1 ## <summary>Livecd tool for building alternate livecd for different os and policy versions.</summary>
3 ########################################
5 ## Execute a domain transition to run livecd.
7 ## <param name="domain">
9 ## Domain allowed to transition.
13 interface(`livecd_domtrans',`
15 type livecd_t, livecd_exec_t;
18 domtrans_pattern($1, livecd_exec_t, livecd_t)
21 ########################################
23 ## Execute livecd in the livecd domain, and
24 ## allow the specified role the livecd domain.
26 ## <param name="domain">
28 ## Domain allowed to transition.
31 ## <param name="role">
33 ## Role allowed access.
37 interface(`livecd_run',`
43 role $2 types livecd_t;
45 seutil_run_setfiles_mac(livecd_t, $2)
48 mount_run(livecd_t, $2)
52 ########################################
54 ## Dontaudit read/write to a livecd leaks
56 ## <param name="domain">
58 ## Domain allowed access.
62 interface(`livecd_dontaudit_leaks',`
67 dontaudit $1 livecd_t:unix_dgram_socket { read write };
70 ########################################
72 ## Read livecd temporary files.
74 ## <param name="domain">
76 ## Domain allowed access.
80 interface(`livecd_read_tmp_files',`
86 read_files_pattern($1, livecd_tmp_t, livecd_tmp_t)
89 ########################################
91 ## Read and write livecd temporary files.
93 ## <param name="domain">
95 ## Domain allowed access.
99 interface(`livecd_rw_tmp_files',`
105 rw_files_pattern($1, livecd_tmp_t, livecd_tmp_t)
108 ########################################
110 ## Allow read and write access to livecd semaphores.
112 ## <param name="domain">
114 ## Domain allowed access.
118 interface(`livecd_rw_semaphores',`
123 allow $1 livecd_t:sem { unix_read unix_write associate read write };