selinux-policy/strict/domains/program/sound.te

#DESC Sound - Sound utilities
#
# Authors:  Mark Westerman <mark.westerman@.com>
# X-Debian-Packages: esound
#
#################################
#
# Rules for the sound_t domain.
#
daemon_base_domain(sound)
type sound_file_t, file_type, sysadmfile;
allow initrc_t sound_file_t:file { getattr read };
allow sound_t sound_file_t:file rw_file_perms;

# Use capabilities.
# Commented out by default.
#allow sound_t self:capability { sys_admin sys_rawio sys_time dac_override };
dontaudit sound_t self:capability { sys_admin sys_rawio sys_time dac_read_search dac_override };

# Read and write the sound device.
allow sound_t sound_device_t:chr_file rw_file_perms;

# Read and write ttys.
allow sound_t sysadm_tty_device_t:chr_file rw_file_perms;
read_locale(sound_t)
allow initrc_t sound_file_t:file { setattr write };