Chris PeBenito 0fbfa5
#DESC sound server - for network audio server programs, nasd, yiff, etc
Chris PeBenito 0fbfa5
#
Chris PeBenito 0fbfa5
# Author:  Russell Coker <russell@coker.com.au>
Chris PeBenito 0fbfa5
#
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5
#################################
Chris PeBenito 0fbfa5
#
Chris PeBenito 0fbfa5
# Rules for the soundd_t domain.
Chris PeBenito 0fbfa5
#
Chris PeBenito 0fbfa5
# soundd_exec_t is the type of the soundd executable.
Chris PeBenito 0fbfa5
#
Chris PeBenito 0fbfa5
daemon_domain(soundd)
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5
type soundd_port_t, port_type;
Chris PeBenito 0fbfa5
allow soundd_t soundd_port_t:tcp_socket name_bind;
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5
type etc_soundd_t, file_type, sysadmfile;
Chris PeBenito 0fbfa5
type soundd_state_t, file_type, sysadmfile;
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5
tmp_domain(soundd)
Chris PeBenito 0fbfa5
rw_dir_create_file(soundd_t, soundd_state_t)
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5
allow soundd_t sound_device_t:chr_file rw_file_perms;
Chris PeBenito 0fbfa5
allow soundd_t device_t:lnk_file read;
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5
# Use the network.
Chris PeBenito 0fbfa5
can_network_server(soundd_t)
Chris PeBenito 0fbfa5
allow soundd_t self:unix_stream_socket create_stream_socket_perms;
Chris PeBenito 0fbfa5
allow soundd_t self:unix_dgram_socket create_socket_perms;
Chris PeBenito 0fbfa5
# allow any domain to connect to the sound server
Chris PeBenito 0fbfa5
can_tcp_connect(userdomain, soundd_t)
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5
allow soundd_t self:process setpgid;
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5
# read config files
Chris PeBenito 0fbfa5
allow soundd_t { etc_t etc_runtime_t }:{ file lnk_file } r_file_perms;
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5
allow soundd_t etc_t:dir r_dir_perms;
Chris PeBenito 0fbfa5
r_dir_file(soundd_t, etc_soundd_t)
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5
# for yiff - probably need some rules for the client support too
Chris PeBenito 0fbfa5
allow soundd_t self:shm create_shm_perms;
Chris PeBenito 0fbfa5
tmpfs_domain(soundd)