[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/

Mon, 01 Sep 2014 13:44:05 -0700 

commit:     621ad99c174a0b00b178fdb06bdec20a653cdefb
Author:     Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Sun Aug 31 20:00:17 2014 +0000
Commit:     Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Mon Sep  1 20:39:27 2014 +0000
URL:        
http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=621ad99c

add xdg_config support to pulseaudio

---
 policy/modules/contrib/pulseaudio.fc |  5 +++++
 policy/modules/contrib/pulseaudio.te | 20 ++++++++++++++++++++
 2 files changed, 25 insertions(+)

diff --git a/policy/modules/contrib/pulseaudio.fc 
b/policy/modules/contrib/pulseaudio.fc
index 6864479..9cc63f6 100644
--- a/policy/modules/contrib/pulseaudio.fc
+++ b/policy/modules/contrib/pulseaudio.fc
@@ -7,3 +7,8 @@ HOME_DIR/\.pulse-cookie --      
gen_context(system_u:object_r:pulseaudio_home_t,s0)
 /var/lib/pulse(/.*)?   gen_context(system_u:object_r:pulseaudio_var_lib_t,s0)
 
 /var/run/pulse(/.*)?   gen_context(system_u:object_r:pulseaudio_var_run_t,s0)
+
+
+ifdef(`distro_gentoo',`
+HOME_DIR/\.config/pulse(/.*)?          
gen_context(system_u:object_r:pulseaudio_xdg_config_t,s0)
+')

diff --git a/policy/modules/contrib/pulseaudio.te 
b/policy/modules/contrib/pulseaudio.te
index 4665af2..dfb06a9 100644
--- a/policy/modules/contrib/pulseaudio.te
+++ b/policy/modules/contrib/pulseaudio.te
@@ -257,3 +257,23 @@ optional_policy(`
 optional_policy(`
        unconfined_signull(pulseaudio_client)
 ')
+
+ifdef(`distro_gentoo',`
+       type pulseaudio_xdg_config_t;
+       xdg_config_home_content(pulseaudio_xdg_config_t)
+
+       # create ~/.config/pulse/
+       manage_files_pattern(pulseaudio_t, pulseaudio_xdg_config_t, 
pulseaudio_xdg_config_t)
+       manage_lnk_files_pattern(pulseaudio_t, pulseaudio_xdg_config_t, 
pulseaudio_xdg_config_t)
+       manage_dirs_pattern(pulseaudio_t, pulseaudio_xdg_config_t, 
pulseaudio_xdg_config_t)
+       xdg_config_home_filetrans(pulseaudio_t, pulseaudio_xdg_config_t, dir, 
"pulse")
+
+       # pulseaudio cannot manage the files from its clients
+       allow pulseaudio_t pulseaudio_tmpfsfile:file manage_file_perms;
+
+       # pulseaudio client perms on ~/.config/pulse/
+       manage_files_pattern(pulseaudio_client, pulseaudio_xdg_config_t, 
pulseaudio_xdg_config_t)
+       manage_lnk_files_pattern(pulseaudio_client, pulseaudio_xdg_config_t, 
pulseaudio_xdg_config_t)
+       manage_dirs_pattern(pulseaudio_client, pulseaudio_xdg_config_t, 
pulseaudio_xdg_config_t)
+       xdg_config_home_filetrans(pulseaudio_client, pulseaudio_xdg_config_t, 
dir, "pulse")
+')

Reply via email to