rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity
e935d25737
selinux-policy/policy/modules/kernel/devices.if
Dan Walsh e935d25737 Merge branch 'master' of ssh://pkgs.fedoraproject.org/selinux-policy 
Conflicts:
	selinux-policy.spec
2011-04-12 10:57:09 -04:00

5403 lines
134 KiB
Plaintext
Raw Blame History

## <summary>
## Device nodes and interfaces for many basic system devices.
## </summary>
## <desc>
## <p>
## This module creates the device node concept and provides
## the policy for many of the device files. Notable exceptions are
## the mass storage and terminal devices that are covered by other
## modules.
## </p>
## <p>
## This module creates the concept of a device node. That is a
## char or block device file, usually in /dev. All types that
## are used to label device nodes should use the dev_node macro.
## </p>
## <p>
## Additionally, this module controls access to three things:
## <ul>
## <li>the device directories containing device nodes</li>
## <li>device nodes as a group</li>
## <li>individual access to specific device nodes covered by
## this module.</li>
## </ul>
## </p>
## </desc>
## <required val="true">
## Depended on by other required modules.
## </required>
########################################
## <summary>
## Make the specified type usable for device
## nodes in a filesystem.
## </summary>
## <desc>
## <p>
## Make the specified type usable for device nodes
## in a filesystem. Types used for device nodes that
## do not use this interface, or an interface that
## calls this one, will have unexpected behaviors
## while the system is running.
## </p>
## <p>
## Example:
## </p>
## <p>
## type mydev_t;
## dev_node(mydev_t)
## allow mydomain_t mydev_t:chr_file read_chr_file_perms;
## </p>
## <p>
## Related interfaces:
## </p>
## <ul>
## <li>term_tty()</li>
## <li>term_pty()</li>
## </ul>
## </desc>
## <param name="type">
## <summary>
## Type to be used for device nodes.
## </summary>
## </param>
## <infoflow type="none"/>
#
interface(`dev_node',`
gen_require(`
attribute device_node;
')
typeattribute $1 device_node;
')
########################################
## <summary>
## Associate the specified file type with device filesystem.
## </summary>
## <param name="file_type">
## <summary>
## The type of the file to be associated.
## </summary>
## </param>
#
interface(`dev_associate',`
gen_require(`
type device_t;
')
allow $1 device_t:filesystem associate;
fs_associate_tmpfs($1) #For backwards compatibility
')
########################################
## <summary>
## Mount a filesystem on /dev
## </summary>
## <param name="domain">
## <summary>
## Domain allow access.
## </summary>
## </param>
#
interface(`dev_mounton',`
gen_require(`
type device_t;
')
allow $1 device_t:dir mounton;
')
########################################
## <summary>
## Allow full relabeling (to and from) of all device nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`dev_relabel_all_dev_nodes',`
gen_require(`
attribute device_node;
type device_t;
')
relabelfrom_dirs_pattern($1, device_t, device_node)
relabelfrom_files_pattern($1, device_t, device_node)
relabelfrom_lnk_files_pattern($1, device_t, { device_t device_node })
relabelfrom_fifo_files_pattern($1, device_t, device_node)
relabelfrom_sock_files_pattern($1, device_t, device_node)
relabel_blk_files_pattern($1, device_t, { device_t device_node })
relabel_chr_files_pattern($1, device_t, { device_t device_node })
')
########################################
## <summary>
## List all of the device nodes in a device directory.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_list_all_dev_nodes',`
gen_require(`
type device_t;
')
list_dirs_pattern($1, device_t, device_t)
read_lnk_files_pattern($1, device_t, device_t)
')
########################################
## <summary>
## Set the attributes of /dev directories.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_setattr_generic_dirs',`
gen_require(`
type device_t;
')
setattr_dirs_pattern($1, device_t, device_t)
')
########################################
## <summary>
## Dontaudit attempts to list all device nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`dev_dontaudit_list_all_dev_nodes',`
gen_require(`
type device_t;
')
dontaudit $1 device_t:dir list_dir_perms;
')
########################################
## <summary>
## Add entries to directories in /dev.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_add_entry_generic_dirs',`
gen_require(`
type device_t;
')
allow $1 device_t:dir add_entry_dir_perms;
')
########################################
## <summary>
## Add entries to directories in /dev.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_remove_entry_generic_dirs',`
gen_require(`
type device_t;
')
allow $1 device_t:dir del_entry_dir_perms;
')
########################################
## <summary>
## Create a directory in the device directory.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_create_generic_dirs',`
gen_require(`
type device_t;
')
allow $1 device_t:dir list_dir_perms;
create_dirs_pattern($1, device_t, device_t)
')
########################################
## <summary>
## Delete a directory in the device directory.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_delete_generic_dirs',`
gen_require(`
type device_t;
')
delete_dirs_pattern($1, device_t, device_t)
')
########################################
## <summary>
## Manage of directories in /dev.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_manage_generic_dirs',`
gen_require(`
type device_t;
')
manage_dirs_pattern($1, device_t, device_t)
')
########################################
## <summary>
## Allow full relabeling (to and from) of directories in /dev.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_relabel_generic_dev_dirs',`
gen_require(`
type device_t;
')
relabel_dirs_pattern($1, device_t, device_t)
')
########################################
## <summary>
## dontaudit getattr generic files in /dev.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`dev_dontaudit_getattr_generic_files',`
gen_require(`
type device_t;
')
dontaudit $1 device_t:file getattr;
')
########################################
## <summary>
## read generic files in /dev.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`dev_read_generic_files',`
gen_require(`
type device_t;
')
read_files_pattern($1, device_t, device_t)
')
########################################
## <summary>
## Read and write generic files in /dev.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_rw_generic_files',`
gen_require(`
type device_t;
')
rw_files_pattern($1, device_t, device_t)
')
########################################
## <summary>
## Delete generic files in /dev.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_delete_generic_files',`
gen_require(`
type device_t;
')
delete_files_pattern($1, device_t, device_t)
')
########################################
## <summary>
## Create a file in the device directory.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_manage_generic_files',`
gen_require(`
type device_t;
')
manage_files_pattern($1, device_t, device_t)
')
########################################
## <summary>
## Dontaudit getattr on generic pipes.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`dev_dontaudit_getattr_generic_pipes',`
gen_require(`
type device_t;
')
dontaudit $1 device_t:fifo_file getattr;
')
########################################
## <summary>
## Allow getattr on generic block devices.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_getattr_generic_blk_files',`
gen_require(`
type device_t;
')
getattr_blk_files_pattern($1, device_t, device_t)
')
########################################
## <summary>
## Dontaudit getattr on generic block devices.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`dev_dontaudit_getattr_generic_blk_files',`
gen_require(`
type device_t;
')
dontaudit $1 device_t:blk_file getattr;
')
########################################
## <summary>
## Dontaudit setattr on generic block devices.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`dev_dontaudit_setattr_generic_blk_files',`
gen_require(`
type device_t;
')
dontaudit $1 device_t:blk_file setattr;
')
########################################
## <summary>
## Create generic block device files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_create_generic_blk_files',`
gen_require(`
type device_t;
')
create_blk_files_pattern($1, device_t, device_t)
')
########################################
## <summary>
## Delete generic block device files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_delete_generic_blk_files',`
gen_require(`
type device_t;
')
delete_blk_files_pattern($1, device_t, device_t)
')
########################################
## <summary>
## Allow getattr for generic character device files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_getattr_generic_chr_files',`
gen_require(`
type device_t;
')
getattr_chr_files_pattern($1, device_t, device_t)
')
########################################
## <summary>
## Allow relablefrom for generic character device files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_relabelfrom_generic_chr_files',`
gen_require(`
type device_t;
')
allow $1 device_t:chr_file relabelfrom;
')
########################################
## <summary>
## Dontaudit getattr for generic character device files.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`dev_dontaudit_getattr_generic_chr_files',`
gen_require(`
type device_t;
')
dontaudit $1 device_t:chr_file getattr;
')
########################################
## <summary>
## Dontaudit setattr for generic character device files.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`dev_dontaudit_setattr_generic_chr_files',`
gen_require(`
type device_t;
')
dontaudit $1 device_t:chr_file setattr;
')
########################################
## <summary>
## Read generic character device files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_read_generic_chr_files',`
gen_require(`
type device_t;
')
allow $1 device_t:chr_file read_chr_file_perms;
')
########################################
## <summary>
## Read and write generic character device files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_rw_generic_chr_files',`
gen_require(`
type device_t;
')
allow $1 device_t:chr_file rw_chr_file_perms;
')
########################################
## <summary>
## Read and write generic block device files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_rw_generic_blk_files',`
gen_require(`
type device_t;
')
allow $1 device_t:blk_file rw_chr_file_perms;
')
