* [refpolicy] [PATCH] Update the pulseaudio module for usability and ORC support
@ 2016-08-11 22:04 Guido Trentalancia
2016-08-12 7:02 ` Dominick Grift
` (2 more replies)
0 siblings, 3 replies; 15+ messages in thread
From: Guido Trentalancia @ 2016-08-11 22:04 UTC (permalink / raw)
To: refpolicy
Update the pulseaudio module so that it is usable (tested with
latest version pulseaudio 9.0).
Support for the OIL Runtime Compiler (OIL) optimized code
execution is added to the pulseaudio module by using a few
newly created interfaces and file contexts in the gnome
module.
Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
---
policy/modules/contrib/gnome.fc | 4 +
policy/modules/contrib/gnome.if | 91 +++++++++++++++++++++++++++++++++++
policy/modules/contrib/gnome.te | 3 +
policy/modules/contrib/pulseaudio.fc | 1
policy/modules/contrib/pulseaudio.if | 1
policy/modules/contrib/pulseaudio.te | 23 +++++++-
6 files changed, 119 insertions(+), 4 deletions(-)
--- refpolicy-git-06082016-orig/policy/modules/contrib/gnome.fc 2016-08-06 21:27:11.354094337 +0200
+++ refpolicy-git-06082016/policy/modules/contrib/gnome.fc 2016-08-11 21:42:20.520989284 +0200
@@ -4,13 +4,17 @@ HOME_DIR/\.gnome(/.*)? gen_context(syste
HOME_DIR/\.gnome2(/.*)? gen_context(system_u:object_r:gnome_home_t,s0)
HOME_DIR/\.gnome2/keyrings(/.*)? gen_context(system_u:object_r:gnome_keyring_home_t,s0)
HOME_DIR/\.gnome2_private(/.*)? gen_context(system_u:object_r:gnome_home_t,s0)
+HOME_DIR/orcexec.* gen_context(system_u:object_r:gstreamer_orcexec_t,s0)
/etc/gconf(/.*)? gen_context(system_u:object_r:gconf_etc_t,s0)
/tmp/gconfd-USER/.* -- gen_context(system_u:object_r:gconf_tmp_t,s0)
+/tmp/orcexec.* gen_context(system_u:object_r:gstreamer_orcexec_t,s0)
/usr/bin/gnome-keyring-daemon -- gen_context(system_u:object_r:gkeyringd_exec_t,s0)
/usr/bin/mate-keyring-daemon -- gen_context(system_u:object_r:gkeyringd_exec_t,s0)
/usr/lib/[^/]*/gconf/gconfd-2 -- gen_context(system_u:object_r:gconfd_exec_t,s0)
/usr/libexec/gconfd-2 -- gen_context(system_u:object_r:gconfd_exec_t,s0)
+
+/var/run/user/[^/]*/orcexec.* gen_context(system_u:object_r:gstreamer_orcexec_t,s0)
--- refpolicy-git-06082016-orig/policy/modules/contrib/gnome.if 2016-08-06 21:27:11.354094337 +0200
+++ refpolicy-git-06082016/policy/modules/contrib/gnome.if 2016-08-11 23:19:10.190331107 +0200
@@ -569,6 +569,36 @@ interface(`gnome_home_filetrans_gnome_ho
########################################
## <summary>
+## Create objects in user home
+## directories with the gstreamer
+## orcexec type.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+## <param name="object_class">
+## <summary>
+## Class of the object being created.
+## </summary>
+## </param>
+## <param name="name" optional="true">
+## <summary>
+## The name of the object being created.
+## </summary>
+## </param>
+#
+interface(`gnome_home_filetrans_gstreamer_orcexec',`
+ gen_require(`
+ type gstreamer_orcexec_t;
+ ')
+
+ userdom_user_home_dir_filetrans($1, gstreamer_orcexec_t, $2, $3)
+')
+
+########################################
+## <summary>
## Create objects in gnome gconf home
## directories with a private type.
## </summary>
@@ -603,6 +633,67 @@ interface(`gnome_gconf_home_filetrans',`
')
########################################
+## <summary>
+## Create objects in the user
+## runtime directories with the
+## gstreamer orcexec type.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+## <param name="object_class">
+## <summary>
+## Class of the object being created.
+## </summary>
+## </param>
+## <param name="name" optional="true">
+## <summary>
+## The name of the object being created.
+## </summary>
+## </param>
+#
+interface(`gnome_user_runtime_filetrans_gstreamer_orcexec',`
+ gen_require(`
+ type gstreamer_orcexec_t;
+ ')
+
+ userdom_user_runtime_filetrans($1, gstreamer_orcexec_t, $2, $3)
+')
+
+
+########################################
+## <summary>
+## Create objects in the tmp
+## directories with the gstreamer
+## orcexec type.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+## <param name="object_class">
+## <summary>
+## Class of the object being created.
+## </summary>
+## </param>
+## <param name="name" optional="true">
+## <summary>
+## The name of the object being created.
+## </summary>
+## </param>
+#
+interface(`gnome_tmp_filetrans_gstreamer_orcexec',`
+ gen_require(`
+ type gstreamer_orcexec_t;
+ ')
+
+ files_tmp_filetrans($1, gstreamer_orcexec_t, $2, $3)
+')
+
+########################################
## <summary>
## Read generic gnome keyring home files.
## </summary>
--- refpolicy-git-06082016-orig/policy/modules/contrib/gnome.te 2016-08-06 21:27:11.354094337 +0200
+++ refpolicy-git-06082016/policy/modules/contrib/gnome.te 2016-08-11 20:16:46.001970644 +0200
@@ -46,6 +46,9 @@ userdom_user_home_content(gnome_keyring_
type gnome_keyring_tmp_t;
userdom_user_tmp_file(gnome_keyring_tmp_t)
+type gstreamer_orcexec_t;
+application_executable_file(gstreamer_orcexec_t)
+
##############################
#
# Common local Policy
--- refpolicy-git-06082016-orig/policy/modules/contrib/pulseaudio.fc 2016-08-06 21:27:11.411094987 +0200
+++ refpolicy-git-06082016/policy/modules/contrib/pulseaudio.fc 2016-08-11 20:07:21.338329216 +0200
@@ -1,6 +1,7 @@
HOME_DIR/\.esd_auth -- gen_context(system_u:object_r:pulseaudio_home_t,s0)
HOME_DIR/\.pulse(/.*)? gen_context(system_u:object_r:pulseaudio_home_t,s0)
HOME_DIR/\.pulse-cookie -- gen_context(system_u:object_r:pulseaudio_home_t,s0)
+HOME_DIR/\.config/pulse(/.*)? -- gen_context(system_u:object_r:pulseaudio_home_t,s0)
/usr/bin/pulseaudio -- gen_context(system_u:object_r:pulseaudio_exec_t,s0)
--- refpolicy-git-06082016-orig/policy/modules/contrib/pulseaudio.if 2016-08-06 21:27:11.411094987 +0200
+++ refpolicy-git-06082016/policy/modules/contrib/pulseaudio.if 2016-08-11 17:34:47.778835995 +0200
@@ -25,6 +25,7 @@ interface(`pulseaudio_role',`
pulseaudio_run($2, $1)
allow $2 pulseaudio_t:process { ptrace signal_perms };
+ allow $2 pulseaudio_t:fd use;
ps_process_pattern($2, pulseaudio_t)
allow $2 pulseaudio_home_t:dir { manage_dir_perms relabel_dir_perms };
--- refpolicy-git-06082016-orig/policy/modules/contrib/pulseaudio.te 2016-08-06 21:27:11.412094999 +0200
+++ refpolicy-git-06082016/policy/modules/contrib/pulseaudio.te 2016-08-11 23:50:05.921992338 +0200
@@ -37,7 +37,7 @@ files_pid_file(pulseaudio_var_run_t)
#
allow pulseaudio_t self:capability { fowner fsetid chown setgid setuid sys_nice sys_resource sys_tty_config };
-allow pulseaudio_t self:process { getcap setcap setrlimit setsched getsched signal signull };
+allow pulseaudio_t self:process { execmem getcap getsched setcap setrlimit setsched signal signull };
allow pulseaudio_t self:fifo_file rw_fifo_file_perms;
allow pulseaudio_t self:unix_stream_socket { accept connectto listen };
allow pulseaudio_t self:unix_dgram_socket sendto;
@@ -129,9 +129,11 @@ logging_send_syslog_msg(pulseaudio_t)
miscfiles_read_localization(pulseaudio_t)
userdom_read_user_tmpfs_files(pulseaudio_t)
-
+userdom_delete_user_tmpfs_files(pulseaudio_t)
userdom_search_user_home_dirs(pulseaudio_t)
-userdom_write_user_tmp_sockets(pulseaudio_t)
+userdom_search_user_home_content(pulseaudio_t)
+
+userdom_manage_user_tmp_sockets(pulseaudio_t)
tunable_policy(`use_nfs_home_dirs',`
fs_manage_nfs_dirs(pulseaudio_t)
@@ -146,7 +148,8 @@ tunable_policy(`use_samba_home_dirs',`
')
optional_policy(`
- alsa_read_rw_config(pulseaudio_t)
+ alsa_read_config(pulseaudio_t)
+ alsa_read_home_files(pulseaudio_t)
')
optional_policy(`
@@ -176,6 +179,17 @@ optional_policy(`
')
optional_policy(`
+ # OIL Runtime Compiler (ORC) optimized code execution
+ can_exec(pulseaudio_t, gstreamer_orcexec_t)
+ gnome_user_runtime_filetrans_gstreamer_orcexec(pulseaudio_t, file)
+ gnome_home_filetrans_gstreamer_orcexec(pulseaudio_t, file)
+ gnome_tmp_filetrans_gstreamer_orcexec(pulseaudio_t, file)
+ manage_files_pattern(pulseaudio_t, gstreamer_orcexec_t, gstreamer_orcexec_t)
+
+ gnome_stream_connect_gconf(pulseaudio_t)
+')
+
+optional_policy(`
rtkit_scheduled(pulseaudio_t)
')
@@ -186,6 +200,7 @@ optional_policy(`
')
optional_policy(`
+ udev_read_pid_files(pulseaudio_t)
udev_read_state(pulseaudio_t)
udev_read_db(pulseaudio_t)
')
^ permalink raw reply [flat|nested] 15+ messages in thread
* [refpolicy] [PATCH] Update the pulseaudio module for usability and ORC support
2016-08-11 22:04 [refpolicy] [PATCH] Update the pulseaudio module for usability and ORC support Guido Trentalancia
@ 2016-08-12 7:02 ` Dominick Grift
2016-08-12 8:18 ` Dominick Grift
2016-08-12 16:58 ` [refpolicy] [PATCH v2] " Guido Trentalancia
2 siblings, 0 replies; 15+ messages in thread
From: Dominick Grift @ 2016-08-12 7:02 UTC (permalink / raw)
To: refpolicy
On 08/12/2016 12:04 AM, Guido Trentalancia wrote:
> Update the pulseaudio module so that it is usable (tested with
> latest version pulseaudio 9.0).
>
> Support for the OIL Runtime Compiler (OIL) optimized code
> execution is added to the pulseaudio module by using a few
> newly created interfaces and file contexts in the gnome
> module.
>
> Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
Will not work for various reasons.
> ---
> policy/modules/contrib/gnome.fc | 4 +
> policy/modules/contrib/gnome.if | 91 +++++++++++++++++++++++++++++++++++
> policy/modules/contrib/gnome.te | 3 +
> policy/modules/contrib/pulseaudio.fc | 1
> policy/modules/contrib/pulseaudio.if | 1
> policy/modules/contrib/pulseaudio.te | 23 +++++++-
> 6 files changed, 119 insertions(+), 4 deletions(-)
>
> --- refpolicy-git-06082016-orig/policy/modules/contrib/gnome.fc 2016-08-06 21:27:11.354094337 +0200
> +++ refpolicy-git-06082016/policy/modules/contrib/gnome.fc 2016-08-11 21:42:20.520989284 +0200
> @@ -4,13 +4,17 @@ HOME_DIR/\.gnome(/.*)? gen_context(syste
> HOME_DIR/\.gnome2(/.*)? gen_context(system_u:object_r:gnome_home_t,s0)
> HOME_DIR/\.gnome2/keyrings(/.*)? gen_context(system_u:object_r:gnome_keyring_home_t,s0)
> HOME_DIR/\.gnome2_private(/.*)? gen_context(system_u:object_r:gnome_home_t,s0)
> +HOME_DIR/orcexec.* gen_context(system_u:object_r:gstreamer_orcexec_t,s0)
is a plain file but this still wouldnt work. liborc is linked to by
various programs. some of these programs already maintain files in ~
with a automatic file type transition. Therefore you may not be able to
take this approach because you would end up with conflicting type
transition rules.
Besides. liborc defaults to $XDG_RUNTIM_DIR (that means it will first
try in this order: /run/user/UID , ~/.cache , /tmp
not sure if it still even tries ~ at all anymore (although it did in the
past)
if all else fails it will use "process execmem"
>
> /etc/gconf(/.*)? gen_context(system_u:object_r:gconf_etc_t,s0)
>
> /tmp/gconfd-USER/.* -- gen_context(system_u:object_r:gconf_tmp_t,s0)
> +/tmp/orcexec.* gen_context(system_u:object_r:gstreamer_orcexec_t,s0)
its a plain file, but this file context will cause issues. What if a
program running on s1 that is linked to liborc maintains this? then
restorecon might declassify it to s0
>
> /usr/bin/gnome-keyring-daemon -- gen_context(system_u:object_r:gkeyringd_exec_t,s0)
> /usr/bin/mate-keyring-daemon -- gen_context(system_u:object_r:gkeyringd_exec_t,s0)
>
> /usr/lib/[^/]*/gconf/gconfd-2 -- gen_context(system_u:object_r:gconfd_exec_t,s0)
> /usr/libexec/gconfd-2 -- gen_context(system_u:object_r:gconfd_exec_t,s0)
> +
> +/var/run/user/[^/]*/orcexec.* gen_context(system_u:object_r:gstreamer_orcexec_t,s0)
Sme as above but on top of that you would have to use the genhomedircon
keyword for $XDG_RUNTIME_DIR
> --- refpolicy-git-06082016-orig/policy/modules/contrib/gnome.if 2016-08-06 21:27:11.354094337 +0200
> +++ refpolicy-git-06082016/policy/modules/contrib/gnome.if 2016-08-11 23:19:10.190331107 +0200
> @@ -569,6 +569,36 @@ interface(`gnome_home_filetrans_gnome_ho
>
> ########################################
> ## <summary>
> +## Create objects in user home
> +## directories with the gstreamer
> +## orcexec type.
> +## </summary>
> +## <param name="domain">
> +## <summary>
> +## Domain allowed access.
> +## </summary>
> +## </param>
> +## <param name="object_class">
> +## <summary>
> +## Class of the object being created.
> +## </summary>
> +## </param>
> +## <param name="name" optional="true">
> +## <summary>
> +## The name of the object being created.
> +## </summary>
> +## </param>
> +#
> +interface(`gnome_home_filetrans_gstreamer_orcexec',`
> + gen_require(`
> + type gstreamer_orcexec_t;
> + ')
> +
> + userdom_user_home_dir_filetrans($1, gstreamer_orcexec_t, $2, $3)
> +')
> +
> +########################################
> +## <summary>
> ## Create objects in gnome gconf home
> ## directories with a private type.
> ## </summary>
> @@ -603,6 +633,67 @@ interface(`gnome_gconf_home_filetrans',`
> ')
>
> ########################################
> +## <summary>
> +## Create objects in the user
> +## runtime directories with the
> +## gstreamer orcexec type.
> +## </summary>
> +## <param name="domain">
> +## <summary>
> +## Domain allowed access.
> +## </summary>
> +## </param>
> +## <param name="object_class">
> +## <summary>
> +## Class of the object being created.
> +## </summary>
> +## </param>
> +## <param name="name" optional="true">
> +## <summary>
> +## The name of the object being created.
> +## </summary>
> +## </param>
> +#
> +interface(`gnome_user_runtime_filetrans_gstreamer_orcexec',`
> + gen_require(`
> + type gstreamer_orcexec_t;
> + ')
> +
> + userdom_user_runtime_filetrans($1, gstreamer_orcexec_t, $2, $3)
> +')
> +
> +
> +########################################
> +## <summary>
> +## Create objects in the tmp
> +## directories with the gstreamer
> +## orcexec type.
> +## </summary>
> +## <param name="domain">
> +## <summary>
> +## Domain allowed access.
> +## </summary>
> +## </param>
> +## <param name="object_class">
> +## <summary>
> +## Class of the object being created.
> +## </summary>
> +## </param>
> +## <param name="name" optional="true">
> +## <summary>
> +## The name of the object being created.
> +## </summary>
> +## </param>
> +#
> +interface(`gnome_tmp_filetrans_gstreamer_orcexec',`
> + gen_require(`
> + type gstreamer_orcexec_t;
> + ')
> +
> + files_tmp_filetrans($1, gstreamer_orcexec_t, $2, $3)
> +')
> +
> +########################################
> ## <summary>
> ## Read generic gnome keyring home files.
