* [refpolicy] [PATCH] gnome: add support for the OIL Runtime Compiler (ORC) optimized code execution
@ 2016-09-15 11:03 Guido Trentalancia
2016-09-15 13:26 ` [refpolicy] [PATCH v2] " Guido Trentalancia
0 siblings, 1 reply; 7+ messages in thread
From: Guido Trentalancia @ 2016-09-15 11:03 UTC (permalink / raw)
To: refpolicy
Add a new gstreamer_orcexec_t type and file context to the gnome
module in order to support the OIL Runtime Compiler (ORC) optimized
code execution (used for example by pulseaudio).
Add optional policy to the pulseaudio module to support the ORC
optimized code execution.
This patch has been anticipated a few weeks ago as part of a
larger gnome patch. It has now been split as a smaller patch,
as required.
Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
---
policy/modules/contrib/gnome.fc | 5 ++
policy/modules/contrib/gnome.if | 60 +++++++++++++++++++++++++++++++++++
policy/modules/contrib/gnome.te | 3 +
policy/modules/contrib/pulseaudio.te | 5 ++
4 files changed, 73 insertions(+)
--- refpolicy-git-orig/policy/modules/contrib/gnome.fc 2016-08-14 21:28:11.493519589 +0200
+++ refpolicy-git-orcexec/policy/modules/contrib/gnome.fc 2016-09-15 12:45:49.974216884 +0200
@@ -5,6 +5,8 @@ HOME_DIR/\.gnome2(/.*)? gen_context(syst
HOME_DIR/\.gnome2/keyrings(/.*)? gen_context(system_u:object_r:gnome_keyring_home_t,s0)
HOME_DIR/\.gnome2_private(/.*)? gen_context(system_u:object_r:gnome_home_t,s0)
+HOME_DIR/orcexec\..* gen_context(system_u:object_r:gstreamer_orcexec_t,s0)
+
/etc/gconf(/.*)? gen_context(system_u:object_r:gconf_etc_t,s0)
/tmp/gconfd-USER/.* -- gen_context(system_u:object_r:gconf_tmp_t,s0)
@@ -14,3 +16,6 @@ HOME_DIR/\.gnome2_private(/.*)? gen_cont
/usr/lib/[^/]*/gconf/gconfd-2 -- gen_context(system_u:object_r:gconfd_exec_t,s0)
/usr/libexec/gconfd-2 -- gen_context(system_u:object_r:gconfd_exec_t,s0)
+
+/var/run/user/[^/]*/orcexec\..* -- gen_context(system_u:object_r:gstreamer_orcexec_t,s0)
+/var/run/user/%{USERID}/orcexec\..* -- gen_context(system_u:object_r:gstreamer_orcexec_t,s0)
--- refpolicy-git-orig/policy/modules/contrib/gnome.if 2016-08-14 21:28:11.493519589 +0200
+++ refpolicy-git-orcexec/policy/modules/contrib/gnome.if 2016-09-15 12:50:47.168965082 +0200
@@ -604,6 +604,66 @@ interface(`gnome_gconf_home_filetrans',`
########################################
## <summary>
+## Create objects in user home
+## directories with the gstreamer
+## orcexec type.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+## <param name="object_class">
+## <summary>
+## Class of the object being created.
+## </summary>
+## </param>
+## <param name="name" optional="true">
+## <summary>
+## The name of the object being created.
+## </summary>
+## </param>
+#
+interface(`gnome_user_home_dir_filetrans_gstreamer_orcexec',`
+ gen_require(`
+ type gstreamer_orcexec_t;
+ ')
+
+ userdom_user_home_dir_filetrans($1, gstreamer_orcexec_t, $2, $3)
+')
+
+########################################
+## <summary>
+## Create objects in the user
+## runtime directories with the
+## gstreamer orcexec type.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+## <param name="object_class">
+## <summary>
+## Class of the object being created.
+## </summary>
+## </param>
+## <param name="name" optional="true">
+## <summary>
+## The name of the object being created.
+## </summary>
+## </param>
+#
+interface(`gnome_user_runtime_filetrans_gstreamer_orcexec',`
+ gen_require(`
+ type gstreamer_orcexec_t;
+ ')
+
+ userdom_user_runtime_filetrans($1, gstreamer_orcexec_t, $2, $3)
+')
+
+########################################
+## <summary>
## Read generic gnome keyring home files.
## </summary>
## <param name="domain">
--- refpolicy-git-orig/policy/modules/contrib/gnome.te 2016-08-14 21:28:11.494519604 +0200
+++ refpolicy-git-orcexec/policy/modules/contrib/gnome.te 2016-09-15 12:51:26.107456172 +0200
@@ -46,6 +46,9 @@ userdom_user_home_content(gnome_keyring_
type gnome_keyring_tmp_t;
userdom_user_tmp_file(gnome_keyring_tmp_t)
+type gstreamer_orcexec_t;
+application_executable_file(gstreamer_orcexec_t)
+
##############################
#
# Common local Policy
--- refpolicy-git-orig/policy/modules/contrib/pulseaudio.te 2016-08-15 23:39:24.063783236 +0200
+++ refpolicy-git-orcexec/policy/modules/contrib/pulseaudio.te 2016-09-15 12:52:08.824994923 +0200
@@ -193,6 +193,11 @@ optional_policy(`
optional_policy(`
gnome_stream_connect_gconf(pulseaudio_t)
+
+ # OIL Runtime Compiler (ORC) optimized code execution
+ allow pulseaudio_t gstreamer_orcexec_t:file { manage_file_perms mmap_file_perms };
+ gnome_user_runtime_filetrans_gstreamer_orcexec(pulseaudio_t, file)
+ gnome_user_home_dir_filetrans_gstreamer_orcexec(pulseaudio_t, file)
')
optional_policy(`
^ permalink raw reply [flat|nested] 7+ messages in thread* [refpolicy] [PATCH v2] gnome: add support for the OIL Runtime Compiler (ORC) optimized code execution
2016-09-15 11:03 [refpolicy] [PATCH] gnome: add support for the OIL Runtime Compiler (ORC) optimized code execution Guido Trentalancia
@ 2016-09-15 13:26 ` Guido Trentalancia
2016-09-18 20:40 ` Chris PeBenito
2016-09-19 11:15 ` [refpolicy] [PATCH v3] " Guido Trentalancia
0 siblings, 2 replies; 7+ messages in thread
From: Guido Trentalancia @ 2016-09-15 13:26 UTC (permalink / raw)
To: refpolicy
Add a new gstreamer_orcexec_t type and file context to the gnome
module in order to support the OIL Runtime Compiler (ORC) optimized
code execution (used for example by pulseaudio).
