Separate sound specific items frmo general entropyd
Introduce a tunable called "entropyd_use_audio". This boolean triggers the privileges that are specific for audio support (both device access as well as the alsa-specific ones). The idea to use a boolean is to support other entropy management applications/daemons which use different sources (like haveged using the HAVEGE algorithm). Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
This commit is contained in:
parent
95995f5048
commit
34aea93484
|
@ -5,6 +5,13 @@ policy_module(audioentropy, 1.6.0)
|
||||||
# Declarations
|
# Declarations
|
||||||
#
|
#
|
||||||
|
|
||||||
|
## <desc>
|
||||||
|
## <p>
|
||||||
|
## Allow the use of the audio devices as the source for the entropy feeds
|
||||||
|
## </p>
|
||||||
|
## </desc>
|
||||||
|
gen_tunable(entropyd_use_audio, false)
|
||||||
|
|
||||||
type entropyd_t;
|
type entropyd_t;
|
||||||
type entropyd_exec_t;
|
type entropyd_exec_t;
|
||||||
init_daemon_domain(entropyd_t, entropyd_exec_t)
|
init_daemon_domain(entropyd_t, entropyd_exec_t)
|
||||||
|
@ -33,11 +40,6 @@ dev_read_urand(entropyd_t)
|
||||||
dev_write_urand(entropyd_t)
|
dev_write_urand(entropyd_t)
|
||||||
dev_read_rand(entropyd_t)
|
dev_read_rand(entropyd_t)
|
||||||
dev_write_rand(entropyd_t)
|
dev_write_rand(entropyd_t)
|
||||||
dev_read_sound(entropyd_t)
|
|
||||||
# set sound card parameters such as
|
|
||||||
# sample format, number of channels
|
|
||||||
# and sample rate.
|
|
||||||
dev_write_sound(entropyd_t)
|
|
||||||
|
|
||||||
files_read_etc_files(entropyd_t)
|
files_read_etc_files(entropyd_t)
|
||||||
files_read_usr_files(entropyd_t)
|
files_read_usr_files(entropyd_t)
|
||||||
|
@ -54,10 +56,19 @@ miscfiles_read_localization(entropyd_t)
|
||||||
userdom_dontaudit_use_unpriv_user_fds(entropyd_t)
|
userdom_dontaudit_use_unpriv_user_fds(entropyd_t)
|
||||||
userdom_dontaudit_search_user_home_dirs(entropyd_t)
|
userdom_dontaudit_search_user_home_dirs(entropyd_t)
|
||||||
|
|
||||||
|
tunable_policy(`entropyd_use_audio',`
|
||||||
|
dev_read_sound(entropyd_t)
|
||||||
|
# set sound card parameters such as sample format, number of channels
|
||||||
|
# and sample rate.
|
||||||
|
dev_write_sound(entropyd_t)
|
||||||
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
|
tunable_policy(`entropyd_use_audio',`
|
||||||
alsa_read_lib(entropyd_t)
|
alsa_read_lib(entropyd_t)
|
||||||
alsa_read_rw_config(entropyd_t)
|
alsa_read_rw_config(entropyd_t)
|
||||||
')
|
')
|
||||||
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
seutil_sigchld_newrole(entropyd_t)
|
seutil_sigchld_newrole(entropyd_t)
|
||||||
|
|
Loading…
Reference in New Issue