Chris PeBenito 31b7c0
#
Chris PeBenito 31b7c0
# Macros for mplayer
Chris PeBenito 31b7c0
#
Chris PeBenito 31b7c0
# Author: Ivan Gyurdiev <ivg2@cornell.edu>
Chris PeBenito 31b7c0
#
Chris PeBenito 31b7c0
# mplayer_domains(user) declares domains for mplayer, gmplayer,
Chris PeBenito 31b7c0
# and mencoder
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
#####################################################
Chris PeBenito 31b7c0
#    mplayer_common(role_prefix, mplayer_domain)    #
Chris PeBenito 31b7c0
#####################################################
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
define(`mplayer_common',`
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
# Read global config
Chris PeBenito 31b7c0
r_dir_file($1_$2_t, mplayer_etc_t)
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
# Allow the user domain to signal/ps.
Chris PeBenito 31b7c0
can_ps($1_t, $1_$2_t)
Chris PeBenito 31b7c0
allow $1_t $1_$2_t:process signal_perms;
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
# Read data in /usr/share (fonts, icons..)
Chris PeBenito 31b7c0
r_dir_file($1_$2_t, usr_t)
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
# Read /proc files and directories
Chris PeBenito 31b7c0
# Necessary for /proc/meminfo, /proc/cpuinfo, etc..
Chris PeBenito 31b7c0
allow $1_$2_t proc_t:dir search;
Chris PeBenito 31b7c0
allow $1_$2_t proc_t:file { getattr read };
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
# Sysctl on kernel version 
Chris PeBenito 31b7c0
read_sysctl($1_$2_t)
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
# Allow ps, shared libs, locale, terminal access
Chris PeBenito 31b7c0
can_ps($1_t, $1_$2_t)
Chris PeBenito 31b7c0
uses_shlib($1_$2_t)
Chris PeBenito 31b7c0
read_locale($1_$2_t)
Chris PeBenito 31b7c0
access_terminal($1_$2_t, $1)
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
# Required for win32 binary loader 
Chris PeBenito 31b7c0
allow $1_$2_t zero_device_t:chr_file { read write execute };
Chris PeBenito 31b7c0
if (allow_execmem) {
Chris PeBenito 31b7c0
allow $1_$2_t self:process execmem;
Chris PeBenito 31b7c0
}
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
if (allow_execmod) {
Chris PeBenito 31b7c0
allow $1_$2_t zero_device_t:chr_file execmod;
Chris PeBenito 31b7c0
}
Chris PeBenito 31b7c0
allow $1_$2_t texrel_shlib_t:file execmod;
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
# Access to DVD/CD/V4L
Chris PeBenito 31b7c0
allow $1_$2_t device_t:dir r_dir_perms;
Chris PeBenito 31b7c0
allow $1_$2_t device_t:lnk_file { getattr read };
Chris PeBenito 31b7c0
allow $1_$2_t removable_device_t:blk_file { getattr read };
Chris PeBenito 31b7c0
allow $1_$2_t v4l_device_t:chr_file { getattr read };
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
# Legacy domain issues
Chris PeBenito 31b7c0
if (allow_mplayer_execstack) {
Chris PeBenito 31b7c0
legacy_domain($1_$2)
Chris PeBenito 31b7c0
allow $1_$2_t lib_t:file execute;
Chris PeBenito 31b7c0
allow $1_$2_t locale_t:file execute;
Chris PeBenito 31b7c0
allow $1_$2_t sound_device_t:chr_file execute;
Chris PeBenito 31b7c0
}
Chris PeBenito 31b7c0
')
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
###################################
Chris PeBenito 31b7c0
#  mplayer_domain(role_prefix)    #
Chris PeBenito 31b7c0
###################################
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
define(`mplayer_domain',`
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
type $1_mplayer_t, domain, nscd_client_domain;
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
# Type transition
Chris PeBenito 31b7c0
domain_auto_trans($1_t, mplayer_exec_t, $1_mplayer_t)
Chris PeBenito 31b7c0
role $1_r types $1_mplayer_t;
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
# Home access, X access
Chris PeBenito 31b7c0
home_domain($1, mplayer)
