Layer: kernel

Module: devices

Description:

This module creates the device node concept and provides the policy for many of the device files. Notable exceptions are the mass storage and terminal devices that are covered by other modules.

This module creates the concept of a device node. That is a char or block device file, usually in /dev. All types that are used to label device nodes should use the dev_node macro.

Additionally, this module controls access to three things:

the device directories containing device nodes
device nodes as a group
individual access to specific device nodes covered by this module.

Interfaces:

dev_create_dev_node(
	
		domain
		
			,
		
		file
		
			,
		
		objectclass(es)
		
	)

Summary

Create, read, and write device nodes. The node will be transitioned to the type provided.

Description:

Send and receive raw IP packets on the ipsec2 interface.

Parameters:

Parameter:	Description:	Optional:
domain	Domain allowed access.	No
file	Type to which the created node will be transitioned.	No
objectclass(es)	Object class(es) (single or set including {}) for which this the transition will occur.	No

dev_create_dir(
	
		domain
		
	)

Summary

Create a directory in the device directory.

Description:

Send and receive raw IP packets on the ipsec2 interface.

Parameters:

Parameter:	Description:	Optional:
domain	Domain allowed to create the directory.	No

dev_create_generic_chr_file(
	
		domain
		
	)

Summary

Allow read, write, and create for generic character device files.

Description:

Send and receive raw IP packets on the ipsec2 interface.

Parameters:

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

dev_del_generic_symlinks(
	
		domain
		
	)

Summary

Delete symbolic links in device directories.

Description:

Send and receive raw IP packets on the ipsec2 interface.

Parameters:

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

dev_delete_lvm_control(
	
		domain
		
	)

Summary

Delete the lvm control device.

Description:

Send and receive raw IP packets on the ipsec2 interface.

Parameters:

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

dev_dontaudit_getattr_all_blk_files(
	
		domain
		
	)

Summary

Dontaudit getattr on all block file device nodes.

Description:

Send and receive raw IP packets on the ipsec2 interface.

Parameters:

Parameter:	Description:	Optional:
domain	Domain to dontaudit access.	No

dev_dontaudit_getattr_all_chr_files(
	
		domain
		
	)

Summary

Dontaudit getattr on all character file device nodes.

Description:

Send and receive raw IP packets on the ipsec2 interface.

Parameters:

Parameter:	Description:	Optional:
domain	Domain to dontaudit access.	No

dev_dontaudit_getattr_generic_blk_file(
	
		domain
		
	)

Summary

Dontaudit getattr on generic block devices.

Description:

Send and receive raw IP packets on the ipsec2 interface.

Parameters:

Parameter:	Description:	Optional:
domain	Domain to dontaudit access.	No

dev_dontaudit_getattr_generic_chr_file(
	
		domain
		
	)

Summary

Dontaudit getattr for generic character device files.

Description:

Send and receive raw IP packets on the ipsec2 interface.

Parameters:

Parameter:	Description:	Optional:
domain	Domain to dontaudit access.	No

dev_dontaudit_getattr_generic_pipe(
	
		domain
		
	)

Summary

Dontaudit getattr on generic pipes.

Description:

Send and receive raw IP packets on the ipsec2 interface.

Parameters:

Parameter:	Description:	Optional:
domain	Domain to dontaudit.	No

dev_dontaudit_list_all_dev_nodes(
	
		domain
		
	)

Summary

Dontaudit attempts to list all device nodes.

Description:

Send and receive raw IP packets on the ipsec2 interface.

Parameters:

Parameter:	Description:	Optional:
domain	Domain to dontaudit listing of device nodes.	No

dev_dontaudit_rw_dri_dev(
	
		domain
		
	)

Summary

Dontaudit read and write on the dri devices.

Description:

Send and receive raw IP packets on the ipsec2 interface.

Parameters:

Parameter:	Description:	Optional:
domain	Domain to dontaudit access.	No

dev_dontaudit_rw_generic_dev_nodes(
	
		domain
		
	)

Summary

Dontaudit getattr for generic device files.

Description:

Send and receive raw IP packets on the ipsec2 interface.