########################################
## <summary>
## Dontaudit attempts to read/write generic character device files.
## </summary>
## <param name="domain">
## <summary>
## Domain to dontaudit access.
## </summary>
## </param>
#
interface(`dev_dontaudit_rw_generic_chr_files',`
gen_require(`
type device_t;
')
dontaudit $1 device_t:chr_file rw_chr_file_perms;
')
########################################
## <summary>
## Create generic character device files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_create_generic_chr_files',`
gen_require(`
type device_t;
')
create_chr_files_pattern($1, device_t, device_t)
')
########################################
## <summary>
## Delete generic character device files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_delete_generic_chr_files',`
gen_require(`
type device_t;
')
delete_chr_files_pattern($1, device_t, device_t)
')
########################################
## <summary>
## Do not audit attempts to set the attributes
## of symbolic links in device directories (/dev).
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`dev_dontaudit_setattr_generic_symlinks',`
gen_require(`
type device_t;
')
dontaudit $1 device_t:lnk_file setattr;
')
########################################
## <summary>
## Create symbolic links in device directories.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_create_generic_symlinks',`
gen_require(`
type device_t;
')
create_lnk_files_pattern($1, device_t, device_t)
')
########################################
## <summary>
## Delete symbolic links in device directories.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_delete_generic_symlinks',`
gen_require(`
type device_t;
')
delete_lnk_files_pattern($1, device_t, device_t)
')
########################################
## <summary>
## Read symbolic links in device directories.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_read_generic_symlinks',`
gen_require(`
type device_t;
')
allow $1 device_t:lnk_file read_lnk_file_perms;
')
########################################
## <summary>
## Create, delete, read, and write symbolic links in device directories.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_manage_generic_symlinks',`
gen_require(`
type device_t;
')
manage_lnk_files_pattern($1, device_t, device_t)
')
########################################
## <summary>
## Relabel symbolic links in device directories.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_relabel_generic_symlinks',`
gen_require(`
type device_t;
')
relabel_lnk_files_pattern($1, device_t, device_t)
')
########################################
## <summary>
## Create, delete, read, and write device nodes in device directories.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_manage_all_dev_nodes',`
gen_require(`
attribute device_node, memory_raw_read, memory_raw_write;
type device_t;
')
manage_dirs_pattern($1, device_t, device_t)
manage_sock_files_pattern($1, device_t, device_t)
manage_lnk_files_pattern($1, device_t, device_t)
manage_chr_files_pattern($1, device_t, { device_t device_node })
manage_blk_files_pattern($1, device_t, { device_t device_node })
relabel_dirs_pattern($1, device_t, device_t)
relabel_chr_files_pattern($1, device_t, { device_t device_node })
relabel_blk_files_pattern($1, device_t, { device_t device_node })
# these next rules are to satisfy assertions broken by the above lines.
# the permissions hopefully can be cut back a lot
storage_raw_read_fixed_disk($1)
storage_raw_write_fixed_disk($1)
storage_read_scsi_generic($1)
storage_write_scsi_generic($1)
typeattribute $1 memory_raw_read;
typeattribute $1 memory_raw_write;
')
########################################
## <summary>
## Dontaudit getattr for generic device files.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`dev_dontaudit_rw_generic_dev_nodes',`
gen_require(`
type device_t;
')
dontaudit $1 device_t:{ chr_file blk_file } { getattr read write ioctl };
')
########################################
## <summary>
## Create, delete, read, and write block device files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_manage_generic_blk_files',`
gen_require(`
type device_t;
')
manage_blk_files_pattern($1, device_t, device_t)
')
########################################
## <summary>
## Create, delete, read, and write character device files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_manage_generic_chr_files',`
gen_require(`
type device_t;
')
manage_chr_files_pattern($1, device_t, device_t)
')
########################################
## <summary>
## Create, read, and write device nodes. The node
## will be transitioned to the type provided.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <param name="file">
## <summary>
## Type to which the created node will be transitioned.
## </summary>
## </param>
## <param name="objectclass(es)">
## <summary>
## Object class(es) (single or set including {}) for which this
## the transition will occur.
## </summary>
## </param>
#
interface(`dev_filetrans',`
gen_require(`
type device_t;
')
filetrans_pattern($1, device_t, $2, $3)
dev_associate($2)
files_associate_tmp($2)
')
########################################
## <summary>
## Create, read, and write device nodes. The node
## will be transitioned to the type provided. This is
## a temporary interface until devtmpfs functionality
## fixed.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <param name="objectclass(es)">
## <summary>
## Object class(es) (single or set including {}) for which this
## the transition will occur.
## </summary>
## </param>
#
interface(`dev_tmpfs_filetrans_dev',`
gen_require(`
type device_t;
')
fs_tmpfs_filetrans($1, device_t, $2)
')
########################################
## <summary>
## Getattr on all block file device nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`dev_getattr_all_blk_files',`
gen_require(`
attribute device_node;
type device_t;
')
getattr_blk_files_pattern($1, device_t, device_node)
')
########################################
## <summary>
## Dontaudit getattr on all block file device nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`dev_dontaudit_getattr_all_blk_files',`
gen_require(`
attribute device_node;
type device_t;
')
dontaudit $1 { device_t device_node }:blk_file getattr;
')
########################################
## <summary>
## Getattr on all character file device nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`dev_getattr_all_chr_files',`
gen_require(`
attribute device_node;
')
getattr_chr_files_pattern($1, device_t, device_node)
')
########################################
## <summary>
## Dontaudit getattr on all character file device nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`dev_dontaudit_getattr_all_chr_files',`
gen_require(`
attribute device_node;
type device_t;
')
dontaudit $1 { device_t device_node }:chr_file getattr;
')
########################################
## <summary>
## Setattr on all block file device nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`dev_setattr_all_blk_files',`
gen_require(`
attribute device_node;
')
setattr_blk_files_pattern($1, device_t, device_node)
')
########################################
## <summary>
## Setattr on all character file device nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`dev_setattr_all_chr_files',`
gen_require(`
attribute device_node;
')
setattr_chr_files_pattern($1, device_t, device_node)
')
########################################
## <summary>
## Dontaudit read on all block file device nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`dev_dontaudit_read_all_blk_files',`
gen_require(`
attribute device_node;
')
dontaudit $1 device_node:blk_file { getattr read };
')
########################################
## <summary>
## Dontaudit write on all block file device nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`dev_dontaudit_write_all_blk_files',`
gen_require(`
attribute device_node;
')
dontaudit $1 device_node:blk_file write;
')
########################################
## <summary>
## Dontaudit read on all character file device nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`dev_dontaudit_read_all_chr_files',`
gen_require(`
attribute device_node;
')
dontaudit $1 device_node:chr_file { getattr read };
')
########################################
## <summary>
## Dontaudit write on all character file device nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`dev_dontaudit_write_all_chr_files',`
gen_require(`
attribute device_node;
')
dontaudit $1 device_node:chr_file write;
')
########################################
## <summary>
## Create all block device files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_create_all_blk_files',`
gen_require(`
attribute device_node;
')
create_blk_files_pattern($1, device_t, device_node)
')
########################################
## <summary>
## Create all character device files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_create_all_chr_files',`
gen_require(`
attribute device_node;
')
create_chr_files_pattern($1, device_t, device_node)
')
########################################
## <summary>
## rw all inherited character device files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_rw_all_inherited_chr_files',`
gen_require(`
attribute device_node;
')
allow $1 device_node:chr_file rw_inherited_chr_file_perms;
')
########################################
## <summary>
## rw all inherited blk device files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_rw_all_inherited_blk_files',`
gen_require(`
attribute device_node;
')
allow $1 device_node:blk_file rw_inherited_blk_file_perms;
')
########################################
## <summary>
## Delete all block device files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_delete_all_blk_files',`
gen_require(`
attribute device_node;
')
delete_blk_files_pattern($1, device_t, device_node)
')
########################################
## <summary>
## Delete all character device files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_delete_all_chr_files',`
gen_require(`
attribute device_node;
')
delete_chr_files_pattern($1, device_t, device_node)
')
########################################
## <summary>
## Rename all block device files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_rename_all_blk_files',`
gen_require(`
attribute device_node;
')
rename_blk_files_pattern($1, device_t, device_node)
')
########################################
## <summary>
## Rename all character device files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_rename_all_chr_files',`
gen_require(`
attribute device_node;
')
rename_chr_files_pattern($1, device_t, device_node)
')
########################################
## <summary>
## Read, write, create, and delete all block device files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_manage_all_blk_files',`
gen_require(`
attribute device_node;
')
manage_blk_files_pattern($1, device_t, device_node)
