diff options
Diffstat (limited to 'policy/modules/contrib/alsa.if')
| -rw-r--r-- | policy/modules/contrib/alsa.if | 208 |
1 files changed, 208 insertions, 0 deletions
diff --git a/policy/modules/contrib/alsa.if b/policy/modules/contrib/alsa.if new file mode 100644 index 000000000..139267933 --- /dev/null +++ b/policy/modules/contrib/alsa.if @@ -0,0 +1,208 @@ +## <summary>Ainit ALSA configuration tool.</summary> + +######################################## +## <summary> +## Execute a domain transition to run Alsa. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed to transition. +## </summary> +## </param> +# +interface(`alsa_domtrans',` + gen_require(` + type alsa_t, alsa_exec_t; + ') + + corecmd_search_bin($1) + domtrans_pattern($1, alsa_exec_t, alsa_t) +') + +######################################## +## <summary> +## Execute a domain transition to run +## Alsa, and allow the specified role +## the Alsa domain. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed to transition. +## </summary> +## </param> +## <param name="role"> +## <summary> +## Role allowed access. +## </summary> +## </param> +# +interface(`alsa_run',` + gen_require(` + type alsa_t; + ') + + alsa_domtrans($1) + role $2 types alsa_t; +') + +######################################## +## <summary> +## Read and write Alsa semaphores. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`alsa_rw_semaphores',` + gen_require(` + type alsa_t; + ') + + allow $1 alsa_t:sem rw_sem_perms; +') + +######################################## +## <summary> +## Read and write Alsa shared memory. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`alsa_rw_shared_mem',` + gen_require(` + type alsa_t; + ') + + allow $1 alsa_t:shm rw_shm_perms; +') + +######################################## +## <summary> +## Read writable Alsa config files. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`alsa_read_rw_config',` + gen_require(` + type alsa_etc_rw_t; + ') + + files_search_etc($1) + allow $1 alsa_etc_rw_t:dir list_dir_perms; + read_files_pattern($1, alsa_etc_rw_t, alsa_etc_rw_t) + read_lnk_files_pattern($1, alsa_etc_rw_t, alsa_etc_rw_t) + + ifdef(`distro_debian',` + files_search_usr($1) + ') +') + +######################################## +## <summary> +## Manage writable Alsa config files. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`alsa_manage_rw_config',` + gen_require(` + type alsa_etc_rw_t; + ') + + files_search_etc($1) + allow $1 alsa_etc_rw_t:dir list_dir_perms; + manage_files_pattern($1, alsa_etc_rw_t, alsa_etc_rw_t) + read_lnk_files_pattern($1, alsa_etc_rw_t, alsa_etc_rw_t) + + ifdef(`distro_debian',` + files_search_usr($1) + ') +') + +######################################## +## <summary> +## Manage alsa home files. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`alsa_manage_home_files',` + gen_require(` + type alsa_home_t; + ') + + userdom_search_user_home_dirs($1) + allow $1 alsa_home_t:file manage_file_perms; +') + +######################################## +## <summary> +## Read Alsa home files. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`alsa_read_home_files',` + gen_require(` + type alsa_home_t; + ') + + userdom_search_user_home_dirs($1) + allow $1 alsa_home_t:file read_file_perms; +') + +######################################## +## <summary> +## Relabel alsa home files. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`alsa_relabel_home_files',` + gen_require(` + type alsa_home_t; + ') + + userdom_search_user_home_dirs($1) + allow $1 alsa_home_t:file relabel_file_perms; +') + +######################################## +## <summary> +## Read Alsa lib files. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`alsa_read_lib',` + gen_require(` + type alsa_var_lib_t; + ') + + files_search_var_lib($1) + read_files_pattern($1, alsa_var_lib_t, alsa_var_lib_t) +') |