44 lines
1.2 KiB
Plaintext
44 lines
1.2 KiB
Plaintext
#DESC sound server - for network audio server programs, nasd, yiff, etc
|
|
#
|
|
# Author: Russell Coker <russell@coker.com.au>
|
|
#
|
|
|
|
#################################
|
|
#
|
|
# Rules for the soundd_t domain.
|
|
#
|
|
# soundd_exec_t is the type of the soundd executable.
|
|
#
|
|
daemon_domain(soundd)
|
|
|
|
type soundd_port_t, port_type;
|
|
allow soundd_t soundd_port_t:tcp_socket name_bind;
|
|
|
|
type etc_soundd_t, file_type, sysadmfile;
|
|
type soundd_state_t, file_type, sysadmfile;
|
|
|
|
tmp_domain(soundd)
|
|
rw_dir_create_file(soundd_t, soundd_state_t)
|
|
|
|
allow soundd_t sound_device_t:chr_file rw_file_perms;
|
|
allow soundd_t device_t:lnk_file read;
|
|
|
|
# Use the network.
|
|
can_network_server(soundd_t)
|
|
allow soundd_t self:unix_stream_socket create_stream_socket_perms;
|
|
allow soundd_t self:unix_dgram_socket create_socket_perms;
|
|
# allow any domain to connect to the sound server
|
|
can_tcp_connect(userdomain, soundd_t)
|
|
|
|
allow soundd_t self:process setpgid;
|
|
|
|
# read config files
|
|
allow soundd_t { etc_t etc_runtime_t }:{ file lnk_file } r_file_perms;
|
|
|
|
allow soundd_t etc_t:dir r_dir_perms;
|
|
r_dir_file(soundd_t, etc_soundd_t)
|
|
|
|
# for yiff - probably need some rules for the client support too
|
|
allow soundd_t self:shm create_shm_perms;
|
|
tmpfs_domain(soundd)
|