Add optional policy to the pulseaudio module to support the ORC
optimized code execution.
This patch has been anticipated a few weeks ago as part of a
larger gnome patch. It has now been split as a smaller patch,
as required.
Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
---
policy/modules/contrib/gnome.fc | 5 ++
policy/modules/contrib/gnome.if | 79 +++++++++++++++++++++++++++++++++++
policy/modules/contrib/gnome.te | 3 +
policy/modules/contrib/pulseaudio.te | 5 ++
4 files changed, 92 insertions(+)
--- refpolicy-git-orig/policy/modules/contrib/gnome.fc 2016-08-14 21:28:11.493519589 +0200
+++ refpolicy-git-orcexec/policy/modules/contrib/gnome.fc 2016-09-15 12:45:49.974216884 +0200
@@ -5,6 +5,8 @@ HOME_DIR/\.gnome2(/.*)? gen_context(syst
HOME_DIR/\.gnome2/keyrings(/.*)? gen_context(system_u:object_r:gnome_keyring_home_t,s0)
HOME_DIR/\.gnome2_private(/.*)? gen_context(system_u:object_r:gnome_home_t,s0)
+HOME_DIR/orcexec\..* gen_context(system_u:object_r:gstreamer_orcexec_t,s0)
+
/etc/gconf(/.*)? gen_context(system_u:object_r:gconf_etc_t,s0)
/tmp/gconfd-USER/.* -- gen_context(system_u:object_r:gconf_tmp_t,s0)
@@ -14,3 +16,6 @@ HOME_DIR/\.gnome2_private(/.*)? gen_cont
/usr/lib/[^/]*/gconf/gconfd-2 -- gen_context(system_u:object_r:gconfd_exec_t,s0)
/usr/libexec/gconfd-2 -- gen_context(system_u:object_r:gconfd_exec_t,s0)
+
+/var/run/user/[^/]*/orcexec\..* -- gen_context(system_u:object_r:gstreamer_orcexec_t,s0)
+/var/run/user/%{USERID}/orcexec\..* -- gen_context(system_u:object_r:gstreamer_orcexec_t,s0)
--- refpolicy-git-orig/policy/modules/contrib/gnome.if 2016-08-14 21:28:11.493519589 +0200
+++ refpolicy-git-orcexec/policy/modules/contrib/gnome.if 2016-09-15 15:19:41.127233923 +0200
@@ -604,6 +604,66 @@ interface(`gnome_gconf_home_filetrans',`
########################################
## <summary>
+## Create objects in user home
+## directories with the gstreamer
+## orcexec type.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+## <param name="object_class">
+## <summary>
+## Class of the object being created.
+## </summary>
+## </param>
+## <param name="name" optional="true">
+## <summary>
+## The name of the object being created.
+## </summary>
+## </param>
+#
+interface(`gnome_user_home_dir_filetrans_gstreamer_orcexec',`
+ gen_require(`
+ type gstreamer_orcexec_t;
+ ')
+
+ userdom_user_home_dir_filetrans($1, gstreamer_orcexec_t, $2, $3)
+')
+
+########################################
+## <summary>
+## Create objects in the user
+## runtime directories with the
+## gstreamer orcexec type.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+## <param name="object_class">
+## <summary>
+## Class of the object being created.
+## </summary>
+## </param>
+## <param name="name" optional="true">
+## <summary>
+## The name of the object being created.
+## </summary>
+## </param>
+#
+interface(`gnome_user_runtime_filetrans_gstreamer_orcexec',`
+ gen_require(`
+ type gstreamer_orcexec_t;
+ ')
+
+ userdom_user_runtime_filetrans($1, gstreamer_orcexec_t, $2, $3)
+')
+
+########################################
+## <summary>
## Read generic gnome keyring home files.
## </summary>
## <param name="domain">
@@ -735,3 +795,22 @@ interface(`gnome_stream_connect_all_gkey
files_search_tmp($1)
stream_connect_pattern($1, gnome_keyring_tmp_t, gnome_keyring_tmp_t, gkeyringd_domain)
')
+
+########################################
+## <summary>
+## Manage and mmap gstreamer ORC
+## optimized code.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`gnome_manage_mmap_gstreamer_orcexec',`
+ gen_require(`
+ type gstreamer_orcexec_t;
+ ')
+
+ allow $1 gstreamer_orcexec_t:file { manage_file_perms mmap_file_perms };
+')
--- refpolicy-git-orig/policy/modules/contrib/gnome.te 2016-08-14 21:28:11.494519604 +0200
+++ refpolicy-git-orcexec/policy/modules/contrib/gnome.te 2016-09-15 12:51:26.107456172 +0200
@@ -46,6 +46,9 @@ userdom_user_home_content(gnome_keyring_
type gnome_keyring_tmp_t;
userdom_user_tmp_file(gnome_keyring_tmp_t)
+type gstreamer_orcexec_t;
+application_executable_file(gstreamer_orcexec_t)
+
##############################
#
# Common local Policy
--- refpolicy-git-orig/policy/modules/contrib/pulseaudio.te 2016-08-15 23:39:24.063783236 +0200
+++ refpolicy-git-orcexec/policy/modules/contrib/pulseaudio.te 2016-09-15 15:18:04.644202840 +0200
@@ -193,6 +193,11 @@ optional_policy(`
optional_policy(`
gnome_stream_connect_gconf(pulseaudio_t)
+
+ # OIL Runtime Compiler (ORC) optimized code execution
+ gnome_manage_mmap_gstreamer_orcexec(pulseaudio_t)
+ gnome_user_runtime_filetrans_gstreamer_orcexec(pulseaudio_t, file)
+ gnome_user_home_dir_filetrans_gstreamer_orcexec(pulseaudio_t, file)
')
optional_policy(`
^ permalink raw reply [flat|nested] 7+ messages in thread* [refpolicy] [PATCH v2] gnome: add support for the OIL Runtime Compiler (ORC) optimized code execution
2016-09-15 13:26 ` [refpolicy] [PATCH v2] " Guido Trentalancia
@ 2016-09-18 20:40 ` Chris PeBenito
2016-09-19 11:15 ` [refpolicy] [PATCH v3] " Guido Trentalancia
1 sibling, 0 replies; 7+ messages in thread
From: Chris PeBenito @ 2016-09-18 20:40 UTC (permalink / raw)
To: refpolicy
On 09/15/16 09:26, Guido Trentalancia via refpolicy wrote:
> Add a new gstreamer_orcexec_t type and file context to the gnome
> module in order to support the OIL Runtime Compiler (ORC) optimized
> code execution (used for example by pulseaudio).
