Devices patch from Dan Walsh.
vhost_device_t added for libvirt/qemu /dev/usbmon device added lots of new interfaces.
This commit is contained in:
Chris PeBenito
parent
46c0e57acf
commit
fb7caddb4f
@ -70,6 +70,7 @@
|
|||||||
/dev/modem -c gen_context(system_u:object_r:modem_device_t,s0)
|
/dev/modem -c gen_context(system_u:object_r:modem_device_t,s0)
|
||||||
/dev/mpu401.* -c gen_context(system_u:object_r:sound_device_t,s0)
|
/dev/mpu401.* -c gen_context(system_u:object_r:sound_device_t,s0)
|
||||||
/dev/msr.* -c gen_context(system_u:object_r:cpu_device_t,s0)
|
/dev/msr.* -c gen_context(system_u:object_r:cpu_device_t,s0)
|
||||||
|
/dev/net/vhost -c gen_context(system_u:object_r:vhost_device_t,s0)
|
||||||
/dev/network_latency -c gen_context(system_u:object_r:netcontrol_device_t,s0)
|
/dev/network_latency -c gen_context(system_u:object_r:netcontrol_device_t,s0)
|
||||||
/dev/network_throughput -c gen_context(system_u:object_r:netcontrol_device_t,s0)
|
/dev/network_throughput -c gen_context(system_u:object_r:netcontrol_device_t,s0)
|
||||||
/dev/noz.* -c gen_context(system_u:object_r:modem_device_t,s0)
|
/dev/noz.* -c gen_context(system_u:object_r:modem_device_t,s0)
|
||||||
@ -109,9 +110,11 @@
|
|||||||
/dev/ub[a-c] -c gen_context(system_u:object_r:usb_device_t,s0)
|
/dev/ub[a-c] -c gen_context(system_u:object_r:usb_device_t,s0)
|
||||||
/dev/usb.+ -c gen_context(system_u:object_r:usb_device_t,s0)
|
/dev/usb.+ -c gen_context(system_u:object_r:usb_device_t,s0)
|
||||||
/dev/usblp.* -c gen_context(system_u:object_r:printer_device_t,s0)
|
/dev/usblp.* -c gen_context(system_u:object_r:printer_device_t,s0)
|
||||||
|
/dev/usbmon.+ -c gen_context(system_u:object_r:usbmon_device_t,s0)
|
||||||
ifdef(`distro_suse', `
|
ifdef(`distro_suse', `
|
||||||
/dev/usbscanner -c gen_context(system_u:object_r:scanner_device_t,s0)
|
/dev/usbscanner -c gen_context(system_u:object_r:scanner_device_t,s0)
|
||||||
')
|
')
|
||||||
|
/dev/vhost-net -c gen_context(system_u:object_r:vhost_device_t,s0)
|
||||||
/dev/vbi.* -c gen_context(system_u:object_r:v4l_device_t,s0)
|
/dev/vbi.* -c gen_context(system_u:object_r:v4l_device_t,s0)
|
||||||
/dev/vbox.* -c gen_context(system_u:object_r:xserver_misc_device_t,s0)
|
/dev/vbox.* -c gen_context(system_u:object_r:xserver_misc_device_t,s0)
|
||||||
/dev/vga_arbiter -c gen_context(system_u:object_r:xserver_misc_device_t,s0)
|
/dev/vga_arbiter -c gen_context(system_u:object_r:xserver_misc_device_t,s0)
|
||||||
@ -152,6 +155,8 @@ ifdef(`distro_suse', `
|
|||||||
|
|
||||||
/dev/mapper/control -c gen_context(system_u:object_r:lvm_control_t,s0)
|
/dev/mapper/control -c gen_context(system_u:object_r:lvm_control_t,s0)
|
||||||
|
|
||||||
|
/dev/mfpports/.* -c gen_context(system_u:object_r:printer_device_t,s0)
|
||||||
|
|
||||||
/dev/mvideo/.* -c gen_context(system_u:object_r:xserver_misc_device_t,s0)
|
/dev/mvideo/.* -c gen_context(system_u:object_r:xserver_misc_device_t,s0)
|
||||||
|
|
||||||
/dev/pts(/.*)? <<none>>
|
/dev/pts(/.*)? <<none>>
|
||||||
|
|||||||
@ -2121,6 +2121,24 @@ interface(`dev_filetrans_lirc',`
|
|||||||
filetrans_pattern($1, device_t, lirc_device_t, chr_file)
|
filetrans_pattern($1, device_t, lirc_device_t, chr_file)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
