Attachment #340620 for bug #459856

View | Details | Raw Unified | Return to bug 459856
Collapse All | Expand All

Lines 7-9 HOME_DIR/\.pulse-cookie -- gen_context(system_u:object_r:pulseaudio_home_t,s0) Link Here

(-)a/policy/modules/contrib/pulseaudio.fc (+2 lines)
7	/var/lib/pulse(/.*)? gen_context(system_u:object_r:pulseaudio_var_lib_t,s0)	7	/var/lib/pulse(/.*)? gen_context(system_u:object_r:pulseaudio_var_lib_t,s0)
8		8
9	/var/run/pulse(/.*)? gen_context(system_u:object_r:pulseaudio_var_run_t,s0)	9	/var/run/pulse(/.*)? gen_context(system_u:object_r:pulseaudio_var_run_t,s0)
		10
		11	/dev/shm/pulse-shm-[0-9]+ -- gen_context(system_u:object_r:pulseaudio_tmpfs_t)

Lines 31-36 files_type(pulseaudio_var_lib_t) Link Here

(-)a/policy/modules/contrib/pulseaudio.te (-1 / +44 lines)
31	type pulseaudio_var_run_t;	31	type pulseaudio_var_run_t;
32	files_pid_file(pulseaudio_var_run_t)	32	files_pid_file(pulseaudio_var_run_t)
33		33
		34	require {
		35	type staff_t;
		36	type user_t;
		37	}
		38
34	########################################	39	########################################
35	#	40	#
36	# Local policy	41	# Local policy
Lines 129-134 miscfiles_read_localization(pulseaudio_t) Link Here
129	userdom_search_user_home_dirs(pulseaudio_t)	134	userdom_search_user_home_dirs(pulseaudio_t)
130	userdom_write_user_tmp_sockets(pulseaudio_t)	135	userdom_write_user_tmp_sockets(pulseaudio_t)
131		136
		137	#allow /home/user/.pulse/b635dc821cabdd2d355ea70900010017-runtime link access
		138	read_lnk_files_pattern(pulseaudio_t,pulseaudio_home_t,pulseaudio_home_t)
		139
		140	#Allow for per-user pulseaudio daemons:
		141	#Access to the daemon:
		142	pulseaudio_domtrans(staff_t);
		143	pulseaudio_signull(staff_t);
		144	pulseaudio_stream_connect(staff_t);
		145
		146	pulseaudio_domtrans(user_t);
		147	pulseaudio_signull(user_t);
		148	pulseaudio_stream_connect(user_t);
		149
		150	#User should be able to manage its daemon:
		151	#user_t
		152	manage_files_pattern(user_t,pulseaudio_home_t,pulseaudio_home_t);
		153	read_lnk_files_pattern(user_t,pulseaudio_home_t,pulseaudio_home_t);
		154	setattr_dirs_pattern(user_t,pulseaudio_home_t,pulseaudio_home_t);
		155
		156	#staff_t
		157	manage_files_pattern(staff_t,pulseaudio_home_t,pulseaudio_home_t);
		158	read_lnk_files_pattern(staff_t,pulseaudio_home_t,pulseaudio_home_t);
		159	setattr_dirs_pattern(staff_t,pulseaudio_home_t,pulseaudio_home_t);
		160
		161	#Socket write access for the clients:
		162	write_sock_files_pattern(staff_t,pulseaudio_tmpfs_t,pulseaudio_tmpfs_t)
		163	write_sock_files_pattern(user_t,pulseaudio_tmpfs_t,pulseaudio_tmpfs_t)
		164
132	tunable_policy(`use_nfs_home_dirs',`	165	tunable_policy(`use_nfs_home_dirs',`
133	fs_manage_nfs_dirs(pulseaudio_t)	166	fs_manage_nfs_dirs(pulseaudio_t)
134	fs_manage_nfs_files(pulseaudio_t)	167	fs_manage_nfs_files(pulseaudio_t)
Lines 149-155 optional_policy(` Link Here
149	bluetooth_stream_connect(pulseaudio_t)	182	bluetooth_stream_connect(pulseaudio_t)
150	')	183	')
151		184
		185	#Allow thunderbird to start the daemon:
		186	optional_policy(`
		187	require {
		188	type thunderbird_t;
		189	}
		190	pulseaudio_domtrans(thunderbird_t);
		191	pulseaudio_signull(thunderbird_t);
		192	pulseaudio_stream_connect(thunderbird_t);
		193	')
		194
152	optional_policy(`	195	optional_policy(`
		196	dbus_read_lib_files(pulseaudio_t)
153	dbus_system_domain(pulseaudio_t, pulseaudio_exec_t)	197	dbus_system_domain(pulseaudio_t, pulseaudio_exec_t)
154	dbus_all_session_bus_client(pulseaudio_t)	198	dbus_all_session_bus_client(pulseaudio_t)
155	dbus_connect_all_session_bus(pulseaudio_t)	199	dbus_connect_all_session_bus(pulseaudio_t)
156	-

Return to bug 459856