>
> Add optional policy to the pulseaudio module to support the ORC
> optimized code execution.
>
> This patch has been anticipated a few weeks ago as part of a
> larger gnome patch. It has now been split as a smaller patch,
> as required.
>
> Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
> ---
> policy/modules/contrib/gnome.fc | 5 ++
> policy/modules/contrib/gnome.if | 79 +++++++++++++++++++++++++++++++++++
> policy/modules/contrib/gnome.te | 3 +
> policy/modules/contrib/pulseaudio.te | 5 ++
> 4 files changed, 92 insertions(+)
>
> --- refpolicy-git-orig/policy/modules/contrib/gnome.fc 2016-08-14 21:28:11.493519589 +0200
> +++ refpolicy-git-orcexec/policy/modules/contrib/gnome.fc 2016-09-15 12:45:49.974216884 +0200
> @@ -5,6 +5,8 @@ HOME_DIR/\.gnome2(/.*)? gen_context(syst
> HOME_DIR/\.gnome2/keyrings(/.*)? gen_context(system_u:object_r:gnome_keyring_home_t,s0)
> HOME_DIR/\.gnome2_private(/.*)? gen_context(system_u:object_r:gnome_home_t,s0)
>
> +HOME_DIR/orcexec\..* gen_context(system_u:object_r:gstreamer_orcexec_t,s0)
> +
> /etc/gconf(/.*)? gen_context(system_u:object_r:gconf_etc_t,s0)
>
> /tmp/gconfd-USER/.* -- gen_context(system_u:object_r:gconf_tmp_t,s0)
> @@ -14,3 +16,6 @@ HOME_DIR/\.gnome2_private(/.*)? gen_cont
>
> /usr/lib/[^/]*/gconf/gconfd-2 -- gen_context(system_u:object_r:gconfd_exec_t,s0)
> /usr/libexec/gconfd-2 -- gen_context(system_u:object_r:gconfd_exec_t,s0)
> +
> +/var/run/user/[^/]*/orcexec\..* -- gen_context(system_u:object_r:gstreamer_orcexec_t,s0)
> +/var/run/user/%{USERID}/orcexec\..* -- gen_context(system_u:object_r:gstreamer_orcexec_t,s0)
> --- refpolicy-git-orig/policy/modules/contrib/gnome.if 2016-08-14 21:28:11.493519589 +0200
> +++ refpolicy-git-orcexec/policy/modules/contrib/gnome.if 2016-09-15 15:19:41.127233923 +0200
> @@ -604,6 +604,66 @@ interface(`gnome_gconf_home_filetrans',`
>
> ########################################
> ## <summary>
> +## Create objects in user home
> +## directories with the gstreamer
> +## orcexec type.
> +## </summary>
> +## <param name="domain">
> +## <summary>
> +## Domain allowed access.
> +## </summary>
> +## </param>
> +## <param name="object_class">
> +## <summary>
> +## Class of the object being created.
> +## </summary>
> +## </param>
> +## <param name="name" optional="true">
> +## <summary>
> +## The name of the object being created.
> +## </summary>
> +## </param>
> +#
> +interface(`gnome_user_home_dir_filetrans_gstreamer_orcexec',`
> + gen_require(`
> + type gstreamer_orcexec_t;
> + ')
> +
> + userdom_user_home_dir_filetrans($1, gstreamer_orcexec_t, $2, $3)
> +')
> +
> +########################################
> +## <summary>
> +## Create objects in the user
> +## runtime directories with the
> +## gstreamer orcexec type.
> +## </summary>
> +## <param name="domain">
> +## <summary>
> +## Domain allowed access.
> +## </summary>
> +## </param>
> +## <param name="object_class">
> +## <summary>
> +## Class of the object being created.
> +## </summary>
> +## </param>
> +## <param name="name" optional="true">
> +## <summary>
> +## The name of the object being created.
> +## </summary>
> +## </param>
> +#
> +interface(`gnome_user_runtime_filetrans_gstreamer_orcexec',`
> + gen_require(`
> + type gstreamer_orcexec_t;
> + ')
> +
> + userdom_user_runtime_filetrans($1, gstreamer_orcexec_t, $2, $3)
> +')
> +
> +########################################
> +## <summary>
> ## Read generic gnome keyring home files.
> ## </summary>
> ## <param name="domain">
> @@ -735,3 +795,22 @@ interface(`gnome_stream_connect_all_gkey
> files_search_tmp($1)
> stream_connect_pattern($1, gnome_keyring_tmp_t, gnome_keyring_tmp_t, gkeyringd_domain)
> ')
> +
> +########################################
> +## <summary>
> +## Manage and mmap gstreamer ORC
> +## optimized code.
> +## </summary>
> +## <param name="domain">
> +## <summary>
> +## Domain allowed access.
> +## </summary>
> +## </param>
> +#
> +interface(`gnome_manage_mmap_gstreamer_orcexec',`
> + gen_require(`
> + type gstreamer_orcexec_t;
> + ')
> +
> + allow $1 gstreamer_orcexec_t:file { manage_file_perms mmap_file_perms };
This will need to be split into two interfaces. Otherwise I think it's ok.
--
Chris PeBenito
^ permalink raw reply [flat|nested] 7+ messages in thread* [refpolicy] [PATCH v3] gnome: add support for the OIL Runtime Compiler (ORC) optimized code execution
2016-09-15 13:26 ` [refpolicy] [PATCH v2] " Guido Trentalancia
2016-09-18 20:40 ` Chris PeBenito
@ 2016-09-19 11:15 ` Guido Trentalancia
2016-09-19 22:36 ` Chris PeBenito
1 sibling, 1 reply; 7+ messages in thread
From: Guido Trentalancia @ 2016-09-19 11:15 UTC (permalink / raw)
To: refpolicy
Add a new gstreamer_orcexec_t type and file context to the gnome
module in order to support the OIL Runtime Compiler (ORC) optimized
code execution (used for example by pulseaudio).
Add optional policy to the pulseaudio module to support the ORC
optimized code execution.
This patch has been anticipated a few weeks ago as part of a
larger gnome patch. It has now been split as a smaller patch,
as required.
Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
---
policy/modules/contrib/gnome.fc | 5 +
policy/modules/contrib/gnome.if | 98 +++++++++++++++++++++++++++++++++++
policy/modules/contrib/gnome.te | 3 +
policy/modules/contrib/pulseaudio.te | 6 ++
4 files changed, 112 insertions(+)
--- refpolicy-git-orig/policy/modules/contrib/gnome.fc 2016-08-14 21:28:11.493519589 +0200
+++ refpolicy-git-orcexec/policy/modules/contrib/gnome.fc 2016-09-15 12:45:49.974216884 +0200
@@ -5,6 +5,8 @@ HOME_DIR/\.gnome2(/.*)? gen_context(syst
HOME_DIR/\.gnome2/keyrings(/.*)? gen_context(system_u:object_r:gnome_keyring_home_t,s0)
HOME_DIR/\.gnome2_private(/.*)? gen_context(system_u:object_r:gnome_home_t,s0)
+HOME_DIR/orcexec\..* gen_context(system_u:object_r:gstreamer_orcexec_t,s0)
+
/etc/gconf(/.*)? gen_context(system_u:object_r:gconf_etc_t,s0)
/tmp/gconfd-USER/.* -- gen_context(system_u:object_r:gconf_tmp_t,s0)
@@ -14,3 +16,6 @@ HOME_DIR/\.gnome2_private(/.*)? gen_cont
/usr/lib/[^/]*/gconf/gconfd-2 -- gen_context(system_u:object_r:gconfd_exec_t,s0)
/usr/libexec/gconfd-2 -- gen_context(system_u:object_r:gconfd_exec_t,s0)
+
+/var/run/user/[^/]*/orcexec\..* -- gen_context(system_u:object_r:gstreamer_orcexec_t,s0)
+/var/run/user/%{USERID}/orcexec\..* -- gen_context(system_u:object_r:gstreamer_orcexec_t,s0)
--- refpolicy-git-orig/policy/modules/contrib/gnome.if 2016-08-14 21:28:11.493519589 +0200
+++ refpolicy-git-orcexec/policy/modules/contrib/gnome.if 2016-09-19 13:03:01.904972915 +0200
@@ -604,6 +604,66 @@ interface(`gnome_gconf_home_filetrans',`
########################################
## <summary>
+## Create objects in user home
+## directories with the gstreamer
+## orcexec type.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+## <param name="object_class">
+## <summary>
+## Class of the object being created.
+## </summary>
+## </param>
+## <param name="name" optional="true">
+## <summary>
+## The name of the object being created.
+## </summary>
+## </param>
+#
+interface(`gnome_user_home_dir_filetrans_gstreamer_orcexec',`
+ gen_require(`
+ type gstreamer_orcexec_t;
+ ')
+
+ userdom_user_home_dir_filetrans($1, gstreamer_orcexec_t, $2, $3)
+')
+
+########################################
+## <summary>
+## Create objects in the user
+## runtime directories with the
+## gstreamer orcexec type.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+## <param name="object_class">
+## <summary>
+## Class of the object being created.
+## </summary>
+## </param>
+## <param name="name" optional="true">
+## <summary>
+## The name of the object being created.
+## </summary>
+## </param>
+#
+interface(`gnome_user_runtime_filetrans_gstreamer_orcexec',`
+ gen_require(`
+ type gstreamer_orcexec_t;
+ ')
+
+ userdom_user_runtime_filetrans($1, gstreamer_orcexec_t, $2, $3)
+')
+
+########################################
+## <summary>
## Read generic gnome keyring home files.
## </summary>
## <param name="domain">
@@ -735,3 +795,41 @@ interface(`gnome_stream_connect_all_gkey
files_search_tmp($1)
stream_connect_pattern($1, gnome_keyring_tmp_t, gnome_keyring_tmp_t, gkeyringd_domain)
')
+
+########################################
+## <summary>
+## Manage gstreamer ORC optimized
+## code.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`gnome_manage_gstreamer_orcexec',`
+ gen_require(`
+ type gstreamer_orcexec_t;
+ ')
+
+ allow $1 gstreamer_orcexec_t:file manage_file_perms;
+')
+
+########################################
+## <summary>
+## Mmap gstreamer ORC optimized
+## code.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`gnome_mmap_gstreamer_orcexec',`
+ gen_require(`
+ type gstreamer_orcexec_t;
+ ')
+
+ allow $1 gstreamer_orcexec_t:file mmap_file_perms;
+')
--- refpolicy-git-orig/policy/modules/contrib/gnome.te 2016-08-14 21:28:11.494519604 +0200
+++ refpolicy-git-orcexec/policy/modules/contrib/gnome.te 2016-09-15 12:51:26.107456172 +0200
@@ -46,6 +46,9 @@ userdom_user_home_content(gnome_keyring_
type gnome_keyring_tmp_t;
userdom_user_tmp_file(gnome_keyring_tmp_t)
+type gstreamer_orcexec_t;
+application_executable_file(gstreamer_orcexec_t)
+
##############################
#
# Common local Policy
--- refpolicy-git-orig/policy/modules/contrib/pulseaudio.te 2016-08-15 23:39:24.063783236 +0200
+++ refpolicy-git-orcexec/policy/modules/contrib/pulseaudio.te 2016-09-19 13:06:10.485531536 +0200
@@ -193,6 +193,12 @@ optional_policy(`
optional_policy(`
gnome_stream_connect_gconf(pulseaudio_t)
+
+ # OIL Runtime Compiler (ORC) optimized code execution
+ gnome_manage_gstreamer_orcexec(pulseaudio_t)
+ gnome_mmap_gstreamer_orcexec(pulseaudio_t)
+ gnome_user_runtime_filetrans_gstreamer_orcexec(pulseaudio_t, file)
+ gnome_user_home_dir_filetrans_gstreamer_orcexec(pulseaudio_t, file)
')
optional_policy(`
^ permalink raw reply [flat|nested] 7+ messages in thread* [refpolicy] [PATCH v3] gnome: add support for the OIL Runtime Compiler (ORC) optimized code execution
2016-09-19 11:15 ` [refpolicy] [PATCH v3] " Guido Trentalancia
@ 2016-09-19 22:36 ` Chris PeBenito
2016-09-27 15:01 ` Guido Trentalancia
0 siblings, 1 reply; 7+ messages in thread
From: Chris PeBenito @ 2016-09-19 22:36 UTC (permalink / raw)
To: refpolicy
On 09/19/16 07:15, Guido Trentalancia via refpolicy wrote:
> Add a new gstreamer_orcexec_t type and file context to the gnome
> module in order to support the OIL Runtime Compiler (ORC) optimized
> code execution (used for example by pulseaudio).
