diff options
Diffstat (limited to 'policy/modules/contrib/skype.te')
| -rw-r--r-- | policy/modules/contrib/skype.te | 31 |
1 files changed, 24 insertions, 7 deletions
diff --git a/policy/modules/contrib/skype.te b/policy/modules/contrib/skype.te index c6fffc048..5450b7981 100644 --- a/policy/modules/contrib/skype.te +++ b/policy/modules/contrib/skype.te @@ -1,7 +1,7 @@ policy_module(skype, 0.0.2) ############################ -# +# # Declarations # @@ -29,6 +29,9 @@ ubac_constrained(skype_tmp_t) type skype_tmpfs_t; files_tmpfs_file(skype_tmpfs_t) ubac_constrained(skype_tmpfs_t) +optional_policy(` + pulseaudio_tmpfs_content(skype_tmpfs_t) +') ############################ # @@ -41,6 +44,8 @@ allow skype_t self:unix_stream_socket create_socket_perms; allow skype_t self:sem create_sem_perms; allow skype_t self:tcp_socket create_stream_socket_perms; +allow skype_t skype_exec_t:file execmod; + # Allow skype to work with its ~/.skype location manage_dirs_pattern(skype_t, skype_home_t, skype_home_t) manage_files_pattern(skype_t, skype_home_t, skype_home_t) @@ -53,12 +58,13 @@ manage_fifo_files_pattern(skype_t, skype_tmpfs_t, skype_tmpfs_t) manage_sock_files_pattern(skype_t, skype_tmpfs_t, skype_tmpfs_t) fs_tmpfs_filetrans(skype_t, skype_tmpfs_t, { file lnk_file sock_file fifo_file }) +manage_dirs_pattern(skype_t, skype_tmp_t, skype_tmp_t) manage_files_pattern(skype_t, skype_tmp_t, skype_tmp_t) manage_sock_files_pattern(skype_t, skype_tmp_t, skype_tmp_t) -files_tmp_filetrans(skype_t, skype_tmp_t, { file sock_file }) +files_tmp_filetrans(skype_t, skype_tmp_t, { dir file sock_file }) kernel_dontaudit_search_sysctl(skype_t) -kernel_dontaudit_read_kernel_sysctls(skype_t) +kernel_dontaudit_read_kernel_sysctl(skype_t) kernel_read_network_state(skype_t) kernel_read_system_state(skype_t) @@ -71,15 +77,15 @@ corenet_all_recvfrom_netlabel(skype_t) corenet_all_recvfrom_unlabeled(skype_t) corenet_sendrecv_http_client_packets(skype_t) corenet_tcp_bind_generic_node(skype_t) -corenet_tcp_bind_generic_port(skype_t) +corenet_tcp_bind_generic_port(skype_t) corenet_tcp_connect_all_unreserved_ports(skype_t) corenet_tcp_connect_generic_port(skype_t) corenet_tcp_connect_http_port(skype_t) -corenet_tcp_sendrecv_http_port(skype_t) corenet_udp_bind_generic_node(skype_t) -corenet_udp_bind_generic_port(skype_t) +corenet_udp_bind_generic_port(skype_t) dev_dontaudit_search_sysfs(skype_t) +dev_dontaudit_read_sysfs(skype_t) dev_read_sound(skype_t) dev_read_video_dev(skype_t) dev_write_sound(skype_t) @@ -96,6 +102,7 @@ fs_dontaudit_getattr_xattr_fs(skype_t) auth_use_nsswitch(skype_t) miscfiles_dontaudit_setattr_fonts_dirs(skype_t) +miscfiles_read_generic_certs(skype_t) miscfiles_read_localization(skype_t) userdom_dontaudit_use_user_ttys(skype_t) @@ -109,7 +116,7 @@ tunable_policy(`skype_manage_user_content',` ') optional_policy(` - alsa_read_rw_config(skype_t) + pulseaudio_domtrans(skype_t) ') optional_policy(` @@ -120,3 +127,13 @@ optional_policy(` optional_policy(` xdg_manage_config_home(skype_t) ') + +optional_policy(` + mozilla_dontaudit_manage_user_home_files(skype_t) +') + +ifdef(`use_alsa',` + optional_policy(` + alsa_domain(skype_t, skype_tmpfs_t) + ') +') |