Blame strict/domains/program/sound.te
|
Chris PeBenito |
0fbfa5 |
#DESC Sound - Sound utilities
|
|
Chris PeBenito |
0fbfa5 |
#
|
|
Chris PeBenito |
0fbfa5 |
# Authors: Mark Westerman <mark.westerman@.com>
|
|
Chris PeBenito |
0fbfa5 |
# X-Debian-Packages: esound
|
|
Chris PeBenito |
0fbfa5 |
#
|
|
Chris PeBenito |
0fbfa5 |
#################################
|
|
Chris PeBenito |
0fbfa5 |
#
|
|
Chris PeBenito |
0fbfa5 |
# Rules for the sound_t domain.
|
|
Chris PeBenito |
0fbfa5 |
#
|
|
Chris PeBenito |
0fbfa5 |
daemon_base_domain(sound)
|
|
Chris PeBenito |
0fbfa5 |
type sound_file_t, file_type, sysadmfile;
|
|
Chris PeBenito |
0fbfa5 |
allow initrc_t sound_file_t:file { getattr read };
|
|
Chris PeBenito |
0fbfa5 |
allow sound_t sound_file_t:file rw_file_perms;
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
# Use capabilities.
|
|
Chris PeBenito |
0fbfa5 |
# Commented out by default.
|
|
Chris PeBenito |
0fbfa5 |
#allow sound_t self:capability { sys_admin sys_rawio sys_time dac_override };
|
|
Chris PeBenito |
0fbfa5 |
dontaudit sound_t self:capability { sys_admin sys_rawio sys_time dac_read_search dac_override };
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
# Read and write the sound device.
|
|
Chris PeBenito |
0fbfa5 |
allow sound_t sound_device_t:chr_file rw_file_perms;
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
# Read and write ttys.
|
|
Chris PeBenito |
0fbfa5 |
allow sound_t sysadm_tty_device_t:chr_file rw_file_perms;
|
|
Chris PeBenito |
0fbfa5 |
read_locale(sound_t)
|
|
Chris PeBenito |
0fbfa5 |
allow initrc_t sound_file_t:file { setattr write };
|