>
> Add optional policy to the pulseaudio module to support the ORC
> optimized code execution.
>
> This patch has been anticipated a few weeks ago as part of a
> larger gnome patch. It has now been split as a smaller patch,
> as required.
Merged.
> Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
> ---
> policy/modules/contrib/gnome.fc | 5 +
> policy/modules/contrib/gnome.if | 98 +++++++++++++++++++++++++++++++++++
> policy/modules/contrib/gnome.te | 3 +
> policy/modules/contrib/pulseaudio.te | 6 ++
> 4 files changed, 112 insertions(+)
>
> --- refpolicy-git-orig/policy/modules/contrib/gnome.fc 2016-08-14 21:28:11.493519589 +0200
> +++ refpolicy-git-orcexec/policy/modules/contrib/gnome.fc 2016-09-15 12:45:49.974216884 +0200
> @@ -5,6 +5,8 @@ HOME_DIR/\.gnome2(/.*)? gen_context(syst
> HOME_DIR/\.gnome2/keyrings(/.*)? gen_context(system_u:object_r:gnome_keyring_home_t,s0)
> HOME_DIR/\.gnome2_private(/.*)? gen_context(system_u:object_r:gnome_home_t,s0)
>
> +HOME_DIR/orcexec\..* gen_context(system_u:object_r:gstreamer_orcexec_t,s0)
> +
> /etc/gconf(/.*)? gen_context(system_u:object_r:gconf_etc_t,s0)
>
> /tmp/gconfd-USER/.* -- gen_context(system_u:object_r:gconf_tmp_t,s0)
> @@ -14,3 +16,6 @@ HOME_DIR/\.gnome2_private(/.*)? gen_cont
>
> /usr/lib/[^/]*/gconf/gconfd-2 -- gen_context(system_u:object_r:gconfd_exec_t,s0)
> /usr/libexec/gconfd-2 -- gen_context(system_u:object_r:gconfd_exec_t,s0)
> +
> +/var/run/user/[^/]*/orcexec\..* -- gen_context(system_u:object_r:gstreamer_orcexec_t,s0)
> +/var/run/user/%{USERID}/orcexec\..* -- gen_context(system_u:object_r:gstreamer_orcexec_t,s0)
> --- refpolicy-git-orig/policy/modules/contrib/gnome.if 2016-08-14 21:28:11.493519589 +0200
> +++ refpolicy-git-orcexec/policy/modules/contrib/gnome.if 2016-09-19 13:03:01.904972915 +0200
> @@ -604,6 +604,66 @@ interface(`gnome_gconf_home_filetrans',`
>
> ########################################
> ## <summary>
> +## Create objects in user home
> +## directories with the gstreamer
> +## orcexec type.
> +## </summary>
> +## <param name="domain">
> +## <summary>
> +## Domain allowed access.
> +## </summary>
> +## </param>
> +## <param name="object_class">
> +## <summary>
> +## Class of the object being created.
> +## </summary>
> +## </param>
> +## <param name="name" optional="true">
> +## <summary>
> +## The name of the object being created.
> +## </summary>
> +## </param>
> +#
> +interface(`gnome_user_home_dir_filetrans_gstreamer_orcexec',`
> + gen_require(`
> + type gstreamer_orcexec_t;
> + ')
> +
> + userdom_user_home_dir_filetrans($1, gstreamer_orcexec_t, $2, $3)
> +')
> +
> +########################################
> +## <summary>
> +## Create objects in the user
> +## runtime directories with the
> +## gstreamer orcexec type.
> +## </summary>
> +## <param name="domain">
> +## <summary>
> +## Domain allowed access.
> +## </summary>
> +## </param>
> +## <param name="object_class">
> +## <summary>
> +## Class of the object being created.
> +## </summary>
> +## </param>
> +## <param name="name" optional="true">
> +## <summary>
> +## The name of the object being created.
> +## </summary>
> +## </param>
> +#
> +interface(`gnome_user_runtime_filetrans_gstreamer_orcexec',`
> + gen_require(`
> + type gstreamer_orcexec_t;
> + ')
> +
> + userdom_user_runtime_filetrans($1, gstreamer_orcexec_t, $2, $3)
> +')
> +
> +########################################
> +## <summary>
> ## Read generic gnome keyring home files.
> ## </summary>
> ## <param name="domain">
> @@ -735,3 +795,41 @@ interface(`gnome_stream_connect_all_gkey
> files_search_tmp($1)
> stream_connect_pattern($1, gnome_keyring_tmp_t, gnome_keyring_tmp_t, gkeyringd_domain)
> ')
> +
> +########################################
> +## <summary>
> +## Manage gstreamer ORC optimized
> +## code.
> +## </summary>
> +## <param name="domain">
> +## <summary>
> +## Domain allowed access.
> +## </summary>
> +## </param>
> +#
> +interface(`gnome_manage_gstreamer_orcexec',`
> + gen_require(`
> + type gstreamer_orcexec_t;
> + ')
> +
> + allow $1 gstreamer_orcexec_t:file manage_file_perms;
> +')
> +
> +########################################
> +## <summary>
> +## Mmap gstreamer ORC optimized
> +## code.
> +## </summary>
> +## <param name="domain">
> +## <summary>
> +## Domain allowed access.
> +## </summary>
> +## </param>
> +#
> +interface(`gnome_mmap_gstreamer_orcexec',`
> + gen_require(`
> + type gstreamer_orcexec_t;
> + ')
> +
> + allow $1 gstreamer_orcexec_t:file mmap_file_perms;
> +')
> --- refpolicy-git-orig/policy/modules/contrib/gnome.te 2016-08-14 21:28:11.494519604 +0200
> +++ refpolicy-git-orcexec/policy/modules/contrib/gnome.te 2016-09-15 12:51:26.107456172 +0200
> @@ -46,6 +46,9 @@ userdom_user_home_content(gnome_keyring_
> type gnome_keyring_tmp_t;
> userdom_user_tmp_file(gnome_keyring_tmp_t)
>
> +type gstreamer_orcexec_t;
> +application_executable_file(gstreamer_orcexec_t)
> +
> ##############################
> #
> # Common local Policy
> --- refpolicy-git-orig/policy/modules/contrib/pulseaudio.te 2016-08-15 23:39:24.063783236 +0200
> +++ refpolicy-git-orcexec/policy/modules/contrib/pulseaudio.te 2016-09-19 13:06:10.485531536 +0200
> @@ -193,6 +193,12 @@ optional_policy(`
>
> optional_policy(`
> gnome_stream_connect_gconf(pulseaudio_t)
> +
> + # OIL Runtime Compiler (ORC) optimized code execution
> + gnome_manage_gstreamer_orcexec(pulseaudio_t)
> + gnome_mmap_gstreamer_orcexec(pulseaudio_t)
> + gnome_user_runtime_filetrans_gstreamer_orcexec(pulseaudio_t, file)
> + gnome_user_home_dir_filetrans_gstreamer_orcexec(pulseaudio_t, file)
> ')
>
> optional_policy(`
--
Chris PeBenito
^ permalink raw reply [flat|nested] 7+ messages in thread* [refpolicy] [PATCH v3] gnome: add support for the OIL Runtime Compiler (ORC) optimized code execution
2016-09-19 22:36 ` Chris PeBenito
@ 2016-09-27 15:01 ` Guido Trentalancia
2016-09-27 22:28 ` Chris PeBenito
0 siblings, 1 reply; 7+ messages in thread
From: Guido Trentalancia @ 2016-09-27 15:01 UTC (permalink / raw)
To: refpolicy
Hello Christopher.
