var_lib_t)
|
|
|
|
########################################
|
|
#
|
|
# mpd local policy
|
|
#
|
|
|
|
#cjp: dac_override bug in mpd relating to mpd.log file
|
|
allow mpd_t self:capability { dac_override kill setgid setuid };
|
|
allow mpd_t self:process { getsched setsched setrlimit signal signull };
|
|
allow mpd_t self:fifo_file rw_fifo_file_perms;
|
|
allow mpd_t self:unix_stream_socket { connectto create_stream_socket_perms };
|
|
allow mpd_t self:tcp_socket create_stream_socket_perms;
|
|
allow mpd_t self:netlink_kobject_uevent_socket create_socket_perms;
|
|
allow mpd_t self:unix_dgram_socket { create_socket_perms sendto };
|
|
|
|
read_files_pattern(mpd_t, mpd_etc_t, mpd_etc_t)
|
|
|
|
manage_dirs_pattern(mpd_t, mpd_data_t, mpd_data_t)
|
|
manage_files_pattern(mpd_t, mpd_data_t, mpd_data_t)
|
|
|
|
manage_dirs_pattern(mpd_t, mpd_tmp_t, mpd_tmp_t)
|
|
manage_files_pattern(mpd_t, mpd_tmp_t, mpd_tmp_t)
|
|
manage_sock_files_pattern(mpd_t, mpd_tmp_t, mpd_tmp_t)
|
|
files_tmp_filetrans(mpd_t, mpd_tmp_t, { dir file sock_file })
|
|
|
|
manage_files_pattern(mpd_t, mpd_tmpfs_t, mpd_tmpfs_t)
|
|
manage_dirs_pattern(mpd_t, mpd_tmpfs_t, mpd_tmpfs_t)
|
|
fs_tmpfs_filetrans(mpd_t, mpd_tmpfs_t, file )
|
|
|
|
manage_dirs_pattern(mpd_t, mpd_var_lib_t, mpd_var_lib_t)
|
|
manage_files_pattern(mpd_t, mpd_var_lib_t, mpd_var_lib_t)
|
|
manage_lnk_files_pattern(mpd_t, mpd_var_lib_t, mpd_var_lib_t)
|
|
files_var_lib_filetrans(mpd_t, mpd_var_lib_t, { dir file lnk_file })
|
|
|
|
kernel_read_system_state(mpd_t)
|
|
kernel_read_kernel_sysctls(mpd_t)
|
|
|
|
corecmd_exec_bin(mpd_t)
|
|
|
|
corenet_sendrecv_pulseaudio_client_packets(mpd_t)
|
|
corenet_tcp_connect_http_port(mpd_t)
|
|
corenet_tcp_connect_http_cache_port(mpd_t)
|
|
corenet_tcp_connect_pulseaudio_port(mpd_t)
|
|
corenet_tcp_bind_mpd_port(mpd_t)
|
|
corenet_tcp_bind_soundd_port(mpd_t)
|
|
|
|
dev_read_sysfs(mpd_t)
|
|
|
|
files_read_usr_files(mpd_t)
|
|
|
|
fs_getattr_tmpfs(mpd_t)
|
|
fs_list_inotifyfs(mpd_t)
|
|
fs_rw_anon_inodefs_files(mpd_t)
|
|
|
|
auth_use_nsswitch(mpd_t)
|
|
|
|
logging_send_syslog_msg(mpd_t)
|
|
|
|
miscfiles_read_localization(mpd_t)
|
|
|
|
userdom_read_home_audio_files(mpd_t)
|
|
userdom_read_user_tmpfs_files(mpd_t)
|
|
|
|
optional_policy(`
|
|
dbus_system_bus_client(mpd_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
pulseaudio_exec(mpd_t)
|
|
pulseaudio_stream_connect(mpd_t)
|
|
pulseaudio_signull(mpd_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
udev_read_db(mpd_t)
|
|
')
|