1 ## <summary>Pulseaudio network sound server.</summary>
3 ########################################
5 ## Role access for pulseaudio
12 ## <param name="domain">
14 ## User domain for the role
18 interface(`pulseaudio_role',`
20 type pulseaudio_t, pulseaudio_exec_t;
21 class dbus { acquire_svc send_msg };
24 role $1 types pulseaudio_t;
26 # Transition from the user domain to the derived domain.
27 domtrans_pattern($2, pulseaudio_exec_t, pulseaudio_t)
29 ps_process_pattern($2, pulseaudio_t)
31 allow pulseaudio_t $2:process { signal signull };
32 allow $2 pulseaudio_t:process { signal signull sigkill };
33 ps_process_pattern(pulseaudio_t, $2)
35 allow pulseaudio_t $2:unix_stream_socket connectto;
36 allow $2 pulseaudio_t:unix_stream_socket connectto;
38 allow $2 pulseaudio_t:dbus send_msg;
39 allow pulseaudio_t $2:dbus { acquire_svc send_msg };
42 ########################################
44 ## Execute a domain transition to run pulseaudio.
46 ## <param name="domain">
48 ## Domain allowed to transition.
52 interface(`pulseaudio_domtrans',`
54 type pulseaudio_t, pulseaudio_exec_t;
57 domtrans_pattern($1, pulseaudio_exec_t, pulseaudio_t)
60 ########################################
62 ## Execute pulseaudio in the pulseaudio domain, and
63 ## allow the specified role the pulseaudio domain.
65 ## <param name="domain">
67 ## Domain allowed to transition.
70 ## <param name="role">
72 ## Role allowed access.
76 interface(`pulseaudio_run',`
81 pulseaudio_domtrans($1)
82 role $2 types pulseaudio_t;
85 ########################################
87 ## Execute a pulseaudio in the current domain.
89 ## <param name="domain">
91 ## Domain allowed access.
95 interface(`pulseaudio_exec',`
97 type pulseaudio_exec_t;
100 can_exec($1, pulseaudio_exec_t)
103 ########################################
105 ## Do not audit to execute a pulseaudio.
107 ## <param name="domain">
109 ## Domain to not audit.
113 interface(`pulseaudio_dontaudit_exec',`
115 type pulseaudio_exec_t;
118 dontaudit $1 pulseaudio_exec_t:file exec_file_perms;
121 ########################################
123 ## Send signull signal to pulseaudio
126 ## <param name="domain">
128 ## Domain allowed access.
132 interface(`pulseaudio_signull',`
137 allow $1 pulseaudio_t:process signull;
140 #####################################
142 ## Connect to pulseaudio over a unix domain
145 ## <param name="domain">
147 ## Domain allowed access.
151 interface(`pulseaudio_stream_connect',`
153 type pulseaudio_t, pulseaudio_var_run_t;
156 files_search_pids($1)
157 allow $1 pulseaudio_t:process signull;
158 allow pulseaudio_t $1:process signull;
159 stream_connect_pattern($1, pulseaudio_var_run_t, pulseaudio_var_run_t, pulseaudio_t)
162 ########################################
164 ## Send and receive messages from
165 ## pulseaudio over dbus.
167 ## <param name="domain">
169 ## Domain allowed access.
173 interface(`pulseaudio_dbus_chat',`
179 allow $1 pulseaudio_t:dbus send_msg;
180 allow pulseaudio_t $1:dbus send_msg;
183 ########################################
185 ## Set the attributes of the pulseaudio homedir.
187 ## <param name="user_domain">
189 ## Domain allowed access.
193 interface(`pulseaudio_setattr_home_dir',`
195 type pulseaudio_home_t;
198 allow $1 pulseaudio_home_t:dir setattr;
201 ########################################
203 ## Read pulseaudio homedir files.
205 ## <param name="user_domain">
207 ## Domain allowed access.
211 interface(`pulseaudio_read_home_files',`
213 type pulseaudio_home_t;
216 userdom_search_user_home_dirs($1)
217 read_files_pattern($1, pulseaudio_home_t, pulseaudio_home_t)
218 read_lnk_files_pattern($1, pulseaudio_home_t, pulseaudio_home_t)
221 ########################################
223 ## Read and write Pulse Audio files.
225 ## <param name="user_domain">
227 ## Domain allowed access.
231 interface(`pulseaudio_rw_home_files',`
233 type pulseaudio_home_t;
236 rw_files_pattern($1, pulseaudio_home_t, pulseaudio_home_t)
237 read_lnk_files_pattern($1, pulseaudio_home_t, pulseaudio_home_t)
238 userdom_search_user_home_dirs($1)
241 ########################################
243 ## Create, read, write, and delete pulseaudio
244 ## home directory files.
246 ## <param name="user_domain">
248 ## Domain allowed access.
252 interface(`pulseaudio_manage_home_files',`
254 type pulseaudio_home_t;
257 userdom_search_user_home_dirs($1)
258 manage_files_pattern($1, pulseaudio_home_t, pulseaudio_home_t)
259 read_lnk_files_pattern($1, pulseaudio_home_t, pulseaudio_home_t)