From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-787309-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id B0242138CC4
	for <garchives@archives.gentoo.org>; Sun, 29 Mar 2015 10:01:32 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 449E8E08CD;
	Sun, 29 Mar 2015 10:01:32 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 9E1C4E08CA
	for <gentoo-commits@lists.gentoo.org>; Sun, 29 Mar 2015 10:01:31 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id E4FC9340B28
	for <gentoo-commits@lists.gentoo.org>; Sun, 29 Mar 2015 10:01:30 +0000 (UTC)
Received: from localhost.localdomain (localhost [127.0.0.1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id EA7D914C47
	for <gentoo-commits@lists.gentoo.org>; Sun, 29 Mar 2015 10:01:26 +0000 (UTC)
From: "Jason Zaman" <perfinion@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Jason Zaman" <perfinion@gentoo.org>
Message-ID: <1427622872.394b856733a6953b28aa53ee305aea7d5de03ccb.perfinion@gentoo>
Subject: [gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/contrib/
X-VCS-Repository: proj/hardened-refpolicy
X-VCS-Files: policy/modules/contrib/skype.te
X-VCS-Directories: policy/modules/contrib/
X-VCS-Committer: perfinion
X-VCS-Committer-Name: Jason Zaman
X-VCS-Revision: 394b856733a6953b28aa53ee305aea7d5de03ccb
X-VCS-Branch: next
Date: Sun, 29 Mar 2015 10:01:26 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Archives-Salt: fef9627f-724e-421d-a20c-3227ee5eb5b3
X-Archives-Hash: 53ebe443933eb5d81e8a02c0036eb101

commit:     394b856733a6953b28aa53ee305aea7d5de03ccb
Author:     Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Tue Mar 24 12:27:05 2015 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sun Mar 29 09:54:32 2015 +0000
URL:        https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=394b8567

skype: policy rules for v4.3

It now uses pulseaudio and also needs dir permissions in /tmp

 policy/modules/contrib/skype.te | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/policy/modules/contrib/skype.te b/policy/modules/contrib/skype.te
index 4c71730..be0684f 100644
--- a/policy/modules/contrib/skype.te
+++ b/policy/modules/contrib/skype.te
@@ -55,9 +55,10 @@ manage_fifo_files_pattern(skype_t, skype_tmpfs_t, skype_tmpfs_t)
 manage_sock_files_pattern(skype_t, skype_tmpfs_t, skype_tmpfs_t)
 fs_tmpfs_filetrans(skype_t, skype_tmpfs_t, { file lnk_file sock_file fifo_file })
 
+manage_dirs_pattern(skype_t, skype_tmp_t, skype_tmp_t)
 manage_files_pattern(skype_t, skype_tmp_t, skype_tmp_t)
 manage_sock_files_pattern(skype_t, skype_tmp_t, skype_tmp_t)
-files_tmp_filetrans(skype_t, skype_tmp_t, { file sock_file })
+files_tmp_filetrans(skype_t, skype_tmp_t, { dir file sock_file })
 
 kernel_dontaudit_search_sysctl(skype_t)
 kernel_dontaudit_read_kernel_sysctls(skype_t)
@@ -73,15 +74,16 @@ corenet_all_recvfrom_netlabel(skype_t)
 corenet_all_recvfrom_unlabeled(skype_t)
 corenet_sendrecv_http_client_packets(skype_t)
 corenet_tcp_bind_generic_node(skype_t)
-corenet_tcp_bind_generic_port(skype_t) 
+corenet_tcp_bind_generic_port(skype_t)
 corenet_tcp_connect_all_unreserved_ports(skype_t)
 corenet_tcp_connect_generic_port(skype_t)
 corenet_tcp_connect_http_port(skype_t)
 corenet_tcp_sendrecv_http_port(skype_t)
 corenet_udp_bind_generic_node(skype_t)
-corenet_udp_bind_generic_port(skype_t) 
+corenet_udp_bind_generic_port(skype_t)
 
 dev_dontaudit_search_sysfs(skype_t)
+dev_dontaudit_read_sysfs(skype_t)
 dev_read_sound(skype_t)
 dev_read_video_dev(skype_t)
 dev_write_sound(skype_t)
@@ -112,6 +114,10 @@ tunable_policy(`skype_manage_user_content',`
 ')
 
 optional_policy(`
+	pulseaudio_client_domain(skype_t, skype_tmpfs_t)
+')
+
+optional_policy(`
 	dbus_system_bus_client(skype_t)
 	dbus_all_session_bus_client(skype_t)
 ')
@@ -120,6 +126,10 @@ optional_policy(`
 	xdg_manage_config_home(skype_t)
 ')
 
+optional_policy(`
+	mozilla_dontaudit_manage_user_home_files(skype_t)
+')
+
 ifdef(`use_alsa',`
 	optional_policy(`
 		alsa_domain(skype_t, skype_tmpfs_t)


From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-787301-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id 24353138CC4
	for <garchives@archives.gentoo.org>; Sun, 29 Mar 2015 09:59:47 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 93EB4E08CA;
	Sun, 29 Mar 2015 09:59:45 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 343F9E08C8
	for <gentoo-commits@lists.gentoo.org>; Sun, 29 Mar 2015 09:59:45 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 84CFA340C27
	for <gentoo-commits@lists.gentoo.org>; Sun, 29 Mar 2015 09:59:44 +0000 (UTC)
Received: from localhost.localdomain (localhost [127.0.0.1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id E3C4114C46
	for <gentoo-commits@lists.gentoo.org>; Sun, 29 Mar 2015 09:59:38 +0000 (UTC)
From: "Jason Zaman" <perfinion@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Jason Zaman" <perfinion@gentoo.org>
Message-ID: <1427622872.394b856733a6953b28aa53ee305aea7d5de03ccb.perfinion@gentoo>
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/
X-VCS-Repository: proj/hardened-refpolicy
X-VCS-Files: policy/modules/contrib/skype.te
X-VCS-Directories: policy/modules/contrib/
X-VCS-Committer: perfinion
X-VCS-Committer-Name: Jason Zaman
X-VCS-Revision: 394b856733a6953b28aa53ee305aea7d5de03ccb
X-VCS-Branch: master
Date: Sun, 29 Mar 2015 09:59:38 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Archives-Salt: cd3860a3-1c3c-4f4d-957c-c3d6fc8b76ec
X-Archives-Hash: 172c96f06de3fa38be7e98b845506962
Message-ID: <20150329095938.LkpNZ5bF4nGktfSnF7mEPojeK6WFVcud2gsXFjSbrWo@z>

commit:     394b856733a6953b28aa53ee305aea7d5de03ccb
Author:     Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Tue Mar 24 12:27:05 2015 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sun Mar 29 09:54:32 2015 +0000
URL:        https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=394b8567

skype: policy rules for v4.3

It now uses pulseaudio and also needs dir permissions in /tmp

 policy/modules/contrib/skype.te | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/policy/modules/contrib/skype.te b/policy/modules/contrib/skype.te
index 4c71730..be0684f 100644
--- a/policy/modules/contrib/skype.te
+++ b/policy/modules/contrib/skype.te
@@ -55,9 +55,10 @@ manage_fifo_files_pattern(skype_t, skype_tmpfs_t, skype_tmpfs_t)
 manage_sock_files_pattern(skype_t, skype_tmpfs_t, skype_tmpfs_t)
 fs_tmpfs_filetrans(skype_t, skype_tmpfs_t, { file lnk_file sock_file fifo_file })
 
+manage_dirs_pattern(skype_t, skype_tmp_t, skype_tmp_t)
 manage_files_pattern(skype_t, skype_tmp_t, skype_tmp_t)
 manage_sock_files_pattern(skype_t, skype_tmp_t, skype_tmp_t)
-files_tmp_filetrans(skype_t, skype_tmp_t, { file sock_file })
+files_tmp_filetrans(skype_t, skype_tmp_t, { dir file sock_file })
 
 kernel_dontaudit_search_sysctl(skype_t)
 kernel_dontaudit_read_kernel_sysctls(skype_t)
@@ -73,15 +74,16 @@ corenet_all_recvfrom_netlabel(skype_t)
 corenet_all_recvfrom_unlabeled(skype_t)
 corenet_sendrecv_http_client_packets(skype_t)
 corenet_tcp_bind_generic_node(skype_t)
-corenet_tcp_bind_generic_port(skype_t) 
+corenet_tcp_bind_generic_port(skype_t)
 corenet_tcp_connect_all_unreserved_ports(skype_t)
 corenet_tcp_connect_generic_port(skype_t)
 corenet_tcp_connect_http_port(skype_t)
 corenet_tcp_sendrecv_http_port(skype_t)
 corenet_udp_bind_generic_node(skype_t)
-corenet_udp_bind_generic_port(skype_t) 
+corenet_udp_bind_generic_port(skype_t)
 
 dev_dontaudit_search_sysfs(skype_t)
+dev_dontaudit_read_sysfs(skype_t)
 dev_read_sound(skype_t)
 dev_read_video_dev(skype_t)
 dev_write_sound(skype_t)
@@ -112,6 +114,10 @@ tunable_policy(`skype_manage_user_content',`
 ')
 
 optional_policy(`
+	pulseaudio_client_domain(skype_t, skype_tmpfs_t)
+')
+
+optional_policy(`
 	dbus_system_bus_client(skype_t)
 	dbus_all_session_bus_client(skype_t)
 ')
@@ -120,6 +126,10 @@ optional_policy(`
 	xdg_manage_config_home(skype_t)
 ')
 
+optional_policy(`
+	mozilla_dontaudit_manage_user_home_files(skype_t)
+')
+
 ifdef(`use_alsa',`
 	optional_policy(`
 		alsa_domain(skype_t, skype_tmpfs_t)