/usr/share/selinux/ubuntu/include/apps/pulseaudio.if is in selinux-policy-ubuntu-dev 0.2.20091117-0ubuntu2.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 | ## <summary>Pulseaudio network sound server.</summary>
########################################
## <summary>
## Role access for pulseaudio
## </summary>
## <param name="role">
## <summary>
## Role allowed access
## </summary>
## </param>
## <param name="domain">
## <summary>
## User domain for the role
## </summary>
## </param>
#
interface(`pulseaudio_role',`
gen_require(`
type pulseaudio_t, pulseaudio_exec_t, print_spool_t;
class dbus { send_msg };
')
role $1 types pulseaudio_t;
# Transition from the user domain to the derived domain.
domtrans_pattern($2, pulseaudio_exec_t, pulseaudio_t)
ps_process_pattern($2, pulseaudio_t)
allow pulseaudio_t $2:process { signal signull };
allow $2 pulseaudio_t:process { signal signull };
ps_process_pattern(pulseaudio_t, $2)
allow pulseaudio_t $2:unix_stream_socket connectto;
allow $2 pulseaudio_t:unix_stream_socket connectto;
userdom_manage_home_role($1, pulseaudio_t)
userdom_manage_tmp_role($1, pulseaudio_t)
userdom_manage_tmpfs_role($1, pulseaudio_t)
allow $2 pulseaudio_t:dbus send_msg;
allow pulseaudio_t $2:dbus send_msg;
')
########################################
## <summary>
## Execute a domain transition to run pulseaudio.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
## </summary>
## </param>
#
interface(`pulseaudio_domtrans',`
gen_require(`
type pulseaudio_t, pulseaudio_exec_t;
')
domtrans_pattern($1,pulseaudio_exec_t,pulseaudio_t)
')
########################################
## <summary>
## Execute pulseaudio in the pulseaudio domain, and
## allow the specified role the pulseaudio domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <param name="role">
## <summary>
## The role to be allowed the pulseaudio domain.
## </summary>
## </param>
#
interface(`pulseaudio_run',`
gen_require(`
type pulseaudio_t;
')
pulseaudio_domtrans($1)
role $2 types pulseaudio_t;
')
########################################
## <summary>
## Execute a pulseaudio in the current domain
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
## </summary>
## </param>
#
interface(`pulseaudio_exec',`
gen_require(`
type pulseaudio_exec_t;
')
can_exec($1,pulseaudio_exec_t)
')
########################################
## <summary>
## Send and receive messages from
## pulseaudio over dbus.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`pulseaudio_dbus_chat',`
gen_require(`
type pulseaudio_t;
class dbus send_msg;
')
allow $1 pulseaudio_t:dbus send_msg;
allow pulseaudio_t $1:dbus send_msg;
')
########################################
## <summary>
## pulsaudio connection template.
## </summary>
## <param name="user_domain">
## <summary>
## The type of the user domain.
## </summary>
## </param>
#
interface(`pulseaudio_stream_connect',`
gen_require(`
type pulseaudio_t;
')
allow $1 pulseaudio_t:process signull;
allow pulseaudio_t $1:process signull;
allow $1 pulseaudio_t:unix_stream_socket connectto;
')
|