- ##
-@@ -4113,6 +5056,25 @@ interface(`dev_write_urand',`
+ ##
+@@ -4113,6 +5075,25 @@ interface(`dev_write_urand',`
########################################
##
@@ -8380,7 +8372,7 @@ index 76f285e..47c1b4d 100644
## Getattr generic the USB devices.
##
##
-@@ -4123,7 +5085,7 @@ interface(`dev_write_urand',`
+@@ -4123,7 +5104,7 @@ interface(`dev_write_urand',`
#
interface(`dev_getattr_generic_usb_dev',`
gen_require(`
@@ -8389,416 +8381,218 @@ index 76f285e..47c1b4d 100644
')
getattr_chr_files_pattern($1, device_t, usb_device_t)
-@@ -4351,7 +5313,159 @@ interface(`dev_list_usbfs',`
+@@ -4409,9 +5390,9 @@ interface(`dev_rw_usbfs',`
+ read_lnk_files_pattern($1, usbfs_t, usbfs_t)
+ ')
- ########################################
- ##
--## Set the attributes of usbfs filesystem.
-+## Set the attributes of usbfs filesystem.
-+##
-+##
-+##
-+## Domain allowed access.
-+##
-+##
-+#
-+interface(`dev_setattr_usbfs_files',`
-+ gen_require(`
-+ type usbfs_t;
-+ ')
-+
-+ setattr_files_pattern($1, usbfs_t, usbfs_t)
-+ list_dirs_pattern($1, usbfs_t, usbfs_t)
-+')
-+
-+########################################
-+##
-+## Read USB hardware information using
-+## the usbfs filesystem interface.
-+##
-+##
-+##
-+## Domain allowed access.
-+##
-+##
-+#
-+interface(`dev_read_usbfs',`
-+ gen_require(`
-+ type usbfs_t;
-+ ')
-+
-+ read_files_pattern($1, usbfs_t, usbfs_t)
-+ read_lnk_files_pattern($1, usbfs_t, usbfs_t)
-+ list_dirs_pattern($1, usbfs_t, usbfs_t)
-+')
-+
-+########################################
-+##
-+## Allow caller to modify usb hardware configuration files.
-+##
-+##
-+##
-+## Domain allowed access.
-+##
-+##
-+#
-+interface(`dev_rw_usbfs',`
-+ gen_require(`
-+ type usbfs_t;
-+ ')
-+
-+ list_dirs_pattern($1, usbfs_t, usbfs_t)
-+ rw_files_pattern($1, usbfs_t, usbfs_t)
-+ read_lnk_files_pattern($1, usbfs_t, usbfs_t)
-+')
-+
+-########################################
+######################################
-+##
-+## Read and write userio device.
-+##
-+##
-+##
-+## Domain allowed access.
-+##
-+##
-+#
-+interface(`dev_rw_userio_dev',`
-+ gen_require(`
-+ type device_t, userio_device_t;
-+ ')
-+
-+ rw_chr_files_pattern($1, device_t, userio_device_t)
-+')
-+
-+########################################
-+##
-+## Get the attributes of video4linux devices.
-+##
-+##
-+##
-+## Domain allowed access.
-+##
-+##
-+#
-+interface(`dev_getattr_video_dev',`
-+ gen_require(`
-+ type device_t, v4l_device_t;
-+ ')
-+
-+ getattr_chr_files_pattern($1, device_t, v4l_device_t)
-+')
-+
-+########################################
-+##
-+## Do not audit attempts to get the attributes
-+## of video4linux device nodes.
-+##
-+##
-+##
-+## Domain to not audit.
-+##
-+##
-+#
-+interface(`dev_dontaudit_getattr_video_dev',`
-+ gen_require(`
-+ type v4l_device_t;
-+ ')
-+
-+ dontaudit $1 v4l_device_t:chr_file getattr;
-+')
-+
-+########################################
-+##
-+## Set the attributes of video4linux device nodes.
-+##
-+##
-+##
-+## Domain allowed access.
-+##
-+##
-+#
-+interface(`dev_setattr_video_dev',`
-+ gen_require(`
-+ type device_t, v4l_device_t;
-+ ')
-+
-+ setattr_chr_files_pattern($1, device_t, v4l_device_t)
-+')
-+
-+########################################
-+##
-+## Do not audit attempts to set the attributes
-+## of video4linux device nodes.
-+##
-+##
-+##
-+## Domain to not audit.
-+##
-+##
-+#
-+interface(`dev_dontaudit_setattr_video_dev',`
-+ gen_require(`
-+ type v4l_device_t;
-+ ')
-+
-+ dontaudit $1 v4l_device_t:chr_file setattr;
-+')
-+
-+########################################
-+##
-+## Read the video4linux devices.
