Comment 19 for bug 1224756

There is one other adjustment for pulseaudio that came up today. If an app is able to handle a file name to pulseaudio (ie, the app process doesn't have to open it first but instead tells pulseaudio to open and play a file), then pulseaudio should also have apparmor integration for playback in addition to trust-store integration for recording. Fortunately, libapparmor makes this easy-- pulseaudio just needs to get the connecting process' apparmor label (profile name) via libapparmor, then make another libapparmor call to ask if a process running under this apparmor label is allowed to access the file that the app process specified.