selinux-refpolicy/policy/modules/apps/cdrecord.if

34 lines
747 B
Plaintext
Raw Normal View History

2006-01-12 23:23:22 +00:00
## <summary>Policy for cdrecord</summary>
2008-11-05 16:10:46 +00:00
########################################
2006-01-12 23:23:22 +00:00
## <summary>
2008-11-05 16:10:46 +00:00
## Role access for cdrecord
2006-01-12 23:23:22 +00:00
## </summary>
2008-11-05 16:10:46 +00:00
## <param name="role">
## <summary>
2008-11-05 16:10:46 +00:00
## Role allowed access
## </summary>
2006-01-12 23:23:22 +00:00
## </param>
2008-11-05 16:10:46 +00:00
## <param name="domain">
## <summary>
2008-11-05 16:10:46 +00:00
## User domain for the role
## </summary>
2006-01-12 23:23:22 +00:00
## </param>
#
2008-11-05 16:10:46 +00:00
interface(`cdrecord_role',`
2006-01-12 23:23:22 +00:00
gen_require(`
2008-11-05 16:10:46 +00:00
type cdrecord_t, cdrecord_exec_t;
2006-01-12 23:23:22 +00:00
')
2008-11-05 16:10:46 +00:00
role $1 types cdrecord_t;
2006-01-12 23:23:22 +00:00
# Transition from the user domain to the derived domain.
2008-11-05 16:10:46 +00:00
domtrans_pattern($2, cdrecord_exec_t, cdrecord_t)
2006-01-12 23:23:22 +00:00
2008-11-05 16:10:46 +00:00
allow cdrecord_t $2:unix_stream_socket { getattr read write ioctl };
2006-01-12 23:23:22 +00:00
2008-11-05 16:10:46 +00:00
# allow ps to show cdrecord and allow the user to kill it
ps_process_pattern($2, cdrecord_t)
allow $2 cdrecord_t:process signal;
2006-01-12 23:23:22 +00:00
')