[gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/contrib/

Thu, 26 May 2016 12:29:24 -0700 

commit:     96e599e9c8f391c5145f1bd7ffb354bbd745050b
Author:     Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Fri May 13 15:12:50 2016 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Thu May 26 18:44:57 2016 +0000
URL:        
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=96e599e9

pulseaudio: fcontext and filetrans for /run/user/ID/pulse/

 policy/modules/contrib/pulseaudio.te | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/policy/modules/contrib/pulseaudio.te 
b/policy/modules/contrib/pulseaudio.te
index 9b8d84e..5e39ebd 100644
--- a/policy/modules/contrib/pulseaudio.te
+++ b/policy/modules/contrib/pulseaudio.te
@@ -56,6 +56,7 @@ manage_dirs_pattern(pulseaudio_t, pulseaudio_tmp_t, 
pulseaudio_tmp_t)
 manage_files_pattern(pulseaudio_t, pulseaudio_tmp_t, pulseaudio_tmp_t)
 manage_sock_files_pattern(pulseaudio_t, pulseaudio_tmp_t, pulseaudio_tmp_t)
 files_tmp_filetrans(pulseaudio_t, pulseaudio_tmp_t, dir)
+userdom_user_runtime_dir_filetrans(pulseaudio_t, pulseaudio_tmp_t, dir)
 userdom_user_tmp_filetrans(pulseaudio_t, pulseaudio_tmp_t, file, 
"autospawn.lock")
 userdom_user_tmp_filetrans(pulseaudio_t, pulseaudio_tmp_t, file, "pid")
 userdom_user_tmp_filetrans(pulseaudio_t, pulseaudio_tmp_t, sock_file, 
"dbus-socket")
@@ -203,8 +204,9 @@ optional_policy(`
 #
 
 allow pulseaudio_client self:unix_dgram_socket sendto;
+allow pulseaudio_client self:process signull;
 
-allow pulseaudio_client pulseaudio_client:process signull;
+allow pulseaudio_client pulseaudio_tmp_t:dir list_dir_perms;
 
 read_files_pattern(pulseaudio_client, { pulseaudio_tmpfsfile 
pulseaudio_tmpfs_t }, { pulseaudio_tmpfsfile pulseaudio_tmpfs_t })
 delete_files_pattern(pulseaudio_client, pulseaudio_tmpfsfile, 
pulseaudio_tmpfsfile)
@@ -228,6 +230,7 @@ 
pulseaudio_home_filetrans_pulseaudio_home(pulseaudio_client, file, ".pulse-cooki
 pulseaudio_signull(pulseaudio_client)
 
 userdom_read_user_tmpfs_files(pulseaudio_client)
+userdom_user_runtime_dir_filetrans(pulseaudio_client, pulseaudio_tmp_t, dir, 
"pulse")
 # userdom_delete_user_tmpfs_files(pulseaudio_client)
 
 tunable_policy(`use_nfs_home_dirs',`

Reply via email to