- ##
- ##
- ##
-@@ -4359,19 +5473,17 @@ interface(`dev_list_usbfs',`
- ##
- ##
- #
--interface(`dev_setattr_usbfs_files',`
-+interface(`dev_read_video_dev',`
- gen_require(`
-- type usbfs_t;
-+ type device_t, v4l_device_t;
- ')
-
-- setattr_files_pattern($1, usbfs_t, usbfs_t)
-- list_dirs_pattern($1, usbfs_t, usbfs_t)
-+ read_chr_files_pattern($1, device_t, v4l_device_t)
- ')
-
- ########################################
- ##
--## Read USB hardware information using
--## the usbfs filesystem interface.
-+## Write the video4linux devices.
- ##
- ##
- ##
-@@ -4379,19 +5491,17 @@ interface(`dev_setattr_usbfs_files',`
- ##
- ##
- #
--interface(`dev_read_usbfs',`
-+interface(`dev_write_video_dev',`
- gen_require(`
-- type usbfs_t;
-+ type device_t, v4l_device_t;
- ')
-
-- read_files_pattern($1, usbfs_t, usbfs_t)
-- read_lnk_files_pattern($1, usbfs_t, usbfs_t)
-- list_dirs_pattern($1, usbfs_t, usbfs_t)
-+ write_chr_files_pattern($1, device_t, v4l_device_t)
- ')
-
- ########################################
- ##
--## Allow caller to modify usb hardware configuration files.
-+## Get the attributes of vfio devices.
- ##
- ##
- ##
-@@ -4399,37 +5509,36 @@ interface(`dev_read_usbfs',`
- ##
- ##
- #
--interface(`dev_rw_usbfs',`
-+interface(`dev_getattr_vfio_dev',`
- gen_require(`
-- type usbfs_t;
-+ type device_t, vfio_device_t;
- ')
-
-- list_dirs_pattern($1, usbfs_t, usbfs_t)
-- rw_files_pattern($1, usbfs_t, usbfs_t)
-- read_lnk_files_pattern($1, usbfs_t, usbfs_t)
-+ getattr_chr_files_pattern($1, device_t, vfio_device_t)
- ')
-
- ########################################
##
-## Get the attributes of video4linux devices.
-+## Do not audit attempts to get the attributes
-+## of vfio device nodes.
++## Read and write userio device.
##
##
##
--## Domain allowed access.
-+## Domain to not audit.
+@@ -4419,17 +5400,17 @@ interface(`dev_rw_usbfs',`
##
##
#
-interface(`dev_getattr_video_dev',`
-+interface(`dev_dontaudit_getattr_vfio_dev',`
++interface(`dev_rw_userio_dev',`
gen_require(`
- type device_t, v4l_device_t;
-+ type vfio_device_t;
++ type device_t, userio_device_t;
')
- getattr_chr_files_pattern($1, device_t, v4l_device_t)
-+ dontaudit $1 vfio_device_t:chr_file getattr;
++ rw_chr_files_pattern($1, device_t, userio_device_t)
')
-######################################
+########################################
##
-## Read and write userio device.
-+## Set the attributes of vfio device nodes.
++## Get the attributes of video4linux devices.
##
##
##
-@@ -4437,18 +5546,18 @@ interface(`dev_getattr_video_dev',`
+@@ -4437,12 +5418,12 @@ interface(`dev_getattr_video_dev',`
##
##
#
-interface(`dev_rw_userio_dev',`
-+interface(`dev_setattr_vfio_dev',`
++interface(`dev_getattr_video_dev',`
gen_require(`
- type device_t, userio_device_t;
-+ type device_t, vfio_device_t;
++ type device_t, v4l_device_t;
')
- rw_chr_files_pattern($1, device_t, userio_device_t)
-+ setattr_chr_files_pattern($1, device_t, vfio_device_t)
++ getattr_chr_files_pattern($1, device_t, v4l_device_t)
')
+ ########################################
+@@ -4539,6 +5520,134 @@ interface(`dev_write_video_dev',`
+
########################################
##
--## Do not audit attempts to get the attributes
--## of video4linux device nodes.
++## Get the attributes of vfio devices.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`dev_getattr_vfio_dev',`
++ gen_require(`
++ type device_t, vfio_device_t;
++ ')
++
++ getattr_chr_files_pattern($1, device_t, vfio_device_t)
++')
++
++########################################
++##
++## Do not audit attempts to get the attributes
++## of vfio device nodes.
++##
++##
++##
++## Domain to not audit.
++##
++##
++#
++interface(`dev_dontaudit_getattr_vfio_dev',`
++ gen_require(`
++ type vfio_device_t;
++ ')
++
++ dontaudit $1 vfio_device_t:chr_file getattr;
++')
++
++########################################
++##
++## Set the attributes of vfio device nodes.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`dev_setattr_vfio_dev',`
++ gen_require(`
++ type device_t, vfio_device_t;
++ ')
++
++ setattr_chr_files_pattern($1, device_t, vfio_device_t)
++')
++
++########################################
++##
+## Do not audit attempts to set the attributes
+## of vfio device nodes.
- ##
- ##
- ##
-@@ -4456,17 +5565,17 @@ interface(`dev_rw_userio_dev',`
- ##
- ##
- #
--interface(`dev_dontaudit_getattr_video_dev',`
++##