Signed-off-by: Dave Sugar <dsugar@xxxxxxxxxx>
---
policy/modules/apps/cdrecord.if | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
diff --git a/policy/modules/apps/cdrecord.if b/policy/modules/apps/cdrecord.if
index fbc20f69..ba81fb1a 100644
--- a/policy/modules/apps/cdrecord.if
+++ b/policy/modules/apps/cdrecord.if
@@ -30,3 +30,22 @@ interface(`cdrecord_role',`
allow $2 cdrecord_t:process { ptrace signal_perms };
ps_process_pattern($2, cdrecord_t)
')
+
+########################################
+## <summary>
+## Execute cdrecord in the caller domain.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`cdrecord_exec',`
+ gen_require(`
+ type cdrecord_exec_t;
+ ')
+
+ corecmd_search_bin($1)
+ can_exec($1, cdrecord_exec_t)
+')
--
2.20.1