I have checked the current git tree, but unfortunately I couldn't find
any trace of this patch.
Can you please double-check that it has been applied ?
Thanks,
Guido
On Mon, 19/09/2016 at 18.36 -0400, Chris PeBenito wrote:
> On 09/19/16 07:15, Guido Trentalancia via refpolicy wrote:
> >
> > Add a new gstreamer_orcexec_t type and file context to the gnome
> > module in order to support the OIL Runtime Compiler (ORC) optimized
> > code execution (used for example by pulseaudio).
> >
> > Add optional policy to the pulseaudio module to support the ORC
> > optimized code execution.
> >
> > This patch has been anticipated a few weeks ago as part of a
> > larger gnome patch. It has now been split as a smaller patch,
> > as required.
>
> Merged.
>
>
> >
> > Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
> > ---
> > ?policy/modules/contrib/gnome.fc??????|????5 +
> > ?policy/modules/contrib/gnome.if??????|???98
> > +++++++++++++++++++++++++++++++++++
> > ?policy/modules/contrib/gnome.te??????|????3 +
> > ?policy/modules/contrib/pulseaudio.te |????6 ++
> > ?4 files changed, 112 insertions(+)
> >
> > --- refpolicy-git-orig/policy/modules/contrib/gnome.fc 2016-
> > 08-14 21:28:11.493519589 +0200
> > +++ refpolicy-git-orcexec/policy/modules/contrib/gnome.fc 20
> > 16-09-15 12:45:49.974216884 +0200
> > @@ -5,6 +5,8 @@ HOME_DIR/\.gnome2(/.*)? gen_context(syst
> > ?HOME_DIR/\.gnome2/keyrings(/.*)? gen_context(system_u:objec
> > t_r:gnome_keyring_home_t,s0)
> > ?HOME_DIR/\.gnome2_private(/.*)? gen_context(system_u:object
> > _r:gnome_home_t,s0)
> >
> > +HOME_DIR/orcexec\..* gen_context(system_u:object_r:gstreame
> > r_orcexec_t,s0)
> > +
> > ?/etc/gconf(/.*)? gen_context(system_u:object_r:gconf_etc_t,
> > s0)
> >
> > ?/tmp/gconfd-USER/.* -- gen_context(system_u:object_r
> > :gconf_tmp_t,s0)
> > @@ -14,3 +16,6 @@ HOME_DIR/\.gnome2_private(/.*)? gen_cont
> >
> > ?/usr/lib/[^/]*/gconf/gconfd-2 -- gen_context(system_
> > u:object_r:gconfd_exec_t,s0)
> > ?/usr/libexec/gconfd-2 -- gen_context(system_u:object
> > _r:gconfd_exec_t,s0)
> > +
> > +/var/run/user/[^/]*/orcexec\..* -- gen_context(syste
> > m_u:object_r:gstreamer_orcexec_t,s0)
> > +/var/run/user/%{USERID}/orcexec\..* -- gen_context(s
> > ystem_u:object_r:gstreamer_orcexec_t,s0)
> > --- refpolicy-git-orig/policy/modules/contrib/gnome.if 2016-
> > 08-14 21:28:11.493519589 +0200
> > +++ refpolicy-git-orcexec/policy/modules/contrib/gnome.if 20
> > 16-09-19 13:03:01.904972915 +0200
> > @@ -604,6 +604,66 @@ interface(`gnome_gconf_home_filetrans',`
> >
> > ?########################################
> > ?## <summary>
> > +## Create objects in user home
> > +## directories with the gstreamer
> > +## orcexec type.
> > +## </summary>
> > +## <param name="domain">
> > +## <summary>
> > +## Domain allowed access.
> > +## </summary>
> > +## </param>
> > +## <param name="object_class">
> > +## <summary>
> > +## Class of the object being created.
> > +## </summary>
> > +## </param>
> > +## <param name="name" optional="true">
> > +## <summary>
> > +## The name of the object being created.
> > +## </summary>
> > +## </param>
> > +#
> > +interface(`gnome_user_home_dir_filetrans_gstreamer_orcexec',`
> > + gen_require(`
> > + type gstreamer_orcexec_t;
> > + ')
> > +
> > + userdom_user_home_dir_filetrans($1, gstreamer_orcexec_t,
> > $2, $3)
> > +')
> > +
> > +########################################
> > +## <summary>
> > +## Create objects in the user
> > +## runtime directories with the
> > +## gstreamer orcexec type.
> > +## </summary>
> > +## <param name="domain">
> > +## <summary>
> > +## Domain allowed access.
> > +## </summary>
> > +## </param>
> > +## <param name="object_class">
> > +## <summary>
> > +## Class of the object being created.
> > +## </summary>
> > +## </param>
> > +## <param name="name" optional="true">
> > +## <summary>
> > +## The name of the object being created.
> > +## </summary>
> > +## </param>
> > +#
> > +interface(`gnome_user_runtime_filetrans_gstreamer_orcexec',`
> > + gen_require(`
> > + type gstreamer_orcexec_t;
> > + ')
> > +
> > + userdom_user_runtime_filetrans($1, gstreamer_orcexec_t,
> > $2, $3)
> > +')
> > +
> > +########################################
> > +## <summary>
> > ?## Read generic gnome keyring home files.
