rpms / selinux-policy

Clone
Source Code
GIT

Files

  1.   ec848d247f563b01bb7338b2ef8a00c00c67c0bc
  2.   strict
  3.   macros
  4.   program
  5.   mplayer_macros.te
Blob Blame History Raw 
#
# Macros for mplayer
#
# Author: Ivan Gyurdiev <ivg2@cornell.edu>
#
# mplayer_domains(user) declares domains for mplayer, gmplayer,
# and mencoder

##############################################
#    mplayer_common(user, mplayer domain)    #
##############################################

define(`mplayer_common',`

# Read global config
r_dir_file($1_$2_t, mplayer_etc_t)

# Read data in /usr/share (fonts, icons..)
r_dir_file($1_$2_t, usr_t)

# Read /proc files and directories
# Necessary for /proc/meminfo, /proc/cpuinfo, etc..
allow $1_$2_t proc_t:dir search;
allow $1_$2_t proc_t:file { getattr read };

# Sysctl on kernel version 
read_sysctl($1_$2_t)

# Allow ps, shared libs, locale, terminal access
can_ps($1_t, $1_$2_t)
uses_shlib($1_$2_t)
read_locale($1_$2_t)
access_terminal($1_$2_t, $1)

# Required for win32 binary loader 
allow $1_$2_t zero_device_t:chr_file { read write execute };
if (allow_execmem) {
allow $1_$2_t self:process execmem;
}

if (allow_execmod) {
allow $1_$2_t zero_device_t:chr_file execmod;
allow $1_$2_t texrel_shlib_t:file execmod;
}

# Access to DVD/CD/V4L
allow $1_$2_t device_t:dir r_dir_perms;
allow $1_$2_t device_t:lnk_file { getattr read };
allow $1_$2_t removable_device_t:blk_file { getattr read };
allow $1_$2_t v4l_device_t:chr_file { getattr read };

# Legacy domain issues
if (allow_mplayer_execstack) {
legacy_domain($1_$2)
allow $1_$2_t lib_t:file execute;
allow $1_$2_t locale_t:file execute;
allow $1_$2_t sound_device_t:chr_file execute;
}
')

############################
#  mplayer_domain(user)    #
############################

define(`mplayer_domain',`

# Derive from X client domain
x_client_domain($1, `mplayer', `')

# Mplayer configuration here
home_domain($1, mplayer)

# Allow mplayer to browse files
file_browse_domain($1_mplayer_t)

# Mplayer common stuff
mplayer_common($1, mplayer)

# Audio
allow $1_mplayer_t sound_device_t:chr_file rw_file_perms;

# RTC clock 
allow $1_mplayer_t clock_device_t:chr_file { ioctl read };

# Read home directory content
r_dir_file($1_mplayer_t, $1_home_t);

# Legacy domain issues
if (allow_mplayer_execstack) {
allow $1_mplayer_t $1_mplayer_tmpfs_t:file execute;
}

') dnl end mplayer_domain

############################
#  mencoder_domain(user)   #
############################

define(`mencoder_domain',`

# FIXME: privhome temporarily removed...
type $1_mencoder_t, domain;

# Transition
domain_auto_trans($1_t, mencoder_exec_t, $1_mencoder_t)
can_exec($1_mencoder_t, mencoder_exec_t)
role $1_r types $1_mencoder_t;

# Read home config
home_domain_access($1_mencoder_t, $1, mplayer)

# Mplayer common stuff
mplayer_common($1, mencoder)

') dnl end mencoder_domain

#############################
#  mplayer_domains(user)    #
#############################

define(`mplayer_domains', `
mplayer_domain($1)
mencoder_domain($1)
') dnl end mplayer_domains

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation