selinux-policy/refpolicy/policy/modules/kernel/storage.if

# Copyright (C) 2005 Tresys Technology, LLC

########################################
#
# storage_raw_read_fixed_disk(domain,[`optional'])
#
define(`storage_raw_read_fixed_disk',`
requires_block_template(storage_raw_read_fixed_disk_depend,$2)
typeattribute $1 fixed_disk_raw_read;
devices_list_device_nodes($1,optional)
allow $1 fixed_disk_device_t:blk_file { getattr read ioctl };
')

define(`storage_raw_read_fixed_disk_depend',`
type fixed_disk_device_t;
attribute fixed_disk_raw_read;
class blk_file { getattr read ioctl };
devices_list_device_nodes_depend
')

########################################
#
# storage_raw_write_fixed_disk(domain,[`optional'])
#
define(`storage_raw_write_fixed_disk',`
requires_block_template(storage_raw_write_fixed_disk_depend,$2)
typeattribute $1 fixed_disk_raw_write;
devices_list_device_nodes($1,optional)
allow $1 fixed_disk_device_t:blk_file { getattr write ioctl };
')

define(`storage_raw_write_fixed_disk_depend',`
type fixed_disk_device_t;
attribute fixed_disk_raw_write;
class blk_file { getattr write ioctl };
devices_list_device_nodes_depend
')

########################################
#
# storage_read_scsi_generic(domain,[`optional'])
#
define(`storage_read_scsi_generic',`
requires_block_template(storage_read_scsi_generic_depend,$2)
typeattribute $1 scsi_generic_read;
devices_list_device_nodes($1,optional)
allow $1 scsi_generic_device_t:blk_file { getattr read ioctl };
')

define(`storage_read_scsi_generic_depend',`
type scsi_generic_device_t;
attribute scsi_generic_read;
class blk_file { getattr read ioctl };
devices_list_device_nodes_depend
')

########################################
#
# storage_write_scsi_generic(domain,[`optional'])
#
define(`storage_write_scsi_generic',`
requires_block_template(storage_write_scsi_generic_depend,$2)
typeattribute $1 scsi_generic_write;
devices_list_device_nodes($1,optional)
allow $1 fixed_disk_device_t:blk_file { getattr write ioctl };
')

define(`storage_write_scsi_generic_depend',`
type scsi_generic_device_t;
attribute scsi_generic_write;
class blk_file { getattr write ioctl };
devices_list_device_nodes_depend
')

########################################
#
# storage_raw_read_removable_device(domain,[`optional'])
#
define(`storage_raw_read_removable_device',`
requires_block_template(storage_raw_read_removable_device_depend,$2)
devices_list_device_nodes($1,optional)
allow $1 removable_device_t:blk_file { getattr read ioctl };
')

define(`storage_raw_read_removable_device_depend',`
type removable_device_t;
class blk_file { getattr read ioctl };
devices_list_device_nodes_depend
')

########################################
#
# storage_raw_write_removable_device(domain,[`optional'])
#
define(`storage_raw_write_removable_device',`
requires_block_template(storage_raw_write_removable_device_depend,$2)
devices_list_device_nodes($1,optional)
allow $1 removable_device_t:blk_file { getattr write ioctl };
')

define(`storage_raw_write_removable_device_depend',`
type removable_device_t;
class blk_file { getattr write ioctl };
devices_list_device_nodes_depend
')

########################################
#
# storage_read_tape_device(domain,[`optional'])
#
define(`storage_read_tape_device',`
requires_block_template(storage_read_tape_device_depend,$2)
devices_list_device_nodes($1,optional)
allow $1 tape_device_t:blk_file { getattr read ioctl };
')

define(`storage_read_tape_device_depend',`
type tape_device_t;
class blk_file { getattr read ioctl };
devices_list_device_nodes_depend
')

########################################
#
# storage_write_tape_device(domain,[`optional'])
#
define(`storage_write_tape_device',`
requires_block_template(storage_write_tape_device_depend,$2)
devices_list_device_nodes($1,optional)
allow $1 tape_device_t:blk_file { getattr write ioctl };
')

define(`storage_write_tape_device_depend',`
type tape_device_t;
class blk_file { getattr write ioctl };
devices_list_device_nodes_depend
')