Chris PeBenito 31b7c0
x_client_domain($1_mplayer, $1)
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
# Mplayer common stuff
Chris PeBenito 31b7c0
mplayer_common($1, mplayer)
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
# Fork 
Chris PeBenito 31b7c0
allow $1_mplayer_t self:process { fork signal_perms getsched };
Chris PeBenito 31b7c0
allow $1_mplayer_t self:fifo_file rw_file_perms;
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
# Audio, alsa.conf
Chris PeBenito 31b7c0
allow $1_mplayer_t sound_device_t:chr_file rw_file_perms;
Chris PeBenito 31b7c0
allow $1_mplayer_t etc_t:file { getattr read };
Chris PeBenito 31b7c0
r_dir_file($1_mplayer_t, alsa_etc_rw_t);
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
# RTC clock 
Chris PeBenito 31b7c0
allow $1_mplayer_t clock_device_t:chr_file { ioctl read };
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
# Legacy domain issues
Chris PeBenito 31b7c0
if (allow_mplayer_execstack) {
Chris PeBenito 31b7c0
allow $1_mplayer_t $1_mplayer_tmpfs_t:file execute;
Chris PeBenito 31b7c0
}
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
#======gmplayer gui==========#
Chris PeBenito 31b7c0
# File dialogs
Chris PeBenito 31b7c0
dontaudit_getattr($1_mplayer_t)
Chris PeBenito 31b7c0
dontaudit_read_dir($1_mplayer_t)
Chris PeBenito 31b7c0
dontaudit_search_dir($1_mplayer_t)
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
# Unfortunately the ancient file dialog starts in /
Chris PeBenito 31b7c0
allow $1_mplayer_t home_root_t:dir read;
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
# Read /etc/mtab
Chris PeBenito 31b7c0
allow $1_mplayer_t etc_runtime_t:file { read getattr };
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
# Run bash/sed (??) 
Chris PeBenito 31b7c0
allow $1_mplayer_t bin_t:dir search;
Chris PeBenito 31b7c0
allow $1_mplayer_t bin_t:lnk_file read;
Chris PeBenito 31b7c0
can_exec($1_mplayer_t, bin_t)
Chris PeBenito 31b7c0
can_exec($1_mplayer_t, shell_exec_t)
Chris PeBenito 31b7c0
#============================#
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
# Read songs
Chris PeBenito 31b7c0
read_content($1_mplayer_t, $1)
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
') dnl end mplayer_domain
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
###################################
Chris PeBenito 31b7c0
#  mencoder_domain(role_prefix)   #
Chris PeBenito 31b7c0
###################################
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
define(`mencoder_domain',`
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
type $1_mencoder_t, domain;
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
# Type transition
Chris PeBenito 31b7c0
domain_auto_trans($1_t, mencoder_exec_t, $1_mencoder_t)
Chris PeBenito 31b7c0
role $1_r types $1_mencoder_t;
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
# Access mplayer home domain
Chris PeBenito 31b7c0
home_domain_access($1_mencoder_t, $1, mplayer)
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
# Mplayer common stuff
Chris PeBenito 31b7c0
mplayer_common($1, mencoder)
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
# Read content to encode
Chris PeBenito 31b7c0
read_content($1_mencoder_t, $1)
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
# Save encoded files
Chris PeBenito 31b7c0
write_trusted($1_mencoder_t, $1)
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
') dnl end mencoder_domain
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
#############################
Chris PeBenito 31b7c0
#  mplayer_domains(role)    #
Chris PeBenito 31b7c0
#############################
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
define(`mplayer_domains', `
Chris PeBenito 31b7c0
mplayer_domain($1)
Chris PeBenito 31b7c0
mencoder_domain($1)
Chris PeBenito 31b7c0
') dnl end mplayer_domains
Chris PeBenito 31b7c0