From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id A7B341393DD for ; Tue, 29 Jul 2014 14:07:34 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 3F3B2E08E8; Tue, 29 Jul 2014 14:07:32 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id A035FE08E8 for ; Tue, 29 Jul 2014 14:07:31 +0000 (UTC) Received: from spoonbill.gentoo.org (spoonbill.gentoo.org [81.93.255.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 764CD340187 for ; Tue, 29 Jul 2014 14:07:30 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by spoonbill.gentoo.org (Postfix) with ESMTP id 4198F18BF4 for ; Tue, 29 Jul 2014 14:07:29 +0000 (UTC) From: "Sven Vermeulen" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" Message-ID: <1406642720.ad9cc622fb5bef6e37054150efd55ecead438889.swift@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules/contrib/alsa.fc policy/modules/contrib/alsa.te X-VCS-Directories: policy/modules/contrib/ X-VCS-Committer: swift X-VCS-Committer-Name: Sven Vermeulen X-VCS-Revision: ad9cc622fb5bef6e37054150efd55ecead438889 X-VCS-Branch: master Date: Tue, 29 Jul 2014 14:07:29 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: f86518d5-cd76-4ce2-9269-591f37919683 X-Archives-Hash: 2d3a32354ac0f59bc769cc5da9ea3e1f commit: ad9cc622fb5bef6e37054150efd55ecead438889 Author: Sven Vermeulen siphos be> AuthorDate: Sat Jul 5 16:19:14 2014 +0000 Commit: Sven Vermeulen gentoo org> CommitDate: Tue Jul 29 14:05:20 2014 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=ad9cc622 Enable asound.state.lock support asound.state.lock file when managing alsa state operations. Signed-off-by: Sven Vermeulen siphos.be> --- policy/modules/contrib/alsa.fc | 2 ++ policy/modules/contrib/alsa.te | 6 ++++++ 2 files changed, 8 insertions(+) diff --git a/policy/modules/contrib/alsa.fc b/policy/modules/contrib/alsa.fc index 33d9d31..6c3c0ba 100644 --- a/policy/modules/contrib/alsa.fc +++ b/policy/modules/contrib/alsa.fc @@ -24,3 +24,5 @@ ifdef(`distro_debian',` /usr/share/alsa/pcm(/.*)? gen_context(system_u:object_r:alsa_etc_rw_t,s0) /var/lib/alsa(/.*)? gen_context(system_u:object_r:alsa_var_lib_t,s0) + +/var/lock/asound\.state\.lock -- gen_context(system_u:object_r:alsa_var_lock_t,s0) diff --git a/policy/modules/contrib/alsa.te b/policy/modules/contrib/alsa.te index 5b04663..4b818a0 100644 --- a/policy/modules/contrib/alsa.te +++ b/policy/modules/contrib/alsa.te @@ -24,6 +24,9 @@ files_tmpfs_file(alsa_tmpfs_t) type alsa_var_lib_t; files_type(alsa_var_lib_t) +type alsa_var_lock_t; +files_lock_file(alsa_var_lock_t) + type alsa_home_t; userdom_user_home_content(alsa_home_t) @@ -57,6 +60,9 @@ fs_tmpfs_filetrans(alsa_t, alsa_tmpfs_t, file) manage_dirs_pattern(alsa_t, alsa_var_lib_t, alsa_var_lib_t) manage_files_pattern(alsa_t, alsa_var_lib_t, alsa_var_lib_t) +allow alsa_t alsa_var_lock_t:file manage_file_perms; +files_lock_filetrans(alsa_t, alsa_var_lock_t, file); + kernel_read_system_state(alsa_t) corecmd_exec_bin(alsa_t)