> ## </summary>
> --- refpolicy-git-06082016-orig/policy/modules/contrib/gnome.te 2016-08-06 21:27:11.354094337 +0200
> +++ refpolicy-git-06082016/policy/modules/contrib/gnome.te 2016-08-11 20:16:46.001970644 +0200
> @@ -46,6 +46,9 @@ userdom_user_home_content(gnome_keyring_
> type gnome_keyring_tmp_t;
> userdom_user_tmp_file(gnome_keyring_tmp_t)
>
> +type gstreamer_orcexec_t;
> +application_executable_file(gstreamer_orcexec_t)
is not a application executable file. its a plain file that is mmap'd by
liborc
> +
> ##############################
> #
> # Common local Policy
> --- refpolicy-git-06082016-orig/policy/modules/contrib/pulseaudio.fc 2016-08-06 21:27:11.411094987 +0200
> +++ refpolicy-git-06082016/policy/modules/contrib/pulseaudio.fc 2016-08-11 20:07:21.338329216 +0200
> @@ -1,6 +1,7 @@
> HOME_DIR/\.esd_auth -- gen_context(system_u:object_r:pulseaudio_home_t,s0)
> HOME_DIR/\.pulse(/.*)? gen_context(system_u:object_r:pulseaudio_home_t,s0)
> HOME_DIR/\.pulse-cookie -- gen_context(system_u:object_r:pulseaudio_home_t,s0)
> +HOME_DIR/\.config/pulse(/.*)? -- gen_context(system_u:object_r:pulseaudio_home_t,s0)
>
> /usr/bin/pulseaudio -- gen_context(system_u:object_r:pulseaudio_exec_t,s0)
>
> --- refpolicy-git-06082016-orig/policy/modules/contrib/pulseaudio.if 2016-08-06 21:27:11.411094987 +0200
> +++ refpolicy-git-06082016/policy/modules/contrib/pulseaudio.if 2016-08-11 17:34:47.778835995 +0200
> @@ -25,6 +25,7 @@ interface(`pulseaudio_role',`
> pulseaudio_run($2, $1)
>
> allow $2 pulseaudio_t:process { ptrace signal_perms };
> + allow $2 pulseaudio_t:fd use;
> ps_process_pattern($2, pulseaudio_t)
>
> allow $2 pulseaudio_home_t:dir { manage_dir_perms relabel_dir_perms };
> --- refpolicy-git-06082016-orig/policy/modules/contrib/pulseaudio.te 2016-08-06 21:27:11.412094999 +0200
> +++ refpolicy-git-06082016/policy/modules/contrib/pulseaudio.te 2016-08-11 23:50:05.921992338 +0200
> @@ -37,7 +37,7 @@ files_pid_file(pulseaudio_var_run_t)
> #
>
> allow pulseaudio_t self:capability { fowner fsetid chown setgid setuid sys_nice sys_resource sys_tty_config };
> -allow pulseaudio_t self:process { getcap setcap setrlimit setsched getsched signal signull };
> +allow pulseaudio_t self:process { execmem getcap getsched setcap setrlimit setsched signal signull };
execmem is optional. it will only resort to execmem if it is unable to
mmap the file (failover)
> allow pulseaudio_t self:fifo_file rw_fifo_file_perms;
> allow pulseaudio_t self:unix_stream_socket { accept connectto listen };
> allow pulseaudio_t self:unix_dgram_socket sendto;
> @@ -129,9 +129,11 @@ logging_send_syslog_msg(pulseaudio_t)
> miscfiles_read_localization(pulseaudio_t)
>
> userdom_read_user_tmpfs_files(pulseaudio_t)
> -
> +userdom_delete_user_tmpfs_files(pulseaudio_t)
> userdom_search_user_home_dirs(pulseaudio_t)
> -userdom_write_user_tmp_sockets(pulseaudio_t)
> +userdom_search_user_home_content(pulseaudio_t)
> +
> +userdom_manage_user_tmp_sockets(pulseaudio_t)
>
> tunable_policy(`use_nfs_home_dirs',`
> fs_manage_nfs_dirs(pulseaudio_t)
> @@ -146,7 +148,8 @@ tunable_policy(`use_samba_home_dirs',`
> ')
>
> optional_policy(`
> - alsa_read_rw_config(pulseaudio_t)
> + alsa_read_config(pulseaudio_t)
> + alsa_read_home_files(pulseaudio_t)
> ')
>
> optional_policy(`
> @@ -176,6 +179,17 @@ optional_policy(`
> ')
>
> optional_policy(`
> + # OIL Runtime Compiler (ORC) optimized code execution
> + can_exec(pulseaudio_t, gstreamer_orcexec_t)
> + gnome_user_runtime_filetrans_gstreamer_orcexec(pulseaudio_t, file)
> + gnome_home_filetrans_gstreamer_orcexec(pulseaudio_t, file)
> + gnome_tmp_filetrans_gstreamer_orcexec(pulseaudio_t, file)
> + manage_files_pattern(pulseaudio_t, gstreamer_orcexec_t, gstreamer_orcexec_t)
> +
> + gnome_stream_connect_gconf(pulseaudio_t)
> +')
> +
> +optional_policy(`
> rtkit_scheduled(pulseaudio_t)
> ')
>
> @@ -186,6 +200,7 @@ optional_policy(`
> ')
>
> optional_policy(`
> + udev_read_pid_files(pulseaudio_t)
> udev_read_state(pulseaudio_t)
> udev_read_db(pulseaudio_t)
> ')
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
>
--
Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02
https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02
Dominick Grift
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 648 bytes
Desc: OpenPGP digital signature
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20160812/448d50b6/attachment.bin
^ permalink raw reply [flat|nested] 15+ messages in thread
* [refpolicy] [PATCH] Update the pulseaudio module for usability and ORC support
2016-08-11 22:04 [refpolicy] [PATCH] Update the pulseaudio module for usability and ORC support Guido Trentalancia
2016-08-12 7:02 ` Dominick Grift
@ 2016-08-12 8:18 ` Dominick Grift
2016-08-12 16:57 ` Guido Trentalancia
2016-08-12 16:58 ` [refpolicy] [PATCH v2] " Guido Trentalancia
2 siblings, 1 reply; 15+ messages in thread
From: Dominick Grift @ 2016-08-12 8:18 UTC (permalink / raw)
To: refpolicy
On 08/12/2016 12:04 AM, Guido Trentalancia wrote:
> Update the pulseaudio module so that it is usable (tested with
> latest version pulseaudio 9.0).
>
> Support for the OIL Runtime Compiler (OIL) optimized code
> execution is added to the pulseaudio module by using a few
> newly created interfaces and file contexts in the gnome
> module.
>
Anyhow let me also try to be constructive and make some suggestions
I wouldnt try to support all imaginable scenario's, at least not
initially. That means that I would rely on the XDG spec. Thus support
$XDG_RUNTIME_DIR (/run/user/UID, ~/.cache. /tmp)
So i would not support the "~" scenario. I would also not support the
"process execmem" scenario, or at least not unconditionally.
So that leaves us with /run/user/UID and optionally ~/.cache and /tmp
for failover.
Then i would, at least not initially, not create a "orcexec file type"
Instead i would just treat this as individual types. for example for the
pulseaudio orcexec file in /run/user/UID: pulseaudio_runtime_user_t (or
whatever name convention reference policy uses for files in /run/user)
Then that runtime user file needs to be mmap'd by the domain that
maintains it (it is not to be executed)
allow domain domain_runtime_file:file mmap_file_perms;
These files are generally not "shared" they are just for internal
purposes i believe.
Below inline also some more comments
> Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
> ---
> policy/modules/contrib/gnome.fc | 4 +
> policy/modules/contrib/gnome.if | 91 +++++++++++++++++++++++++++++++++++
> policy/modules/contrib/gnome.te | 3 +
> policy/modules/contrib/pulseaudio.fc | 1
> policy/modules/contrib/pulseaudio.if | 1
> policy/modules/contrib/pulseaudio.te | 23 +++++++-
> 6 files changed, 119 insertions(+), 4 deletions(-)
>
> --- refpolicy-git-06082016-orig/policy/modules/contrib/gnome.fc 2016-08-06 21:27:11.354094337 +0200
> +++ refpolicy-git-06082016/policy/modules/contrib/gnome.fc 2016-08-11 21:42:20.520989284 +0200
> @@ -4,13 +4,17 @@ HOME_DIR/\.gnome(/.*)? gen_context(syste
> HOME_DIR/\.gnome2(/.*)? gen_context(system_u:object_r:gnome_home_t,s0)
> HOME_DIR/\.gnome2/keyrings(/.*)? gen_context(system_u:object_r:gnome_keyring_home_t,s0)
> HOME_DIR/\.gnome2_private(/.*)? gen_context(system_u:object_r:gnome_home_t,s0)
> +HOME_DIR/orcexec.* gen_context(system_u:object_r:gstreamer_orcexec_t,s0)
>
> /etc/gconf(/.*)? gen_context(system_u:object_r:gconf_etc_t,s0)
>
> /tmp/gconfd-USER/.* -- gen_context(system_u:object_r:gconf_tmp_t,s0)
> +/tmp/orcexec.* gen_context(system_u:object_r:gstreamer_orcexec_t,s0)
>
> /usr/bin/gnome-keyring-daemon -- gen_context(system_u:object_r:gkeyringd_exec_t,s0)
> /usr/bin/mate-keyring-daemon -- gen_context(system_u:object_r:gkeyringd_exec_t,s0)
>
> /usr/lib/[^/]*/gconf/gconfd-2 -- gen_context(system_u:object_r:gconfd_exec_t,s0)
> /usr/libexec/gconfd-2 -- gen_context(system_u:object_r:gconfd_exec_t,s0)
> +
> +/var/run/user/[^/]*/orcexec.* gen_context(system_u:object_r:gstreamer_orcexec_t,s0)
> --- refpolicy-git-06082016-orig/policy/modules/contrib/gnome.if 2016-08-06 21:27:11.354094337 +0200
> +++ refpolicy-git-06082016/policy/modules/contrib/gnome.if 2016-08-11 23:19:10.190331107 +0200
> @@ -569,6 +569,36 @@ interface(`gnome_home_filetrans_gnome_ho
>
> ########################################
> ## <summary>
> +## Create objects in user home
> +## directories with the gstreamer
> +## orcexec type.
> +## </summary>
> +## <param name="domain">
> +## <summary>
> +## Domain allowed access.
> +## </summary>
> +## </param>
> +## <param name="object_class">
> +## <summary>
> +## Class of the object being created.
> +## </summary>
> +## </param>
> +## <param name="name" optional="true">
> +## <summary>
> +## The name of the object being created.
> +## </summary>
> +## </param>
> +#
> +interface(`gnome_home_filetrans_gstreamer_orcexec',`
> + gen_require(`
> + type gstreamer_orcexec_t;
> + ')
> +
> + userdom_user_home_dir_filetrans($1, gstreamer_orcexec_t, $2, $3)
> +')
> +
> +########################################
> +## <summary>
> ## Create objects in gnome gconf home
> ## directories with a private type.
> ## </summary>
> @@ -603,6 +633,67 @@ interface(`gnome_gconf_home_filetrans',`
> ')
>
> ########################################
> +## <summary>
> +## Create objects in the user
> +## runtime directories with the
> +## gstreamer orcexec type.
> +## </summary>
> +## <param name="domain">
> +## <summary>
> +## Domain allowed access.
> +## </summary>
> +## </param>
> +## <param name="object_class">
> +## <summary>
> +## Class of the object being created.
> +## </summary>
> +## </param>
> +## <param name="name" optional="true">
> +## <summary>
> +## The name of the object being created.
> +## </summary>
> +## </param>
> +#
> +interface(`gnome_user_runtime_filetrans_gstreamer_orcexec',`
> + gen_require(`
> + type gstreamer_orcexec_t;
> + ')
> +
> + userdom_user_runtime_filetrans($1, gstreamer_orcexec_t, $2, $3)
> +')
> +
> +
> +########################################
> +## <summary>
> +## Create objects in the tmp
> +## directories with the gstreamer
> +## orcexec type.
> +## </summary>
> +## <param name="domain">
> +## <summary>
> +## Domain allowed access.
> +## </summary>
> +## </param>
> +## <param name="object_class">
> +## <summary>
> +## Class of the object being created.
> +## </summary>
> +## </param>
> +## <param name="name" optional="true">
> +## <summary>
> +## The name of the object being created.
> +## </summary>
> +## </param>
> +#
> +interface(`gnome_tmp_filetrans_gstreamer_orcexec',`
> + gen_require(`
> + type gstreamer_orcexec_t;
> + ')
> +
> + files_tmp_filetrans($1, gstreamer_orcexec_t, $2, $3)
> +')
> +
> +########################################
> ## <summary>
> ## Read generic gnome keyring home files.
> ## </summary>
> --- refpolicy-git-06082016-orig/policy/modules/contrib/gnome.te 2016-08-06 21:27:11.354094337 +0200
> +++ refpolicy-git-06082016/policy/modules/contrib/gnome.te 2016-08-11 20:16:46.001970644 +0200
> @@ -46,6 +46,9 @@ userdom_user_home_content(gnome_keyring_
> type gnome_keyring_tmp_t;
> userdom_user_tmp_file(gnome_keyring_tmp_t)
>
> +type gstreamer_orcexec_t;
> +application_executable_file(gstreamer_orcexec_t)
> +
> ##############################
> #
> # Common local Policy
> --- refpolicy-git-06082016-orig/policy/modules/contrib/pulseaudio.fc 2016-08-06 21:27:11.411094987 +0200
> +++ refpolicy-git-06082016/policy/modules/contrib/pulseaudio.fc 2016-08-11 20:07:21.338329216 +0200
> @@ -1,6 +1,7 @@
> HOME_DIR/\.esd_auth -- gen_context(system_u:object_r:pulseaudio_home_t,s0)
> HOME_DIR/\.pulse(/.*)? gen_context(system_u:object_r:pulseaudio_home_t,s0)
> HOME_DIR/\.pulse-cookie -- gen_context(system_u:object_r:pulseaudio_home_t,s0)
> +HOME_DIR/\.config/pulse(/.*)? -- gen_context(system_u:object_r:pulseaudio_home_t,s0)
I suspect that refpolicy has a private type for ~/.config (not sure
though) Make sure that you are using refpolicy (up-to-date) and that
~/.config is not mislabeled
>
> /usr/bin/pulseaudio -- gen_context(system_u:object_r:pulseaudio_exec_t,s0)
>
> --- refpolicy-git-06082016-orig/policy/modules/contrib/pulseaudio.if 2016-08-06 21:27:11.411094987 +0200
> +++ refpolicy-git-06082016/policy/modules/contrib/pulseaudio.if 2016-08-11 17:34:47.778835995 +0200
> @@ -25,6 +25,7 @@ interface(`pulseaudio_role',`
> pulseaudio_run($2, $1)
>
> allow $2 pulseaudio_t:process { ptrace signal_perms };
> + allow $2 pulseaudio_t:fd use;
> ps_process_pattern($2, pulseaudio_t)
>
> allow $2 pulseaudio_home_t:dir { manage_dir_perms relabel_dir_perms };
> --- refpolicy-git-06082016-orig/policy/modules/contrib/pulseaudio.te 2016-08-06 21:27:11.412094999 +0200
> +++ refpolicy-git-06082016/policy/modules/contrib/pulseaudio.te 2016-08-11 23:50:05.921992338 +0200
> @@ -37,7 +37,7 @@ files_pid_file(pulseaudio_var_run_t)
> #
>
> allow pulseaudio_t self:capability { fowner fsetid chown setgid setuid sys_nice sys_resource sys_tty_config };
> -allow pulseaudio_t self:process { getcap setcap setrlimit setsched getsched signal signull };
> +allow pulseaudio_t self:process { execmem getcap getsched setcap setrlimit setsched signal signull };
> allow pulseaudio_t self:fifo_file rw_fifo_file_perms;
> allow pulseaudio_t self:unix_stream_socket { accept connectto listen };
> allow pulseaudio_t self:unix_dgram_socket sendto;
> @@ -129,9 +129,11 @@ logging_send_syslog_msg(pulseaudio_t)
> miscfiles_read_localization(pulseaudio_t)
>
> userdom_read_user_tmpfs_files(pulseaudio_t)
> -
> +userdom_delete_user_tmpfs_files(pulseaudio_t)
> userdom_search_user_home_dirs(pulseaudio_t)
> -userdom_write_user_tmp_sockets(pulseaudio_t)
> +userdom_search_user_home_content(pulseaudio_t)
Why is the above needed?
> +
> +userdom_manage_user_tmp_sockets(pulseaudio_t)
what sockets are those?
>
> tunable_policy(`use_nfs_home_dirs',`
> fs_manage_nfs_dirs(pulseaudio_t)
> @@ -146,7 +148,8 @@ tunable_policy(`use_samba_home_dirs',`
> ')
>
> optional_policy(`
> - alsa_read_rw_config(pulseaudio_t)
> + alsa_read_config(pulseaudio_t)
> + alsa_read_home_files(pulseaudio_t)
> ')
>
> optional_policy(`
> @@ -176,6 +179,17 @@ optional_policy(`
> ')
>
> optional_policy(`
> + # OIL Runtime Compiler (ORC) optimized code execution
> + can_exec(pulseaudio_t, gstreamer_orcexec_t)
So here you allow pulseaudio to actually execute that orcexec file but
that is too much. instead it needs:
allow pulseaudio_t gstreamer_orceexec_t:file mmap_file_perms;
> + gnome_user_runtime_filetrans_gstreamer_orcexec(pulseaudio_t, file)
Is the above refpolicy? because user_runtime is not a gnome thing.
> + gnome_home_filetrans_gstreamer_orcexec(pulseaudio_t, file)
> + gnome_tmp_filetrans_gstreamer_orcexec(pulseaudio_t, file)
> + manage_files_pattern(pulseaudio_t, gstreamer_orcexec_t, gstreamer_orcexec_t)
There is no directory here
> +
> + gnome_stream_connect_gconf(pulseaudio_t)
> +')
> +
> +optional_policy(`
> rtkit_scheduled(pulseaudio_t)
> ')
>
> @@ -186,6 +200,7 @@ optional_policy(`
> ')
>
> optional_policy(`
> + udev_read_pid_files(pulseaudio_t)
> udev_read_state(pulseaudio_t)
> udev_read_db(pulseaudio_t)
> ')
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
>
--
Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02
https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02
Dominick Grift
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 644 bytes
Desc: OpenPGP digital signature
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20160812/0eb7b11e/attachment-0001.bin
^ permalink raw reply [flat|nested] 15+ messages in thread
* [refpolicy] [PATCH] Update the pulseaudio module for usability and ORC support
2016-08-12 8:18 ` Dominick Grift
@ 2016-08-12 16:57 ` Guido Trentalancia
2016-08-12 17:09 ` Dominick Grift
0 siblings, 1 reply; 15+ messages in thread
From: Guido Trentalancia @ 2016-08-12 16:57 UTC (permalink / raw)
To: refpolicy
Hello Dominick !
Thanks very much for getting back with very useful suggestions !
My reply follows your comments...
On Fri, 12/08/2016 at 10.18 +0200, Dominick Grift wrote:
> On 08/12/2016 12:04 AM, Guido Trentalancia wrote:
> > Update the pulseaudio module so that it is usable (tested with
> > latest version pulseaudio 9.0).
> >
> > Support for the OIL Runtime Compiler (OIL) optimized code
> > execution is added to the pulseaudio module by using a few
> > newly created interfaces and file contexts in the gnome
> > module.
> >
>
> Anyhow let me also try to be constructive and make some suggestions
>
> I wouldnt try to support all imaginable scenario's, at least not
> initially. That means that I would rely on the XDG spec. Thus support
> $XDG_RUNTIME_DIR (/run/user/UID, ~/.cache. /tmp)
XDG_RUNTIME_DIR is not used by all systems. So, the first alternative
is /home/%{USER}. The second alternative is /tmp.
