commit: 75ce5057c2fb4afcafb110d6aadd2d80c1aec174
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Sun Mar 30 11:02:04 2014 +0000
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Sun Mar 30 11:02:04 2014 +0000
URL:
http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=75ce5057
Move alsa_domain calls into USE triggered definition
---
policy/modules/contrib/chromium.te | 10 ++++++----
policy/modules/contrib/googletalk.te | 10 ++++++----
policy/modules/contrib/java.te | 11 ++++++-----
policy/modules/contrib/mozilla.te | 26 +++++++++++++-------------
policy/modules/contrib/mplayer.te | 8 +++++---
policy/modules/contrib/skype.te | 10 ++++++----
6 files changed, 42 insertions(+), 33 deletions(-)
diff --git a/policy/modules/contrib/chromium.te
b/policy/modules/contrib/chromium.te
index 3585ae8..9e06778 100644
--- a/policy/modules/contrib/chromium.te
+++ b/policy/modules/contrib/chromium.te
@@ -184,10 +184,6 @@ tunable_policy(`chromium_read_system_info',`
')
optional_policy(`
- alsa_domain(chromium_t, chromium_tmpfs_t)
-')
-
-optional_policy(`
cups_read_config(chromium_t)
cups_stream_connect(chromium_t)
')
@@ -219,6 +215,12 @@ optional_policy(`
mozilla_read_user_home(chromium_t)
')
+ifdef(`use_alsa',`
+ optional_policy(`
+ alsa_domain(chromium_t, chromium_tmpfs_t)
+ ')
+')
+
########################################
#
# chromium_renderer local policy
diff --git a/policy/modules/contrib/googletalk.te
b/policy/modules/contrib/googletalk.te
index 5a71f60..0736a7a 100644
--- a/policy/modules/contrib/googletalk.te
+++ b/policy/modules/contrib/googletalk.te
@@ -80,10 +80,6 @@ userdom_use_user_terminals(googletalk_plugin_t)
googletalk_generic_xdg_config_home_filetrans_plugin_xdg_config(googletalk_plugin_t,
dir, "google-googletalkplugin")
optional_policy(`
- alsa_domain(googletalk_plugin_t, googletalk_plugin_tmpfs_t)
-')
-
-optional_policy(`
dbus_system_bus_client(googletalk_plugin_t)
')
@@ -99,3 +95,9 @@ optional_policy(`
optional_policy(`
xserver_user_x_domain_template(googletalk_plugin, googletalk_plugin_t,
googletalk_plugin_tmpfs_t)
')
+
+ifdef(`use_alsa',`
+ optional_policy(`
+ alsa_domain(googletalk_plugin_t, googletalk_plugin_tmpfs_t)
+ ')
+')
diff --git a/policy/modules/contrib/java.te b/policy/modules/contrib/java.te
index d131c8b..8503180 100644
--- a/policy/modules/contrib/java.te
+++ b/policy/modules/contrib/java.te
@@ -142,11 +142,6 @@ ifdef(`distro_gentoo',`
userdom_use_user_terminals(java_t)
optional_policy(`
- alsa_domain(java_t, java_tmpfs_t)
- alsa_read_rw_config(java_t)
- ')
-
- optional_policy(`
# Plugin communication
chromium_rw_tmp_pipes(java_t)
')
@@ -155,6 +150,12 @@ ifdef(`distro_gentoo',`
# Plugin communication
mozilla_rw_tmp_pipes(java_t)
')
+
+ ifdef(`use_alsa',`
+ optional_policy(`
+ alsa_domain(java_t, java_tmpfs_t)
+ ')
+ ')
')
optional_policy(`
diff --git a/policy/modules/contrib/mozilla.te
b/policy/modules/contrib/mozilla.te
index b8d8c30..87728ae 100644
--- a/policy/modules/contrib/mozilla.te
+++ b/policy/modules/contrib/mozilla.te
@@ -690,13 +690,6 @@ gen_tunable(mozilla_plugin_connect_all_unreserved, false)
')
')
- ifdef(`use_alsa',`
- optional_policy(`
- # HTML5 support is built-in (no plugin) - bug 464398
- alsa_domain(mozilla_t, mozilla_tmpfs_t)
- ')
- ')
-
optional_policy(`
nscd_socket_use(mozilla_t)
')
@@ -705,6 +698,13 @@ gen_tunable(mozilla_plugin_connect_all_unreserved, false)
pulseaudio_client_domain(mozilla_t, mozilla_tmpfs_t)
')
+ ifdef(`use_alsa',`
+ optional_policy(`
+ # HTML5 support is built-in (no plugin) - bug 464398
+ alsa_domain(mozilla_t, mozilla_tmpfs_t)
+ ')
+ ')
+
###########################
#
# Mozilla plugin policy
@@ -740,12 +740,6 @@ gen_tunable(mozilla_plugin_connect_all_unreserved, false)
corenet_dontaudit_tcp_connect_all_unreserved_ports(mozilla_plugin_t)
')
- ifdef(`use_alsa',`
- optional_policy(`
- alsa_domain(mozilla_plugin_t, mozilla_plugin_tmpfs_t)
- ')
- ')
-
optional_policy(`
flash_manage_home(mozilla_plugin_t)
')
@@ -761,4 +755,10 @@ gen_tunable(mozilla_plugin_connect_all_unreserved, false)
optional_policy(`
pulseaudio_client_domain(mozilla_plugin_t,
mozilla_plugin_tmpfs_t)
')
+
+ ifdef(`use_alsa',`
+ optional_policy(`
+ alsa_domain(mozilla_plugin_t, mozilla_plugin_tmpfs_t)
+ ')
+ ')
')
diff --git a/policy/modules/contrib/mplayer.te
b/policy/modules/contrib/mplayer.te
index 5378660..5ebba47 100644
--- a/policy/modules/contrib/mplayer.te
+++ b/policy/modules/contrib/mplayer.te
@@ -288,10 +288,12 @@ ifdef(`distro_gentoo',`
')
optional_policy(`
- alsa_domain(mplayer_t, mplayer_tmpfs_t)
+ pulseaudio_client_domain(mplayer_t, mplayer_tmpfs_t)
')
- optional_policy(`
- pulseaudio_client_domain(mplayer_t, mplayer_tmpfs_t)
+ ifdef(`use_alsa',`
+ optional_policy(`
+ alsa_domain(mplayer_t, mplayer_tmpfs_t)
+ ')
')
')
diff --git a/policy/modules/contrib/skype.te b/policy/modules/contrib/skype.te
index 6b4ca34..4c71730 100644
--- a/policy/modules/contrib/skype.te
+++ b/policy/modules/contrib/skype.te
@@ -112,10 +112,6 @@ tunable_policy(`skype_manage_user_content',`
')
optional_policy(`
- alsa_domain(skype_t, skype_tmpfs_t)
-')
-
-optional_policy(`
dbus_system_bus_client(skype_t)
dbus_all_session_bus_client(skype_t)
')
@@ -123,3 +119,9 @@ optional_policy(`
optional_policy(`
xdg_manage_config_home(skype_t)
')
+
+ifdef(`use_alsa',`
+ optional_policy(`
+ alsa_domain(skype_t, skype_tmpfs_t)
+ ')
+')
