From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-938717-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id A794E139694
	for <garchives@archives.gentoo.org>; Thu, 16 Mar 2017 08:18:35 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 18E9321C210;
	Thu, 16 Mar 2017 08:18:35 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id CF98721C210
	for <gentoo-commits@lists.gentoo.org>; Thu, 16 Mar 2017 08:18:34 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id AFE2234112A
	for <gentoo-commits@lists.gentoo.org>; Thu, 16 Mar 2017 08:18:33 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id 5A22169FD
	for <gentoo-commits@lists.gentoo.org>; Thu, 16 Mar 2017 08:18:32 +0000 (UTC)
From: "Jason Zaman" <perfinion@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Jason Zaman" <perfinion@gentoo.org>
Message-ID: <1489652079.e7eb672259ff2b2955cbd5f991182de9c7464c31.perfinion@gentoo>
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/
X-VCS-Repository: proj/hardened-refpolicy
X-VCS-Files: policy/modules/contrib/pulseaudio.fc policy/modules/contrib/pulseaudio.te
X-VCS-Directories: policy/modules/contrib/
X-VCS-Committer: perfinion
X-VCS-Committer-Name: Jason Zaman
X-VCS-Revision: e7eb672259ff2b2955cbd5f991182de9c7464c31
X-VCS-Branch: master
Date: Thu, 16 Mar 2017 08:18:32 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Archives-Salt: 2643d07d-784d-4cf5-8c37-7bbbc7c0b4a7
X-Archives-Hash: 4bed712421cf379ce7c95e55eb880562

commit:     e7eb672259ff2b2955cbd5f991182de9c7464c31
Author:     Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Thu Mar 16 08:14:39 2017 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Thu Mar 16 08:14:39 2017 +0000
URL:        https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=e7eb6722

pulseaudio: alias pulseaudio_xdg_config_t to pulseaudio_home_t

pulseaudio_home_t was added upstream on ~/.config/pulse/ so our
_xdg_config_t can be removed

 policy/modules/contrib/pulseaudio.fc |  7 +------
 policy/modules/contrib/pulseaudio.te | 24 ++++--------------------
 2 files changed, 5 insertions(+), 26 deletions(-)

diff --git a/policy/modules/contrib/pulseaudio.fc b/policy/modules/contrib/pulseaudio.fc
index 2ee04dce..78ae21c1 100644
--- a/policy/modules/contrib/pulseaudio.fc
+++ b/policy/modules/contrib/pulseaudio.fc
@@ -1,7 +1,7 @@
 HOME_DIR/\.esd_auth	--	gen_context(system_u:object_r:pulseaudio_home_t,s0)
 HOME_DIR/\.pulse(/.*)?	gen_context(system_u:object_r:pulseaudio_home_t,s0)
 HOME_DIR/\.pulse-cookie	--	gen_context(system_u:object_r:pulseaudio_home_t,s0)
-HOME_DIR/\.config/pulse(/.*)?	--	gen_context(system_u:object_r:pulseaudio_home_t,s0)
+HOME_DIR/\.config/pulse(/.*)?		gen_context(system_u:object_r:pulseaudio_home_t,s0)
 
 /usr/bin/pulseaudio	--	gen_context(system_u:object_r:pulseaudio_exec_t,s0)
 
@@ -9,8 +9,3 @@ HOME_DIR/\.config/pulse(/.*)?	--	gen_context(system_u:object_r:pulseaudio_home_t
 
 /run/pulse(/.*)?	gen_context(system_u:object_r:pulseaudio_var_run_t,s0)
 /run/user/%{USERID}/pulse(/.*)?	gen_context(system_u:object_r:pulseaudio_tmp_t,s0)
-
-
-ifdef(`distro_gentoo',`
-HOME_DIR/\.config/pulse(/.*)?		gen_context(system_u:object_r:pulseaudio_xdg_config_t,s0)
-')

diff --git a/policy/modules/contrib/pulseaudio.te b/policy/modules/contrib/pulseaudio.te
index ac9811ea..b4154208 100644
--- a/policy/modules/contrib/pulseaudio.te
+++ b/policy/modules/contrib/pulseaudio.te
@@ -290,28 +290,12 @@ optional_policy(`
 ')
 
 ifdef(`distro_gentoo',`
-	type pulseaudio_xdg_config_t;
-	xdg_config_home_content(pulseaudio_xdg_config_t)
+	typealias pulseaudio_home_t alias pulseaudio_xdg_config_t;
 
-	# create ~/.config/pulse/
-	manage_files_pattern(pulseaudio_t, pulseaudio_xdg_config_t, pulseaudio_xdg_config_t)
-	manage_lnk_files_pattern(pulseaudio_t, pulseaudio_xdg_config_t, pulseaudio_xdg_config_t)
-	manage_dirs_pattern(pulseaudio_t, pulseaudio_xdg_config_t, pulseaudio_xdg_config_t)
-	xdg_config_home_filetrans(pulseaudio_t, pulseaudio_xdg_config_t, dir, "pulse")
-
-	# pulseaudio cannot manage the files from its clients
-	allow pulseaudio_t pulseaudio_tmpfsfile:file manage_file_perms;
-
-	# pulseaudio client perms on ~/.config/pulse/
-	manage_files_pattern(pulseaudio_client, pulseaudio_xdg_config_t, pulseaudio_xdg_config_t)
-	manage_lnk_files_pattern(pulseaudio_client, pulseaudio_xdg_config_t, pulseaudio_xdg_config_t)
-	manage_dirs_pattern(pulseaudio_client, pulseaudio_xdg_config_t, pulseaudio_xdg_config_t)
-	xdg_config_home_filetrans(pulseaudio_client, pulseaudio_xdg_config_t, dir, "pulse")
+	# ~/.config/pulse/
+	xdg_config_home_filetrans(pulseaudio_t, pulseaudio_home_t, dir, "pulse")
+	xdg_config_home_filetrans(pulseaudio_client, pulseaudio_home_t, dir, "pulse")
 
 	# /tmp/pulse-* gets created by the clients usually as user_tmp_t, bug 556526
 	userdom_list_user_tmp(pulseaudio_client)
-
-	# pulse 7 uses fds
-	allow pulseaudio_client pulseaudio_t:fd use;
-	allow pulseaudio_client pulseaudio_tmpfs_t:file rw_file_perms;
 ')