Parameters:

Parameter:	Description:	Optional:
domain	Domain to dontaudit access.	No

dev_getattr_agp_dev(
	
		domain
		
	)

Summary

Getattr the agp devices.

Description:

Send and receive raw IP packets on the ipsec2 interface.

Parameters:

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

dev_getattr_all_blk_files(
	
		domain
		
	)

Summary

Getattr on all block file device nodes.

Description:

Send and receive raw IP packets on the ipsec2 interface.

Parameters:

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

dev_getattr_all_chr_files(
	
		domain
		
	)

Summary

Getattr on all character file device nodes.

Description:

Send and receive raw IP packets on the ipsec2 interface.

Parameters:

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

dev_getattr_generic_blk_file(
	
		domain
		
	)

Summary

Allow getattr on generic block devices.

Description:

Send and receive raw IP packets on the ipsec2 interface.

Parameters:

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

dev_getattr_generic_chr_file(
	
		domain
		
	)

Summary

Allow getattr for generic character device files.

Description:

Send and receive raw IP packets on the ipsec2 interface.

Parameters:

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

dev_list_all_dev_nodes(
	
		domain
		
	)

Summary

List all of the device nodes in a device directory.

Description:

Send and receive raw IP packets on the ipsec2 interface.

Parameters:

Parameter:	Description:	Optional:
domain	Domain allowed to list device nodes.	No

dev_list_usbfs(
	
		domain
		
	)

Description:

Allow caller to get a list of usb hardware.

Parameters:

Parameter:	Description:	Optional:
domain	The process type getting the list.	No

dev_manage_all_blk_files(
	
		domain
		
	)

Summary

Read, write, create, and delete all block device files.

Description:

Send and receive raw IP packets on the ipsec2 interface.

Parameters:

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

dev_manage_all_chr_files(
	
		domain
		
	)

Summary

Read, write, create, and delete all character device files.

Description:

Send and receive raw IP packets on the ipsec2 interface.

Parameters:

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

dev_manage_dev_nodes(
	
		domain
		
	)

Summary

Create, delete, read, and write device nodes in device directories.

Description:

Send and receive raw IP packets on the ipsec2 interface.

Parameters:

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

dev_manage_generic_blk_file(
	
		domain
		
	)

Summary

Allow read, write, create, and delete for generic block files.

Description:

Send and receive raw IP packets on the ipsec2 interface.

Parameters:

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

dev_manage_generic_blk_file(
	
		domain
		
	)

Summary

Create, delete, read, and write block device files.

Description:

Send and receive raw IP packets on the ipsec2 interface.

Parameters:

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

dev_manage_generic_chr_file(
	
		domain
		
	)

Summary

Create, delete, read, and write character device files.

Description:

Send and receive raw IP packets on the ipsec2 interface.

Parameters:

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

dev_manage_generic_symlinks(
	
		domain
		
	)

Summary

Create, delete, read, and write symbolic links in device directories.

Description:

Send and receive raw IP packets on the ipsec2 interface.

Parameters:

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

dev_node(
	
		object_type
		
	)

Summary

Make the passed in type a type appropriate for use on device nodes (usually files in /dev).

Description:

Send and receive raw IP packets on the ipsec2 interface.

Parameters:

Parameter:	Description:	Optional:
object_type	The object type that will be used on device nodes.	No

dev_read_cpuid(
	
		domain
		
	)

Summary

Read the multiplexed input device (/dev/input).

Description:

Send and receive raw IP packets on the ipsec2 interface.

Parameters:

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

dev_read_framebuffer(
	
		domain
		
	)

Summary

Read the framebuffer device.

Description:

Send and receive raw IP packets on the ipsec2 interface.

Parameters:

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

dev_read_input(
	
		domain
		
	)

Summary

Read the multiplexed input device (/dev/input).

Description:

Send and receive raw IP packets on the ipsec2 interface.

Parameters:

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

dev_read_lvm_control(
	
		domain
		
	)

Summary

Read the lvm comtrol device.

Description:

Send and receive raw IP packets on the ipsec2 interface.