# these next rules are to satisfy assertions broken by the above lines.
storage_raw_read_fixed_disk($1)
storage_raw_write_fixed_disk($1)
storage_read_scsi_generic($1)
storage_write_scsi_generic($1)
')
########################################
## <summary>
## Read, write, create, and delete all character device files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_manage_all_chr_files',`
gen_require(`
attribute device_node, memory_raw_read, memory_raw_write;
')
manage_chr_files_pattern($1, device_t, device_node)
typeattribute $1 memory_raw_read, memory_raw_write;
')
########################################
## <summary>
## Getattr the agp devices.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_getattr_agp_dev',`
gen_require(`
type device_t, agp_device_t;
')
getattr_chr_files_pattern($1, device_t, agp_device_t)
')
########################################
## <summary>
## Read and write the agp devices.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_rw_agp',`
gen_require(`
type device_t, agp_device_t;
')
rw_chr_files_pattern($1, device_t, agp_device_t)
')
########################################
## <summary>
## Get the attributes of the apm bios device node.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_getattr_apm_bios_dev',`
gen_require(`
type device_t, apm_bios_t;
')
getattr_chr_files_pattern($1, device_t, apm_bios_t)
')
########################################
## <summary>
## Do not audit attempts to get the attributes of
## the apm bios device node.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`dev_dontaudit_getattr_apm_bios_dev',`
gen_require(`
type apm_bios_t;
')
dontaudit $1 apm_bios_t:chr_file getattr;
')
########################################
## <summary>
## Set the attributes of the apm bios device node.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_setattr_apm_bios_dev',`
gen_require(`
type device_t, apm_bios_t;
')
setattr_chr_files_pattern($1, device_t, apm_bios_t)
')
########################################
## <summary>
## Do not audit attempts to set the attributes of
## the apm bios device node.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`dev_dontaudit_setattr_apm_bios_dev',`
gen_require(`
type apm_bios_t;
')
dontaudit $1 apm_bios_t:chr_file setattr;
')
########################################
## <summary>
## Read and write the apm bios.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_rw_apm_bios',`
gen_require(`
type device_t, apm_bios_t;
')
rw_chr_files_pattern($1, device_t, apm_bios_t)
')
########################################
## <summary>
## Get the attributes of the autofs device node.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_getattr_autofs_dev',`
gen_require(`
type device_t, autofs_device_t;
')
getattr_chr_files_pattern($1, device_t, autofs_device_t)
')
########################################
## <summary>
## Relable the autofs device node.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_relabel_autofs_dev',`
gen_require(`
type autofs_device_t;
')
allow $1 autofs_device_t:chr_file relabel_chr_file_perms;
')
########################################
## <summary>
## Do not audit attempts to get the attributes of
## the autofs device node.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`dev_dontaudit_getattr_autofs_dev',`
gen_require(`
type autofs_device_t;
')
dontaudit $1 autofs_device_t:chr_file getattr;
')
########################################
## <summary>
## Set the attributes of the autofs device node.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_setattr_autofs_dev',`
gen_require(`
type device_t, autofs_device_t;
')
setattr_chr_files_pattern($1, device_t, autofs_device_t)
')
########################################
## <summary>
## Do not audit attempts to set the attributes of
## the autofs device node.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`dev_dontaudit_setattr_autofs_dev',`
gen_require(`
type autofs_device_t;
')
dontaudit $1 autofs_device_t:chr_file setattr;
')
########################################
## <summary>
## Read and write the autofs device.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_rw_autofs',`
gen_require(`
type device_t, autofs_device_t;
')
rw_chr_files_pattern($1, device_t, autofs_device_t)
')
########################################
## <summary>
## Read and write the PCMCIA card manager device.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_rw_cardmgr',`
gen_require(`
type cardmgr_dev_t;
')
rw_chr_files_pattern($1, device_t, cardmgr_dev_t)
')
########################################
## <summary>
## Do not audit attempts to read and
## write the PCMCIA card manager device.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`dev_dontaudit_rw_cardmgr',`
gen_require(`
type cardmgr_dev_t;
')
dontaudit $1 cardmgr_dev_t:chr_file { read write };
')
########################################
## <summary>
## Create, read, write, and delete
## the PCMCIA card manager device
## with the correct type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_create_cardmgr_dev',`
gen_require(`
type device_t, cardmgr_dev_t;
')
create_chr_files_pattern($1, device_t, cardmgr_dev_t)
create_blk_files_pattern($1, device_t, cardmgr_dev_t)
')
########################################
## <summary>
## Create, read, write, and delete
## the PCMCIA card manager device.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_manage_cardmgr_dev',`
gen_require(`
type device_t, cardmgr_dev_t;
')
manage_chr_files_pattern($1, device_t, cardmgr_dev_t)
manage_blk_files_pattern($1, device_t, cardmgr_dev_t)
')
########################################
## <summary>
## Automatic type transition to the type
## for PCMCIA card manager device nodes when
## created in /dev.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_filetrans_cardmgr',`
gen_require(`
type device_t, cardmgr_dev_t;
')
filetrans_pattern($1, device_t, cardmgr_dev_t, { chr_file blk_file })
')
########################################
## <summary>
## Get the attributes of the CPU
## microcode and id interfaces.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_getattr_cpu_dev',`
gen_require(`
type device_t, cpu_device_t;
')
getattr_chr_files_pattern($1, device_t, cpu_device_t)
')
########################################
## <summary>
## Set the attributes of the CPU
## microcode and id interfaces.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_setattr_cpu_dev',`
gen_require(`
type device_t, cpu_device_t;
')
setattr_chr_files_pattern($1, device_t, cpu_device_t)
')
########################################
## <summary>
## Read the CPU identity.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_read_cpuid',`
gen_require(`
type device_t, cpu_device_t;
')
read_chr_files_pattern($1, device_t, cpu_device_t)
')
########################################
## <summary>
## Read and write the the CPU microcode device. This
## is required to load CPU microcode.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_rw_cpu_microcode',`
gen_require(`
type device_t, cpu_device_t;
')
rw_chr_files_pattern($1, device_t, cpu_device_t)
')
########################################
## <summary>
## Read and write the the hardware SSL accelerator.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_rw_crypto',`
gen_require(`
type device_t, crypt_device_t;
')
rw_chr_files_pattern($1, device_t, crypt_device_t)
')
#######################################
## <summary>
## Set the attributes of the dlm control devices.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_setattr_dlm_control',`
gen_require(`
type device_t, kvm_device_t;
')
setattr_chr_files_pattern($1, device_t, dlm_control_device_t)
')
#######################################
## <summary>
## Read and write the the dlm control device
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_rw_dlm_control',`
gen_require(`
type device_t, dlm_control_device_t;
')
rw_chr_files_pattern($1, device_t, dlm_control_device_t)
')
########################################
## <summary>
## getattr the dri devices.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_getattr_dri_dev',`
gen_require(`
type device_t, dri_device_t;
')
getattr_chr_files_pattern($1, device_t, dri_device_t)
')
########################################
## <summary>
## Setattr the dri devices.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_setattr_dri_dev',`
gen_require(`
type device_t, dri_device_t;
')
setattr_chr_files_pattern($1, device_t, dri_device_t)
')
########################################
## <summary>
## Read and write the dri devices.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_rw_dri',`
gen_require(`
type device_t, dri_device_t;
')
rw_chr_files_pattern($1, device_t, dri_device_t)
')
########################################
## <summary>
## Dontaudit read and write on the dri devices.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`dev_dontaudit_rw_dri',`
gen_require(`
type dri_device_t;
')
dontaudit $1 dri_device_t:chr_file rw_chr_file_perms;
')
########################################
## <summary>
## Create, read, write, and delete the dri devices.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_manage_dri_dev',`
gen_require(`
type device_t, dri_device_t;
')
manage_chr_files_pattern($1, device_t, dri_device_t)
')
########################################
## <summary>
## Automatic type transition to the type
## for DRI device nodes when created in /dev.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_filetrans_dri',`
gen_require(`
type device_t, dri_device_t;
')
filetrans_pattern($1, device_t, dri_device_t, chr_file)
')
########################################
## <summary>
## Get the attributes of the event devices.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_getattr_input_dev',`
gen_require(`
type device_t, event_device_t;
')
allow $1 device_t:dir list_dir_perms;
allow $1 event_device_t:chr_file getattr;
')
########################################
## <summary>
## Set the attributes of the event devices.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_setattr_input_dev',`
gen_require(`
type device_t, event_device_t;
')
allow $1 device_t:dir list_dir_perms;
allow $1 event_device_t:chr_file setattr;
')
########################################
## <summary>
## Read input event devices (/dev/input).
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_read_input',`
gen_require(`
type device_t, event_device_t;
')
read_chr_files_pattern($1, device_t, event_device_t)
')
########################################
## <summary>
## Read input event devices (/dev/input).
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_rw_input_dev',`
gen_require(`
type device_t, event_device_t;
')
rw_chr_files_pattern($1, device_t, event_device_t)
')
########################################
## <summary>
## Get the attributes of the framebuffer device node.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_getattr_framebuffer_dev',`
gen_require(`
type device_t, framebuf_device_t;
')
getattr_chr_files_pattern($1, device_t, framebuf_device_t)
')
########################################
## <summary>
## Set the attributes of the framebuffer device node.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_setattr_framebuffer_dev',`
gen_require(`
type device_t, framebuf_device_t;
')
setattr_chr_files_pattern($1, device_t, framebuf_device_t)
')
########################################
## <summary>
## Dot not audit attempts to set the attributes
## of the framebuffer device node.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`dev_dontaudit_setattr_framebuffer_dev',`
gen_require(`
type framebuf_device_t;
')
dontaudit $1 framebuf_device_t:chr_file setattr;
')
########################################
## <summary>
## Read the framebuffer.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_read_framebuffer',`
gen_require(`
type framebuf_device_t;
')
read_chr_files_pattern($1, device_t, framebuf_device_t)
')
########################################
## <summary>
## Do not audit attempts to read the framebuffer.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`dev_dontaudit_read_framebuffer',`
gen_require(`
type framebuf_device_t;
')
dontaudit $1 framebuf_device_t:chr_file { getattr read };
')
########################################
## <summary>
## Write the framebuffer.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_write_framebuffer',`
gen_require(`
type device_t, framebuf_device_t;
')
write_chr_files_pattern($1, device_t, framebuf_device_t)
')
########################################
## <summary>
## Read and write the framebuffer.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_rw_framebuffer',`
gen_require(`
type device_t, framebuf_device_t;
')
rw_chr_files_pattern($1, device_t, framebuf_device_t)
')
########################################
## <summary>
## Read the kernel messages
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_read_kmsg',`
gen_require(`
type device_t, kmsg_device_t;
')
read_chr_files_pattern($1, device_t, kmsg_device_t)
')
########################################
## <summary>
## Write to the kernel messages device
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_write_kmsg',`
gen_require(`
type device_t, kmsg_device_t;
')
write_chr_files_pattern($1, device_t, kmsg_device_t)
')
########################################
## <summary>
## Get the attributes of the ksm devices.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_getattr_ksm_dev',`
gen_require(`
type device_t, ksm_device_t;
')
getattr_chr_files_pattern($1, device_t, ksm_device_t)
')
########################################
## <summary>
## Set the attributes of the ksm devices.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_setattr_ksm_dev',`
gen_require(`
type device_t, ksm_device_t;
')
setattr_chr_files_pattern($1, device_t, ksm_device_t)
')
########################################
## <summary>
## Read the ksm devices.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_read_ksm',`
gen_require(`
type device_t, ksm_device_t;
')
read_chr_files_pattern($1, device_t, ksm_device_t)
')
########################################
## <summary>
## Read and write to ksm devices.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_rw_ksm',`
gen_require(`
type device_t, ksm_device_t;
')
rw_chr_files_pattern($1, device_t, ksm_device_t)
')
########################################
## <summary>
## Get the attributes of the kvm devices.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_getattr_kvm_dev',`
gen_require(`
type device_t, kvm_device_t;
')
getattr_chr_files_pattern($1, device_t, kvm_device_t)
')
########################################
## <summary>
## Set the attributes of the kvm devices.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_setattr_kvm_dev',`
gen_require(`
type device_t, kvm_device_t;
')
setattr_chr_files_pattern($1, device_t, kvm_device_t)
')
########################################
## <summary>
## Read the kvm devices.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_read_kvm',`
gen_require(`
type device_t, kvm_device_t;
')
read_chr_files_pattern($1, device_t, kvm_device_t)
')
########################################
## <summary>
## Read and write to kvm devices.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_rw_kvm',`
gen_require(`
type device_t, kvm_device_t;
')
rw_chr_files_pattern($1, device_t, kvm_device_t)
')
######################################
## <summary>
## Read the lirc device.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_read_lirc',`
gen_require(`
type device_t, lirc_device_t;
')
read_chr_files_pattern($1, device_t, lirc_device_t)
')
######################################
## <summary>
## Read and write the lirc device.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_rw_lirc',`
gen_require(`
type device_t, lirc_device_t;
')
rw_chr_files_pattern($1, device_t, lirc_device_t)
')
######################################
## <summary>
## Automatic type transition to the type
## for lirc device nodes when created in /dev.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_filetrans_lirc',`
gen_require(`
type device_t, lirc_device_t;
')
filetrans_pattern($1, device_t, lirc_device_t, chr_file)
')
########################################
## <summary>
## Get the attributes of the lvm comtrol device.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_getattr_lvm_control',`
gen_require(`
type device_t, lvm_control_t;
')
getattr_chr_files_pattern($1, device_t, lvm_control_t)
')
########################################
## <summary>
## Read the lvm comtrol device.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_read_lvm_control',`
gen_require(`
type device_t, lvm_control_t;
')
read_chr_files_pattern($1, device_t, lvm_control_t)
')
########################################
## <summary>
## Read and write the lvm control device.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_rw_lvm_control',`
gen_require(`
type device_t, lvm_control_t;
')
rw_chr_files_pattern($1, device_t, lvm_control_t)
')
########################################
## <summary>
## Do not audit attempts to read and write lvm control device.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`dev_dontaudit_rw_lvm_control',`
gen_require(`
type lvm_control_t;
')
dontaudit $1 lvm_control_t:chr_file rw_file_perms;
')
########################################
## <summary>
## Delete the lvm control device.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_delete_lvm_control_dev',`
gen_require(`
type device_t, lvm_control_t;
')
delete_chr_files_pattern($1, device_t, lvm_control_t)
')
########################################
## <summary>
## dontaudit getattr raw memory devices (e.g. /dev/mem).
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`dev_dontaudit_getattr_memory_dev',`
gen_require(`
type memory_device_t;
')
dontaudit $1 memory_device_t:chr_file getattr;
')
########################################
## <summary>
## Read raw memory devices (e.g. /dev/mem).
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_read_raw_memory',`
gen_require(`
type device_t, memory_device_t;
attribute memory_raw_read;
')
read_chr_files_pattern($1, device_t, memory_device_t)
allow $1 self:capability sys_rawio;
typeattribute $1 memory_raw_read;
')
########################################
## <summary>
## Do not audit attempts to read raw memory devices
## (e.g. /dev/mem).
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`dev_dontaudit_read_raw_memory',`
gen_require(`
type memory_device_t;
')
dontaudit $1 memory_device_t:chr_file read_chr_file_perms;
')
########################################
## <summary>
## Write raw memory devices (e.g. /dev/mem).
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_write_raw_memory',`
gen_require(`
type device_t, memory_device_t;
attribute memory_raw_write;
')
write_chr_files_pattern($1, device_t, memory_device_t)
allow $1 self:capability sys_rawio;
typeattribute $1 memory_raw_write;
')
########################################
## <summary>
## Read and execute raw memory devices (e.g. /dev/mem).
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_rx_raw_memory',`
gen_require(`
type device_t, memory_device_t;
')
dev_read_raw_memory($1)
allow $1 memory_device_t:chr_file execute;
')
########################################
## <summary>
## Write and execute raw memory devices (e.g. /dev/mem).
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_wx_raw_memory',`
gen_require(`
type device_t, memory_device_t;
')
dev_write_raw_memory($1)
allow $1 memory_device_t:chr_file execute;
')
########################################
## <summary>
## Get the attributes of miscellaneous devices.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_getattr_misc_dev',`
gen_require(`
type device_t, misc_device_t;
')
getattr_chr_files_pattern($1, device_t, misc_device_t)
')
########################################
## <summary>
## Do not audit attempts to get the attributes
## of miscellaneous devices.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`dev_dontaudit_getattr_misc_dev',`
gen_require(`
type misc_device_t;
')
dontaudit $1 misc_device_t:chr_file getattr;
')
########################################
## <summary>
## Set the attributes of miscellaneous devices.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_setattr_misc_dev',`
gen_require(`
type device_t, misc_device_t;
')
setattr_chr_files_pattern($1, device_t, misc_device_t)
')
########################################
## <summary>
## Do not audit attempts to set the attributes
## of miscellaneous devices.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`dev_dontaudit_setattr_misc_dev',`
gen_require(`
type misc_device_t;
')
dontaudit $1 misc_device_t:chr_file setattr;
')
########################################
## <summary>
## Read miscellaneous devices.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_read_misc',`
gen_require(`
type device_t, misc_device_t;
')
read_chr_files_pattern($1, device_t, misc_device_t)
')
########################################
## <summary>
## Write miscellaneous devices.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_write_misc',`
gen_require(`
type device_t, misc_device_t;
')
write_chr_files_pattern($1, device_t, misc_device_t)
')
########################################
## <summary>
## Do not audit attempts to read and write miscellaneous devices.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_dontaudit_rw_misc',`
gen_require(`
type misc_device_t;
')
dontaudit $1 misc_device_t:chr_file rw_file_perms;
')
########################################
## <summary>
## Get the attributes of the modem devices.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_getattr_modem_dev',`
gen_require(`
type device_t, modem_device_t;
')
getattr_chr_files_pattern($1, device_t, modem_device_t)
')
########################################
## <summary>
## Set the attributes of the modem devices.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_setattr_modem_dev',`
gen_require(`
type device_t, modem_device_t;
')
setattr_chr_files_pattern($1, device_t, modem_device_t)
')
########################################
## <summary>
## Read the modem devices.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_read_modem',`
gen_require(`
type device_t, modem_device_t;
')
read_chr_files_pattern($1, device_t, modem_device_t)
')
########################################
## <summary>
## Read and write to modem devices.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_rw_modem',`
gen_require(`
type device_t, modem_device_t;
')
rw_chr_files_pattern($1, device_t, modem_device_t)
')
########################################
## <summary>
## Get the attributes of the mouse devices.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_getattr_mouse_dev',`
gen_require(`
type device_t, mouse_device_t;
')
getattr_chr_files_pattern($1, device_t, mouse_device_t)
')
########################################
## <summary>
## