From 413aac13de7983a8f4efa4fc8b5bde967b16ce6c Mon Sep 17 00:00:00 2001 From: Dominick Grift Date: Wed, 22 Sep 2010 17:33:26 +0200 Subject: [PATCH] Allow common users to manage and relabel Alsa home files. Signed-off-by: Dominick Grift --- policy/modules/admin/alsa.if | 38 +++++++++++++++++++++++++++++ policy/modules/system/userdomain.if | 2 ++ 2 files changed, 40 insertions(+) diff --git a/policy/modules/admin/alsa.if b/policy/modules/admin/alsa.if index 69aa7428b..90d5203ec 100644 --- a/policy/modules/admin/alsa.if +++ b/policy/modules/admin/alsa.if @@ -105,6 +105,25 @@ interface(`alsa_manage_rw_config',` ') ') +######################################## +## +## Manage alsa home files. +## +## +## +## Domain allowed access. +## +## +# +interface(`alsa_manage_home_files',` + gen_require(` + type alsa_home_t; + ') + + userdom_search_user_home_dirs($1) + allow $1 alsa_home_t:file manage_file_perms; +') + ######################################## ## ## Read Alsa home files. @@ -124,6 +143,25 @@ interface(`alsa_read_home_files',` allow $1 alsa_home_t:file read_file_perms; ') +######################################## +## +## Relabel alsa home files. +## +## +## +## Domain allowed access. +## +## +# +interface(`alsa_relabel_home_files',` + gen_require(` + type alsa_home_t; + ') + + userdom_search_user_home_dirs($1) + allow $1 alsa_home_t:file relabel_file_perms; +') + ######################################## ## ## Read Alsa lib files. diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if index b575eddf1..35f14762c 100644 --- a/policy/modules/system/userdomain.if +++ b/policy/modules/system/userdomain.if @@ -574,7 +574,9 @@ template(`userdom_common_user_template',` ') optional_policy(` + alsa_manage_home_files($1_t) alsa_read_rw_config($1_t) + alsa_relabel_home_files($1_t) ') optional_policy(`