From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id A794E139694 for ; Thu, 16 Mar 2017 08:18:35 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 18E9321C210; Thu, 16 Mar 2017 08:18:35 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id CF98721C210 for ; Thu, 16 Mar 2017 08:18:34 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id AFE2234112A for ; Thu, 16 Mar 2017 08:18:33 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 5A22169FD for ; Thu, 16 Mar 2017 08:18:32 +0000 (UTC) From: "Jason Zaman" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Jason Zaman" Message-ID: <1489652079.e7eb672259ff2b2955cbd5f991182de9c7464c31.perfinion@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules/contrib/pulseaudio.fc policy/modules/contrib/pulseaudio.te X-VCS-Directories: policy/modules/contrib/ X-VCS-Committer: perfinion X-VCS-Committer-Name: Jason Zaman X-VCS-Revision: e7eb672259ff2b2955cbd5f991182de9c7464c31 X-VCS-Branch: master Date: Thu, 16 Mar 2017 08:18:32 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 2643d07d-784d-4cf5-8c37-7bbbc7c0b4a7 X-Archives-Hash: 4bed712421cf379ce7c95e55eb880562 commit: e7eb672259ff2b2955cbd5f991182de9c7464c31 Author: Jason Zaman perfinion com> AuthorDate: Thu Mar 16 08:14:39 2017 +0000 Commit: Jason Zaman gentoo org> CommitDate: Thu Mar 16 08:14:39 2017 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=e7eb6722 pulseaudio: alias pulseaudio_xdg_config_t to pulseaudio_home_t pulseaudio_home_t was added upstream on ~/.config/pulse/ so our _xdg_config_t can be removed policy/modules/contrib/pulseaudio.fc | 7 +------ policy/modules/contrib/pulseaudio.te | 24 ++++-------------------- 2 files changed, 5 insertions(+), 26 deletions(-) diff --git a/policy/modules/contrib/pulseaudio.fc b/policy/modules/contrib/pulseaudio.fc index 2ee04dce..78ae21c1 100644 --- a/policy/modules/contrib/pulseaudio.fc +++ b/policy/modules/contrib/pulseaudio.fc @@ -1,7 +1,7 @@ HOME_DIR/\.esd_auth -- gen_context(system_u:object_r:pulseaudio_home_t,s0) HOME_DIR/\.pulse(/.*)? gen_context(system_u:object_r:pulseaudio_home_t,s0) HOME_DIR/\.pulse-cookie -- gen_context(system_u:object_r:pulseaudio_home_t,s0) -HOME_DIR/\.config/pulse(/.*)? -- gen_context(system_u:object_r:pulseaudio_home_t,s0) +HOME_DIR/\.config/pulse(/.*)? gen_context(system_u:object_r:pulseaudio_home_t,s0) /usr/bin/pulseaudio -- gen_context(system_u:object_r:pulseaudio_exec_t,s0) @@ -9,8 +9,3 @@ HOME_DIR/\.config/pulse(/.*)? -- gen_context(system_u:object_r:pulseaudio_home_t /run/pulse(/.*)? gen_context(system_u:object_r:pulseaudio_var_run_t,s0) /run/user/%{USERID}/pulse(/.*)? gen_context(system_u:object_r:pulseaudio_tmp_t,s0) - - -ifdef(`distro_gentoo',` -HOME_DIR/\.config/pulse(/.*)? gen_context(system_u:object_r:pulseaudio_xdg_config_t,s0) -') diff --git a/policy/modules/contrib/pulseaudio.te b/policy/modules/contrib/pulseaudio.te index ac9811ea..b4154208 100644 --- a/policy/modules/contrib/pulseaudio.te +++ b/policy/modules/contrib/pulseaudio.te @@ -290,28 +290,12 @@ optional_policy(` ') ifdef(`distro_gentoo',` - type pulseaudio_xdg_config_t; - xdg_config_home_content(pulseaudio_xdg_config_t) + typealias pulseaudio_home_t alias pulseaudio_xdg_config_t; - # create ~/.config/pulse/ - manage_files_pattern(pulseaudio_t, pulseaudio_xdg_config_t, pulseaudio_xdg_config_t) - manage_lnk_files_pattern(pulseaudio_t, pulseaudio_xdg_config_t, pulseaudio_xdg_config_t) - manage_dirs_pattern(pulseaudio_t, pulseaudio_xdg_config_t, pulseaudio_xdg_config_t) - xdg_config_home_filetrans(pulseaudio_t, pulseaudio_xdg_config_t, dir, "pulse") - - # pulseaudio cannot manage the files from its clients - allow pulseaudio_t pulseaudio_tmpfsfile:file manage_file_perms; - - # pulseaudio client perms on ~/.config/pulse/ - manage_files_pattern(pulseaudio_client, pulseaudio_xdg_config_t, pulseaudio_xdg_config_t) - manage_lnk_files_pattern(pulseaudio_client, pulseaudio_xdg_config_t, pulseaudio_xdg_config_t) - manage_dirs_pattern(pulseaudio_client, pulseaudio_xdg_config_t, pulseaudio_xdg_config_t) - xdg_config_home_filetrans(pulseaudio_client, pulseaudio_xdg_config_t, dir, "pulse") + # ~/.config/pulse/ + xdg_config_home_filetrans(pulseaudio_t, pulseaudio_home_t, dir, "pulse") + xdg_config_home_filetrans(pulseaudio_client, pulseaudio_home_t, dir, "pulse") # /tmp/pulse-* gets created by the clients usually as user_tmp_t, bug 556526 userdom_list_user_tmp(pulseaudio_client) - - # pulse 7 uses fds - allow pulseaudio_client pulseaudio_t:fd use; - allow pulseaudio_client pulseaudio_tmpfs_t:file rw_file_perms; ')