## Advanced Linux Sound Architecture utilities.
########################################
##
## Role access for alsa.
##
##
##
## Role allowed access.
##
##
##
##
## User domain for the role.
##
##
#
template(`alsa_role',`
refpolicywarn(`$0($*) has been deprecated')
')
########################################
##
## Execute a domain transition to run Alsa.
##
##
##
## Domain allowed to transition.
##
##
#
interface(`alsa_domtrans',`
gen_require(`
type alsa_t, alsa_exec_t;
')
corecmd_search_bin($1)
domtrans_pattern($1, alsa_exec_t, alsa_t)
')
########################################
##
## Execute a domain transition to run
## Alsa, and allow the specified role
## the Alsa domain.
##
##
##
## Domain allowed to transition.
##
##
##
##
## Role allowed access.
##
##
#
interface(`alsa_run',`
gen_require(`
attribute_role alsa_roles;
')
alsa_domtrans($1)
roleattribute $2 alsa_roles;
')
########################################
##
## Read and write Alsa semaphores.
##
##
##
## Domain allowed access.
##
##
#
interface(`alsa_rw_semaphores',`
gen_require(`
type alsa_t;
')
allow $1 alsa_t:sem rw_sem_perms;
')
########################################
##
## Read and write Alsa shared memory.
##
##
##
## Domain allowed access.
##
##
#
interface(`alsa_rw_shared_mem',`
gen_require(`
type alsa_t;
')
allow $1 alsa_t:shm rw_shm_perms;
')
########################################
##
## Read writable Alsa configuration content.
##
##
##
## Domain allowed access.
##
##
#
interface(`alsa_read_rw_config',`
gen_require(`
type alsa_etc_rw_t;
')
files_search_etc($1)
allow $1 alsa_etc_rw_t:dir list_dir_perms;
read_files_pattern($1, alsa_etc_rw_t, alsa_etc_rw_t)
read_lnk_files_pattern($1, alsa_etc_rw_t, alsa_etc_rw_t)
ifdef(`distro_debian',`
files_search_usr($1)
')
')
########################################
##
## Manage writable Alsa config files.
##
##
##
## Domain allowed access.
##
##
#
interface(`alsa_manage_rw_config',`
gen_require(`
type alsa_etc_rw_t;
')
files_search_etc($1)
allow $1 alsa_etc_rw_t:dir list_dir_perms;
manage_files_pattern($1, alsa_etc_rw_t, alsa_etc_rw_t)
read_lnk_files_pattern($1, alsa_etc_rw_t, alsa_etc_rw_t)
ifdef(`distro_debian',`
files_search_usr($1)
')
')
########################################
##
## Create, read, write, and delete
## alsa home files.
##
##
##
## Domain allowed access.
##
##
#
interface(`alsa_manage_home_files',`
gen_require(`
type alsa_home_t;
')
userdom_search_user_home_dirs($1)
allow $1 alsa_home_t:file manage_file_perms;
alsa_filetrans_home_content($1)
')
########################################
##
## Read Alsa home files.
##
##
##
## Domain allowed access.
##
##
#
interface(`alsa_read_home_files',`
gen_require(`
type alsa_home_t;
')
userdom_search_user_home_dirs($1)
allow $1 alsa_home_t:file read_file_perms;
')
########################################
##
## Relabel alsa home files.
##
##
##
## Domain allowed access.
##
##
#
interface(`alsa_relabel_home_files',`
gen_require(`
type alsa_home_t;
')
userdom_search_user_home_dirs($1)
allow $1 alsa_home_t:file relabel_file_perms;
')
########################################
##
## Create objects in user home
## directories with the generic alsa
## home type.
##
##
##
## Domain allowed access.
##
##
##
##
## Class of the object being created.
##
##
##
##
## The name of the object being created.
##
##
#
interface(`alsa_home_filetrans_alsa_home',`
gen_require(`
type alsa_home_t;
')
userdom_user_home_dir_filetrans($1, alsa_home_t, $2, $3)
')
########################################
##
## Read Alsa lib files.
##
##
##
## Domain allowed access.
##
##
#
interface(`alsa_read_lib',`
gen_require(`
type alsa_var_lib_t;
')
files_search_var_lib($1)
read_files_pattern($1, alsa_var_lib_t, alsa_var_lib_t)
')
########################################
##
## Transition to alsa named content
##
##
##
## Domain allowed access.
##
##
#
interface(`alsa_filetrans_home_content',`
gen_require(`
type alsa_home_t;
')
userdom_user_home_dir_filetrans($1, alsa_home_t, file, ".asoundrc")
')
########################################
##
## Transition to alsa named content
##
##
##
## Domain allowed access.
##
##
#
interface(`alsa_filetrans_named_content',`
gen_require(`
type alsa_home_t;
type alsa_etc_rw_t;
type alsa_var_lib_t;
')
files_etc_filetrans($1, alsa_etc_rw_t, file, "asound.state")
files_etc_filetrans($1, alsa_etc_rw_t, dir, "pcm")
files_etc_filetrans($1, alsa_etc_rw_t, dir, "asound")
files_usr_filetrans($1, alsa_etc_rw_t, file, "alsa.conf")
files_usr_filetrans($1, alsa_etc_rw_t, dir, "pcm")
files_var_lib_filetrans($1, alsa_var_lib_t, dir, "alsa")
')
########################################
##
## Execute alsa server in the alsa domain.
##
##
##
## Domain allowed to transition.
##
##
#
interface(`alsa_systemctl',`
gen_require(`
type alsa_t;
type alsa_unit_file_t;
')
systemd_exec_systemctl($1)
allow $1 alsa_unit_file_t:file read_file_perms;
allow $1 alsa_unit_file_t:service manage_service_perms;
ps_process_pattern($1, alsa_t)
')