]> git.ipfire.org Git - people/stevee/selinux-policy.git/blame - refpolicy/policy/modules/services/timidity.te
projects / people / stevee / selinux-policy.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
add ddclient, bug 1523
[people/stevee/selinux-policy.git] / refpolicy / policy / modules / services / timidity.te
CommitLineData
f11f0c10 1
5ea24be9 2policy_module(timidity,1.1.0)
f11f0c10
CP		 3
4# Note: You only need this policy if you want to run timidity as a server
5
6########################################
7#
8# Declarations
9#
10
11type timidity_t;
12type timidity_exec_t;
13init_daemon_domain(timidity_t,timidity_exec_t)
14
15type timidity_tmpfs_t;
16files_tmpfs_file(timidity_tmpfs_t)
17
18########################################
19#
20# Local policy
21#
22
23allow timidity_t self:capability { dac_override dac_read_search };
24dontaudit timidity_t self:capability sys_tty_config;
25allow timidity_t self:process { signal_perms getsched };
26allow timidity_t self:shm create_shm_perms;
27allow timidity_t self:unix_stream_socket create_stream_socket_perms;
28allow timidity_t self:tcp_socket create_stream_socket_perms;
29allow timidity_t self:udp_socket create_socket_perms;
30
31allow timidity_t timidity_tmpfs_t:dir create_dir_perms;
32allow timidity_t timidity_tmpfs_t:file create_file_perms;
33allow timidity_t timidity_tmpfs_t:lnk_file create_lnk_perms;
34allow timidity_t timidity_tmpfs_t:sock_file create_file_perms;
35allow timidity_t timidity_tmpfs_t:fifo_file create_file_perms;
103fe280 36fs_tmpfs_filetrans(timidity_t,timidity_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
f11f0c10 37
445522dc 38kernel_read_kernel_sysctls(timidity_t)
f11f0c10
CP		 39# read /proc/cpuinfo
40kernel_read_system_state(timidity_t)
41
42corenet_tcp_sendrecv_generic_if(timidity_t)
43corenet_udp_sendrecv_generic_if(timidity_t)
44corenet_raw_sendrecv_generic_if(timidity_t)
45corenet_tcp_sendrecv_all_nodes(timidity_t)
46corenet_udp_sendrecv_all_nodes(timidity_t)
47corenet_raw_sendrecv_all_nodes(timidity_t)
48corenet_tcp_sendrecv_all_ports(timidity_t)
49corenet_udp_sendrecv_all_ports(timidity_t)
bd70373d 50corenet_non_ipsec_sendrecv(timidity_t)
f11f0c10
CP		 51corenet_tcp_bind_all_nodes(timidity_t)
52corenet_udp_bind_all_nodes(timidity_t)
53
54dev_read_sysfs(timidity_t)
207c4763
CP		 55dev_read_sound(timidity_t)
56dev_write_sound(timidity_t)
f11f0c10
CP		 57
58fs_search_auto_mountpoints(timidity_t)
59
60term_dontaudit_use_console(timidity_t)
61
15722ec9 62domain_use_interactive_fds(timidity_t)
f11f0c10
CP		 63
64files_search_tmp(timidity_t)
65# read /usr/share/alsa/alsa.conf
66files_read_usr_files(timidity_t)
67# read /etc/esd.conf
68files_read_etc_files(timidity_t)
69
1c1ac67f 70init_use_fds(timidity_t)
1815bad1 71init_use_script_ptys(timidity_t)
f11f0c10
CP		 72
73libs_use_ld_so(timidity_t)
74libs_use_shared_libs(timidity_t)
75# read libartscbackend.la
1815bad1 76libs_read_lib_files(timidity_t)
f11f0c10
CP		 77
78logging_send_syslog_msg(timidity_t)
79
80sysnet_read_config(timidity_t)
81
15722ec9 82userdom_dontaudit_use_unpriv_user_fds(timidity_t)
f11f0c10
CP		 83# stupid timidity won't start if it can't search its current directory.
84# allow this so /etc/init.d/alsasound start works from /root
85# cjp: this should be fixed if possible so this rule can be removed.
103fe280 86userdom_search_sysadm_home_dirs(timidity_t)
f11f0c10
CP		 87
88ifdef(`targeted_policy',`
1815bad1
CP		 89 term_dontaudit_use_unallocated_ttys(timidity_t)
90 term_dontaudit_use_generic_ptys(timidity_t)
9e04f5c5 91 files_dontaudit_read_root_files(timidity_t)
f11f0c10
CP		 92')
93
bb7170f6 94optional_policy(`
f11f0c10
CP		 95 seutil_sigchld_newrole(timidity_t)
96')
97
bb7170f6 98optional_policy(`
f11f0c10
CP		 99 udev_read_db(timidity_t)
100')
The IPFire selinux policy.