Parameters:

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

dev_read_misc(
	
		domain
		
	)

Summary

Read miscellaneous devices.

Description:

Send and receive raw IP packets on the ipsec2 interface.

Parameters:

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

dev_read_mouse(
	
		domain
		
	)

Summary

Read the mouse devices.

Description:

Send and receive raw IP packets on the ipsec2 interface.

Parameters:

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

dev_read_mtrr(
	
		domain
		
	)

Summary

Read the mtrr device.

Description:

Send and receive raw IP packets on the ipsec2 interface.

Parameters:

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

dev_read_rand(
	
		domain
		
	)

Summary

Read from random devices (e.g., /dev/random)

Description:

Send and receive raw IP packets on the ipsec2 interface.

Parameters:

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

dev_read_raw_memory(
	
		domain
		
	)

Summary

Read raw memory devices (e.g. /dev/mem).

Description:

Send and receive raw IP packets on the ipsec2 interface.

Parameters:

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

dev_read_realtime_clock(
	
		domain
		
	)

Summary

Read the realtime clock (/dev/rtc).

Description:

Send and receive raw IP packets on the ipsec2 interface.

Parameters:

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

dev_read_snd_dev(
	
		domain
		
	)

Summary

Read the sound devices.

Description:

Send and receive raw IP packets on the ipsec2 interface.

Parameters:

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

dev_read_snd_mixer_dev(
	
		domain
		
	)

Summary

Read the sound mixer devices.

Description:

Send and receive raw IP packets on the ipsec2 interface.

Parameters:

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

dev_read_sysfs(
	
		domain
		
	)

Description:

Allow caller to read hardware state information.

Parameters:

Parameter:	Description:	Optional:
domain	The process type reading hardware state information.	No

dev_read_urand(
	
		domain
		
	)

Summary

Read from pseudo random devices (e.g., /dev/urandom)

Description:

Send and receive raw IP packets on the ipsec2 interface.

Parameters:

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

dev_read_usbfs(
	
		domain
		
	)

Description:

Read USB hardware information using the usbfs filesystem interface.

Parameters:

Parameter:	Description:	Optional:
domain	The type of the process performing this action.	No

dev_relabel_all_dev_nodes(
	
		domain
		
	)

Summary

Allow full relabeling (to and from) of all device nodes.

Description:

Send and receive raw IP packets on the ipsec2 interface.

Parameters:

Parameter:	Description:	Optional:
domain	Domain allowed to relabel.	No

dev_relabel_dev_dirs(
	
		domain
		
	)

Summary

Allow full relabeling (to and from) of directories in /dev.

Description:

Send and receive raw IP packets on the ipsec2 interface.

Parameters:

Parameter:	Description:	Optional:
domain	Domain allowed to relabel.	No

dev_rw_agp_dev(
	
		domain
		
	)

Summary

Read and write the agp devices.

Description:

Send and receive raw IP packets on the ipsec2 interface.

Parameters:

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

dev_rw_cpu_microcode(
	
		domain
		
	)

Summary

Read and write the the cpu microcode device. This is required to load cpu microcode.

Description:

Send and receive raw IP packets on the ipsec2 interface.

Parameters:

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

dev_rw_dri_dev(
	
		domain
		
	)

Summary

Read and write the dri devices.

Description:

Send and receive raw IP packets on the ipsec2 interface.

Parameters:

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

dev_rw_lvm_control(
	
		domain
		
	)

Summary

Read and write the lvm control device.

Description:

Send and receive raw IP packets on the ipsec2 interface.

Parameters:

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

dev_rw_null_dev(
	
		domain
		
	)

Summary

Read and write to the null device (/dev/null).

Description:

Send and receive raw IP packets on the ipsec2 interface.

Parameters:

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

dev_rw_power_management(
	
		domain
		
	)

Summary

Read and write the the power management device.

Description:

Send and receive raw IP packets on the ipsec2 interface.

Parameters:

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

dev_rw_realtime_clock(
	
		domain
		
	)

Summary

Read the realtime clock (/dev/rtc).

Description:

Send and receive raw IP packets on the ipsec2 interface.

