policy_module(alsa,1.0.0)

########################################
#
# Declarations
#

type alsa_t;
type alsa_exec_t;
domain_type(alsa_t)
domain_entry_file(alsa_t, alsa_exec_t)
role system_r types alsa_t;

type alsa_etc_rw_t;
files_type(alsa_etc_rw_t)

########################################
#
# Local policy
#

allow alsa_t self:capability { setgid setuid ipc_owner };
dontaudit alsa_t self:capability sys_admin;
allow alsa_t self:sem create_sem_perms;
allow alsa_t self:shm create_shm_perms;
allow alsa_t self:unix_stream_socket create_stream_socket_perms;
allow alsa_t self:unix_dgram_socket create_socket_perms;

allow alsa_t alsa_etc_rw_t:dir rw_dir_perms;
allow alsa_t alsa_etc_rw_t:file create_file_perms;
allow alsa_t alsa_etc_rw_t:lnk_file create_lnk_perms;

files_read_etc_files(alsa_t)

term_use_generic_pty(alsa_t)

libs_use_ld_so(alsa_t)
libs_use_shared_libs(alsa_t)

logging_send_syslog_msg(alsa_t)

miscfiles_read_localization(alsa_t)

userdom_manage_unpriv_user_semaphores(alsa_t)
userdom_manage_unpriv_user_shared_mem(alsa_t)

optional_policy(`nscd',`
	nscd_use_socket(alsa_t)
')