[people/stevee/selinux-policy.git] / policy / modules / apps / pulseaudio.te


policy_module(pulseaudio, 1.2.0)

########################################
#
# Declarations
#

type pulseaudio_t;
type pulseaudio_exec_t;
init_daemon_domain(pulseaudio_t, pulseaudio_exec_t)
application_domain(pulseaudio_t, pulseaudio_exec_t)
role system_r types pulseaudio_t;

type pulseaudio_home_t;
userdom_user_home_content(pulseaudio_home_t)

type pulseaudio_tmpfs_t;
files_tmpfs_file(pulseaudio_tmpfs_t)

type pulseaudio_var_lib_t;
files_type(pulseaudio_var_lib_t)

type pulseaudio_var_run_t;
files_pid_file(pulseaudio_var_run_t)

########################################
#
# pulseaudio local policy
#

allow pulseaudio_t self:capability { fowner fsetid chown setgid setuid sys_nice sys_resource sys_tty_config };
allow pulseaudio_t self:process { getcap setcap setrlimit setsched getsched signal signull };
allow pulseaudio_t self:fifo_file rw_file_perms;
allow pulseaudio_t self:unix_stream_socket { create_stream_socket_perms connectto };
allow pulseaudio_t self:unix_dgram_socket { sendto create_socket_perms };
allow pulseaudio_t self:tcp_socket create_stream_socket_perms;
allow pulseaudio_t self:udp_socket create_socket_perms;
allow pulseaudio_t self:netlink_kobject_uevent_socket create_socket_perms;

manage_dirs_pattern(pulseaudio_t, pulseaudio_home_t, pulseaudio_home_t)
manage_files_pattern(pulseaudio_t, pulseaudio_home_t, pulseaudio_home_t)
userdom_search_user_home_dirs(pulseaudio_t)

manage_dirs_pattern(pulseaudio_t, pulseaudio_var_lib_t, pulseaudio_var_lib_t)
manage_files_pattern(pulseaudio_t, pulseaudio_var_lib_t, pulseaudio_var_lib_t)
files_var_lib_filetrans(pulseaudio_t, pulseaudio_var_lib_t, { dir file })

manage_dirs_pattern(pulseaudio_t, pulseaudio_var_run_t, pulseaudio_var_run_t)
manage_files_pattern(pulseaudio_t, pulseaudio_var_run_t, pulseaudio_var_run_t)
manage_sock_files_pattern(pulseaudio_t, pulseaudio_var_run_t, pulseaudio_var_run_t)
files_pid_filetrans(pulseaudio_t, pulseaudio_var_run_t, { dir file })

can_exec(pulseaudio_t, pulseaudio_exec_t)

kernel_getattr_proc(pulseaudio_t)
kernel_read_system_state(pulseaudio_t)
kernel_read_kernel_sysctls(pulseaudio_t)

corecmd_exec_bin(pulseaudio_t)

corenet_all_recvfrom_unlabeled(pulseaudio_t)
corenet_all_recvfrom_netlabel(pulseaudio_t)
corenet_tcp_bind_pulseaudio_port(pulseaudio_t)
corenet_tcp_bind_soundd_port(pulseaudio_t)
corenet_tcp_sendrecv_generic_if(pulseaudio_t)
corenet_tcp_sendrecv_generic_node(pulseaudio_t)
corenet_udp_bind_sap_port(pulseaudio_t)
corenet_udp_sendrecv_generic_if(pulseaudio_t)
corenet_udp_sendrecv_generic_node(pulseaudio_t)

dev_read_sound(pulseaudio_t)
dev_write_sound(pulseaudio_t)
dev_read_sysfs(pulseaudio_t)
dev_read_urand(pulseaudio_t)

files_read_etc_files(pulseaudio_t)
files_read_usr_files(pulseaudio_t)

fs_rw_anon_inodefs_files(pulseaudio_t)
fs_getattr_tmpfs(pulseaudio_t)
fs_list_inotifyfs(pulseaudio_t)

term_use_all_ttys(pulseaudio_t)
term_use_all_ptys(pulseaudio_t)

auth_use_nsswitch(pulseaudio_t)

logging_send_syslog_msg(pulseaudio_t)

miscfiles_read_localization(pulseaudio_t)

optional_policy(`
	bluetooth_stream_connect(pulseaudio_t)
')

