selinux-policy/strict/domains/program/unused/sound-server.te
2005-04-29 17:45:15 +00:00

44 lines
1.2 KiB
Plaintext

#DESC sound server - for network audio server programs, nasd, yiff, etc
#
# Author: Russell Coker <russell@coker.com.au>
#
#################################
#
# Rules for the soundd_t domain.
#
# soundd_exec_t is the type of the soundd executable.
#
daemon_domain(soundd)
type soundd_port_t, port_type;
allow soundd_t soundd_port_t:tcp_socket name_bind;
type etc_soundd_t, file_type, sysadmfile;
type soundd_state_t, file_type, sysadmfile;
tmp_domain(soundd)
rw_dir_create_file(soundd_t, soundd_state_t)
allow soundd_t sound_device_t:chr_file rw_file_perms;
allow soundd_t device_t:lnk_file read;
# Use the network.
can_network_server(soundd_t)
allow soundd_t self:unix_stream_socket create_stream_socket_perms;
allow soundd_t self:unix_dgram_socket create_socket_perms;
# allow any domain to connect to the sound server
can_tcp_connect(userdomain, soundd_t)
allow soundd_t self:process setpgid;
# read config files
allow soundd_t { etc_t etc_runtime_t }:{ file lnk_file } r_file_perms;
allow soundd_t etc_t:dir r_dir_perms;
r_dir_file(soundd_t, etc_soundd_t)
# for yiff - probably need some rules for the client support too
allow soundd_t self:shm create_shm_perms;
tmpfs_domain(soundd)