#

# Macros for mplayer

#

# Author: Ivan Gyurdiev <ivg2@cornell.edu>

#

# mplayer_domains(user) declares domains for mplayer, gmplayer,

# and mencoder

##############################################

#    mplayer_common(user, mplayer domain)    #

##############################################

define(`mplayer_common',`

# Read global config

r_dir_file($1_$2_t, mplayer_etc_t)

# Read data in /usr/share (fonts, icons..)

r_dir_file($1_$2_t, usr_t)

# Read /proc files and directories

# Necessary for /proc/meminfo, /proc/cpuinfo, etc..

allow $1_$2_t proc_t:dir search;

allow $1_$2_t proc_t:file { getattr read };

# Sysctl on kernel version 

read_sysctl($1_$2_t)

# Allow ps, shared libs, locale, terminal access

can_ps($1_t, $1_$2_t)

uses_shlib($1_$2_t)

read_locale($1_$2_t)

access_terminal($1_$2_t, $1)

# Required for win32 binary loader 

allow $1_$2_t zero_device_t:chr_file { read write execute };

if (allow_execmem) {

allow $1_$2_t self:process execmem;

}

if (allow_execmod) {

allow $1_$2_t zero_device_t:chr_file execmod;

allow $1_$2_t texrel_shlib_t:file execmod;

}

# Access to DVD/CD/V4L

allow $1_$2_t device_t:dir r_dir_perms;

allow $1_$2_t device_t:lnk_file { getattr read };

allow $1_$2_t removable_device_t:blk_file { getattr read };

allow $1_$2_t v4l_device_t:chr_file { getattr read };

# Legacy domain issues

if (allow_mplayer_execstack) {

legacy_domain($1_$2)

allow $1_$2_t lib_t:file execute;

allow $1_$2_t locale_t:file execute;

allow $1_$2_t sound_device_t:chr_file execute;

}

')

############################

#  mplayer_domain(user)    #

############################

define(`mplayer_domain',`

# Derive from X client domain

x_client_domain($1, `mplayer', `')

# Mplayer configuration here

home_domain($1, mplayer)

# Allow mplayer to browse files

file_browse_domain($1_mplayer_t)

# Mplayer common stuff

mplayer_common($1, mplayer)

# Audio

allow $1_mplayer_t sound_device_t:chr_file rw_file_perms;

# RTC clock 

allow $1_mplayer_t clock_device_t:chr_file { ioctl read };

# Read home directory content

r_dir_file($1_mplayer_t, $1_home_t);

# Legacy domain issues

if (allow_mplayer_execstack) {

allow $1_mplayer_t $1_mplayer_tmpfs_t:file execute;

}

') dnl end mplayer_domain

############################

#  mencoder_domain(user)   #

############################

define(`mencoder_domain',`

# FIXME: privhome temporarily removed...

type $1_mencoder_t, domain;

# Transition

domain_auto_trans($1_t, mencoder_exec_t, $1_mencoder_t)

can_exec($1_mencoder_t, mencoder_exec_t)

role $1_r types $1_mencoder_t;

# Read home config

home_domain_access($1_mencoder_t, $1, mplayer)

# Mplayer common stuff

mplayer_common($1, mencoder)

') dnl end mencoder_domain

#############################

#  mplayer_domains(user)    #

#############################

define(`mplayer_domains', `

mplayer_domain($1)

mencoder_domain($1)

') dnl end mplayer_domains