I would like to support all alternatives.
> So i would not support the "~" scenario. I would also not support the
> "process execmem" scenario, or at least not unconditionally.
Ok, I agree. Execmem is now supported through a boolean which defaults
to false, very good idea !
> So that leaves us with /run/user/UID and optionally ~/.cache and /tmp
> for failover.
See above for the first and second alternative (or please refer to the
code).
> Then i would, at least not initially, not create a "orcexec file
> type"
ORC is distributed along with gstreamer which belongs to gnome. That's
why I have created the new type in the gnome module.
> Instead i would just treat this as individual types. for example for
> the
> pulseaudio orcexec file in /run/user/UID: pulseaudio_runtime_user_t
> (or
> whatever name convention reference policy uses for files in
> /run/user)
See above. It's not necessarily used ONLY by pulseaudio !
It's provided as part of the gnome distribution and thus included in
the gnome module.
> Then that runtime user file needs to be mmap'd by the domain that
> maintains it (it is not to be executed)
>
> allow domain domain_runtime_file:file mmap_file_perms;
Yes, I have now amended it in the new version of the patch.
> These files are generally not "shared" they are just for internal
> purposes i believe.
They are not shared and used only for internal pulseaudio purposes
(it's optimized code generated at runtime: Optimized Inner Loops =
OIL).
However, as already said, ORC is not used only by pulseaudio ! For
example, another application using it is gstreamer...
> Below inline also some more comments
>
> > Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
> > ---
> > ?policy/modules/contrib/gnome.fc??????|????4 +
> > ?policy/modules/contrib/gnome.if??????|???91
> > +++++++++++++++++++++++++++++++++++
> > ?policy/modules/contrib/gnome.te??????|????3 +
> > ?policy/modules/contrib/pulseaudio.fc |????1
> > ?policy/modules/contrib/pulseaudio.if |????1
> > ?policy/modules/contrib/pulseaudio.te |???23 +++++++-
> > ?6 files changed, 119 insertions(+), 4 deletions(-)
> >
> > --- refpolicy-git-06082016-orig/policy/modules/contrib/gnome.fc
> > 2016-08-06 21:27:11.354094337 +0200
> > +++ refpolicy-git-06082016/policy/modules/contrib/gnome.fc 2
> > 016-08-11 21:42:20.520989284 +0200
> > @@ -4,13 +4,17 @@ HOME_DIR/\.gnome(/.*)? gen_context(syste
> > ?HOME_DIR/\.gnome2(/.*)? gen_context(system_u:object_r:gnome
> > _home_t,s0)
> > ?HOME_DIR/\.gnome2/keyrings(/.*)? gen_context(system_u:objec
> > t_r:gnome_keyring_home_t,s0)
> > ?HOME_DIR/\.gnome2_private(/.*)? gen_context(system_u:object
> > _r:gnome_home_t,s0)
> > +HOME_DIR/orcexec.* gen_context(system_u:object_r:gstreamer_
> > orcexec_t,s0)
> > ?
> > ?/etc/gconf(/.*)? gen_context(system_u:object_r:gconf_etc_t,
> > s0)
> > ?
> > ?/tmp/gconfd-USER/.* -- gen_context(system_u:object_r
> > :gconf_tmp_t,s0)
> > +/tmp/orcexec.* gen_context(system_u:object_r:gstrea
> > mer_orcexec_t,s0)
> > ?
> > ?/usr/bin/gnome-keyring-daemon -- gen_context(system_
> > u:object_r:gkeyringd_exec_t,s0)
> > ?/usr/bin/mate-keyring-daemon -- gen_context(system_u
> > :object_r:gkeyringd_exec_t,s0)
> > ?
> > ?/usr/lib/[^/]*/gconf/gconfd-2 -- gen_context(system_
> > u:object_r:gconfd_exec_t,s0)
> > ?/usr/libexec/gconfd-2 -- gen_context(system_u:object
> > _r:gconfd_exec_t,s0)
> > +
> > +/var/run/user/[^/]*/orcexec.* gen_context(system_u:object_r
> > :gstreamer_orcexec_t,s0)
> > --- refpolicy-git-06082016-orig/policy/modules/contrib/gnome.if
> > 2016-08-06 21:27:11.354094337 +0200
> > +++ refpolicy-git-06082016/policy/modules/contrib/gnome.if 2
> > 016-08-11 23:19:10.190331107 +0200
> > @@ -569,6 +569,36 @@ interface(`gnome_home_filetrans_gnome_ho
> > ?
> > ?########################################
> > ?## <summary>
> > +## Create objects in user home
> > +## directories with the gstreamer
> > +## orcexec type.
> > +## </summary>
> > +## <param name="domain">
> > +## <summary>
> > +## Domain allowed access.
> > +## </summary>
> > +## </param>
> > +## <param name="object_class">
> > +## <summary>
> > +## Class of the object being created.
> > +## </summary>
> > +## </param>
> > +## <param name="name" optional="true">
> > +## <summary>
> > +## The name of the object being created.
> > +## </summary>
> > +## </param>
> > +#
> > +interface(`gnome_home_filetrans_gstreamer_orcexec',`
> > + gen_require(`
> > + type gstreamer_orcexec_t;
> > + ')
> > +
> > + userdom_user_home_dir_filetrans($1, gstreamer_orcexec_t,
> > $2, $3)
> > +')
> > +
> > +########################################
> > +## <summary>
> > ?## Create objects in gnome gconf home
> > ?## directories with a private type.
> > ?## </summary>
> > @@ -603,6 +633,67 @@ interface(`gnome_gconf_home_filetrans',`
> > ?')
> > ?
> > ?########################################
> > +## <summary>
> > +## Create objects in the user
> > +## runtime directories with the
> > +## gstreamer orcexec type.
> > +## </summary>
> > +## <param name="domain">
> > +## <summary>
> > +## Domain allowed access.
> > +## </summary>
> > +## </param>
> > +## <param name="object_class">
> > +## <summary>
> > +## Class of the object being created.
> > +## </summary>
> > +## </param>
> > +## <param name="name" optional="true">
> > +## <summary>
> > +## The name of the object being created.
> > +## </summary>
> > +## </param>
> > +#
> > +interface(`gnome_user_runtime_filetrans_gstreamer_orcexec',`
> > + gen_require(`
> > + type gstreamer_orcexec_t;
> > + ')
> > +
> > + userdom_user_runtime_filetrans($1, gstreamer_orcexec_t,
> > $2, $3)
> > +')
> > +
> > +
> > +########################################
> > +## <summary>
> > +## Create objects in the tmp
> > +## directories with the gstreamer
> > +## orcexec type.
> > +## </summary>
> > +## <param name="domain">
> > +## <summary>
> > +## Domain allowed access.
> > +## </summary>
> > +## </param>
> > +## <param name="object_class">
> > +## <summary>
> > +## Class of the object being created.
> > +## </summary>
> > +## </param>
> > +## <param name="name" optional="true">
> > +## <summary>
> > +## The name of the object being created.
> > +## </summary>
> > +## </param>
> > +#
> > +interface(`gnome_tmp_filetrans_gstreamer_orcexec',`
> > + gen_require(`
> > + type gstreamer_orcexec_t;
> > + ')
> > +
> > + files_tmp_filetrans($1, gstreamer_orcexec_t, $2, $3)
> > +')
> > +
> > +########################################
> > ?## <summary>
> > ?## Read generic gnome keyring home files.
> > ?## </summary>
> > --- refpolicy-git-06082016-orig/policy/modules/contrib/gnome.te
> > 2016-08-06 21:27:11.354094337 +0200
> > +++ refpolicy-git-06082016/policy/modules/contrib/gnome.te 2
> > 016-08-11 20:16:46.001970644 +0200
> > @@ -46,6 +46,9 @@ userdom_user_home_content(gnome_keyring_
> > ?type gnome_keyring_tmp_t;
> > ?userdom_user_tmp_file(gnome_keyring_tmp_t)
> > ?
> > +type gstreamer_orcexec_t;
> > +application_executable_file(gstreamer_orcexec_t)
> > +
> > ?##############################
> > ?#
> > ?# Common local Policy
> > --- refpolicy-git-06082016-
> > orig/policy/modules/contrib/pulseaudio.fc 2016-08-06
> > 21:27:11.411094987 +0200
> > +++ refpolicy-git-06082016/policy/modules/contrib/pulseaudio.fc
> > 2016-08-11 20:07:21.338329216 +0200
> > @@ -1,6 +1,7 @@
> > ?HOME_DIR/\.esd_auth -- gen_context(system_u:object_r
> > :pulseaudio_home_t,s0)
> > ?HOME_DIR/\.pulse(/.*)? gen_context(system_u:object_r:pulsea
> > udio_home_t,s0)
> > ?HOME_DIR/\.pulse-cookie -- gen_context(system_u:obje
> > ct_r:pulseaudio_home_t,s0)
> > +HOME_DIR/\.config/pulse(/.*)? -- gen_context(system_
> > u:object_r:pulseaudio_home_t,s0)
>
> I suspect that refpolicy has a private type for ~/.config (not sure
> though) Make sure that you are using refpolicy (up-to-date) and that
> ~/.config is not mislabeled
The file context for ~/.config has not been modified. However, I don't
like pulseaudio to have manage permissions on the user_home_t,
therefore I created a specific file context for the subdirectory
"pulse" used by pulseaudio.
> > ?
> > ?/usr/bin/pulseaudio -- gen_context(system_u:object_r
> > :pulseaudio_exec_t,s0)
> > ?
> > --- refpolicy-git-06082016-
> > orig/policy/modules/contrib/pulseaudio.if 2016-08-06
> > 21:27:11.411094987 +0200
> > +++ refpolicy-git-06082016/policy/modules/contrib/pulseaudio.if
> > 2016-08-11 17:34:47.778835995 +0200
> > @@ -25,6 +25,7 @@ interface(`pulseaudio_role',`
> > ? pulseaudio_run($2, $1)
> > ?
> > ? allow $2 pulseaudio_t:process { ptrace signal_perms };
> > + allow $2 pulseaudio_t:fd use;
> > ? ps_process_pattern($2, pulseaudio_t)
> > ?
> > ? allow $2 pulseaudio_home_t:dir { manage_dir_perms
> > relabel_dir_perms };
> > --- refpolicy-git-06082016-
> > orig/policy/modules/contrib/pulseaudio.te 2016-08-06
> > 21:27:11.412094999 +0200
> > +++ refpolicy-git-06082016/policy/modules/contrib/pulseaudio.te
> > 2016-08-11 23:50:05.921992338 +0200
> > @@ -37,7 +37,7 @@ files_pid_file(pulseaudio_var_run_t)
> > ?#
> > ?
> > ?allow pulseaudio_t self:capability { fowner fsetid chown setgid
> > setuid sys_nice sys_resource sys_tty_config };
> > -allow pulseaudio_t self:process { getcap setcap setrlimit setsched
> > getsched signal signull };
> > +allow pulseaudio_t self:process { execmem getcap getsched setcap
> > setrlimit setsched signal signull };
> > ?allow pulseaudio_t self:fifo_file rw_fifo_file_perms;
> > ?allow pulseaudio_t self:unix_stream_socket { accept connectto
> > listen };
> > ?allow pulseaudio_t self:unix_dgram_socket sendto;
> > @@ -129,9 +129,11 @@ logging_send_syslog_msg(pulseaudio_t)
> > ?miscfiles_read_localization(pulseaudio_t)
> > ?
> > ?userdom_read_user_tmpfs_files(pulseaudio_t)
> > -
> > +userdom_delete_user_tmpfs_files(pulseaudio_t)
> > ?userdom_search_user_home_dirs(pulseaudio_t)
> > -userdom_write_user_tmp_sockets(pulseaudio_t)
> > +userdom_search_user_home_content(pulseaudio_t)
>
> Why is the above needed?
It's needed for searching ~/.config (see above, without granting
rw+create=manage permissions).
> > +
> > +userdom_manage_user_tmp_sockets(pulseaudio_t)
>
> what sockets are those?
Unix sockets in /tmp subdirectories. For example Pulseaudio native
sockets or Esound sockets.
> > ?
> > ?tunable_policy(`use_nfs_home_dirs',`
> > ? fs_manage_nfs_dirs(pulseaudio_t)
> > @@ -146,7 +148,8 @@ tunable_policy(`use_samba_home_dirs',`
> > ?')
> > ?
> > ?optional_policy(`
> > - alsa_read_rw_config(pulseaudio_t)
> > + alsa_read_config(pulseaudio_t)
> > + alsa_read_home_files(pulseaudio_t)
> > ?')
> > ?
> > ?optional_policy(`
> > @@ -176,6 +179,17 @@ optional_policy(`
> > ?')
> > ?
> > ?optional_policy(`
> > + # OIL Runtime Compiler (ORC) optimized code execution
> > + can_exec(pulseaudio_t, gstreamer_orcexec_t)
>
> So here you allow pulseaudio to actually execute that orcexec file
> but
> that is too much. instead it needs:
>
> allow pulseaudio_t gstreamer_orceexec_t:file mmap_file_perms;
I agree, it has been amended in the new version of this patch.
> > + gnome_user_runtime_filetrans_gstreamer_orcexec(pulseaudio_
> > t, file)
>
> Is the above refpolicy? because user_runtime is not a gnome thing.
I have created the above interface. user_runtime_t is not a gnome
thing, but gstreamer_orcexec_t is now a gnome type (see other similar
existing interfaces in gnome.if).
> > + gnome_home_filetrans_gstreamer_orcexec(pulseaudio_t, file)
>
> > + gnome_tmp_filetrans_gstreamer_orcexec(pulseaudio_t, file)
> > + manage_files_pattern(pulseaudio_t, gstreamer_orcexec_t,
> > gstreamer_orcexec_t)
>
> There is no directory here
Ok, amended.
> > +
> > + gnome_stream_connect_gconf(pulseaudio_t)
> > +')
> > +
> > +optional_policy(`
> > ? rtkit_scheduled(pulseaudio_t)
> > ?')
> > ?
> > @@ -186,6 +200,7 @@ optional_policy(`
> > ?')
> > ?
> > ?optional_policy(`
> > + udev_read_pid_files(pulseaudio_t)
> > ? udev_read_state(pulseaudio_t)
> > ? udev_read_db(pulseaudio_t)
> > ?')
> > _______________________________________________
A new version of the patch, with the suggested amendments follows in a
separate message.
Best regards,
Guido
^ permalink raw reply [flat|nested] 15+ messages in thread
* [refpolicy] [PATCH v2] Update the pulseaudio module for usability and ORC support
2016-08-11 22:04 [refpolicy] [PATCH] Update the pulseaudio module for usability and ORC support Guido Trentalancia
2016-08-12 7:02 ` Dominick Grift
2016-08-12 8:18 ` Dominick Grift
@ 2016-08-12 16:58 ` Guido Trentalancia
2016-08-12 19:56 ` [refpolicy] [PATCH v3] " Guido Trentalancia
2 siblings, 1 reply; 15+ messages in thread
From: Guido Trentalancia @ 2016-08-12 16:58 UTC (permalink / raw)
To: refpolicy
Update the pulseaudio module so that it is usable (tested with
latest version pulseaudio 9.0).
Support for the OIL Runtime Compiler (OIL) optimized code
execution is added to the pulseaudio module by using a few
newly created interfaces and file contexts in the gnome
module.
Supports the execmem permission only through a boolean which
defaults to false.
Thanks to Dominick Grift for the useful suggestions that
permitted to create this new improved version of the patch.
Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
---
policy/modules/contrib/gnome.fc | 5 +
policy/modules/contrib/gnome.if | 91 +++++++++++++++++++++++++++++++++++
policy/modules/contrib/gnome.te | 2
policy/modules/contrib/pulseaudio.fc | 1
policy/modules/contrib/pulseaudio.if | 1
policy/modules/contrib/pulseaudio.te | 35 +++++++++++--
6 files changed, 131 insertions(+), 4 deletions(-)
--- refpolicy-git-06082016-orig/policy/modules/contrib/gnome.fc 2016-08-06 21:27:11.354094337 +0200
+++ refpolicy-git-06082016/policy/modules/contrib/gnome.fc 2016-08-12 17:39:35.069146107 +0200
@@ -4,13 +4,18 @@ HOME_DIR/\.gnome(/.*)? gen_context(syste
HOME_DIR/\.gnome2(/.*)? gen_context(system_u:object_r:gnome_home_t,s0)
HOME_DIR/\.gnome2/keyrings(/.*)? gen_context(system_u:object_r:gnome_keyring_home_t,s0)
HOME_DIR/\.gnome2_private(/.*)? gen_context(system_u:object_r:gnome_home_t,s0)
+HOME_DIR/orcexec\..* gen_context(system_u:object_r:gstreamer_orcexec_t,s0)
/etc/gconf(/.*)? gen_context(system_u:object_r:gconf_etc_t,s0)
/tmp/gconfd-USER/.* -- gen_context(system_u:object_r:gconf_tmp_t,s0)
+/tmp/orcexec\..* gen_context(system_u:object_r:gstreamer_orcexec_t,s0)
/usr/bin/gnome-keyring-daemon -- gen_context(system_u:object_r:gkeyringd_exec_t,s0)
/usr/bin/mate-keyring-daemon -- gen_context(system_u:object_r:gkeyringd_exec_t,s0)
/usr/lib/[^/]*/gconf/gconfd-2 -- gen_context(system_u:object_r:gconfd_exec_t,s0)
/usr/libexec/gconfd-2 -- gen_context(system_u:object_r:gconfd_exec_t,s0)
+
+/var/run/user/[^/]*/orcexec\..* gen_context(system_u:object_r:gstreamer_orcexec_t,s0)
+/var/run/user/%{USERID}/orcexec\..* gen_context(system_u:object_r:gstreamer_orcexec_t,s0)
--- refpolicy-git-06082016-orig/policy/modules/contrib/gnome.if 2016-08-06 21:27:11.354094337 +0200
+++ refpolicy-git-06082016/policy/modules/contrib/gnome.if 2016-08-11 23:19:10.190331107 +0200
@@ -569,6 +569,36 @@ interface(`gnome_home_filetrans_gnome_ho
########################################
## <summary>
+## Create objects in user home
+## directories with the gstreamer
+## orcexec type.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+## <param name="object_class">
+## <summary>
+## Class of the object being created.
+## </summary>
+## </param>
+## <param name="name" optional="true">
+## <summary>
+## The name of the object being created.
+## </summary>
+## </param>
+#
+interface(`gnome_home_filetrans_gstreamer_orcexec',`
+ gen_require(`
+ type gstreamer_orcexec_t;
+ ')
+
+ userdom_user_home_dir_filetrans($1, gstreamer_orcexec_t, $2, $3)
+')
+
+########################################
+## <summary>
## Create objects in gnome gconf home
## directories with a private type.
## </summary>
@@ -603,6 +633,67 @@ interface(`gnome_gconf_home_filetrans',`
')
########################################
+## <summary>
+## Create objects in the user
+## runtime directories with the
+## gstreamer orcexec type.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+## <param name="object_class">
+## <summary>
+## Class of the object being created.
+## </summary>
+## </param>
+## <param name="name" optional="true">
+## <summary>
+## The name of the object being created.
+## </summary>
+## </param>
+#
+interface(`gnome_user_runtime_filetrans_gstreamer_orcexec',`
+ gen_require(`
+ type gstreamer_orcexec_t;
+ ')
+
+ userdom_user_runtime_filetrans($1, gstreamer_orcexec_t, $2, $3)
+')
+
+
+########################################
+## <summary>
+## Create objects in the tmp
+## directories with the gstreamer
+## orcexec type.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+## <param name="object_class">
+## <summary>
+## Class of the object being created.
+## </summary>
+## </param>
+## <param name="name" optional="true">
+## <summary>
+## The name of the object being created.
+## </summary>
+## </param>
+#
+interface(`gnome_tmp_filetrans_gstreamer_orcexec',`
+ gen_require(`
+ type gstreamer_orcexec_t;
+ ')
+
+ files_tmp_filetrans($1, gstreamer_orcexec_t, $2, $3)
+')
+
+########################################
## <summary>
## Read generic gnome keyring home files.
## </summary>
--- refpolicy-git-06082016-orig/policy/modules/contrib/gnome.te 2016-08-06 21:27:11.354094337 +0200
+++ refpolicy-git-06082016/policy/modules/contrib/gnome.te 2016-08-12 18:23:02.839197221 +0200
@@ -46,6 +46,8 @@ userdom_user_home_content(gnome_keyring_
type gnome_keyring_tmp_t;
userdom_user_tmp_file(gnome_keyring_tmp_t)
+type gstreamer_orcexec_t;
+
##############################
#
# Common local Policy
--- refpolicy-git-06082016-orig/policy/modules/contrib/pulseaudio.fc 2016-08-06 21:27:11.411094987 +0200
+++ refpolicy-git-06082016/policy/modules/contrib/pulseaudio.fc 2016-08-11 20:07:21.338329216 +0200
@@ -1,6 +1,7 @@
HOME_DIR/\.esd_auth -- gen_context(system_u:object_r:pulseaudio_home_t,s0)
HOME_DIR/\.pulse(/.*)? gen_context(system_u:object_r:pulseaudio_home_t,s0)
HOME_DIR/\.pulse-cookie -- gen_context(system_u:object_r:pulseaudio_home_t,s0)
+HOME_DIR/\.config/pulse(/.*)? -- gen_context(system_u:object_r:pulseaudio_home_t,s0)
/usr/bin/pulseaudio -- gen_context(system_u:object_r:pulseaudio_exec_t,s0)
--- refpolicy-git-06082016-orig/policy/modules/contrib/pulseaudio.if 2016-08-06 21:27:11.411094987 +0200
+++ refpolicy-git-06082016/policy/modules/contrib/pulseaudio.if 2016-08-11 17:34:47.778835995 +0200
@@ -25,6 +25,7 @@ interface(`pulseaudio_role',`
pulseaudio_run($2, $1)
allow $2 pulseaudio_t:process { ptrace signal_perms };
+ allow $2 pulseaudio_t:fd use;
ps_process_pattern($2, pulseaudio_t)
allow $2 pulseaudio_home_t:dir { manage_dir_perms relabel_dir_perms };
--- refpolicy-git-06082016-orig/policy/modules/contrib/pulseaudio.te 2016-08-06 21:27:11.412094999 +0200
+++ refpolicy-git-06082016/policy/modules/contrib/pulseaudio.te 2016-08-12 18:37:36.662627449 +0200
@@ -5,6 +5,14 @@ policy_module(pulseaudio, 1.8.1)
# Declarations
#
+## <desc>
+## <p>
+## Allow pulseaudio to execute code in
+## writable memory
+## </p>
+## </desc>
+gen_tunable(pulseaudio_execmem, false)
+
attribute pulseaudio_client;
attribute pulseaudio_tmpfsfile;
@@ -37,7 +45,12 @@ files_pid_file(pulseaudio_var_run_t)
#
allow pulseaudio_t self:capability { fowner fsetid chown setgid setuid sys_nice sys_resource sys_tty_config };
-allow pulseaudio_t self:process { getcap setcap setrlimit setsched getsched signal signull };
+allow pulseaudio_t self:process { getcap getsched setcap setrlimit setsched signal signull };
+
+tunable_policy(`pulseaudio_execmem',`
+ allow pulseaudio_t self:process execmem;
+')
+
allow pulseaudio_t self:fifo_file rw_fifo_file_perms;
allow pulseaudio_t self:unix_stream_socket { accept connectto listen };
allow pulseaudio_t self:unix_dgram_socket sendto;
@@ -129,9 +142,11 @@ logging_send_syslog_msg(pulseaudio_t)
miscfiles_read_localization(pulseaudio_t)
userdom_read_user_tmpfs_files(pulseaudio_t)
-
+userdom_delete_user_tmpfs_files(pulseaudio_t)
userdom_search_user_home_dirs(pulseaudio_t)
-userdom_write_user_tmp_sockets(pulseaudio_t)
+userdom_search_user_home_content(pulseaudio_t)
+
+userdom_manage_user_tmp_sockets(pulseaudio_t)
tunable_policy(`use_nfs_home_dirs',`
fs_manage_nfs_dirs(pulseaudio_t)
@@ -146,7 +161,8 @@ tunable_policy(`use_samba_home_dirs',`
')
optional_policy(`
- alsa_read_rw_config(pulseaudio_t)
+ alsa_read_config(pulseaudio_t)
+ alsa_read_home_files(pulseaudio_t)
')
optional_policy(`
@@ -176,6 +192,16 @@ optional_policy(`
')
optional_policy(`
+ gnome_stream_connect_gconf(pulseaudio_t)
+
+ # OIL Runtime Compiler (ORC) optimized code execution
+ allow pulseaudio_t gstreamer_orcexec_t:file { manage_file_perms mmap_file_perms };
+ gnome_user_runtime_filetrans_gstreamer_orcexec(pulseaudio_t, file)
+ gnome_home_filetrans_gstreamer_orcexec(pulseaudio_t, file)
+ gnome_tmp_filetrans_gstreamer_orcexec(pulseaudio_t, file)
+')
+
+optional_policy(`
rtkit_scheduled(pulseaudio_t)
')
@@ -186,6 +212,7 @@ optional_policy(`
')
optional_policy(`
+ udev_read_pid_files(pulseaudio_t)
udev_read_state(pulseaudio_t)
udev_read_db(pulseaudio_t)
')
^ permalink raw reply [flat|nested] 15+ messages in thread
* [refpolicy] [PATCH] Update the pulseaudio module for usability and ORC support
2016-08-12 16:57 ` Guido Trentalancia
@ 2016-08-12 17:09 ` Dominick Grift
2016-08-12 19:19 ` Guido Trentalancia
0 siblings, 1 reply; 15+ messages in thread
From: Dominick Grift @ 2016-08-12 17:09 UTC (permalink / raw)
To: refpolicy
On 08/12/2016 06:57 PM, Guido Trentalancia wrote:
> Hello Dominick !
>
> Thanks very much for getting back with very useful suggestions !
>
> My reply follows your comments...
>
> On Fri, 12/08/2016 at 10.18 +0200, Dominick Grift wrote:
>> On 08/12/2016 12:04 AM, Guido Trentalancia wrote:
>>> Update the pulseaudio module so that it is usable (tested with
>>> latest version pulseaudio 9.0).
>>>
>>> Support for the OIL Runtime Compiler (OIL) optimized code
>>> execution is added to the pulseaudio module by using a few
>>> newly created interfaces and file contexts in the gnome
>>> module.
>>>
>>
>> Anyhow let me also try to be constructive and make some suggestions
>>
>> I wouldnt try to support all imaginable scenario's, at least not
>> initially. That means that I would rely on the XDG spec. Thus support
>> $XDG_RUNTIME_DIR (/run/user/UID, ~/.cache. /tmp)
>
> XDG_RUNTIME_DIR is not used by all systems. So, the first alternative
> is /home/%{USER}. The second alternative is /tmp.
>
> I would like to support all alternatives.
>
>> So i would not support the "~" scenario. I would also not support the
>> "process execmem" scenario, or at least not unconditionally.
>
> Ok, I agree. Execmem is now supported through a boolean which defaults
> to false, very good idea !
>
>> So that leaves us with /run/user/UID and optionally ~/.cache and /tmp
>> for failover.
>
> See above for the first and second alternative (or please refer to the
> code).
>
>> Then i would, at least not initially, not create a "orcexec file
>> type"
>
> ORC is distributed along with gstreamer which belongs to gnome. That's
> why I have created the new type in the gnome module.
>
>> Instead i would just treat this as individual types. for example for
>> the
>> pulseaudio orcexec file in /run/user/UID: pulseaudio_runtime_user_t
>> (or
>> whatever name convention reference policy uses for files in
>> /run/user)
>
> See above. It's not necessarily used ONLY by pulseaudio !
>
> It's provided as part of the gnome distribution and thus included in
> the gnome module.
>
>> Then that runtime user file needs to be mmap'd by the domain that
>> maintains it (it is not to be executed)
>>
>> allow domain domain_runtime_file:file mmap_file_perms;
>
> Yes, I have now amended it in the new version of the patch.
>
>> These files are generally not "shared" they are just for internal
>> purposes i believe.
>
> They are not shared and used only for internal pulseaudio purposes
> (it's optimized code generated at runtime: Optimized Inner Loops =
> OIL).
>
> However, as already said, ORC is not used only by pulseaudio ! For
> example, another application using it is gstreamer...
>
I don't recall me saying the liborc is only used by pulseaudio. If i did
, then sorry because that was not my intention.
>> Below inline also some more comments
>>
>>> Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
>>> ---
>>> policy/modules/contrib/gnome.fc | 4 +
>>> policy/modules/contrib/gnome.if | 91
>>> +++++++++++++++++++++++++++++++++++
>>> policy/modules/contrib/gnome.te | 3 +
>>> policy/modules/contrib/pulseaudio.fc | 1
>>> policy/modules/contrib/pulseaudio.if | 1
>>> policy/modules/contrib/pulseaudio.te | 23 +++++++-
>>> 6 files changed, 119 insertions(+), 4 deletions(-)
>>>
>>> --- refpolicy-git-06082016-orig/policy/modules/contrib/gnome.fc
>>> 2016-08-06 21:27:11.354094337 +0200
>>> +++ refpolicy-git-06082016/policy/modules/contrib/gnome.fc 2
>>> 016-08-11 21:42:20.520989284 +0200
>>> @@ -4,13 +4,17 @@ HOME_DIR/\.gnome(/.*)? gen_context(syste
>>> HOME_DIR/\.gnome2(/.*)? gen_context(system_u:object_r:gnome
>>> _home_t,s0)
>>> HOME_DIR/\.gnome2/keyrings(/.*)? gen_context(system_u:objec
>>> t_r:gnome_keyring_home_t,s0)
>>> HOME_DIR/\.gnome2_private(/.*)? gen_context(system_u:object
>>> _r:gnome_home_t,s0)
>>> +HOME_DIR/orcexec.* gen_context(system_u:object_r:gstreamer_
>>> orcexec_t,s0)
>>>
>>> /etc/gconf(/.*)? gen_context(system_u:object_r:gconf_etc_t,
>>> s0)
>>>
>>> /tmp/gconfd-USER/.* -- gen_context(system_u:object_r
>>> :gconf_tmp_t,s0)
>>> +/tmp/orcexec.* gen_context(system_u:object_r:gstrea
>>> mer_orcexec_t,s0)
>>>
>>> /usr/bin/gnome-keyring-daemon -- gen_context(system_
>>> u:object_r:gkeyringd_exec_t,s0)
>>> /usr/bin/mate-keyring-daemon -- gen_context(system_u
>>> :object_r:gkeyringd_exec_t,s0)
>>>
>>> /usr/lib/[^/]*/gconf/gconfd-2 -- gen_context(system_
>>> u:object_r:gconfd_exec_t,s0)
>>> /usr/libexec/gconfd-2 -- gen_context(system_u:object
>>> _r:gconfd_exec_t,s0)
>>> +
>>> +/var/run/user/[^/]*/orcexec.* gen_context(system_u:object_r
>>> :gstreamer_orcexec_t,s0)
>>> --- refpolicy-git-06082016-orig/policy/modules/contrib/gnome.if
>>> 2016-08-06 21:27:11.354094337 +0200
>>> +++ refpolicy-git-06082016/policy/modules/contrib/gnome.if 2
>>> 016-08-11 23:19:10.190331107 +0200
>>> @@ -569,6 +569,36 @@ interface(`gnome_home_filetrans_gnome_ho
>>>
>>> ########################################
>>> ## <summary>
>>> +## Create objects in user home
>>> +## directories with the gstreamer
>>> +## orcexec type.
>>> +## </summary>
>>> +## <param name="domain">
>>> +## <summary>
>>> +## Domain allowed access.
>>> +## </summary>
>>> +## </param>
>>> +## <param name="object_class">
>>> +## <summary>
>>> +## Class of the object being created.
>>> +## </summary>
>>> +## </param>
>>> +## <param name="name" optional="true">
>>> +## <summary>
>>> +## The name of the object being created.
>>> +## </summary>
>>> +## </param>
>>> +#
>>> +interface(`gnome_home_filetrans_gstreamer_orcexec',`
>>> + gen_require(`
>>> + type gstreamer_orcexec_t;
>>> + ')
>>> +
>>> + userdom_user_home_dir_filetrans($1, gstreamer_orcexec_t,
>>> $2, $3)
>>> +')
>>> +
>>> +########################################
>>> +## <summary>
>>> ## Create objects in gnome gconf home
>>> ## directories with a private type.
>>> ## </summary>
>>> @@ -603,6 +633,67 @@ interface(`gnome_gconf_home_filetrans',`
>>> ')
>>>
>>> ########################################
>>> +## <summary>
>>> +## Create objects in the user
>>> +## runtime directories with the
>>> +## gstreamer orcexec type.
>>> +## </summary>
>>> +## <param name="domain">
>>> +## <summary>
>>> +## Domain allowed access.
>>> +## </summary>
>>> +## </param>
>>> +## <param name="object_class">
>>> +## <summary>
>>> +## Class of the object being created.
>>> +## </summary>
>>> +## </param>
>>> +## <param name="name" optional="true">
>>> +## <summary>
>>> +## The name of the object being created.
>>> +## </summary>
>>> +## </param>
>>> +#
>>> +interface(`gnome_user_runtime_filetrans_gstreamer_orcexec',`
>>> + gen_require(`
>>> + type gstreamer_orcexec_t;
>>> + ')
>>> +
>>> + userdom_user_runtime_filetrans($1, gstreamer_orcexec_t,
>>> $2, $3)
>>> +')
>>> +
>>> +
>>> +########################################
>>> +## <summary>
>>> +## Create objects in the tmp
>>> +## directories with the gstreamer
>>> +## orcexec type.
>>> +## </summary>
>>> +## <param name="domain">
>>> +## <summary>
>>> +## Domain allowed access.
>>> +## </summary>
>>> +## </param>
>>> +## <param name="object_class">
>>> +## <summary>
>>> +## Class of the object being created.
>>> +## </summary>
>>> +## </param>
>>> +## <param name="name" optional="true">
>>> +## <summary>
>>> +## The name of the object being created.
>>> +## </summary>
>>> +## </param>
>>> +#
>>> +interface(`gnome_tmp_filetrans_gstreamer_orcexec',`
>>> + gen_require(`
>>> + type gstreamer_orcexec_t;
>>> + ')
>>> +
>>> + files_tmp_filetrans($1, gstreamer_orcexec_t, $2, $3)
>>> +')
>>> +
>>> +########################################
>>> ## <summary>
>>> ## Read generic gnome keyring home files.
>>> ## </summary>
>>> --- refpolicy-git-06082016-orig/policy/modules/contrib/gnome.te
>>> 2016-08-06 21:27:11.354094337 +0200
>>> +++ refpolicy-git-06082016/policy/modules/contrib/gnome.te 2
>>> 016-08-11 20:16:46.001970644 +0200
>>> @@ -46,6 +46,9 @@ userdom_user_home_content(gnome_keyring_
>>> type gnome_keyring_tmp_t;
>>> userdom_user_tmp_file(gnome_keyring_tmp_t)
>>>
>>> +type gstreamer_orcexec_t;
>>> +application_executable_file(gstreamer_orcexec_t)
>>> +
>>> ##############################
>>> #
>>> # Common local Policy
>>> --- refpolicy-git-06082016-
>>> orig/policy/modules/contrib/pulseaudio.fc 2016-08-06
>>> 21:27:11.411094987 +0200
>>> +++ refpolicy-git-06082016/policy/modules/contrib/pulseaudio.fc
>>> 2016-08-11 20:07:21.338329216 +0200
>>> @@ -1,6 +1,7 @@
>>> HOME_DIR/\.esd_auth -- gen_context(system_u:object_r
>>> :pulseaudio_home_t,s0)
>>> HOME_DIR/\.pulse(/.*)? gen_context(system_u:object_r:pulsea
>>> udio_home_t,s0)
>>> HOME_DIR/\.pulse-cookie -- gen_context(system_u:obje
>>> ct_r:pulseaudio_home_t,s0)
>>> +HOME_DIR/\.config/pulse(/.*)? -- gen_context(system_
>>> u:object_r:pulseaudio_home_t,s0)
>>
>> I suspect that refpolicy has a private type for ~/.config (not sure
>> though) Make sure that you are using refpolicy (up-to-date) and that
>> ~/.config is not mislabeled
>
> The file context for ~/.config has not been modified. However, I don't
> like pulseaudio to have manage permissions on the user_home_t,
> therefore I created a specific file context for the subdirectory
> "pulse" used by pulseaudio.