## Get the attributes of the lvm comtrol device.
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain allowed access.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`dev_getattr_lvm_control',`
|
||||||
|
gen_require(`
|
||||||
|
type device_t, lvm_control_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
getattr_chr_files_pattern($1, device_t, lvm_control_t)
|
||||||
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Read the lvm comtrol device.
|
## Read the lvm comtrol device.
|
||||||
@ -2678,6 +2696,7 @@ interface(`dev_dontaudit_write_mtrr',`
|
|||||||
type mtrr_device_t;
|
type mtrr_device_t;
|
||||||
')
|
')
|
||||||
|
|
||||||
|
dontaudit $1 mtrr_device_t:file write;
|
||||||
dontaudit $1 mtrr_device_t:chr_file write;
|
dontaudit $1 mtrr_device_t:chr_file write;
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -3812,6 +3831,24 @@ interface(`dev_rw_generic_usb_dev',`
|
|||||||
rw_chr_files_pattern($1, device_t, usb_device_t)
|
rw_chr_files_pattern($1, device_t, usb_device_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
## Read USB monitor devices.
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain allowed access.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`dev_read_usbmon_dev',`
|
||||||
|
gen_require(`
|
||||||
|
type device_t, usbmon_device_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
read_chr_files_pattern($1, device_t, usbmon_device_t)
|
||||||
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Mount a usbfs filesystem.
|
## Mount a usbfs filesystem.
|
||||||
@ -4112,6 +4149,25 @@ interface(`dev_write_video_dev',`
|
|||||||
write_chr_files_pattern($1, device_t, v4l_device_t)
|
write_chr_files_pattern($1, device_t, v4l_device_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
## Allow read/write the vhost net device
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain allowed access.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`dev_rw_vhost',`
|
||||||
|
gen_require(`
|
||||||
|
type vhost_device_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
list_dirs_pattern($1, vhost_device_t, vhost_device_t)
|
||||||
|
rw_files_pattern($1, vhost_device_t, vhost_device_t)
|
||||||
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Read and write VMWare devices.
|
## Read and write VMWare devices.
|
||||||
|
|||||||
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(devices, 1.10.0)
|
policy_module(devices, 1.10.1)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -238,6 +238,12 @@ genfscon usbdevfs / gen_context(system_u:object_r:usbfs_t,s0)
|
|||||||
type usb_device_t;
|
type usb_device_t;
|
||||||
dev_node(usb_device_t)
|
dev_node(usb_device_t)
|
||||||
|
|
||||||
|
#
|
||||||
|
# usb_device_t is the type for /dev/usbmon
|
||||||
|
#
|
||||||
|
type usbmon_device_t;
|
||||||
|
dev_node(usbmon_device_t)
|
||||||
|
|
||||||
#
|
#
|
||||||
# userio_device_t is the type for /dev/uio[0-9]+
|
# userio_device_t is the type for /dev/uio[0-9]+
|
||||||
#
|
#
|
||||||
@ -247,6 +253,12 @@ dev_node(userio_device_t)
|
|||||||
type v4l_device_t;
|
type v4l_device_t;
|
||||||
dev_node(v4l_device_t)
|
dev_node(v4l_device_t)
|
||||||
|
|
||||||
|
#
|
||||||
|
# vhost_device_t is the type for /dev/vhost-net
|
||||||
|
#
|
||||||
|
type vhost_device_t;
|
||||||
|
dev_node(vhost_device_t)
|
||||||
|
|
||||||
# Type for vmware devices.
|
# Type for vmware devices.
|
||||||
type vmware_device_t;
|
type vmware_device_t;
|
||||||
dev_node(vmware_device_t)
|
dev_node(vmware_device_t)
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user