optional_policy(`
	dbus_system_domain(pulseaudio_t, pulseaudio_exec_t)
	dbus_system_bus_client(pulseaudio_t)
	dbus_session_bus_client(pulseaudio_t)
	dbus_connect_session_bus(pulseaudio_t)

	optional_policy(`
		consolekit_dbus_chat(pulseaudio_t)
	')

	optional_policy(`
		hal_dbus_chat(pulseaudio_t)
	')

	optional_policy(`
		policykit_dbus_chat(pulseaudio_t)
	')

	optional_policy(`
		rpm_dbus_chat(pulseaudio_t)
	')
')

optional_policy(`
	rtkit_scheduled(pulseaudio_t)
')

optional_policy(`
	policykit_domtrans_auth(pulseaudio_t)
	policykit_read_lib(pulseaudio_t)
	policykit_read_reload(pulseaudio_t)
')

optional_policy(`
	udev_read_db(pulseaudio_t)
')

optional_policy(`
	xserver_stream_connect(pulseaudio_t)
	xserver_manage_xdm_tmp_files(pulseaudio_t)
	xserver_read_xdm_lib_files(pulseaudio_t)
	xserver_read_xdm_pid(pulseaudio_t)
	xserver_user_x_domain_template(pulseaudio, pulseaudio_t, pulseaudio_tmpfs_t)
')
Commit	Line	Data
9b1907b2	1
29af4c13	2	policy_module(pulseaudio, 1.2.0)
9b1907b2 CP	3
	4	########################################
	5	#
	6	# Declarations
	7	#
	8
	9	type pulseaudio_t;
	10	type pulseaudio_exec_t;
18683835	11	init_daemon_domain(pulseaudio_t, pulseaudio_exec_t)
9b1907b2 CP	12	application_domain(pulseaudio_t, pulseaudio_exec_t)
	13	role system_r types pulseaudio_t;
	14
18683835 JS	15	type pulseaudio_home_t;
	16	userdom_user_home_content(pulseaudio_home_t)
	17
	18	type pulseaudio_tmpfs_t;
	19	files_tmpfs_file(pulseaudio_tmpfs_t)
	20
	21	type pulseaudio_var_lib_t;
	22	files_type(pulseaudio_var_lib_t)
	23
	24	type pulseaudio_var_run_t;
	25	files_pid_file(pulseaudio_var_run_t)
	26
9b1907b2 CP	27	########################################
	28	#
	29	# pulseaudio local policy
	30	#
ad0071bb	31
18683835	32	allow pulseaudio_t self:capability { fowner fsetid chown setgid setuid sys_nice sys_resource sys_tty_config };
9b1907b2 CP	33	allow pulseaudio_t self:process { getcap setcap setrlimit setsched getsched signal signull };
9b1907b2 CP	34	allow pulseaudio_t self:fifo_file rw_file_perms;
18683835	35	allow pulseaudio_t self:unix_stream_socket { create_stream_socket_perms connectto };
9b1907b2 CP	36	allow pulseaudio_t self:unix_dgram_socket { sendto create_socket_perms };
	37	allow pulseaudio_t self:tcp_socket create_stream_socket_perms;
	38	allow pulseaudio_t self:udp_socket create_socket_perms;
a3dd1499	39	allow pulseaudio_t self:netlink_kobject_uevent_socket create_socket_perms;
9b1907b2	40
18683835 JS	41	manage_dirs_pattern(pulseaudio_t, pulseaudio_home_t, pulseaudio_home_t)
18683835 JS	42	manage_files_pattern(pulseaudio_t, pulseaudio_home_t, pulseaudio_home_t)
ad0071bb	43	userdom_search_user_home_dirs(pulseaudio_t)
18683835 JS	44
	45	manage_dirs_pattern(pulseaudio_t, pulseaudio_var_lib_t, pulseaudio_var_lib_t)
	46	manage_files_pattern(pulseaudio_t, pulseaudio_var_lib_t, pulseaudio_var_lib_t)
	47	files_var_lib_filetrans(pulseaudio_t, pulseaudio_var_lib_t, { dir file })
	48
	49	manage_dirs_pattern(pulseaudio_t, pulseaudio_var_run_t, pulseaudio_var_run_t)
	50	manage_files_pattern(pulseaudio_t, pulseaudio_var_run_t, pulseaudio_var_run_t)
	51	manage_sock_files_pattern(pulseaudio_t, pulseaudio_var_run_t, pulseaudio_var_run_t)
	52	files_pid_filetrans(pulseaudio_t, pulseaudio_var_run_t, { dir file })
	53
a3dd1499 CP	54	can_exec(pulseaudio_t, pulseaudio_exec_t)
a3dd1499 CP	55
18683835	56	kernel_getattr_proc(pulseaudio_t)
a3dd1499	57	kernel_read_system_state(pulseaudio_t)
9b1907b2 CP	58	kernel_read_kernel_sysctls(pulseaudio_t)
	59
	60	corecmd_exec_bin(pulseaudio_t)
	61
	62	corenet_all_recvfrom_unlabeled(pulseaudio_t)
	63	corenet_all_recvfrom_netlabel(pulseaudio_t)
	64	corenet_tcp_bind_pulseaudio_port(pulseaudio_t)
	65	corenet_tcp_bind_soundd_port(pulseaudio_t)
	66	corenet_tcp_sendrecv_generic_if(pulseaudio_t)
	67	corenet_tcp_sendrecv_generic_node(pulseaudio_t)
	68	corenet_udp_bind_sap_port(pulseaudio_t)
	69	corenet_udp_sendrecv_generic_if(pulseaudio_t)
	70	corenet_udp_sendrecv_generic_node(pulseaudio_t)
	71
	72	dev_read_sound(pulseaudio_t)
	73	dev_write_sound(pulseaudio_t)
	74	dev_read_sysfs(pulseaudio_t)
	75	dev_read_urand(pulseaudio_t)
	76
	77	files_read_etc_files(pulseaudio_t)
	78	files_read_usr_files(pulseaudio_t)
	79
	80	fs_rw_anon_inodefs_files(pulseaudio_t)
	81	fs_getattr_tmpfs(pulseaudio_t)
a3dd1499	82	fs_list_inotifyfs(pulseaudio_t)
9b1907b2	83
c3c753f7 CP	84	term_use_all_ttys(pulseaudio_t)
c3c753f7 CP	85	term_use_all_ptys(pulseaudio_t)
9b1907b2 CP	86
	87	auth_use_nsswitch(pulseaudio_t)
	88
	89	logging_send_syslog_msg(pulseaudio_t)
	90
	91	miscfiles_read_localization(pulseaudio_t)
	92
6f30d7e7 CP	93	optional_policy(`
	94	bluetooth_stream_connect(pulseaudio_t)
	95	')
	96
9b1907b2	97	optional_policy(`
18683835	98	dbus_system_domain(pulseaudio_t, pulseaudio_exec_t)
9b1907b2 CP	99	dbus_system_bus_client(pulseaudio_t)
9b1907b2 CP	100	dbus_session_bus_client(pulseaudio_t)
6f30d7e7	101	dbus_connect_session_bus(pulseaudio_t)
9b1907b2 CP	102
	103	optional_policy(`
	104	consolekit_dbus_chat(pulseaudio_t)
	105	')
	106
	107	optional_policy(`
	108	hal_dbus_chat(pulseaudio_t)
	109	')
a3dd1499 CP	110
	111	optional_policy(`
	112	policykit_dbus_chat(pulseaudio_t)
	113	')
	114
	115	optional_policy(`
	116	rpm_dbus_chat(pulseaudio_t)
	117	')
9b1907b2 CP	118	')
9b1907b2 CP	119
18683835 JS	120	optional_policy(`
	121	rtkit_scheduled(pulseaudio_t)
	122	')
	123
9b1907b2 CP	124	optional_policy(`
	125	policykit_domtrans_auth(pulseaudio_t)
	126	policykit_read_lib(pulseaudio_t)
	127	policykit_read_reload(pulseaudio_t)
	128	')
	129
	130	optional_policy(`
	131	udev_read_db(pulseaudio_t)
	132	')
	133
	134	optional_policy(`
18683835	135	xserver_stream_connect(pulseaudio_t)
9b1907b2 CP	136	xserver_manage_xdm_tmp_files(pulseaudio_t)
9b1907b2 CP	137	xserver_read_xdm_lib_files(pulseaudio_t)
18683835 JS	138	xserver_read_xdm_pid(pulseaudio_t)
18683835 JS	139	xserver_user_x_domain_template(pulseaudio, pulseaudio_t, pulseaudio_tmpfs_t)
9b1907b2	140	')