## Advanced Linux Sound Architecture utilities.
########################################
##
## Execute a domain transition to run Alsa.
##
##
##
## Domain allowed to transition.
##
##
#
interface(`alsa_domtrans',`
gen_require(`
type alsa_t, alsa_exec_t;
')
corecmd_search_bin($1)
domtrans_pattern($1, alsa_exec_t, alsa_t)
')
########################################
##
## Execute a domain transition to run
## Alsa, and allow the specified role
## the Alsa domain.
##
##
##
## Domain allowed to transition.
##
##
##
##
## Role allowed access.
##
##
#
interface(`alsa_run',`
gen_require(`
attribute_role alsa_roles;
')
alsa_domtrans($1)
roleattribute $2 alsa_roles;
')
########################################
##
## Read and write Alsa semaphores.
##
##
##
## Domain allowed access.
##
##
#
interface(`alsa_rw_semaphores',`
gen_require(`
type alsa_t;
')
allow $1 alsa_t:sem rw_sem_perms;
')
########################################
##
## Read and write Alsa shared memory.
##
##
##
## Domain allowed access.
##
##
#
interface(`alsa_rw_shared_mem',`
gen_require(`
type alsa_t;
')
allow $1 alsa_t:shm rw_shm_perms;
')
########################################
##
## Read Alsa configuration content.
##
##
##
## Domain allowed access.
##
##
#
interface(`alsa_read_config',`
gen_require(`
type alsa_etc_t;
')
files_search_etc($1)
allow $1 alsa_etc_t:dir list_dir_perms;
read_files_pattern($1, alsa_etc_t, alsa_etc_t)
read_lnk_files_pattern($1, alsa_etc_t, alsa_etc_t)
')
########################################
##
## Manage Alsa config files.
##
##
##
## Domain allowed access.
##
##
#
interface(`alsa_manage_config',`
gen_require(`
type alsa_etc_t;
')
files_search_etc($1)
allow $1 alsa_etc_t:dir list_dir_perms;
manage_files_pattern($1, alsa_etc_t, alsa_etc_t)
read_lnk_files_pattern($1, alsa_etc_t, alsa_etc_t)
')
########################################
##
## Create, read, write, and delete
## alsa home files.
##
##
##
## Domain allowed access.
##
##
#
interface(`alsa_manage_home_files',`
gen_require(`
type alsa_home_t;
')
userdom_search_user_home_dirs($1)
allow $1 alsa_home_t:file manage_file_perms;
')
########################################
##
## Read Alsa home files.
##
##
##
## Domain allowed access.
##
##
#
interface(`alsa_read_home_files',`
gen_require(`
type alsa_home_t;
')
userdom_search_user_home_dirs($1)
allow $1 alsa_home_t:file read_file_perms;
')
########################################
##
## Relabel alsa home files.
##
##
##
## Domain allowed access.
##
##
#
interface(`alsa_relabel_home_files',`
gen_require(`
type alsa_home_t;
')
userdom_search_user_home_dirs($1)
allow $1 alsa_home_t:file relabel_file_perms;
')
########################################
##
## Create objects in user home
## directories with the generic alsa
## home type.
##
##
##
## Domain allowed access.
##
##
##
##
## Class of the object being created.
##
##
##
##
## The name of the object being created.
##
##
#
interface(`alsa_home_filetrans_alsa_home',`
gen_require(`
type alsa_home_t;
')
userdom_user_home_dir_filetrans($1, alsa_home_t, $2, $3)
')
########################################
##
## Read Alsa lib files.
##
##
##
## Domain allowed access.
##
##
#
interface(`alsa_read_lib',`
gen_require(`
type alsa_var_lib_t;
')
files_search_var_lib($1)
read_files_pattern($1, alsa_var_lib_t, alsa_var_lib_t)
ifdef(`distro_gentoo',`
# gentoo saves the files in /var/lib/alsa/oss/CardName
list_dirs_pattern($1, alsa_var_lib_t, alsa_var_lib_t)
')
')
#########################################
##
## Write Alsa lib files.
##
##
##
## Domain allowed access.
##
##
#
interface(`alsa_write_lib',`
gen_require(`
type alsa_var_lib_t;
')
files_search_var_lib($1)
write_files_pattern($1, alsa_var_lib_t, alsa_var_lib_t)
ifdef(`distro_gentoo',`
# gentoo saves the files in /var/lib/alsa/oss/CardName
rw_dirs_pattern($1, alsa_var_lib_t, alsa_var_lib_t)
')
')
# Gentoo specific for now, but cannot use ifdef distro_gentoo in an interface
# alsa_domain - see http://oss.tresys.com/pipermail/refpolicy/2014-March/007029.html
# http://oss.tresys.com/pipermail/refpolicy/2014-April/007044.html
########################################
##
## Mark the selected domain as an alsa-capable domain
##
##
##
## Domain that links with alsa
##
##
##
##
## Tmpfs type used for shared memory of the given domain
##
##
#
interface(`alsa_domain',`
gen_require(`
attribute alsadomain;
attribute alsatmpfsfile;
')
typeattribute $1 alsadomain;
typeattribute $2 alsatmpfsfile;
')