|
Dominick Grift |
39a823f |
policy_module(livecd, 1.2.1)
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
########################################
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
# Declarations
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
|
|
|
80aa858 |
attribute_role livecd_roles;
|
|
|
80aa858 |
roleattribute system_r livecd_roles;
|
|
Chris PeBenito |
66681e6 |
|
|
Chris PeBenito |
9401ae1 |
type livecd_t;
|
|
Chris PeBenito |
9401ae1 |
type livecd_exec_t;
|
|
Chris PeBenito |
9401ae1 |
application_domain(livecd_t, livecd_exec_t)
|
|
|
80aa858 |
role livecd_roles types livecd_t;
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
type livecd_tmp_t;
|
|
|
1ec3d1a |
files_tmp_file(livecd_tmp_t)
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
########################################
|
|
|
1ec3d1a |
#
|
|
Dominick Grift |
39a823f |
# Local policy
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
|
|
|
25897cc |
allow livecd_t self:capability2 mac_admin;
|
|
|
1ec3d1a |
|
|
Chris PeBenito |
9401ae1 |
domain_ptrace_all_domains(livecd_t)
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
manage_dirs_pattern(livecd_t, livecd_tmp_t, livecd_tmp_t)
|
|
|
1ec3d1a |
manage_files_pattern(livecd_t, livecd_tmp_t, livecd_tmp_t)
|
|
|
1ec3d1a |
files_tmp_filetrans(livecd_t, livecd_tmp_t, { dir file })
|
|
|
1ec3d1a |
|
|
Dominick Grift |
39a823f |
sysnet_manage_config(livecd_t)
|
|
Dominick Grift |
39a823f |
sysnet_etc_filetrans_config(livecd_t)
|
|
Dominick Grift |
39a823f |
|
|
Dominick Grift |
39a823f |
optional_policy(`
|
|
Dominick Grift |
39a823f |
hal_dbus_chat(livecd_t)
|
|
Dominick Grift |
39a823f |
')
|
|
|
80aa858 |
|
|
|
80aa858 |
optional_policy(`
|
|
|
80aa858 |
mount_run(livecd_t, livecd_roles)
|
|
|
80aa858 |
')
|
|
|
80aa858 |
|
|
|
80aa858 |
optional_policy(`
|
|
|
80aa858 |
seutil_run_setfiles_mac(livecd_t, livecd_roles)
|
|
|
80aa858 |
')
|
|
|
80aa858 |
|
|
Chris PeBenito |
9401ae1 |
optional_policy(`
|
|
|
2e739f7 |
unconfined_domain_noaudit(livecd_t)
|
|
Chris PeBenito |
9401ae1 |
')
|