This module creates the device node concept and provides the policy for many of the device files. Notable exceptions are the mass storage and terminal devices that are covered by other modules.
This module creates the concept of a device node. That is a char or block device file, usually in /dev. All types that are used to label device nodes should use the dev_node macro.
Additionally, this module controls access to three things:
Create, read, and write device nodes. The node will be transitioned to the type provided.
Send and receive raw IP packets on the ipsec2 interface.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
file | Type to which the created node will be transitioned. | No |
objectclass(es) | Object class(es) (single or set including {}) for which this the transition will occur. | No |
Create a directory in the device directory.
Send and receive raw IP packets on the ipsec2 interface.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed to create the directory. | No |
Allow read, write, and create for generic character device files.
Send and receive raw IP packets on the ipsec2 interface.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Delete symbolic links in device directories.
Send and receive raw IP packets on the ipsec2 interface.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Delete the lvm control device.
Send and receive raw IP packets on the ipsec2 interface.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Dontaudit getattr on all block file device nodes.
Send and receive raw IP packets on the ipsec2 interface.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain to dontaudit access. | No |
Dontaudit getattr on all character file device nodes.
Send and receive raw IP packets on the ipsec2 interface.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain to dontaudit access. | No |
Dontaudit getattr on generic block devices.
Send and receive raw IP packets on the ipsec2 interface.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain to dontaudit access. | No |
Dontaudit getattr for generic character device files.
Send and receive raw IP packets on the ipsec2 interface.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain to dontaudit access. | No |
Dontaudit getattr on generic pipes.
Send and receive raw IP packets on the ipsec2 interface.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain to dontaudit. | No |
Dontaudit attempts to list all device nodes.
Send and receive raw IP packets on the ipsec2 interface.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain to dontaudit listing of device nodes. | No |
Dontaudit read and write on the dri devices.
Send and receive raw IP packets on the ipsec2 interface.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain to dontaudit access. | No |
Dontaudit getattr for generic device files.
Send and receive raw IP packets on the ipsec2 interface.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain to dontaudit access. | No |
Getattr the agp devices.
Send and receive raw IP packets on the ipsec2 interface.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Getattr on all block file device nodes.
Send and receive raw IP packets on the ipsec2 interface.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Getattr on all character file device nodes.
Send and receive raw IP packets on the ipsec2 interface.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Allow getattr on generic block devices.
Send and receive raw IP packets on the ipsec2 interface.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Allow getattr for generic character device files.
Send and receive raw IP packets on the ipsec2 interface.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
List all of the device nodes in a device directory.
Send and receive raw IP packets on the ipsec2 interface.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed to list device nodes. | No |
Allow caller to get a list of usb hardware.
Parameter: | Description: | Optional: |
---|---|---|
domain | The process type getting the list. | No |
Read, write, create, and delete all block device files.
Send and receive raw IP packets on the ipsec2 interface.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Read, write, create, and delete all character device files.
Send and receive raw IP packets on the ipsec2 interface.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Create, delete, read, and write device nodes in device directories.
Send and receive raw IP packets on the ipsec2 interface.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Allow read, write, create, and delete for generic block files.
Send and receive raw IP packets on the ipsec2 interface.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Create, delete, read, and write block device files.
Send and receive raw IP packets on the ipsec2 interface.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Create, delete, read, and write character device files.
Send and receive raw IP packets on the ipsec2 interface.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Create, delete, read, and write symbolic links in device directories.
Send and receive raw IP packets on the ipsec2 interface.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Make the passed in type a type appropriate for use on device nodes (usually files in /dev).
Send and receive raw IP packets on the ipsec2 interface.
Parameter: | Description: | Optional: |
---|---|---|
object_type | The object type that will be used on device nodes. | No |
Read the multiplexed input device (/dev/input).
Send and receive raw IP packets on the ipsec2 interface.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Read the framebuffer device.
Send and receive raw IP packets on the ipsec2 interface.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Read the multiplexed input device (/dev/input).
Send and receive raw IP packets on the ipsec2 interface.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Read the lvm comtrol device.
Send and receive raw IP packets on the ipsec2 interface.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Read miscellaneous devices.
Send and receive raw IP packets on the ipsec2 interface.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Read the mouse devices.
Send and receive raw IP packets on the ipsec2 interface.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Read the mtrr device.
Send and receive raw IP packets on the ipsec2 interface.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Read from random devices (e.g., /dev/random)
Send and receive raw IP packets on the ipsec2 interface.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Read raw memory devices (e.g. /dev/mem).
Send and receive raw IP packets on the ipsec2 interface.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Read the realtime clock (/dev/rtc).
Send and receive raw IP packets on the ipsec2 interface.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Read the sound devices.
Send and receive raw IP packets on the ipsec2 interface.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Read the sound mixer devices.
Send and receive raw IP packets on the ipsec2 interface.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Allow caller to read hardware state information.
Parameter: | Description: | Optional: |
---|---|---|
domain | The process type reading hardware state information. | No |
Read from pseudo random devices (e.g., /dev/urandom)
Send and receive raw IP packets on the ipsec2 interface.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Read USB hardware information using the usbfs filesystem interface.
Parameter: | Description: | Optional: |
---|---|---|
domain | The type of the process performing this action. | No |
Allow full relabeling (to and from) of all device nodes.
Send and receive raw IP packets on the ipsec2 interface.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed to relabel. | No |
Allow full relabeling (to and from) of directories in /dev.
Send and receive raw IP packets on the ipsec2 interface.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed to relabel. | No |
Read and write the agp devices.
Send and receive raw IP packets on the ipsec2 interface.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Read and write the the cpu microcode device. This is required to load cpu microcode.
Send and receive raw IP packets on the ipsec2 interface.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Read and write the dri devices.
Send and receive raw IP packets on the ipsec2 interface.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Read and write the lvm control device.
Send and receive raw IP packets on the ipsec2 interface.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Read and write to the null device (/dev/null).
Send and receive raw IP packets on the ipsec2 interface.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Read and write the the power management device.
Send and receive raw IP packets on the ipsec2 interface.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Read the realtime clock (/dev/rtc).
Send and receive raw IP packets on the ipsec2 interface.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Read and write the the scanner device.
Send and receive raw IP packets on the ipsec2 interface.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Allow caller to modify hardware state information.
Parameter: | Description: | Optional: |
---|---|---|
domain | The process type modifying hardware state information. | No |
Allow caller to modify usb hardware configuration files.
Parameter: | Description: | Optional: |
---|---|---|
domain | The process type modifying the options. | No |
Read and write to the zero device (/dev/zero).
Send and receive raw IP packets on the ipsec2 interface.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Read, write, and execute the zero device (/dev/zero).
Send and receive raw IP packets on the ipsec2 interface.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Read and execute raw memory devices (e.g. /dev/mem).
Send and receive raw IP packets on the ipsec2 interface.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Search the directory containing hardware information.
Parameter: | Description: | Optional: |
---|---|---|
domain | The type of the process performing this action. | No |
Search the directory containing USB hardware information.
Parameter: | Description: | Optional: |
---|---|---|
domain | The type of the process performing this action. | No |
Setattr on all block file device nodes.
Send and receive raw IP packets on the ipsec2 interface.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Setattr on all character file device nodes.
Send and receive raw IP packets on the ipsec2 interface.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Write the framebuffer device.
Send and receive raw IP packets on the ipsec2 interface.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Write miscellaneous devices.
Send and receive raw IP packets on the ipsec2 interface.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Write the mtrr device.
Send and receive raw IP packets on the ipsec2 interface.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Write to the random device (e.g., /dev/random). This adds entropy used to generate the random data read from the random device.
Send and receive raw IP packets on the ipsec2 interface.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Write raw memory devices (e.g. /dev/mem).
Send and receive raw IP packets on the ipsec2 interface.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Read the realtime clock (/dev/rtc).
Send and receive raw IP packets on the ipsec2 interface.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Write the sound devices.
Send and receive raw IP packets on the ipsec2 interface.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Write the sound mixer devices.
Send and receive raw IP packets on the ipsec2 interface.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Write to the pseudo random device (e.g., /dev/urandom). This sets the random number generator seed.
Send and receive raw IP packets on the ipsec2 interface.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Write and execute raw memory devices (e.g. /dev/mem).
Send and receive raw IP packets on the ipsec2 interface.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |