diff options
| author |   Jason Zaman <jason@perfinion.com> | 2017-03-16 16:14:39 +0800 |
|---|---|---|
| committer | Jason Zaman <jason@perfinion.com> | 2017-03-16 16:14:39 +0800 |
| commit | e7eb672259ff2b2955cbd5f991182de9c7464c31 (patch) | |
| tree | 877da27128170fcf7237d0a147f0e889643e6d68 | |
| parent | Update state tracking of upstream (diff) | |
| download | hardened-refpolicy-e7eb672259ff2b2955cbd5f991182de9c7464c31.tar.gz hardened-refpolicy-e7eb672259ff2b2955cbd5f991182de9c7464c31.tar.bz2 hardened-refpolicy-e7eb672259ff2b2955cbd5f991182de9c7464c31.zip | |
pulseaudio: alias pulseaudio_xdg_config_t to pulseaudio_home_t
pulseaudio_home_t was added upstream on ~/.config/pulse/ so our
_xdg_config_t can be removed
| -rw-r--r-- | policy/modules/contrib/pulseaudio.fc | 7 | ||||
| -rw-r--r-- | policy/modules/contrib/pulseaudio.te | 24 |
2 files changed, 5 insertions, 26 deletions
diff --git a/policy/modules/contrib/pulseaudio.fc b/policy/modules/contrib/pulseaudio.fc index 2ee04dce..78ae21c1 100644 --- a/policy/modules/contrib/pulseaudio.fc +++ b/policy/modules/contrib/pulseaudio.fc @@ -1,7 +1,7 @@ HOME_DIR/\.esd_auth -- gen_context(system_u:object_r:pulseaudio_home_t,s0) HOME_DIR/\.pulse(/.*)? gen_context(system_u:object_r:pulseaudio_home_t,s0) HOME_DIR/\.pulse-cookie -- gen_context(system_u:object_r:pulseaudio_home_t,s0) -HOME_DIR/\.config/pulse(/.*)? -- gen_context(system_u:object_r:pulseaudio_home_t,s0) +HOME_DIR/\.config/pulse(/.*)? gen_context(system_u:object_r:pulseaudio_home_t,s0) /usr/bin/pulseaudio -- gen_context(system_u:object_r:pulseaudio_exec_t,s0) @@ -9,8 +9,3 @@ HOME_DIR/\.config/pulse(/.*)? -- gen_context(system_u:object_r:pulseaudio_home_t /run/pulse(/.*)? gen_context(system_u:object_r:pulseaudio_var_run_t,s0) /run/user/%{USERID}/pulse(/.*)? gen_context(system_u:object_r:pulseaudio_tmp_t,s0) - - -ifdef(`distro_gentoo',` -HOME_DIR/\.config/pulse(/.*)? gen_context(system_u:object_r:pulseaudio_xdg_config_t,s0) -') diff --git a/policy/modules/contrib/pulseaudio.te b/policy/modules/contrib/pulseaudio.te index ac9811ea..b4154208 100644 --- a/policy/modules/contrib/pulseaudio.te +++ b/policy/modules/contrib/pulseaudio.te @@ -290,28 +290,12 @@ optional_policy(` ') ifdef(`distro_gentoo',` - type pulseaudio_xdg_config_t; - xdg_config_home_content(pulseaudio_xdg_config_t) + typealias pulseaudio_home_t alias pulseaudio_xdg_config_t; - # create ~/.config/pulse/ - manage_files_pattern(pulseaudio_t, pulseaudio_xdg_config_t, pulseaudio_xdg_config_t) - manage_lnk_files_pattern(pulseaudio_t, pulseaudio_xdg_config_t, pulseaudio_xdg_config_t) - manage_dirs_pattern(pulseaudio_t, pulseaudio_xdg_config_t, pulseaudio_xdg_config_t) - xdg_config_home_filetrans(pulseaudio_t, pulseaudio_xdg_config_t, dir, "pulse") - - # pulseaudio cannot manage the files from its clients - allow pulseaudio_t pulseaudio_tmpfsfile:file manage_file_perms; - - # pulseaudio client perms on ~/.config/pulse/ - manage_files_pattern(pulseaudio_client, pulseaudio_xdg_config_t, pulseaudio_xdg_config_t) - manage_lnk_files_pattern(pulseaudio_client, pulseaudio_xdg_config_t, pulseaudio_xdg_config_t) - manage_dirs_pattern(pulseaudio_client, pulseaudio_xdg_config_t, pulseaudio_xdg_config_t) - xdg_config_home_filetrans(pulseaudio_client, pulseaudio_xdg_config_t, dir, "pulse") + # ~/.config/pulse/ + xdg_config_home_filetrans(pulseaudio_t, pulseaudio_home_t, dir, "pulse") + xdg_config_home_filetrans(pulseaudio_client, pulseaudio_home_t, dir, "pulse") # /tmp/pulse-* gets created by the clients usually as user_tmp_t, bug 556526 userdom_list_user_tmp(pulseaudio_client) - - # pulse 7 uses fds - allow pulseaudio_client pulseaudio_t:fd use; - allow pulseaudio_client pulseaudio_tmpfs_t:file rw_file_perms; ') |