Devices patch from Dan Walsh.
vhost_device_t added for libvirt/qemu /dev/usbmon device added lots of new interfaces.
This commit is contained in:
Chris PeBenito
parent
46c0e57acf
commit
fb7caddb4f
@ -70,6 +70,7 @@
|
||||
/dev/modem -c gen_context(system_u:object_r:modem_device_t,s0)
|
||||
/dev/mpu401.* -c gen_context(system_u:object_r:sound_device_t,s0)
|
||||
/dev/msr.* -c gen_context(system_u:object_r:cpu_device_t,s0)
|
||||
/dev/net/vhost -c gen_context(system_u:object_r:vhost_device_t,s0)
|
||||
/dev/network_latency -c gen_context(system_u:object_r:netcontrol_device_t,s0)
|
||||
/dev/network_throughput -c gen_context(system_u:object_r:netcontrol_device_t,s0)
|
||||
/dev/noz.* -c gen_context(system_u:object_r:modem_device_t,s0)
|
||||
@ -109,9 +110,11 @@
|
||||
/dev/ub[a-c] -c gen_context(system_u:object_r:usb_device_t,s0)
|
||||
/dev/usb.+ -c gen_context(system_u:object_r:usb_device_t,s0)
|
||||
/dev/usblp.* -c gen_context(system_u:object_r:printer_device_t,s0)
|
||||
/dev/usbmon.+ -c gen_context(system_u:object_r:usbmon_device_t,s0)
|
||||
ifdef(`distro_suse', `
|
||||
/dev/usbscanner -c gen_context(system_u:object_r:scanner_device_t,s0)
|
||||
')
|
||||
/dev/vhost-net -c gen_context(system_u:object_r:vhost_device_t,s0)
|
||||
/dev/vbi.* -c gen_context(system_u:object_r:v4l_device_t,s0)
|
||||
/dev/vbox.* -c gen_context(system_u:object_r:xserver_misc_device_t,s0)
|
||||
/dev/vga_arbiter -c gen_context(system_u:object_r:xserver_misc_device_t,s0)
|
||||
@ -152,6 +155,8 @@ ifdef(`distro_suse', `
|
||||
|
||||
/dev/mapper/control -c gen_context(system_u:object_r:lvm_control_t,s0)
|
||||
|
||||
/dev/mfpports/.* -c gen_context(system_u:object_r:printer_device_t,s0)
|
||||
|
||||
/dev/mvideo/.* -c gen_context(system_u:object_r:xserver_misc_device_t,s0)
|
||||
|
||||
/dev/pts(/.*)? <<none>>
|
||||
|
||||
@ -2121,6 +2121,24 @@ interface(`dev_filetrans_lirc',`
|
||||
filetrans_pattern($1, device_t, lirc_device_t, chr_file)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Get the attributes of the lvm comtrol device.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`dev_getattr_lvm_control',`
|
||||
gen_require(`
|
||||
type device_t, lvm_control_t;
|
||||
')
|
||||
|
||||
getattr_chr_files_pattern($1, device_t, lvm_control_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Read the lvm comtrol device.
|
||||
@ -2678,6 +2696,7 @@ interface(`dev_dontaudit_write_mtrr',`
|
||||
type mtrr_device_t;
|
||||
')
|
||||
|
||||
dontaudit $1 mtrr_device_t:file write;
|
||||
dontaudit $1 mtrr_device_t:chr_file write;
|
||||
')
|
||||
|
||||
@ -3812,6 +3831,24 @@ interface(`dev_rw_generic_usb_dev',`
|
||||
rw_chr_files_pattern($1, device_t, usb_device_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Read USB monitor devices.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`dev_read_usbmon_dev',`
|
||||
gen_require(`
|
||||
type device_t, usbmon_device_t;
|
||||
')
|
||||
|
||||
read_chr_files_pattern($1, device_t, usbmon_device_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Mount a usbfs filesystem.
|
||||
@ -4112,6 +4149,25 @@ interface(`dev_write_video_dev',`
|
||||
write_chr_files_pattern($1, device_t, v4l_device_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Allow read/write the vhost net device
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`dev_rw_vhost',`
|
||||
gen_require(`
|
||||
type vhost_device_t;
|
||||
')
|
||||
|
||||
list_dirs_pattern($1, vhost_device_t, vhost_device_t)
|
||||
rw_files_pattern($1, vhost_device_t, vhost_device_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Read and write VMWare devices.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(devices, 1.10.0)
|
||||
policy_module(devices, 1.10.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
@ -238,6 +238,12 @@ genfscon usbdevfs / gen_context(system_u:object_r:usbfs_t,s0)
|
||||
type usb_device_t;
|
||||
dev_node(usb_device_t)
|
||||
|
||||
#
|
||||
# usb_device_t is the type for /dev/usbmon
|
||||
#
|
||||
type usbmon_device_t;
|
||||
dev_node(usbmon_device_t)
|
||||
|
||||
#
|
||||
# userio_device_t is the type for /dev/uio[0-9]+
|
||||
#
|
||||
@ -247,6 +253,12 @@ dev_node(userio_device_t)
|
||||
type v4l_device_t;
|
||||
dev_node(v4l_device_t)
|
||||
|
||||
#
|
||||
# vhost_device_t is the type for /dev/vhost-net
|
||||
#
|
||||
type vhost_device_t;
|
||||
dev_node(vhost_device_t)
|
||||
|
||||
# Type for vmware devices.
|
||||
type vmware_device_t;
|
||||
dev_node(vmware_device_t)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user