## <summary>Policy for cdrecord</summary>

#######################################
## <summary>
##	The per user domain template for the cdrecord module.
## </summary>
## <desc>
##	<p>
##	This template creates derived domains which are used
##	for cdrecord.
##	</p>
##	<p>
##	This template is invoked automatically for each user, and
##	generally does not need to be invoked directly
##	by policy writers.
##	</p>
## </desc>
## <param name="userdomain_prefix">
##	<summary>
##	The prefix of the user domain (e.g., user
##	is the prefix for user_t).
##	</summary>
## </param>
## <param name="user_domain">
##	<summary>
##	The type of the user domain.
##	</summary>
## </param>
## <param name="user_role">
##	<summary>
##	The role associated with the user domain.
##	</summary>
## </param>
#
template(`cdrecord_per_userdomain_template', `

	gen_require(`
		type cdrecord_exec_t;
	')

	########################################
	#
	# Declarations
	#

	type $1_cdrecord_t;
	domain_type($1_cdrecord_t)
	domain_entry_file($1_cdrecord_t,cdrecord_exec_t)
	role $3 types $1_cdrecord_t;

	########################################
	#
	# Local policy
	#

	allow $1_cdrecord_t self:capability { ipc_lock sys_nice setuid dac_override sys_rawio };
	allow $1_cdrecord_t self:process { getsched setsched sigkill };
	allow $1_cdrecord_t self:unix_dgram_socket create_socket_perms;
	allow $1_cdrecord_t self:unix_stream_socket create_stream_socket_perms;

	allow $1_cdrecord_t $2:unix_stream_socket { getattr read write ioctl };

	# allow ps to show cdrecord and allow the user to kill it 
	allow $2 $1_cdrecord_t:dir { search getattr read };
	allow $2 $1_cdrecord_t:{ file lnk_file } { read getattr };
	allow $2 $1_cdrecord_t:process getattr;
	#We need to suppress this denial because procps
	#tries to access /proc/pid/environ and this now
	#triggers a ptrace check in recent kernels
	# (2.4 and 2.6). Might want to change procps
	#to not do this, or only if running in a privileged domain.
	dontaudit $2 $1_cdrecord_t:process ptrace;
	allow $2 $1_cdrecord_t:process signal;

	# Transition from the user domain to the derived domain.
	domain_auto_trans($2, cdrecord_exec_t, $1_cdrecord_t)
	allow $2 $1_cdrecord_t:fd use;
	allow $1_cdrecord_t $2:fd use;
	allow $1_cdrecord_t $2:fifo_file rw_file_perms;
	allow $1_cdrecord_t $2:process sigchld;

	# allow searching for cdrom-drive
	dev_list_all_dev_nodes($1_cdrecord_t) 
	
	domain_interactive_fd($1_cdrecord_t)
	domain_use_interactive_fds($1_cdrecord_t)

	files_read_etc_files($1_cdrecord_t)

	term_use_controlling_term($1_cdrecord_t)
	term_list_ptys($1_cdrecord_t)

	# allow cdrecord to write the CD
	storage_raw_write_removable_device($1_cdrecord_t)
	storage_write_scsi_generic($1_cdrecord_t)
	
	libs_use_ld_so($1_cdrecord_t)
	libs_use_shared_libs($1_cdrecord_t)

	logging_send_syslog_msg($1_cdrecord_t)

	miscfiles_read_localization($1_cdrecord_t)

	# write to the user domain tty.
	userdom_use_user_terminals($1,$1_cdrecord_t)
	userdom_use_user_terminals($1,$2)

	userdom_read_user_home_content_files($1,$1_cdrecord_t)

	# Handle nfs home dirs
	tunable_policy(`cdrecord_read_content && use_nfs_home_dirs',`
		fs_list_auto_mountpoints($1_cdrecord_t)
		files_list_home($1_cdrecord_t)
		fs_read_nfs_files($1_cdrecord_t)
		fs_read_nfs_symlinks($1_cdrecord_t)
	
	',`
		files_dontaudit_list_home($1_cdrecord_t)
		fs_dontaudit_list_auto_mountpoints($1_cdrecord_t)
		fs_dontaudit_read_nfs_files($1_cdrecord_t)
		fs_dontaudit_list_nfs($1_cdrecord_t)
	')
	# Handle samba home dirs
	tunable_policy(`cdrecord_read_content && use_samba_home_dirs',`
		fs_list_auto_mountpoints($1_cdrecord_t)
		files_list_home($1_cdrecord_t)
		fs_read_cifs_files($1_cdrecord_t)
		fs_read_cifs_symlinks($1_cdrecord_t)
	',`
		files_dontaudit_list_home($1_cdrecord_t)
		fs_dontaudit_list_auto_mountpoints($1_cdrecord_t)
		fs_dontaudit_read_cifs_files($1_cdrecord_t)
		fs_dontaudit_list_cifs($1_cdrecord_t)
	')
	
	# Handle removable media, /tmp, and /home
	tunable_policy(`cdrecord_read_content',`
		userdom_list_user_tmp($1,$1_cdrecord_t)
		userdom_read_user_tmp_files($1,$1_cdrecord_t)
		userdom_read_user_tmp_symlinks($1,$1_cdrecord_t)
		userdom_search_user_home_dirs($1,$1_cdrecord_t)
		userdom_read_user_home_content_files($1,$1_cdrecord_t)
		userdom_read_user_home_content_symlinks($1,$1_cdrecord_t)
		
		ifdef(`enable_mls',`
		',`
			fs_search_removable($1_cdrecord_t)
			fs_read_removable_files($1_cdrecord_t)
			fs_read_removable_symlinks($1_cdrecord_t)
		')
	',`
		files_dontaudit_list_tmp($1_cdrecord_t)
		files_dontaudit_list_home($1_cdrecord_t)
		fs_dontaudit_list_removable($1_cdrecord_t)
		fs_donaudit_read_removable_files($1_cdrecord_t)
		userdom_dontaudit_list_user_tmp($1,$1_cdrecord_t)
		userdom_dontaudit_read_user_tmp_files($1,$1_cdrecord_t)
		userdom_dontaudit_list_user_home_dirs($1,$1_cdrecord_t)
		userdom_dontaudit_read_user_home_content_files($1,$1_cdrecord_t)
	')
	
	# Handle default_t content
	tunable_policy(`cdrecord_read_content && read_default_t',`
		files_list_default($1_cdrecord_t)
		files_read_default_files($1_cdrecord_t)
		files_read_default_symlinks($1_cdrecord_t)
	',`
		files_dontaudit_read_default_files($1_cdrecord_t)
		files_dontaudit_list_default($1_cdrecord_t)
	')
	
	# Handle untrusted content
	tunable_policy(`cdrecord_read_content && read_untrusted_content',`
		files_list_tmp($1_cdrecord_t)
		files_list_home($1_cdrecord_t)
		userdom_search_user_home_dirs($1,$1_cdrecord_t)

		userdom_list_user_untrusted_content($1,$1_cdrecord_t)
		userdom_read_user_untrusted_content_files($1,$1_cdrecord_t)
		userdom_read_user_untrusted_content_symlinks($1,$1_cdrecord_t)
		userdom_list_user_tmp_untrusted_content($1,$1_cdrecord_t)
		userdom_read_user_tmp_untrusted_content_files($1,$1_cdrecord_t)
		userdom_read_user_tmp_untrusted_content_symlinks($1,$1_cdrecord_t)
	',`
		files_dontaudit_list_tmp($1_cdrecord_t)
		files_dontaudit_list_home($1_cdrecord_t)
		userdom_dontaudit_list_user_home_dirs($1,$1_cdrecord_t)
		userdom_dontaudit_list_user_untrusted_content($1,$1_cdrecord_t)
		userdom_dontaudit_read_user_untrusted_content_files($1,$1_cdrecord_t)
		userdom_dontaudit_list_user_tmp_untrusted_content($1,$1_cdrecord_t)
		userdom_dontaudit_read_user_tmp_untrusted_content_files($1,$1_cdrecord_t)
	')

	tunable_policy(`use_nfs_home_dirs',`
		files_search_mnt($1_cdrecord_t)
		fs_read_nfs_files($1_cdrecord_t)
		fs_read_nfs_symlinks($1_cdrecord_t)
	')
	
	optional_policy(`
		resmgr_stream_connect($1_cdrecord_t)
	')
')