|
Chris PeBenito |
0fbfa5 |
#DESC sound server - for network audio server programs, nasd, yiff, etc
|
|
Chris PeBenito |
0fbfa5 |
#
|
|
Chris PeBenito |
0fbfa5 |
# Author: Russell Coker <russell@coker.com.au>
|
|
Chris PeBenito |
0fbfa5 |
#
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
#################################
|
|
Chris PeBenito |
0fbfa5 |
#
|
|
Chris PeBenito |
0fbfa5 |
# Rules for the soundd_t domain.
|
|
Chris PeBenito |
0fbfa5 |
#
|
|
Chris PeBenito |
0fbfa5 |
# soundd_exec_t is the type of the soundd executable.
|
|
Chris PeBenito |
0fbfa5 |
#
|
|
Chris PeBenito |
0fbfa5 |
daemon_domain(soundd)
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
type soundd_port_t, port_type;
|
|
Chris PeBenito |
0fbfa5 |
allow soundd_t soundd_port_t:tcp_socket name_bind;
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
type etc_soundd_t, file_type, sysadmfile;
|
|
Chris PeBenito |
0fbfa5 |
type soundd_state_t, file_type, sysadmfile;
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
tmp_domain(soundd)
|
|
Chris PeBenito |
0fbfa5 |
rw_dir_create_file(soundd_t, soundd_state_t)
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
allow soundd_t sound_device_t:chr_file rw_file_perms;
|
|
Chris PeBenito |
0fbfa5 |
allow soundd_t device_t:lnk_file read;
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
# Use the network.
|
|
Chris PeBenito |
0fbfa5 |
can_network_server(soundd_t)
|
|
Chris PeBenito |
0fbfa5 |
allow soundd_t self:unix_stream_socket create_stream_socket_perms;
|
|
Chris PeBenito |
0fbfa5 |
allow soundd_t self:unix_dgram_socket create_socket_perms;
|
|
Chris PeBenito |
0fbfa5 |
# allow any domain to connect to the sound server
|
|
Chris PeBenito |
0fbfa5 |
can_tcp_connect(userdomain, soundd_t)
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
allow soundd_t self:process setpgid;
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
# read config files
|
|
Chris PeBenito |
0fbfa5 |
allow soundd_t { etc_t etc_runtime_t }:{ file lnk_file } r_file_perms;
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
allow soundd_t etc_t:dir r_dir_perms;
|
|
Chris PeBenito |
0fbfa5 |
r_dir_file(soundd_t, etc_soundd_t)
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
# for yiff - probably need some rules for the client support too
|
|
Chris PeBenito |
0fbfa5 |
allow soundd_t self:shm create_shm_perms;
|
|
Chris PeBenito |
0fbfa5 |
tmpfs_domain(soundd)
|