> > ?## </summary>
> > ?## <param name="domain">
> > @@ -735,3 +795,41 @@ interface(`gnome_stream_connect_all_gkey
> > ? files_search_tmp($1)
> > ? stream_connect_pattern($1, gnome_keyring_tmp_t,
> > gnome_keyring_tmp_t, gkeyringd_domain)
> > ?')
> > +
> > +########################################
> > +## <summary>
> > +## Manage gstreamer ORC optimized
> > +## code.
> > +## </summary>
> > +## <param name="domain">
> > +## <summary>
> > +## Domain allowed access.
> > +## </summary>
> > +## </param>
> > +#
> > +interface(`gnome_manage_gstreamer_orcexec',`
> > + gen_require(`
> > + type gstreamer_orcexec_t;
> > + ')
> > +
> > + allow $1 gstreamer_orcexec_t:file manage_file_perms;
> > +')
> > +
> > +########################################
> > +## <summary>
> > +## Mmap gstreamer ORC optimized
> > +## code.
> > +## </summary>
> > +## <param name="domain">
> > +## <summary>
> > +## Domain allowed access.
> > +## </summary>
> > +## </param>
> > +#
> > +interface(`gnome_mmap_gstreamer_orcexec',`
> > + gen_require(`
> > + type gstreamer_orcexec_t;
> > + ')
> > +
> > + allow $1 gstreamer_orcexec_t:file mmap_file_perms;
> > +')
> > --- refpolicy-git-orig/policy/modules/contrib/gnome.te 2016-
> > 08-14 21:28:11.494519604 +0200
> > +++ refpolicy-git-orcexec/policy/modules/contrib/gnome.te 20
> > 16-09-15 12:51:26.107456172 +0200
> > @@ -46,6 +46,9 @@ userdom_user_home_content(gnome_keyring_
> > ?type gnome_keyring_tmp_t;
> > ?userdom_user_tmp_file(gnome_keyring_tmp_t)
> >
> > +type gstreamer_orcexec_t;
> > +application_executable_file(gstreamer_orcexec_t)
> > +
> > ?##############################
> > ?#
> > ?# Common local Policy
> > --- refpolicy-git-orig/policy/modules/contrib/pulseaudio.te
> > 2016-08-15 23:39:24.063783236 +0200
> > +++ refpolicy-git-orcexec/policy/modules/contrib/pulseaudio.te
> > 2016-09-19 13:06:10.485531536 +0200
> > @@ -193,6 +193,12 @@ optional_policy(`
> >
> > ?optional_policy(`
> > ? gnome_stream_connect_gconf(pulseaudio_t)
> > +
> > + # OIL Runtime Compiler (ORC) optimized code execution
> > + gnome_manage_gstreamer_orcexec(pulseaudio_t)
> > + gnome_mmap_gstreamer_orcexec(pulseaudio_t)
> > + gnome_user_runtime_filetrans_gstreamer_orcexec(pulseaudio_
> > t, file)
> > + gnome_user_home_dir_filetrans_gstreamer_orcexec(pulseaudio
> > _t, file)
> > ?')
> >
> > ?optional_policy(`
>
>
>
^ permalink raw reply [flat|nested] 7+ messages in thread* [refpolicy] [PATCH v3] gnome: add support for the OIL Runtime Compiler (ORC) optimized code execution
2016-09-27 15:01 ` Guido Trentalancia
@ 2016-09-27 22:28 ` Chris PeBenito
0 siblings, 0 replies; 7+ messages in thread
From: Chris PeBenito @ 2016-09-27 22:28 UTC (permalink / raw)
To: refpolicy
On 09/27/16 11:01, Guido Trentalancia wrote:
> Hello Christopher.
>
> I have checked the current git tree, but unfortunately I couldn't find
> any trace of this patch.
>
> Can you please double-check that it has been applied ?
This looks like it, to me:
https://github.com/TresysTechnology/refpolicy-contrib/commit/89a34a6719990644905b4ea64a4b5b84965c76cc
> On Mon, 19/09/2016 at 18.36 -0400, Chris PeBenito wrote:
>> On 09/19/16 07:15, Guido Trentalancia via refpolicy wrote:
>>>
>>> Add a new gstreamer_orcexec_t type and file context to the gnome
>>> module in order to support the OIL Runtime Compiler (ORC) optimized
>>> code execution (used for example by pulseaudio).
>>>
>>> Add optional policy to the pulseaudio module to support the ORC
>>> optimized code execution.
>>>
>>> This patch has been anticipated a few weeks ago as part of a
>>> larger gnome patch. It has now been split as a smaller patch,
>>> as required.
>>
>> Merged.
>>
>>
>>>
>>> Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
>>> ---
>>> policy/modules/contrib/gnome.fc | 5 +
>>> policy/modules/contrib/gnome.if | 98
>>> +++++++++++++++++++++++++++++++++++
>>> policy/modules/contrib/gnome.te | 3 +
>>> policy/modules/contrib/pulseaudio.te | 6 ++
>>> 4 files changed, 112 insertions(+)
>>>
>>> --- refpolicy-git-orig/policy/modules/contrib/gnome.fc 2016-
>>> 08-14 21:28:11.493519589 +0200
>>> +++ refpolicy-git-orcexec/policy/modules/contrib/gnome.fc 20
>>> 16-09-15 12:45:49.974216884 +0200
>>> @@ -5,6 +5,8 @@ HOME_DIR/\.gnome2(/.*)? gen_context(syst
>>> HOME_DIR/\.gnome2/keyrings(/.*)? gen_context(system_u:objec
>>> t_r:gnome_keyring_home_t,s0)
>>> HOME_DIR/\.gnome2_private(/.*)? gen_context(system_u:object
>>> _r:gnome_home_t,s0)
>>>
>>> +HOME_DIR/orcexec\..* gen_context(system_u:object_r:gstreame
>>> r_orcexec_t,s0)
>>> +
>>> /etc/gconf(/.*)? gen_context(system_u:object_r:gconf_etc_t,
>>> s0)
>>>
>>> /tmp/gconfd-USER/.* -- gen_context(system_u:object_r
>>> :gconf_tmp_t,s0)
>>> @@ -14,3 +16,6 @@ HOME_DIR/\.gnome2_private(/.*)? gen_cont
>>>
>>> /usr/lib/[^/]*/gconf/gconfd-2 -- gen_context(system_
>>> u:object_r:gconfd_exec_t,s0)
>>> /usr/libexec/gconfd-2 -- gen_context(system_u:object
>>> _r:gconfd_exec_t,s0)
>>> +
>>> +/var/run/user/[^/]*/orcexec\..* -- gen_context(syste
>>> m_u:object_r:gstreamer_orcexec_t,s0)
>>> +/var/run/user/%{USERID}/orcexec\..* -- gen_context(s
>>> ystem_u:object_r:gstreamer_orcexec_t,s0)
>>> --- refpolicy-git-orig/policy/modules/contrib/gnome.if 2016-
>>> 08-14 21:28:11.493519589 +0200
>>> +++ refpolicy-git-orcexec/policy/modules/contrib/gnome.if 20
>>> 16-09-19 13:03:01.904972915 +0200
>>> @@ -604,6 +604,66 @@ interface(`gnome_gconf_home_filetrans',`
>>>
>>> ########################################
>>> ## <summary>
>>> +## Create objects in user home
>>> +## directories with the gstreamer
>>> +## orcexec type.
>>> +## </summary>
>>> +## <param name="domain">
>>> +## <summary>
>>> +## Domain allowed access.
>>> +## </summary>
>>> +## </param>
>>> +## <param name="object_class">
>>> +## <summary>
>>> +## Class of the object being created.
>>> +## </summary>
>>> +## </param>
>>> +## <param name="name" optional="true">
>>> +## <summary>
>>> +## The name of the object being created.
>>> +## </summary>
>>> +## </param>
>>> +#
>>> +interface(`gnome_user_home_dir_filetrans_gstreamer_orcexec',`
>>> + gen_require(`
>>> + type gstreamer_orcexec_t;
>>> + ')
>>> +
>>> + userdom_user_home_dir_filetrans($1, gstreamer_orcexec_t,
>>> $2, $3)
>>> +')
>>> +
>>> +########################################
>>> +## <summary>
>>> +## Create objects in the user
>>> +## runtime directories with the
>>> +## gstreamer orcexec type.
>>> +## </summary>
>>> +## <param name="domain">
>>> +## <summary>
>>> +## Domain allowed access.
>>> +## </summary>
>>> +## </param>
>>> +## <param name="object_class">
>>> +## <summary>
>>> +## Class of the object being created.
>>> +## </summary>
>>> +## </param>
>>> +## <param name="name" optional="true">
>>> +## <summary>
>>> +## The name of the object being created.
>>> +## </summary>
>>> +## </param>
>>> +#
>>> +interface(`gnome_user_runtime_filetrans_gstreamer_orcexec',`
>>> + gen_require(`
>>> + type gstreamer_orcexec_t;
>>> + ')
>>> +
>>> + userdom_user_runtime_filetrans($1, gstreamer_orcexec_t,
>>> $2, $3)
>>> +')
>>> +
>>> +########################################
>>> +## <summary>
>>> ## Read generic gnome keyring home files.
>>> ## </summary>
>>> ## <param name="domain">
>>> @@ -735,3 +795,41 @@ interface(`gnome_stream_connect_all_gkey
>>> files_search_tmp($1)
>>> stream_connect_pattern($1, gnome_keyring_tmp_t,
>>> gnome_keyring_tmp_t, gkeyringd_domain)
>>> ')
>>> +
>>> +########################################
>>> +## <summary>
>>> +## Manage gstreamer ORC optimized
>>> +## code.
>>> +## </summary>
>>> +## <param name="domain">
>>> +## <summary>
>>> +## Domain allowed access.
>>> +## </summary>
>>> +## </param>
>>> +#
>>> +interface(`gnome_manage_gstreamer_orcexec',`
>>> + gen_require(`
>>> + type gstreamer_orcexec_t;
>>> + ')
>>> +
>>> + allow $1 gstreamer_orcexec_t:file manage_file_perms;
>>> +')
>>> +
>>> +########################################
>>> +## <summary>
>>> +## Mmap gstreamer ORC optimized
>>> +## code.
>>> +## </summary>
>>> +## <param name="domain">
>>> +## <summary>
>>> +## Domain allowed access.
>>> +## </summary>
>>> +## </param>
>>> +#
>>> +interface(`gnome_mmap_gstreamer_orcexec',`
>>> + gen_require(`
>>> + type gstreamer_orcexec_t;
>>> + ')
>>> +
>>> + allow $1 gstreamer_orcexec_t:file mmap_file_perms;
>>> +')
>>> --- refpolicy-git-orig/policy/modules/contrib/gnome.te 2016-
>>> 08-14 21:28:11.494519604 +0200
>>> +++ refpolicy-git-orcexec/policy/modules/contrib/gnome.te 20
>>> 16-09-15 12:51:26.107456172 +0200
>>> @@ -46,6 +46,9 @@ userdom_user_home_content(gnome_keyring_
>>> type gnome_keyring_tmp_t;
>>> userdom_user_tmp_file(gnome_keyring_tmp_t)
>>>
>>> +type gstreamer_orcexec_t;
>>> +application_executable_file(gstreamer_orcexec_t)
>>> +
>>> ##############################
>>> #
>>> # Common local Policy
>>> --- refpolicy-git-orig/policy/modules/contrib/pulseaudio.te
>>> 2016-08-15 23:39:24.063783236 +0200
>>> +++ refpolicy-git-orcexec/policy/modules/contrib/pulseaudio.te
>>> 2016-09-19 13:06:10.485531536 +0200
>>> @@ -193,6 +193,12 @@ optional_policy(`
>>>
>>> optional_policy(`
>>> gnome_stream_connect_gconf(pulseaudio_t)
>>> +
>>> + # OIL Runtime Compiler (ORC) optimized code execution
>>> + gnome_manage_gstreamer_orcexec(pulseaudio_t)
>>> + gnome_mmap_gstreamer_orcexec(pulseaudio_t)
>>> + gnome_user_runtime_filetrans_gstreamer_orcexec(pulseaudio_
>>> t, file)
>>> + gnome_user_home_dir_filetrans_gstreamer_orcexec(pulseaudio
>>> _t, file)
>>> ')
>>>
>>> optional_policy(`
>>
>>
>>
>
--
Chris PeBenito
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2016-09-27 22:28 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-09-15 11:03 [refpolicy] [PATCH] gnome: add support for the OIL Runtime Compiler (ORC) optimized code execution Guido Trentalancia
2016-09-15 13:26 ` [refpolicy] [PATCH v2] " Guido Trentalancia
2016-09-18 20:40 ` Chris PeBenito
2016-09-19 11:15 ` [refpolicy] [PATCH v3] " Guido Trentalancia
2016-09-19 22:36 ` Chris PeBenito
2016-09-27 15:01 ` Guido Trentalancia
2016-09-27 22:28 ` Chris PeBenito
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.