policy_module(usbmodules, 1.1.1) ######################################## # # Declarations # type usbmodules_t; type usbmodules_exec_t; init_system_domain(usbmodules_t, usbmodules_exec_t) role system_r types usbmodules_t; ######################################## # # Local policy # kernel_list_proc(usbmodules_t) files_list_kernel_modules(usbmodules_t) dev_list_usbfs(usbmodules_t) # allow usb device access dev_rw_usbfs(usbmodules_t) files_list_etc(usbmodules_t) # needs etc_t read access for the hotplug config, maybe should have a new type files_read_etc_files(usbmodules_t) term_read_console(usbmodules_t) term_write_console(usbmodules_t) init_use_fds(usbmodules_t) miscfiles_read_hwdata(usbmodules_t) modutils_read_module_deps(usbmodules_t) userdom_use_user_terminals(usbmodules_t) optional_policy(` hotplug_read_config(usbmodules_t) ') optional_policy(` logging_send_syslog_msg(usbmodules_t) ')