>
>>>
>>> /usr/bin/pulseaudio -- gen_context(system_u:object_r
>>> :pulseaudio_exec_t,s0)
>>>
>>> --- refpolicy-git-06082016-
>>> orig/policy/modules/contrib/pulseaudio.if 2016-08-06
>>> 21:27:11.411094987 +0200
>>> +++ refpolicy-git-06082016/policy/modules/contrib/pulseaudio.if
>>> 2016-08-11 17:34:47.778835995 +0200
>>> @@ -25,6 +25,7 @@ interface(`pulseaudio_role',`
>>> pulseaudio_run($2, $1)
>>>
>>> allow $2 pulseaudio_t:process { ptrace signal_perms };
>>> + allow $2 pulseaudio_t:fd use;
>>> ps_process_pattern($2, pulseaudio_t)
>>>
>>> allow $2 pulseaudio_home_t:dir { manage_dir_perms
>>> relabel_dir_perms };
>>> --- refpolicy-git-06082016-
>>> orig/policy/modules/contrib/pulseaudio.te 2016-08-06
>>> 21:27:11.412094999 +0200
>>> +++ refpolicy-git-06082016/policy/modules/contrib/pulseaudio.te
>>> 2016-08-11 23:50:05.921992338 +0200
>>> @@ -37,7 +37,7 @@ files_pid_file(pulseaudio_var_run_t)
>>> #
>>>
>>> allow pulseaudio_t self:capability { fowner fsetid chown setgid
>>> setuid sys_nice sys_resource sys_tty_config };
>>> -allow pulseaudio_t self:process { getcap setcap setrlimit setsched
>>> getsched signal signull };
>>> +allow pulseaudio_t self:process { execmem getcap getsched setcap
>>> setrlimit setsched signal signull };
>>> allow pulseaudio_t self:fifo_file rw_fifo_file_perms;
>>> allow pulseaudio_t self:unix_stream_socket { accept connectto
>>> listen };
>>> allow pulseaudio_t self:unix_dgram_socket sendto;
>>> @@ -129,9 +129,11 @@ logging_send_syslog_msg(pulseaudio_t)
>>> miscfiles_read_localization(pulseaudio_t)
>>>
>>> userdom_read_user_tmpfs_files(pulseaudio_t)
>>> -
>>> +userdom_delete_user_tmpfs_files(pulseaudio_t)
>>> userdom_search_user_home_dirs(pulseaudio_t)
>>> -userdom_write_user_tmp_sockets(pulseaudio_t)
>>> +userdom_search_user_home_content(pulseaudio_t)
>>
>> Why is the above needed?
>
> It's needed for searching ~/.config (see above, without granting
> rw+create=manage permissions).
>
>>> +
>>> +userdom_manage_user_tmp_sockets(pulseaudio_t)
>>
>> what sockets are those?
>
> Unix sockets in /tmp subdirectories. For example Pulseaudio native
> sockets or Esound sockets.
>
>>>
>>> tunable_policy(`use_nfs_home_dirs',`
>>> fs_manage_nfs_dirs(pulseaudio_t)
>>> @@ -146,7 +148,8 @@ tunable_policy(`use_samba_home_dirs',`
>>> ')
>>>
>>> optional_policy(`
>>> - alsa_read_rw_config(pulseaudio_t)
>>> + alsa_read_config(pulseaudio_t)
>>> + alsa_read_home_files(pulseaudio_t)
>>> ')
>>>
>>> optional_policy(`
>>> @@ -176,6 +179,17 @@ optional_policy(`
>>> ')
>>>
>>> optional_policy(`
>>> + # OIL Runtime Compiler (ORC) optimized code execution
>>> + can_exec(pulseaudio_t, gstreamer_orcexec_t)
>>
>> So here you allow pulseaudio to actually execute that orcexec file
>> but
>> that is too much. instead it needs:
>>
>> allow pulseaudio_t gstreamer_orceexec_t:file mmap_file_perms;
>
> I agree, it has been amended in the new version of this patch.
>
>>> + gnome_user_runtime_filetrans_gstreamer_orcexec(pulseaudio_
>>> t, file)
>>
>> Is the above refpolicy? because user_runtime is not a gnome thing.
>
> I have created the above interface. user_runtime_t is not a gnome
> thing, but gstreamer_orcexec_t is now a gnome type (see other similar
> existing interfaces in gnome.if).
>
>>> + gnome_home_filetrans_gstreamer_orcexec(pulseaudio_t, file)
>>
>>> + gnome_tmp_filetrans_gstreamer_orcexec(pulseaudio_t, file)
>>> + manage_files_pattern(pulseaudio_t, gstreamer_orcexec_t,
>>> gstreamer_orcexec_t)
>>
>> There is no directory here
>
> Ok, amended.
>
>>> +
>>> + gnome_stream_connect_gconf(pulseaudio_t)
>>> +')
>>> +
>>> +optional_policy(`
>>> rtkit_scheduled(pulseaudio_t)
>>> ')
>>>
>>> @@ -186,6 +200,7 @@ optional_policy(`
>>> ')
>>>
>>> optional_policy(`
>>> + udev_read_pid_files(pulseaudio_t)
>>> udev_read_state(pulseaudio_t)
>>> udev_read_db(pulseaudio_t)
>>> ')
>>> _______________________________________________
>
> A new version of the patch, with the suggested amendments follows in a
> separate message.
>
I still foresee issues with this implementation but i have been out of
the loop for too long to provide further review with confidence (my
refpolicy is getting rusty). We at least dealt with some obvious issues.
> Best regards,
>
> Guido
>
--
Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02
https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02
Dominick Grift
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 648 bytes
Desc: OpenPGP digital signature
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20160812/2e89d098/attachment-0001.bin
^ permalink raw reply [flat|nested] 15+ messages in thread
* [refpolicy] [PATCH] Update the pulseaudio module for usability and ORC support
2016-08-12 17:09 ` Dominick Grift
@ 2016-08-12 19:19 ` Guido Trentalancia
0 siblings, 0 replies; 15+ messages in thread
From: Guido Trentalancia @ 2016-08-12 19:19 UTC (permalink / raw)
To: refpolicy
Hello Dominick !
On Fri, 12/08/2016 at 19.09 +0200, Dominick Grift wrote:
> On 08/12/2016 06:57 PM, Guido Trentalancia wrote:
> > Hello Dominick !
> >
> > Thanks very much for getting back with very useful suggestions !
> >
> > My reply follows your comments...
> >
> > On Fri, 12/08/2016 at 10.18 +0200, Dominick Grift wrote:
> > > On 08/12/2016 12:04 AM, Guido Trentalancia wrote:
> > > > Update the pulseaudio module so that it is usable (tested with
> > > > latest version pulseaudio 9.0).
> > > >
> > > > Support for the OIL Runtime Compiler (OIL) optimized code
> > > > execution is added to the pulseaudio module by using a few
> > > > newly created interfaces and file contexts in the gnome
> > > > module.
> > > >
> > >?
> > A new version of the patch, with the suggested amendments follows
> > in a
> > separate message.
> >
>
> I still foresee issues with this implementation but i have been out
> of
> the loop for too long to provide further review with confidence (my
> refpolicy is getting rusty). We at least dealt with some obvious
> issues.
Your contribution is always much appreciated !
It works very nicely and it's a tight policy, so I can't foresee
problems...
But, of course, I look forward to hearing other constructive?opinions
that can lead to a further improved module !
Best regards,
Guido
^ permalink raw reply [flat|nested] 15+ messages in thread
* [refpolicy] [PATCH v3] Update the pulseaudio module for usability and ORC support
2016-08-12 16:58 ` [refpolicy] [PATCH v2] " Guido Trentalancia
@ 2016-08-12 19:56 ` Guido Trentalancia
2016-08-13 13:50 ` Chris PeBenito
2016-08-13 15:16 ` [refpolicy] [PATCH v4] " Guido Trentalancia
0 siblings, 2 replies; 15+ messages in thread
From: Guido Trentalancia @ 2016-08-12 19:56 UTC (permalink / raw)
To: refpolicy
Update the pulseaudio module so that it is usable (tested with
latest version pulseaudio 9.0).
Support for the OIL Runtime Compiler (OIL) optimized code
execution is added to the pulseaudio module by using a few
newly created interfaces and file contexts in the gnome
module.
Supports the execmem permission only through a boolean which
defaults to false.
This third version fixes an error introduced with the second
version (cannot execute ORC file).
Thanks to Dominick Grift for the useful suggestions that
permitted to create this new improved version of the patch.
Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
---
policy/modules/contrib/gnome.fc | 5 +
policy/modules/contrib/gnome.if | 91 +++++++++++++++++++++++++++++++++++
policy/modules/contrib/gnome.te | 3 +
policy/modules/contrib/pulseaudio.fc | 1
policy/modules/contrib/pulseaudio.if | 1
policy/modules/contrib/pulseaudio.te | 35 +++++++++++--
6 files changed, 132 insertions(+), 4 deletions(-)
--- refpolicy-git-06082016-orig/policy/modules/contrib/gnome.fc 2016-08-06 21:27:11.354094337 +0200
+++ refpolicy-git-06082016/policy/modules/contrib/gnome.fc 2016-08-12 17:39:35.069146107 +0200
@@ -4,13 +4,18 @@ HOME_DIR/\.gnome(/.*)? gen_context(syste
HOME_DIR/\.gnome2(/.*)? gen_context(system_u:object_r:gnome_home_t,s0)
HOME_DIR/\.gnome2/keyrings(/.*)? gen_context(system_u:object_r:gnome_keyring_home_t,s0)
HOME_DIR/\.gnome2_private(/.*)? gen_context(system_u:object_r:gnome_home_t,s0)
+HOME_DIR/orcexec\..* gen_context(system_u:object_r:gstreamer_orcexec_t,s0)
/etc/gconf(/.*)? gen_context(system_u:object_r:gconf_etc_t,s0)
/tmp/gconfd-USER/.* -- gen_context(system_u:object_r:gconf_tmp_t,s0)
+/tmp/orcexec\..* gen_context(system_u:object_r:gstreamer_orcexec_t,s0)
/usr/bin/gnome-keyring-daemon -- gen_context(system_u:object_r:gkeyringd_exec_t,s0)
/usr/bin/mate-keyring-daemon -- gen_context(system_u:object_r:gkeyringd_exec_t,s0)
/usr/lib/[^/]*/gconf/gconfd-2 -- gen_context(system_u:object_r:gconfd_exec_t,s0)
/usr/libexec/gconfd-2 -- gen_context(system_u:object_r:gconfd_exec_t,s0)
+
+/var/run/user/[^/]*/orcexec\..* gen_context(system_u:object_r:gstreamer_orcexec_t,s0)
+/var/run/user/%{USERID}/orcexec\..* gen_context(system_u:object_r:gstreamer_orcexec_t,s0)
--- refpolicy-git-06082016-orig/policy/modules/contrib/gnome.if 2016-08-06 21:27:11.354094337 +0200
+++ refpolicy-git-06082016/policy/modules/contrib/gnome.if 2016-08-11 23:19:10.190331107 +0200
@@ -569,6 +569,36 @@ interface(`gnome_home_filetrans_gnome_ho
########################################
## <summary>
+## Create objects in user home
+## directories with the gstreamer
+## orcexec type.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+## <param name="object_class">
+## <summary>
+## Class of the object being created.
+## </summary>
+## </param>
+## <param name="name" optional="true">
+## <summary>
+## The name of the object being created.
+## </summary>
+## </param>
+#
+interface(`gnome_home_filetrans_gstreamer_orcexec',`
+ gen_require(`
+ type gstreamer_orcexec_t;
+ ')
+
+ userdom_user_home_dir_filetrans($1, gstreamer_orcexec_t, $2, $3)
+')
+
+########################################
+## <summary>
## Create objects in gnome gconf home
## directories with a private type.
## </summary>
@@ -603,6 +633,67 @@ interface(`gnome_gconf_home_filetrans',`
')
########################################
+## <summary>
+## Create objects in the user
+## runtime directories with the
+## gstreamer orcexec type.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+## <param name="object_class">
+## <summary>
+## Class of the object being created.
+## </summary>
+## </param>
+## <param name="name" optional="true">
+## <summary>
+## The name of the object being created.
+## </summary>
+## </param>
+#
+interface(`gnome_user_runtime_filetrans_gstreamer_orcexec',`
+ gen_require(`
+ type gstreamer_orcexec_t;
+ ')
+
+ userdom_user_runtime_filetrans($1, gstreamer_orcexec_t, $2, $3)
+')
+
+
+########################################
+## <summary>
+## Create objects in the tmp
+## directories with the gstreamer
+## orcexec type.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+## <param name="object_class">
+## <summary>
+## Class of the object being created.
+## </summary>
+## </param>
+## <param name="name" optional="true">
+## <summary>
+## The name of the object being created.
+## </summary>
+## </param>
+#
+interface(`gnome_tmp_filetrans_gstreamer_orcexec',`
+ gen_require(`
+ type gstreamer_orcexec_t;
+ ')
+
+ files_tmp_filetrans($1, gstreamer_orcexec_t, $2, $3)
+')
+
+########################################
## <summary>
## Read generic gnome keyring home files.
## </summary>
--- refpolicy-git-06082016-orig/policy/modules/contrib/gnome.te 2016-08-06 21:27:11.354094337 +0200
+++ refpolicy-git-06082016/policy/modules/contrib/gnome.te 2016-08-12 21:49:04.510250552 +0200
@@ -46,6 +46,9 @@ userdom_user_home_content(gnome_keyring_
type gnome_keyring_tmp_t;
userdom_user_tmp_file(gnome_keyring_tmp_t)
+type gstreamer_orcexec_t;
+application_executable_file(gstreamer_orcexec_t)
+
##############################
#
# Common local Policy
--- refpolicy-git-06082016-orig/policy/modules/contrib/pulseaudio.fc 2016-08-06 21:27:11.411094987 +0200
+++ refpolicy-git-06082016/policy/modules/contrib/pulseaudio.fc 2016-08-11 20:07:21.338329216 +0200
@@ -1,6 +1,7 @@
HOME_DIR/\.esd_auth -- gen_context(system_u:object_r:pulseaudio_home_t,s0)
HOME_DIR/\.pulse(/.*)? gen_context(system_u:object_r:pulseaudio_home_t,s0)
HOME_DIR/\.pulse-cookie -- gen_context(system_u:object_r:pulseaudio_home_t,s0)
+HOME_DIR/\.config/pulse(/.*)? -- gen_context(system_u:object_r:pulseaudio_home_t,s0)
/usr/bin/pulseaudio -- gen_context(system_u:object_r:pulseaudio_exec_t,s0)
--- refpolicy-git-06082016-orig/policy/modules/contrib/pulseaudio.if 2016-08-06 21:27:11.411094987 +0200
+++ refpolicy-git-06082016/policy/modules/contrib/pulseaudio.if 2016-08-11 17:34:47.778835995 +0200
@@ -25,6 +25,7 @@ interface(`pulseaudio_role',`
pulseaudio_run($2, $1)
allow $2 pulseaudio_t:process { ptrace signal_perms };
+ allow $2 pulseaudio_t:fd use;
ps_process_pattern($2, pulseaudio_t)
allow $2 pulseaudio_home_t:dir { manage_dir_perms relabel_dir_perms };
--- refpolicy-git-06082016-orig/policy/modules/contrib/pulseaudio.te 2016-08-06 21:27:11.412094999 +0200
+++ refpolicy-git-06082016/policy/modules/contrib/pulseaudio.te 2016-08-12 21:33:49.231266389 +0200
@@ -5,6 +5,14 @@ policy_module(pulseaudio, 1.8.1)
# Declarations
#
+## <desc>
+## <p>
+## Allow pulseaudio to execute code in
+## writable memory
+## </p>
+## </desc>
+gen_tunable(pulseaudio_execmem, false)
+
attribute pulseaudio_client;
attribute pulseaudio_tmpfsfile;
@@ -37,7 +45,12 @@ files_pid_file(pulseaudio_var_run_t)
#
allow pulseaudio_t self:capability { fowner fsetid chown setgid setuid sys_nice sys_resource sys_tty_config };
-allow pulseaudio_t self:process { getcap setcap setrlimit setsched getsched signal signull };
+allow pulseaudio_t self:process { getcap getsched setcap setrlimit setsched signal signull };
+
+tunable_policy(`pulseaudio_execmem',`
+ allow pulseaudio_t self:process execmem;
+')
+
allow pulseaudio_t self:fifo_file rw_fifo_file_perms;
allow pulseaudio_t self:unix_stream_socket { accept connectto listen };
allow pulseaudio_t self:unix_dgram_socket sendto;
@@ -129,9 +142,11 @@ logging_send_syslog_msg(pulseaudio_t)
miscfiles_read_localization(pulseaudio_t)
userdom_read_user_tmpfs_files(pulseaudio_t)
-
+userdom_delete_user_tmpfs_files(pulseaudio_t)
userdom_search_user_home_dirs(pulseaudio_t)
-userdom_write_user_tmp_sockets(pulseaudio_t)
+userdom_search_user_home_content(pulseaudio_t)
+
+userdom_manage_user_tmp_sockets(pulseaudio_t)
tunable_policy(`use_nfs_home_dirs',`
fs_manage_nfs_dirs(pulseaudio_t)
@@ -146,7 +161,8 @@ tunable_policy(`use_samba_home_dirs',`
')
optional_policy(`
- alsa_read_rw_config(pulseaudio_t)
+ alsa_read_config(pulseaudio_t)
+ alsa_read_home_files(pulseaudio_t)
')
optional_policy(`
@@ -176,6 +192,16 @@ optional_policy(`
')
optional_policy(`
+ gnome_stream_connect_gconf(pulseaudio_t)
+
+ # OIL Runtime Compiler (ORC) optimized code execution
+ allow pulseaudio_t gstreamer_orcexec_t:file { manage_file_perms mmap_file_perms };
+ gnome_user_runtime_filetrans_gstreamer_orcexec(pulseaudio_t, file)
+ gnome_home_filetrans_gstreamer_orcexec(pulseaudio_t, file)
+ gnome_tmp_filetrans_gstreamer_orcexec(pulseaudio_t, file)
+')
+
+optional_policy(`
rtkit_scheduled(pulseaudio_t)
')
@@ -186,6 +212,7 @@ optional_policy(`
')
optional_policy(`
+ udev_read_pid_files(pulseaudio_t)
udev_read_state(pulseaudio_t)
udev_read_db(pulseaudio_t)
')
^ permalink raw reply [flat|nested] 15+ messages in thread
* [refpolicy] [PATCH v3] Update the pulseaudio module for usability and ORC support
2016-08-12 19:56 ` [refpolicy] [PATCH v3] " Guido Trentalancia
@ 2016-08-13 13:50 ` Chris PeBenito
2016-08-13 14:34 ` Guido Trentalancia
2016-08-13 15:16 ` [refpolicy] [PATCH v4] " Guido Trentalancia
1 sibling, 1 reply; 15+ messages in thread
From: Chris PeBenito @ 2016-08-13 13:50 UTC (permalink / raw)
To: refpolicy
On 08/12/16 15:56, Guido Trentalancia wrote:
> Update the pulseaudio module so that it is usable (tested with
> latest version pulseaudio 9.0).
