[refpolicy] [PATCH 07/15] Allow mozilla to read the alsa config files

[domg472@gmail.com (Dominick Grift)]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/14/2011 04:39 PM, Dominick Grift wrote:
> On 03/14/2011 04:36 PM, Dominick Grift wrote:
>> On 03/14/2011 04:29 PM, Christopher J. PeBenito wrote:
>>> On 03/10/11 06:51, Guido Trentalancia wrote:
>>>> Hello Dominick !
>>>>
>>>> On Thu, 10/03/2011 at 09.21 +0100, Dominick Grift wrote:
>>>>> On 03/09/2011 11:46 PM, Guido Trentalancia wrote:
>>>>>> I have the same question as for [PATCH 05/15]. Tested at least with the
>>>>>> moonlight plugin and with the totem plugin. Sounds strange...
>>>>>
>>>>> probably because you were using pulseaudio?
>>>>
>>>> Indeed. Just do not consider that then.
> 
>>> This makes me think that we need a more abstract pulseaudio interface,
>>> perhaps pulseaudio_client(), which has this access and also others.  It
>>> looks like the interface should include:
> 
>>> pulseaudio_stream_connect()
>>> pulseaudio_exec()

I do not think one wants pulseaudio_exec, i think clients need to be
able to (re) start pulseaudio in the pulseaudio domain.

>>> optional_policy(`alsa_read_rw_config()')
> 
>>> and possibly
>>> corenet_tcp_connect_pulseaudio_port()
>>> corenet_sendrecv_pulseaudio_client_packets()
> 
>>> though we probably want to make those conditional.
> 
> 
>> i do have a pulseaudio_client_template() implemented in my personal policy:
> 
>> http://fedorapeople.org/gitweb?p=domg472/public_git/refpolicy.git;a=blob;f=policy/modules/apps/pulseaudio.if;h=44312194ff98ff1f04ce50fa182314076d95de77;hb=HEAD
> 
>> problem is that, to do this right in my view, we would need to rethink
>> pulseaudio policy. I did only the gnome-pulseaudio part in my personal
>> policy and i do not know how other desktop environments deal with
>> pulseaudio, i also have not implemented pulseaudio as a system service
>> policy.
> 
> 
> And becuase pulseaudio is so tightly integrated with gnome, in my view,
> it would be best to implement policy for gnome as well (gconf, gnome
> settings daemon etc)
> 
> problem is that with gnome 3 coming up, things may (or may not) change
> dramatically... so i do not know where to draw the line.
> 
>>>>>> Regards,
>>>>>>
>>>>>> Guido
>>>>>>
>>>>>> On Wed, 09/03/2011 at 22.13 +0100, Sven Vermeulen wrote:
>>>>>>> In order to allow firefox plugins playing music through ALSA, the mozilla
>>>>>>> domain needs read access on the alsa_rw_config files.
>>>>>>>
>>>>>>> Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
>>>>>>> ---
>>>>>>>  policy/modules/apps/mozilla.te |    4 ++++
>>>>>>>  1 files changed, 4 insertions(+), 0 deletions(-)
>>>>>>>
>>>>>>> diff --git a/policy/modules/apps/mozilla.te b/policy/modules/apps/mozilla.te
>>>>>>> index c8c459c..6e0f04f 100644
>>>>>>> --- a/policy/modules/apps/mozilla.te
>>>>>>> +++ b/policy/modules/apps/mozilla.te
>>>>>>> @@ -223,6 +223,10 @@ tunable_policy(`mozilla_read_content',`
>>>>>>>  ')
>>>>>>>  
>>>>>>>  optional_policy(`
>>>>>>> +	alsa_read_rw_config(mozilla_t)
>>>>>>> +')
>>>>>>> +
>>>>>>> +optional_policy(`
>>>>>>>  	apache_read_user_scripts(mozilla_t)
>>>>>>>  	apache_read_user_content(mozilla_t)
>>>>>>>  ')
> 
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk1+N1IACgkQMlxVo39jgT9aMACginVYJjp7FffStk6lfVlrZrZs
xzcAn2nLDhznyqyk0rjYSfYlHKfTl9o4
=6eUT
-----END PGP SIGNATURE-----