Parameters:

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

dev_rw_scanner(
	
		domain
		
	)

Summary

Read and write the the scanner device.

Description:

Send and receive raw IP packets on the ipsec2 interface.

Parameters:

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

dev_rw_sysfs(
	
		domain
		
	)

Description:

Allow caller to modify hardware state information.

Parameters:

Parameter:	Description:	Optional:
domain	The process type modifying hardware state information.	No

dev_rw_usbfs(
	
		domain
		
	)

Description:

Allow caller to modify usb hardware configuration files.

Parameters:

Parameter:	Description:	Optional:
domain	The process type modifying the options.	No

dev_rw_zero_dev(
	
		domain
		
	)

Summary

Read and write to the zero device (/dev/zero).

Description:

Send and receive raw IP packets on the ipsec2 interface.

Parameters:

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

dev_rwx_zero_dev(
	
		domain
		
	)

Summary

Read, write, and execute the zero device (/dev/zero).

Description:

Send and receive raw IP packets on the ipsec2 interface.

Parameters:

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

dev_rx_raw_memory(
	
		domain
		
	)

Summary

Read and execute raw memory devices (e.g. /dev/mem).

Description:

Send and receive raw IP packets on the ipsec2 interface.

Parameters:

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

dev_search_sysfs(
	
		domain
		
	)

Description:

Search the directory containing hardware information.

Parameters:

Parameter:	Description:	Optional:
domain	The type of the process performing this action.	No

dev_search_usbfs(
	
		domain
		
	)

Description:

Search the directory containing USB hardware information.

Parameters:

Parameter:	Description:	Optional:
domain	The type of the process performing this action.	No

dev_setattr_all_blk_files(
	
		domain
		
	)

Summary

Setattr on all block file device nodes.

Description:

Send and receive raw IP packets on the ipsec2 interface.

Parameters:

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

dev_setattr_all_chr_files(
	
		domain
		
	)

Summary

Setattr on all character file device nodes.

Description:

Send and receive raw IP packets on the ipsec2 interface.

Parameters:

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

dev_write_framebuffer(
	
		domain
		
	)

Summary

Write the framebuffer device.

Description:

Send and receive raw IP packets on the ipsec2 interface.

Parameters:

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

dev_write_misc(
	
		domain
		
	)

Summary

Write miscellaneous devices.

Description:

Send and receive raw IP packets on the ipsec2 interface.

Parameters:

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

dev_write_mtrr(
	
		domain
		
	)

Summary

Write the mtrr device.

Description:

Send and receive raw IP packets on the ipsec2 interface.

Parameters:

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

dev_write_rand(
	
		domain
		
	)

Summary

Write to the random device (e.g., /dev/random). This adds entropy used to generate the random data read from the random device.

Description:

Send and receive raw IP packets on the ipsec2 interface.

Parameters:

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

dev_write_raw_memory(
	
		domain
		
	)

Summary

Write raw memory devices (e.g. /dev/mem).

Description:

Send and receive raw IP packets on the ipsec2 interface.

Parameters:

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

dev_write_realtime_clock(
	
		domain
		
	)

Summary

Read the realtime clock (/dev/rtc).

Description:

Send and receive raw IP packets on the ipsec2 interface.

Parameters:

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

dev_write_snd_dev(
	
		domain
		
	)

Summary

Write the sound devices.

Description:

Send and receive raw IP packets on the ipsec2 interface.

Parameters:

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

dev_write_snd_mixer_dev(
	
		domain
		
	)

Summary

Write the sound mixer devices.

Description:

Send and receive raw IP packets on the ipsec2 interface.

Parameters:

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

dev_write_urand(
	
		domain
		
	)

Summary

Write to the pseudo random device (e.g., /dev/urandom). This sets the random number generator seed.

Description:

Send and receive raw IP packets on the ipsec2 interface.

Parameters:

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

dev_wx_raw_memory(
	
		domain
		
	)

Summary

Write and execute raw memory devices (e.g. /dev/mem).

Description:

Send and receive raw IP packets on the ipsec2 interface.

Parameters:

Parameter:	Description:	Optional:
domain	Domain allowed access.	No