>
> Support for the OIL Runtime Compiler (OIL) optimized code
> execution is added to the pulseaudio module by using a few
> newly created interfaces and file contexts in the gnome
> module.
>
> Supports the execmem permission only through a boolean which
> defaults to false.
>
> This third version fixes an error introduced with the second
> version (cannot execute ORC file).
>
> Thanks to Dominick Grift for the useful suggestions that
> permitted to create this new improved version of the patch.
>
> Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
> ---
> policy/modules/contrib/gnome.fc | 5 +
> policy/modules/contrib/gnome.if | 91 +++++++++++++++++++++++++++++++++++
> policy/modules/contrib/gnome.te | 3 +
> policy/modules/contrib/pulseaudio.fc | 1
> policy/modules/contrib/pulseaudio.if | 1
> policy/modules/contrib/pulseaudio.te | 35 +++++++++++--
> 6 files changed, 132 insertions(+), 4 deletions(-)
>
> --- refpolicy-git-06082016-orig/policy/modules/contrib/gnome.fc 2016-08-06 21:27:11.354094337 +0200
> +++ refpolicy-git-06082016/policy/modules/contrib/gnome.fc 2016-08-12 17:39:35.069146107 +0200
> @@ -4,13 +4,18 @@ HOME_DIR/\.gnome(/.*)? gen_context(syste
> HOME_DIR/\.gnome2(/.*)? gen_context(system_u:object_r:gnome_home_t,s0)
> HOME_DIR/\.gnome2/keyrings(/.*)? gen_context(system_u:object_r:gnome_keyring_home_t,s0)
> HOME_DIR/\.gnome2_private(/.*)? gen_context(system_u:object_r:gnome_home_t,s0)
> +HOME_DIR/orcexec\..* gen_context(system_u:object_r:gstreamer_orcexec_t,s0)
>
> /etc/gconf(/.*)? gen_context(system_u:object_r:gconf_etc_t,s0)
>
> /tmp/gconfd-USER/.* -- gen_context(system_u:object_r:gconf_tmp_t,s0)
> +/tmp/orcexec\..* gen_context(system_u:object_r:gstreamer_orcexec_t,s0)
I agree with Dominick that this labeling is problematic. I'd prefer to
avoid putting fc entries for /tmp. The ones that we have already should
probably be revisited.
> /usr/bin/gnome-keyring-daemon -- gen_context(system_u:object_r:gkeyringd_exec_t,s0)
> /usr/bin/mate-keyring-daemon -- gen_context(system_u:object_r:gkeyringd_exec_t,s0)
>
> /usr/lib/[^/]*/gconf/gconfd-2 -- gen_context(system_u:object_r:gconfd_exec_t,s0)
> /usr/libexec/gconfd-2 -- gen_context(system_u:object_r:gconfd_exec_t,s0)
> +
> +/var/run/user/[^/]*/orcexec\..* gen_context(system_u:object_r:gstreamer_orcexec_t,s0)
> +/var/run/user/%{USERID}/orcexec\..* gen_context(system_u:object_r:gstreamer_orcexec_t,s0)
[...]
> --- refpolicy-git-06082016-orig/policy/modules/contrib/pulseaudio.te 2016-08-06 21:27:11.412094999 +0200
> +++ refpolicy-git-06082016/policy/modules/contrib/pulseaudio.te 2016-08-12 21:33:49.231266389 +0200
> @@ -5,6 +5,14 @@ policy_module(pulseaudio, 1.8.1)
> # Declarations
> #
>
> +## <desc>
> +## <p>
> +## Allow pulseaudio to execute code in
> +## writable memory
> +## </p>
> +## </desc>
> +gen_tunable(pulseaudio_execmem, false)
> +
> attribute pulseaudio_client;
> attribute pulseaudio_tmpfsfile;
>
> @@ -37,7 +45,12 @@ files_pid_file(pulseaudio_var_run_t)
> #
>
> allow pulseaudio_t self:capability { fowner fsetid chown setgid setuid sys_nice sys_resource sys_tty_config };
> -allow pulseaudio_t self:process { getcap setcap setrlimit setsched getsched signal signull };
> +allow pulseaudio_t self:process { getcap getsched setcap setrlimit setsched signal signull };
> +
> +tunable_policy(`pulseaudio_execmem',`
> + allow pulseaudio_t self:process execmem;
> +')
This should be moved down with the other tunables (in alphabetical order
by tunable name)
> allow pulseaudio_t self:fifo_file rw_fifo_file_perms;
> allow pulseaudio_t self:unix_stream_socket { accept connectto listen };
> allow pulseaudio_t self:unix_dgram_socket sendto;
> @@ -129,9 +142,11 @@ logging_send_syslog_msg(pulseaudio_t)
> miscfiles_read_localization(pulseaudio_t)
>
> userdom_read_user_tmpfs_files(pulseaudio_t)
> -
> +userdom_delete_user_tmpfs_files(pulseaudio_t)
> userdom_search_user_home_dirs(pulseaudio_t)
> -userdom_write_user_tmp_sockets(pulseaudio_t)
> +userdom_search_user_home_content(pulseaudio_t)
> +
> +userdom_manage_user_tmp_sockets(pulseaudio_t)
>
> tunable_policy(`use_nfs_home_dirs',`
> fs_manage_nfs_dirs(pulseaudio_t)
> @@ -146,7 +161,8 @@ tunable_policy(`use_samba_home_dirs',`
> ')
>
> optional_policy(`
> - alsa_read_rw_config(pulseaudio_t)
> + alsa_read_config(pulseaudio_t)
> + alsa_read_home_files(pulseaudio_t)
> ')
>
> optional_policy(`
> @@ -176,6 +192,16 @@ optional_policy(`
> ')
>
> optional_policy(`
> + gnome_stream_connect_gconf(pulseaudio_t)
> +
> + # OIL Runtime Compiler (ORC) optimized code execution
> + allow pulseaudio_t gstreamer_orcexec_t:file { manage_file_perms mmap_file_perms };
> + gnome_user_runtime_filetrans_gstreamer_orcexec(pulseaudio_t, file)
> + gnome_home_filetrans_gstreamer_orcexec(pulseaudio_t, file)
> + gnome_tmp_filetrans_gstreamer_orcexec(pulseaudio_t, file)
> +')
> +
> +optional_policy(`
> rtkit_scheduled(pulseaudio_t)
> ')
>
> @@ -186,6 +212,7 @@ optional_policy(`
> ')
>
> optional_policy(`
> + udev_read_pid_files(pulseaudio_t)
> udev_read_state(pulseaudio_t)
> udev_read_db(pulseaudio_t)
> ')
--
Chris PeBenito
^ permalink raw reply [flat|nested] 15+ messages in thread
* [refpolicy] [PATCH v3] Update the pulseaudio module for usability and ORC support
2016-08-13 13:50 ` Chris PeBenito
@ 2016-08-13 14:34 ` Guido Trentalancia
2016-08-13 14:36 ` Dominick Grift
0 siblings, 1 reply; 15+ messages in thread
From: Guido Trentalancia @ 2016-08-13 14:34 UTC (permalink / raw)
To: refpolicy
Hello Christopher,
thanks for getting back on this...
On Sat, 13/08/2016 at 09.50 -0400, Chris PeBenito wrote:
> On 08/12/16 15:56, Guido Trentalancia wrote:
> > Update the pulseaudio module so that it is usable (tested with
> > latest version pulseaudio 9.0).
> >
> > Support for the OIL Runtime Compiler (OIL) optimized code
> > execution is added to the pulseaudio module by using a few
> > newly created interfaces and file contexts in the gnome
> > module.
> >
> > Supports the execmem permission only through a boolean which
> > defaults to false.
> >
> > This third version fixes an error introduced with the second
> > version (cannot execute ORC file).
> >
> > Thanks to Dominick Grift for the useful suggestions that
> > permitted to create this new improved version of the patch.
> >
> > Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
> > ---
> > ?policy/modules/contrib/gnome.fc??????|????5 +
> > ?policy/modules/contrib/gnome.if??????|???91
> > +++++++++++++++++++++++++++++++++++
> > ?policy/modules/contrib/gnome.te??????|????3 +
> > ?policy/modules/contrib/pulseaudio.fc |????1
> > ?policy/modules/contrib/pulseaudio.if |????1
> > ?policy/modules/contrib/pulseaudio.te |???35 +++++++++++--
> > ?6 files changed, 132 insertions(+), 4 deletions(-)
> >
> > --- refpolicy-git-06082016-orig/policy/modules/contrib/gnome.fc
> > 2016-08-06 21:27:11.354094337 +0200
> > +++ refpolicy-git-06082016/policy/modules/contrib/gnome.fc 2
> > 016-08-12 17:39:35.069146107 +0200
> > @@ -4,13 +4,18 @@ HOME_DIR/\.gnome(/.*)? gen_context(syste
> > ?HOME_DIR/\.gnome2(/.*)? gen_context(system_u:object_r:gnome
> > _home_t,s0)
> > ?HOME_DIR/\.gnome2/keyrings(/.*)? gen_context(system_u:objec
> > t_r:gnome_keyring_home_t,s0)
> > ?HOME_DIR/\.gnome2_private(/.*)? gen_context(system_u:object
> > _r:gnome_home_t,s0)
> > +HOME_DIR/orcexec\..* gen_context(system_u:object_r:gstreame
> > r_orcexec_t,s0)
> >
> > ?/etc/gconf(/.*)? gen_context(system_u:object_r:gconf_etc_t,
> > s0)
> >
> > ?/tmp/gconfd-USER/.* -- gen_context(system_u:object_r
> > :gconf_tmp_t,s0)
> > +/tmp/orcexec\..* gen_context(system_u:object_r:gstreamer_or
> > cexec_t,s0)
>
> I agree with Dominick that this labeling is problematic.??I'd prefer
> to?
> avoid putting fc entries for /tmp.??The ones that we have already
> should?
> probably be revisited.
That's fine to me. I was also not very keen on letting pulseaudio
execute stuff in /tmp.
I have now dropped the support for the last alternative ORC runtime
executable location (in /tmp).
> > ?/usr/bin/gnome-keyring-daemon -- gen_context(system_
> > u:object_r:gkeyringd_exec_t,s0)
> > ?/usr/bin/mate-keyring-daemon -- gen_context(system_u
> > :object_r:gkeyringd_exec_t,s0)
> >
> > ?/usr/lib/[^/]*/gconf/gconfd-2 -- gen_context(system_
> > u:object_r:gconfd_exec_t,s0)
> > ?/usr/libexec/gconfd-2 -- gen_context(system_u:object
> > _r:gconfd_exec_t,s0)
> > +
> > +/var/run/user/[^/]*/orcexec\..* gen_context(system_u:object
> > _r:gstreamer_orcexec_t,s0)
> > +/var/run/user/%{USERID}/orcexec\..* gen_context(system_u:ob
> > ject_r:gstreamer_orcexec_t,s0)
>
> [...]
>
> > --- refpolicy-git-06082016-
> > orig/policy/modules/contrib/pulseaudio.te 2016-08-06
> > 21:27:11.412094999 +0200
> > +++ refpolicy-git-06082016/policy/modules/contrib/pulseaudio.te
> > 2016-08-12 21:33:49.231266389 +0200
> > @@ -5,6 +5,14 @@ policy_module(pulseaudio, 1.8.1)
> > ?# Declarations
> > ?#
> >
> > +## <desc>
> > +## <p>
> > +## Allow pulseaudio to execute code in
> > +## writable memory
> > +## </p>
> > +## </desc>
> > +gen_tunable(pulseaudio_execmem, false)
> > +
> > ?attribute pulseaudio_client;
> > ?attribute pulseaudio_tmpfsfile;
> >
> > @@ -37,7 +45,12 @@ files_pid_file(pulseaudio_var_run_t)
> > ?#
> >
> > ?allow pulseaudio_t self:capability { fowner fsetid chown setgid
> > setuid sys_nice sys_resource sys_tty_config };
> > -allow pulseaudio_t self:process { getcap setcap setrlimit setsched
> > getsched signal signull };
> > +allow pulseaudio_t self:process { getcap getsched setcap setrlimit
> > setsched signal signull };
> > +
> > +tunable_policy(`pulseaudio_execmem',`
> > + allow pulseaudio_t self:process execmem;
> > +')
>
> This should be moved down with the other tunables (in alphabetical
> order?
> by tunable name)
The update for this module now depends on a forthcoming gnome update.
Please apply the forthcoming patch for the gnome module first and then
the next version of this patch.
> > ?allow pulseaudio_t self:fifo_file rw_fifo_file_perms;
> > ?allow pulseaudio_t self:unix_stream_socket { accept connectto
> > listen };
> > ?allow pulseaudio_t self:unix_dgram_socket sendto;
> > @@ -129,9 +142,11 @@ logging_send_syslog_msg(pulseaudio_t)
> > ?miscfiles_read_localization(pulseaudio_t)
> >
> > ?userdom_read_user_tmpfs_files(pulseaudio_t)
> > -
> > +userdom_delete_user_tmpfs_files(pulseaudio_t)
> > ?userdom_search_user_home_dirs(pulseaudio_t)
> > -userdom_write_user_tmp_sockets(pulseaudio_t)
> > +userdom_search_user_home_content(pulseaudio_t)
> > +
> > +userdom_manage_user_tmp_sockets(pulseaudio_t)
> >
> > ?tunable_policy(`use_nfs_home_dirs',`
> > ? fs_manage_nfs_dirs(pulseaudio_t)
> > @@ -146,7 +161,8 @@ tunable_policy(`use_samba_home_dirs',`
> > ?')
> >
> > ?optional_policy(`
> > - alsa_read_rw_config(pulseaudio_t)
> > + alsa_read_config(pulseaudio_t)
> > + alsa_read_home_files(pulseaudio_t)
> > ?')
> >
> > ?optional_policy(`
> > @@ -176,6 +192,16 @@ optional_policy(`
> > ?')
> >
> > ?optional_policy(`
> > + gnome_stream_connect_gconf(pulseaudio_t)
> > +
> > + # OIL Runtime Compiler (ORC) optimized code execution
> > + allow pulseaudio_t gstreamer_orcexec_t:file {
> > manage_file_perms mmap_file_perms };
> > + gnome_user_runtime_filetrans_gstreamer_orcexec(pulseaudio_
> > t, file)
> > + gnome_home_filetrans_gstreamer_orcexec(pulseaudio_t, file)
> > + gnome_tmp_filetrans_gstreamer_orcexec(pulseaudio_t, file)
> > +')
> > +
> > +optional_policy(`
> > ? rtkit_scheduled(pulseaudio_t)
> > ?')
> >
> > @@ -186,6 +212,7 @@ optional_policy(`
> > ?')
> >
> > ?optional_policy(`
> > + udev_read_pid_files(pulseaudio_t)
> > ? udev_read_state(pulseaudio_t)
> > ? udev_read_db(pulseaudio_t)
> > ?')
Guido
^ permalink raw reply [flat|nested] 15+ messages in thread
* [refpolicy] [PATCH v3] Update the pulseaudio module for usability and ORC support
2016-08-13 14:34 ` Guido Trentalancia
@ 2016-08-13 14:36 ` Dominick Grift
2016-08-13 14:44 ` Guido Trentalancia
0 siblings, 1 reply; 15+ messages in thread
From: Dominick Grift @ 2016-08-13 14:36 UTC (permalink / raw)
To: refpolicy
On 08/13/2016 04:34 PM, Guido Trentalancia wrote:
> Hello Christopher,
>
> thanks for getting back on this...
>
> On Sat, 13/08/2016 at 09.50 -0400, Chris PeBenito wrote:
>> On 08/12/16 15:56, Guido Trentalancia wrote:
>>> Update the pulseaudio module so that it is usable (tested with
>>> latest version pulseaudio 9.0).
>>>
>>> Support for the OIL Runtime Compiler (OIL) optimized code
>>> execution is added to the pulseaudio module by using a few
>>> newly created interfaces and file contexts in the gnome
>>> module.
>>>
>>> Supports the execmem permission only through a boolean which
>>> defaults to false.
>>>
>>> This third version fixes an error introduced with the second
>>> version (cannot execute ORC file).
>>>
>>> Thanks to Dominick Grift for the useful suggestions that
>>> permitted to create this new improved version of the patch.
>>>
>>> Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
>>> ---
>>> policy/modules/contrib/gnome.fc | 5 +
>>> policy/modules/contrib/gnome.if | 91
>>> +++++++++++++++++++++++++++++++++++
>>> policy/modules/contrib/gnome.te | 3 +
>>> policy/modules/contrib/pulseaudio.fc | 1
>>> policy/modules/contrib/pulseaudio.if | 1
>>> policy/modules/contrib/pulseaudio.te | 35 +++++++++++--
>>> 6 files changed, 132 insertions(+), 4 deletions(-)
>>>
>>> --- refpolicy-git-06082016-orig/policy/modules/contrib/gnome.fc
>>> 2016-08-06 21:27:11.354094337 +0200
>>> +++ refpolicy-git-06082016/policy/modules/contrib/gnome.fc 2
>>> 016-08-12 17:39:35.069146107 +0200
>>> @@ -4,13 +4,18 @@ HOME_DIR/\.gnome(/.*)? gen_context(syste
>>> HOME_DIR/\.gnome2(/.*)? gen_context(system_u:object_r:gnome
>>> _home_t,s0)
>>> HOME_DIR/\.gnome2/keyrings(/.*)? gen_context(system_u:objec
>>> t_r:gnome_keyring_home_t,s0)
>>> HOME_DIR/\.gnome2_private(/.*)? gen_context(system_u:object
>>> _r:gnome_home_t,s0)
>>> +HOME_DIR/orcexec\..* gen_context(system_u:object_r:gstreame
>>> r_orcexec_t,s0)
>>>
>>> /etc/gconf(/.*)? gen_context(system_u:object_r:gconf_etc_t,
>>> s0)
>>>
>>> /tmp/gconfd-USER/.* -- gen_context(system_u:object_r
>>> :gconf_tmp_t,s0)
>>> +/tmp/orcexec\..* gen_context(system_u:object_r:gstreamer_or
>>> cexec_t,s0)
>>
>> I agree with Dominick that this labeling is problematic. I'd prefer
>> to
>> avoid putting fc entries for /tmp. The ones that we have already
>> should
>> probably be revisited.
>
> That's fine to me. I was also not very keen on letting pulseaudio
> execute stuff in /tmp.
>
> I have now dropped the support for the last alternative ORC runtime
> executable location (in /tmp).
>
That is not what was meant though.
We only request that the file context spec for that file in /tmp be removed.
This is because /tmp could be shared (the same goes for /var/run
probably though in a sense but i don't want to open that can of worms
right now)
>>> /usr/bin/gnome-keyring-daemon -- gen_context(system_
>>> u:object_r:gkeyringd_exec_t,s0)
>>> /usr/bin/mate-keyring-daemon -- gen_context(system_u
>>> :object_r:gkeyringd_exec_t,s0)
>>>
>>> /usr/lib/[^/]*/gconf/gconfd-2 -- gen_context(system_
>>> u:object_r:gconfd_exec_t,s0)
>>> /usr/libexec/gconfd-2 -- gen_context(system_u:object
>>> _r:gconfd_exec_t,s0)
>>> +
>>> +/var/run/user/[^/]*/orcexec\..* gen_context(system_u:object
>>> _r:gstreamer_orcexec_t,s0)
>>> +/var/run/user/%{USERID}/orcexec\..* gen_context(system_u:ob
>>> ject_r:gstreamer_orcexec_t,s0)
>>
>> [...]
>>
>>> --- refpolicy-git-06082016-
>>> orig/policy/modules/contrib/pulseaudio.te 2016-08-06
>>> 21:27:11.412094999 +0200
>>> +++ refpolicy-git-06082016/policy/modules/contrib/pulseaudio.te
>>> 2016-08-12 21:33:49.231266389 +0200
>>> @@ -5,6 +5,14 @@ policy_module(pulseaudio, 1.8.1)
>>> # Declarations
>>> #
>>>
>>> +## <desc>
>>> +## <p>
>>> +## Allow pulseaudio to execute code in
>>> +## writable memory
>>> +## </p>
>>> +## </desc>
>>> +gen_tunable(pulseaudio_execmem, false)
>>> +
>>> attribute pulseaudio_client;
>>> attribute pulseaudio_tmpfsfile;
>>>
>>> @@ -37,7 +45,12 @@ files_pid_file(pulseaudio_var_run_t)
>>> #
>>>
>>> allow pulseaudio_t self:capability { fowner fsetid chown setgid
>>> setuid sys_nice sys_resource sys_tty_config };
>>> -allow pulseaudio_t self:process { getcap setcap setrlimit setsched
>>> getsched signal signull };
>>> +allow pulseaudio_t self:process { getcap getsched setcap setrlimit
>>> setsched signal signull };
>>> +
>>> +tunable_policy(`pulseaudio_execmem',`
>>> + allow pulseaudio_t self:process execmem;
>>> +')
>>
>> This should be moved down with the other tunables (in alphabetical
>> order
>> by tunable name)
>
> The update for this module now depends on a forthcoming gnome update.
> Please apply the forthcoming patch for the gnome module first and then
> the next version of this patch.
>
>>> allow pulseaudio_t self:fifo_file rw_fifo_file_perms;
>>> allow pulseaudio_t self:unix_stream_socket { accept connectto
>>> listen };
>>> allow pulseaudio_t self:unix_dgram_socket sendto;
>>> @@ -129,9 +142,11 @@ logging_send_syslog_msg(pulseaudio_t)
>>> miscfiles_read_localization(pulseaudio_t)
>>>
>>> userdom_read_user_tmpfs_files(pulseaudio_t)
>>> -
>>> +userdom_delete_user_tmpfs_files(pulseaudio_t)
>>> userdom_search_user_home_dirs(pulseaudio_t)
>>> -userdom_write_user_tmp_sockets(pulseaudio_t)
>>> +userdom_search_user_home_content(pulseaudio_t)
>>> +
>>> +userdom_manage_user_tmp_sockets(pulseaudio_t)
>>>
>>> tunable_policy(`use_nfs_home_dirs',`
>>> fs_manage_nfs_dirs(pulseaudio_t)
>>> @@ -146,7 +161,8 @@ tunable_policy(`use_samba_home_dirs',`
>>> ')
>>>
>>> optional_policy(`
>>> - alsa_read_rw_config(pulseaudio_t)
>>> + alsa_read_config(pulseaudio_t)
>>> + alsa_read_home_files(pulseaudio_t)
>>> ')
>>>
>>> optional_policy(`
>>> @@ -176,6 +192,16 @@ optional_policy(`
>>> ')
>>>
>>> optional_policy(`
>>> + gnome_stream_connect_gconf(pulseaudio_t)
>>> +
>>> + # OIL Runtime Compiler (ORC) optimized code execution
>>> + allow pulseaudio_t gstreamer_orcexec_t:file {
>>> manage_file_perms mmap_file_perms };
>>> + gnome_user_runtime_filetrans_gstreamer_orcexec(pulseaudio_
>>> t, file)
>>> + gnome_home_filetrans_gstreamer_orcexec(pulseaudio_t, file)
>>> + gnome_tmp_filetrans_gstreamer_orcexec(pulseaudio_t, file)
>>> +')
>>> +
>>> +optional_policy(`
>>> rtkit_scheduled(pulseaudio_t)
>>> ')
>>>
>>> @@ -186,6 +212,7 @@ optional_policy(`
>>> ')
>>>
>>> optional_policy(`
>>> + udev_read_pid_files(pulseaudio_t)
>>> udev_read_state(pulseaudio_t)
>>> udev_read_db(pulseaudio_t)
>>> ')
>
> Guido
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
>
--
Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02
https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02
Dominick Grift
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 648 bytes
Desc: OpenPGP digital signature
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20160813/44eab782/attachment.bin
^ permalink raw reply [flat|nested] 15+ messages in thread
* [refpolicy] [PATCH v3] Update the pulseaudio module for usability and ORC support
2016-08-13 14:36 ` Dominick Grift
@ 2016-08-13 14:44 ` Guido Trentalancia
0 siblings, 0 replies; 15+ messages in thread
From: Guido Trentalancia @ 2016-08-13 14:44 UTC (permalink / raw)
To: refpolicy
On Sat, 13/08/2016 at 16.36 +0200, Dominick Grift wrote:
> On 08/13/2016 04:34 PM, Guido Trentalancia wrote:
> > Hello Christopher,
> >
> > thanks for getting back on this...
> >
> > On Sat, 13/08/2016 at 09.50 -0400, Chris PeBenito wrote:
> > > On 08/12/16 15:56, Guido Trentalancia wrote:
> > > > Update the pulseaudio module so that it is usable (tested with
> > > > latest version pulseaudio 9.0).
> > > >
> > > > Support for the OIL Runtime Compiler (OIL) optimized code
> > > > execution is added to the pulseaudio module by using a few
> > > > newly created interfaces and file contexts in the gnome
> > > > module.
> > > >
> > > > Supports the execmem permission only through a boolean which
> > > > defaults to false.
> > > >
> > > > This third version fixes an error introduced with the second
> > > > version (cannot execute ORC file).
> > > >
> > > > Thanks to Dominick Grift for the useful suggestions that
> > > > permitted to create this new improved version of the patch.
> > > >
> > > > Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
> > > > ---
> > > > ?policy/modules/contrib/gnome.fc??????|????5 +
> > > > ?policy/modules/contrib/gnome.if??????|???91
> > > > +++++++++++++++++++++++++++++++++++
> > > > ?policy/modules/contrib/gnome.te??????|????3 +
> > > > ?policy/modules/contrib/pulseaudio.fc |????1
> > > > ?policy/modules/contrib/pulseaudio.if |????1
> > > > ?policy/modules/contrib/pulseaudio.te |???35 +++++++++++--
> > > > ?6 files changed, 132 insertions(+), 4 deletions(-)
> > > >
> > > > --- refpolicy-git-06082016-orig/policy/modules/contrib/gnome.fc
> > > >
> > > > 2016-08-06 21:27:11.354094337 +0200
> > > > +++ refpolicy-git-06082016/policy/modules/contrib/gnome.fc
> > > > 2
> > > > 016-08-12 17:39:35.069146107 +0200
> > > > @@ -4,13 +4,18 @@ HOME_DIR/\.gnome(/.*)? gen_context(sys
> > > > te
> > > > ?HOME_DIR/\.gnome2(/.*)? gen_context(system_u:object_r:g
> > > > nome
> > > > _home_t,s0)
> > > > ?HOME_DIR/\.gnome2/keyrings(/.*)? gen_context(system_u:o
> > > > bjec
> > > > t_r:gnome_keyring_home_t,s0)
> > > > ?HOME_DIR/\.gnome2_private(/.*)? gen_context(system_u:ob
> > > > ject
> > > > _r:gnome_home_t,s0)
> > > > +HOME_DIR/orcexec\..* gen_context(system_u:object_r:gstr
> > > > eame
> > > > r_orcexec_t,s0)
> > > >
> > > > ?/etc/gconf(/.*)? gen_context(system_u:object_r:gconf_et
> > > > c_t,
> > > > s0)
> > > >
> > > > ?/tmp/gconfd-USER/.* -- gen_context(system_u:obje
> > > > ct_r
> > > > :gconf_tmp_t,s0)
> > > > +/tmp/orcexec\..* gen_context(system_u:object_r:gstreame
> > > > r_or
> > > > cexec_t,s0)
> > >
> > > I agree with Dominick that this labeling is problematic.??I'd
> > > prefer
> > > to?
> > > avoid putting fc entries for /tmp.??The ones that we have already
> > > should?
> > > probably be revisited.
> >
> > That's fine to me. I was also not very keen on letting pulseaudio
> > execute stuff in /tmp.
> >
> > I have now dropped the support for the last alternative ORC runtime
> > executable location (in /tmp).
> >
>
> That is not what was meant though.
>
> We only request that the file context spec for that file in /tmp be
> removed.
>
> This is because /tmp could be shared (the same goes for /var/run
> probably though in a sense but i don't want to open that can of worms
> right now)
I don't like the idea that stuff in /tmp is executable.
Therefore, the support for ORC executable primary and fall-back
locations is not 100% complete but, say, 66.6% complete which is not
bad.
> > > > ?/usr/bin/gnome-keyring-daemon -- gen_context(sys
> > > > tem_
> > > > u:object_r:gkeyringd_exec_t,s0)
> > > > ?/usr/bin/mate-keyring-daemon -- gen_context(syst
> > > > em_u
> > > > :object_r:gkeyringd_exec_t,s0)
> > > >
> > > > ?/usr/lib/[^/]*/gconf/gconfd-2 -- gen_context(sys
> > > > tem_
> > > > u:object_r:gconfd_exec_t,s0)
> > > > ?/usr/libexec/gconfd-2 -- gen_context(system_u:ob
> > > > ject
> > > > _r:gconfd_exec_t,s0)
> > > > +
> > > > +/var/run/user/[^/]*/orcexec\..* gen_context(system_u:ob
> > > > ject
> > > > _r:gstreamer_orcexec_t,s0)
> > > > +/var/run/user/%{USERID}/orcexec\..* gen_context(system_
> > > > u:ob
> > > > ject_r:gstreamer_orcexec_t,s0)
> > >
> > > [...]
> > >
> > > > --- refpolicy-git-06082016-
> > > > orig/policy/modules/contrib/pulseaudio.te 2016-08-06
> > > > 21:27:11.412094999 +0200
> > > > +++ refpolicy-git-06082016/policy/modules/contrib/pulseaudio.te
> > > >
> > > > 2016-08-12 21:33:49.231266389 +0200
> > > > @@ -5,6 +5,14 @@ policy_module(pulseaudio, 1.8.1)
> > > > ?# Declarations
> > > > ?#
> > > >
> > > > +## <desc>
> > > > +## <p>
> > > > +## Allow pulseaudio to execute code in
> > > > +## writable memory
> > > > +## </p>
> > > > +## </desc>
> > > > +gen_tunable(pulseaudio_execmem, false)
> > > > +
> > > > ?attribute pulseaudio_client;
> > > > ?attribute pulseaudio_tmpfsfile;
> > > >
> > > > @@ -37,7 +45,12 @@ files_pid_file(pulseaudio_var_run_t)
> > > > ?#
> > > >
> > > > ?allow pulseaudio_t self:capability { fowner fsetid chown
> > > > setgid
> > > > setuid sys_nice sys_resource sys_tty_config };
> > > > -allow pulseaudio_t self:process { getcap setcap setrlimit
> > > > setsched
> > > > getsched signal signull };
> > > > +allow pulseaudio_t self:process { getcap getsched setcap
> > > > setrlimit
> > > > setsched signal signull };
> > > > +
> > > > +tunable_policy(`pulseaudio_execmem',`
> > > > + allow pulseaudio_t self:process execmem;
> > > > +')
> > >
> > > This should be moved down with the other tunables (in
> > > alphabetical
> > > order?
> > > by tunable name)
> >
> > The update for this module now depends on a forthcoming gnome
> > update.
> > Please apply the forthcoming patch for the gnome module first and
> > then
> > the next version of this patch.
> >
> > > > ?allow pulseaudio_t self:fifo_file rw_fifo_file_perms;
> > > > ?allow pulseaudio_t self:unix_stream_socket { accept connectto
> > > > listen };
> > > > ?allow pulseaudio_t self:unix_dgram_socket sendto;
> > > > @@ -129,9 +142,11 @@ logging_send_syslog_msg(pulseaudio_t)
> > > > ?miscfiles_read_localization(pulseaudio_t)
> > > >
> > > > ?userdom_read_user_tmpfs_files(pulseaudio_t)
> > > > -
> > > > +userdom_delete_user_tmpfs_files(pulseaudio_t)
> > > > ?userdom_search_user_home_dirs(pulseaudio_t)
> > > > -userdom_write_user_tmp_sockets(pulseaudio_t)
> > > > +userdom_search_user_home_content(pulseaudio_t)
> > > > +
> > > > +userdom_manage_user_tmp_sockets(pulseaudio_t)
> > > >
> > > > ?tunable_policy(`use_nfs_home_dirs',`
> > > > ? fs_manage_nfs_dirs(pulseaudio_t)
> > > > @@ -146,7 +161,8 @@ tunable_policy(`use_samba_home_dirs',`
> > > > ?')
> > > >
> > > > ?optional_policy(`
> > > > - alsa_read_rw_config(pulseaudio_t)
> > > > + alsa_read_config(pulseaudio_t)
> > > > + alsa_read_home_files(pulseaudio_t)
> > > > ?')
> > > >
> > > > ?optional_policy(`
> > > > @@ -176,6 +192,16 @@ optional_policy(`
> > > > ?')
> > > >
> > > > ?optional_policy(`
> > > > + gnome_stream_connect_gconf(pulseaudio_t)
> > > > +
> > > > + # OIL Runtime Compiler (ORC) optimized code execution
> > > > + allow pulseaudio_t gstreamer_orcexec_t:file {
> > > > manage_file_perms mmap_file_perms };
> > > > + gnome_user_runtime_filetrans_gstreamer_orcexec(pulseau
> > > > dio_
> > > > t, file)
> > > > + gnome_home_filetrans_gstreamer_orcexec(pulseaudio_t,
> > > > file)
> > > > + gnome_tmp_filetrans_gstreamer_orcexec(pulseaudio_t,
> > > > file)
> > > > +')
> > > > +
> > > > +optional_policy(`
> > > > ? rtkit_scheduled(pulseaudio_t)
> > > > ?')
> > > >
> > > > @@ -186,6 +212,7 @@ optional_policy(`
> > > > ?')
> > > >
> > > > ?optional_policy(`
> > > > + udev_read_pid_files(pulseaudio_t)
> > > > ? udev_read_state(pulseaudio_t)
> > > > ? udev_read_db(pulseaudio_t)
> > > > ?')
> >
> > Guido
Regards,
Guido
^ permalink raw reply [flat|nested] 15+ messages in thread
* [refpolicy] [PATCH v4] Update the pulseaudio module for usability and ORC support
2016-08-12 19:56 ` [refpolicy] [PATCH v3] " Guido Trentalancia
2016-08-13 13:50 ` Chris PeBenito
@ 2016-08-13 15:16 ` Guido Trentalancia
2016-08-14 18:41 ` Chris PeBenito
2016-08-15 21:36 ` Guido Trentalancia
1 sibling, 2 replies; 15+ messages in thread
From: Guido Trentalancia @ 2016-08-13 15:16 UTC (permalink / raw)
To: refpolicy
Update the pulseaudio module so that it is usable (tested with
latest version pulseaudio 9.0).
This patch depends on a recent patch to update the gnome module.
Support for the OIL Runtime Compiler (OIL) optimized code
execution is added to the pulseaudio module by using a few
newly created interfaces and file contexts in the gnome
module.
Supports the execmem permission only through a boolean which
defaults to false.
Thanks to Dominick Grift for the useful suggestions that
permitted to create this new improved version of the patch.
Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
---
policy/modules/contrib/pulseaudio.fc | 1 +
policy/modules/contrib/pulseaudio.if | 1 +
policy/modules/contrib/pulseaudio.te | 34 ++++++++++++++++++++++++++++++----
3 files changed, 32 insertions(+), 4 deletions(-)
--- refpolicy-git-06082016-orig/policy/modules/contrib/pulseaudio.fc 2016-08-13 16:02:14.951814316 +0200
+++ refpolicy-git-06082016/policy/modules/contrib/pulseaudio.fc 2016-08-11 20:07:21.338329216 +0200
@@ -1,6 +1,7 @@
HOME_DIR/\.esd_auth -- gen_context(system_u:object_r:pulseaudio_home_t,s0)
HOME_DIR/\.pulse(/.*)? gen_context(system_u:object_r:pulseaudio_home_t,s0)
HOME_DIR/\.pulse-cookie -- gen_context(system_u:object_r:pulseaudio_home_t,s0)
+HOME_DIR/\.config/pulse(/.*)? -- gen_context(system_u:object_r:pulseaudio_home_t,s0)
/usr/bin/pulseaudio -- gen_context(system_u:object_r:pulseaudio_exec_t,s0)
--- refpolicy-git-06082016-orig/policy/modules/contrib/pulseaudio.if 2016-08-13 16:02:14.951814316 +0200
+++ refpolicy-git-06082016/policy/modules/contrib/pulseaudio.if 2016-08-11 17:34:47.778835995 +0200
@@ -25,6 +25,7 @@ interface(`pulseaudio_role',`
pulseaudio_run($2, $1)
allow $2 pulseaudio_t:process { ptrace signal_perms };
+ allow $2 pulseaudio_t:fd use;
ps_process_pattern($2, pulseaudio_t)
allow $2 pulseaudio_home_t:dir { manage_dir_perms relabel_dir_perms };
--- refpolicy-git-06082016-orig/policy/modules/contrib/pulseaudio.te 2016-08-13 16:02:14.952814330 +0200
+++ refpolicy-git-06082016/policy/modules/contrib/pulseaudio.te 2016-08-13 16:31:13.125857283 +0200
@@ -5,6 +5,14 @@ policy_module(pulseaudio, 1.8.1)
# Declarations
#
+## <desc>
+## <p>
+## Allow pulseaudio to execute code in
+## writable memory
+## </p>
+## </desc>
+gen_tunable(pulseaudio_execmem, false)
+
attribute pulseaudio_client;
attribute pulseaudio_tmpfsfile;
@@ -37,7 +45,8 @@ files_pid_file(pulseaudio_var_run_t)
#
allow pulseaudio_t self:capability { fowner fsetid chown setgid setuid sys_nice sys_resource sys_tty_config };
-allow pulseaudio_t self:process { getcap setcap setrlimit setsched getsched signal signull };
+allow pulseaudio_t self:process { getcap getsched setcap setrlimit setsched signal signull };
+
allow pulseaudio_t self:fifo_file rw_fifo_file_perms;
allow pulseaudio_t self:unix_stream_socket { accept connectto listen };
allow pulseaudio_t self:unix_dgram_socket sendto;
@@ -129,9 +138,15 @@ logging_send_syslog_msg(pulseaudio_t)
miscfiles_read_localization(pulseaudio_t)
userdom_read_user_tmpfs_files(pulseaudio_t)
-
+userdom_delete_user_tmpfs_files(pulseaudio_t)
userdom_search_user_home_dirs(pulseaudio_t)
-userdom_write_user_tmp_sockets(pulseaudio_t)
+userdom_search_user_home_content(pulseaudio_t)
+
+userdom_manage_user_tmp_sockets(pulseaudio_t)
+
+tunable_policy(`pulseaudio_execmem',`
+ allow pulseaudio_t self:process execmem;
+')
tunable_policy(`use_nfs_home_dirs',`
fs_manage_nfs_dirs(pulseaudio_t)
@@ -146,7 +161,8 @@ tunable_policy(`use_samba_home_dirs',`
')
optional_policy(`
- alsa_read_rw_config(pulseaudio_t)
+ alsa_read_config(pulseaudio_t)
+ alsa_read_home_files(pulseaudio_t)
')
optional_policy(`
@@ -176,6 +192,15 @@ optional_policy(`
')
optional_policy(`
+ gnome_stream_connect_gconf(pulseaudio_t)
+
+ # OIL Runtime Compiler (ORC) optimized code execution
+ allow pulseaudio_t gstreamer_orcexec_t:file { manage_file_perms mmap_file_perms };
+ gnome_user_runtime_filetrans_gstreamer_orcexec(pulseaudio_t, file)
+ gnome_home_filetrans_gstreamer_orcexec(pulseaudio_t, file)
+')
+
+optional_policy(`
rtkit_scheduled(pulseaudio_t)
')
@@ -186,6 +211,7 @@ optional_policy(`
')
optional_policy(`
+ udev_read_pid_files(pulseaudio_t)
udev_read_state(pulseaudio_t)
udev_read_db(pulseaudio_t)
')
^ permalink raw reply [flat|nested] 15+ messages in thread
* [refpolicy] [PATCH v4] Update the pulseaudio module for usability and ORC support
2016-08-13 15:16 ` [refpolicy] [PATCH v4] " Guido Trentalancia
@ 2016-08-14 18:41 ` Chris PeBenito
2016-08-15 21:36 ` Guido Trentalancia
1 sibling, 0 replies; 15+ messages in thread
From: Chris PeBenito @ 2016-08-14 18:41 UTC (permalink / raw)
To: refpolicy
On 08/13/16 11:16, Guido Trentalancia wrote:
> Update the pulseaudio module so that it is usable (tested with
> latest version pulseaudio 9.0).
>
> This patch depends on a recent patch to update the gnome module.
>
> Support for the OIL Runtime Compiler (OIL) optimized code
> execution is added to the pulseaudio module by using a few
> newly created interfaces and file contexts in the gnome
> module.
>
> Supports the execmem permission only through a boolean which
> defaults to false.
>
> Thanks to Dominick Grift for the useful suggestions that
> permitted to create this new improved version of the patch.
Merged.
> Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
> ---
> policy/modules/contrib/pulseaudio.fc | 1 +
> policy/modules/contrib/pulseaudio.if | 1 +
> policy/modules/contrib/pulseaudio.te | 34 ++++++++++++++++++++++++++++++----
> 3 files changed, 32 insertions(+), 4 deletions(-)
>
> --- refpolicy-git-06082016-orig/policy/modules/contrib/pulseaudio.fc 2016-08-13 16:02:14.951814316 +0200
> +++ refpolicy-git-06082016/policy/modules/contrib/pulseaudio.fc 2016-08-11 20:07:21.338329216 +0200
> @@ -1,6 +1,7 @@
> HOME_DIR/\.esd_auth -- gen_context(system_u:object_r:pulseaudio_home_t,s0)
> HOME_DIR/\.pulse(/.*)? gen_context(system_u:object_r:pulseaudio_home_t,s0)
> HOME_DIR/\.pulse-cookie -- gen_context(system_u:object_r:pulseaudio_home_t,s0)
> +HOME_DIR/\.config/pulse(/.*)? -- gen_context(system_u:object_r:pulseaudio_home_t,s0)
>
> /usr/bin/pulseaudio -- gen_context(system_u:object_r:pulseaudio_exec_t,s0)
>
> --- refpolicy-git-06082016-orig/policy/modules/contrib/pulseaudio.if 2016-08-13 16:02:14.951814316 +0200
> +++ refpolicy-git-06082016/policy/modules/contrib/pulseaudio.if 2016-08-11 17:34:47.778835995 +0200
> @@ -25,6 +25,7 @@ interface(`pulseaudio_role',`
> pulseaudio_run($2, $1)
>
> allow $2 pulseaudio_t:process { ptrace signal_perms };
> + allow $2 pulseaudio_t:fd use;
> ps_process_pattern($2, pulseaudio_t)
>
> allow $2 pulseaudio_home_t:dir { manage_dir_perms relabel_dir_perms };
> --- refpolicy-git-06082016-orig/policy/modules/contrib/pulseaudio.te 2016-08-13 16:02:14.952814330 +0200
> +++ refpolicy-git-06082016/policy/modules/contrib/pulseaudio.te 2016-08-13 16:31:13.125857283 +0200
> @@ -5,6 +5,14 @@ policy_module(pulseaudio, 1.8.1)
> # Declarations
> #
>
> +## <desc>
> +## <p>
> +## Allow pulseaudio to execute code in
> +## writable memory
> +## </p>
> +## </desc>
> +gen_tunable(pulseaudio_execmem, false)
> +
> attribute pulseaudio_client;
> attribute pulseaudio_tmpfsfile;
>
> @@ -37,7 +45,8 @@ files_pid_file(pulseaudio_var_run_t)
> #
>
> allow pulseaudio_t self:capability { fowner fsetid chown setgid setuid sys_nice sys_resource sys_tty_config };
> -allow pulseaudio_t self:process { getcap setcap setrlimit setsched getsched signal signull };
> +allow pulseaudio_t self:process { getcap getsched setcap setrlimit setsched signal signull };
> +
> allow pulseaudio_t self:fifo_file rw_fifo_file_perms;
> allow pulseaudio_t self:unix_stream_socket { accept connectto listen };
> allow pulseaudio_t self:unix_dgram_socket sendto;
> @@ -129,9 +138,15 @@ logging_send_syslog_msg(pulseaudio_t)
> miscfiles_read_localization(pulseaudio_t)
>
> userdom_read_user_tmpfs_files(pulseaudio_t)
> -
> +userdom_delete_user_tmpfs_files(pulseaudio_t)
> userdom_search_user_home_dirs(pulseaudio_t)
> -userdom_write_user_tmp_sockets(pulseaudio_t)
> +userdom_search_user_home_content(pulseaudio_t)
> +
> +userdom_manage_user_tmp_sockets(pulseaudio_t)
> +
> +tunable_policy(`pulseaudio_execmem',`
> + allow pulseaudio_t self:process execmem;
> +')
>
> tunable_policy(`use_nfs_home_dirs',`
> fs_manage_nfs_dirs(pulseaudio_t)
> @@ -146,7 +161,8 @@ tunable_policy(`use_samba_home_dirs',`
> ')
>
> optional_policy(`
> - alsa_read_rw_config(pulseaudio_t)
> + alsa_read_config(pulseaudio_t)
> + alsa_read_home_files(pulseaudio_t)
> ')
>
> optional_policy(`
> @@ -176,6 +192,15 @@ optional_policy(`
> ')
>
> optional_policy(`
> + gnome_stream_connect_gconf(pulseaudio_t)
> +
> + # OIL Runtime Compiler (ORC) optimized code execution
> + allow pulseaudio_t gstreamer_orcexec_t:file { manage_file_perms mmap_file_perms };
> + gnome_user_runtime_filetrans_gstreamer_orcexec(pulseaudio_t, file)
> + gnome_home_filetrans_gstreamer_orcexec(pulseaudio_t, file)
> +')
> +
> +optional_policy(`
> rtkit_scheduled(pulseaudio_t)
> ')
>
> @@ -186,6 +211,7 @@ optional_policy(`
> ')
>
> optional_policy(`
> + udev_read_pid_files(pulseaudio_t)
> udev_read_state(pulseaudio_t)
> udev_read_db(pulseaudio_t)
> ')
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
>
--
Chris PeBenito
^ permalink raw reply [flat|nested] 15+ messages in thread
* [refpolicy] [PATCH v4] Update the pulseaudio module for usability and ORC support
2016-08-13 15:16 ` [refpolicy] [PATCH v4] " Guido Trentalancia
2016-08-14 18:41 ` Chris PeBenito
@ 2016-08-15 21:36 ` Guido Trentalancia
1 sibling, 0 replies; 15+ messages in thread
From: Guido Trentalancia @ 2016-08-15 21:36 UTC (permalink / raw)
To: refpolicy
Hello.
Please note that this patch (already merged, hopefully at the latest
version 4), depends on the following gnome patch:
[PATCH v2] Update for the gnome policy and file contexts
Regards,
Guido
On Sat, 13/08/2016 at 17.16 +0200, Guido Trentalancia wrote:
> Update the pulseaudio module so that it is usable (tested with
> latest version pulseaudio 9.0).
>
> This patch depends on a recent patch to update the gnome module.
>
> Support for the OIL Runtime Compiler (OIL) optimized code
> execution is added to the pulseaudio module by using a few
> newly created interfaces and file contexts in the gnome
> module.
>
> Supports the execmem permission only through a boolean which
> defaults to false.
>
> Thanks to Dominick Grift for the useful suggestions that
> permitted to create this new improved version of the patch.
>
> Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
> ---
> ?policy/modules/contrib/pulseaudio.fc |????1 +
> ?policy/modules/contrib/pulseaudio.if |????1 +
> ?policy/modules/contrib/pulseaudio.te |???34
> ++++++++++++++++++++++++++++++----
> ?3 files changed, 32 insertions(+), 4 deletions(-)
>
> --- refpolicy-git-06082016-orig/policy/modules/contrib/pulseaudio.fc
> 2016-08-13 16:02:14.951814316 +0200
> +++ refpolicy-git-06082016/policy/modules/contrib/pulseaudio.fc
> 2016-08-11 20:07:21.338329216 +0200
> @@ -1,6 +1,7 @@
> ?HOME_DIR/\.esd_auth -- gen_context(system_u:object_r:p
> ulseaudio_home_t,s0)
> ?HOME_DIR/\.pulse(/.*)? gen_context(system_u:object_r:pulseaud
> io_home_t,s0)
> ?HOME_DIR/\.pulse-cookie -- gen_context(system_u:object
> _r:pulseaudio_home_t,s0)
> +HOME_DIR/\.config/pulse(/.*)? -- gen_context(system_u:
> object_r:pulseaudio_home_t,s0)
> ?
> ?/usr/bin/pulseaudio -- gen_context(system_u:object_r:p
> ulseaudio_exec_t,s0)
> ?
> --- refpolicy-git-06082016-orig/policy/modules/contrib/pulseaudio.if
> 2016-08-13 16:02:14.951814316 +0200
> +++ refpolicy-git-06082016/policy/modules/contrib/pulseaudio.if
> 2016-08-11 17:34:47.778835995 +0200
> @@ -25,6 +25,7 @@ interface(`pulseaudio_role',`
> ? pulseaudio_run($2, $1)
> ?
> ? allow $2 pulseaudio_t:process { ptrace signal_perms };
> + allow $2 pulseaudio_t:fd use;
> ? ps_process_pattern($2, pulseaudio_t)
> ?
> ? allow $2 pulseaudio_home_t:dir { manage_dir_perms
> relabel_dir_perms };
> --- refpolicy-git-06082016-orig/policy/modules/contrib/pulseaudio.te
> 2016-08-13 16:02:14.952814330 +0200
> +++ refpolicy-git-06082016/policy/modules/contrib/pulseaudio.te
> 2016-08-13 16:31:13.125857283 +0200
> @@ -5,6 +5,14 @@ policy_module(pulseaudio, 1.8.1)
> ?# Declarations
> ?#
> ?
> +## <desc>
> +## <p>
> +## Allow pulseaudio to execute code in
> +## writable memory?
> +## </p>
> +## </desc>
> +gen_tunable(pulseaudio_execmem, false)
> +
> ?attribute pulseaudio_client;
> ?attribute pulseaudio_tmpfsfile;
> ?
> @@ -37,7 +45,8 @@ files_pid_file(pulseaudio_var_run_t)
> ?#
> ?
> ?allow pulseaudio_t self:capability { fowner fsetid chown setgid
> setuid sys_nice sys_resource sys_tty_config };
> -allow pulseaudio_t self:process { getcap setcap setrlimit setsched
> getsched signal signull };
> +allow pulseaudio_t self:process { getcap getsched setcap setrlimit
> setsched signal signull };
> +
> ?allow pulseaudio_t self:fifo_file rw_fifo_file_perms;
> ?allow pulseaudio_t self:unix_stream_socket { accept connectto listen
> };
> ?allow pulseaudio_t self:unix_dgram_socket sendto;
> @@ -129,9 +138,15 @@ logging_send_syslog_msg(pulseaudio_t)
> ?miscfiles_read_localization(pulseaudio_t)
> ?
> ?userdom_read_user_tmpfs_files(pulseaudio_t)
> -
> +userdom_delete_user_tmpfs_files(pulseaudio_t)
> ?userdom_search_user_home_dirs(pulseaudio_t)
> -userdom_write_user_tmp_sockets(pulseaudio_t)
> +userdom_search_user_home_content(pulseaudio_t)
> +
> +userdom_manage_user_tmp_sockets(pulseaudio_t)
> +
> +tunable_policy(`pulseaudio_execmem',`
> + allow pulseaudio_t self:process execmem;
> +')
> ?
> ?tunable_policy(`use_nfs_home_dirs',`
> ? fs_manage_nfs_dirs(pulseaudio_t)
> @@ -146,7 +161,8 @@ tunable_policy(`use_samba_home_dirs',`
> ?')
> ?
> ?optional_policy(`
> - alsa_read_rw_config(pulseaudio_t)
> + alsa_read_config(pulseaudio_t)
> + alsa_read_home_files(pulseaudio_t)
> ?')
> ?
> ?optional_policy(`
> @@ -176,6 +192,15 @@ optional_policy(`
> ?')
> ?
> ?optional_policy(`
> + gnome_stream_connect_gconf(pulseaudio_t)
> +
> + # OIL Runtime Compiler (ORC) optimized code execution
> + allow pulseaudio_t gstreamer_orcexec_t:file {
> manage_file_perms mmap_file_perms };
> + gnome_user_runtime_filetrans_gstreamer_orcexec(pulseaudio_t,
> file)
> + gnome_home_filetrans_gstreamer_orcexec(pulseaudio_t, file)
> +')
> +
> +optional_policy(`
> ? rtkit_scheduled(pulseaudio_t)
> ?')
> ?
> @@ -186,6 +211,7 @@ optional_policy(`
> ?')
> ?
> ?optional_policy(`
> + udev_read_pid_files(pulseaudio_t)
> ? udev_read_state(pulseaudio_t)
> ? udev_read_db(pulseaudio_t)
> ?')
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
--
This message contains confidential information intended only for the use
of the addressee(s). If you are not the intended recipient, please
contact the sender by return e-mail and destroy all copies of the
original message.
^ permalink raw reply [flat|nested] 15+ messages in thread
end of thread, other threads:[~2016-08-15 21:36 UTC | newest]
Thread overview: 15+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-08-11 22:04 [refpolicy] [PATCH] Update the pulseaudio module for usability and ORC support Guido Trentalancia
2016-08-12 7:02 ` Dominick Grift
2016-08-12 8:18 ` Dominick Grift
2016-08-12 16:57 ` Guido Trentalancia
2016-08-12 17:09 ` Dominick Grift
2016-08-12 19:19 ` Guido Trentalancia
2016-08-12 16:58 ` [refpolicy] [PATCH v2] " Guido Trentalancia
2016-08-12 19:56 ` [refpolicy] [PATCH v3] " Guido Trentalancia
2016-08-13 13:50 ` Chris PeBenito
2016-08-13 14:34 ` Guido Trentalancia
2016-08-13 14:36 ` Dominick Grift
2016-08-13 14:44 ` Guido Trentalancia
2016-08-13 15:16 ` [refpolicy] [PATCH v4] " Guido Trentalancia
2016-08-14 18:41 ` Chris PeBenito
2016-08-15 21:36 ` Guido Trentalancia
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.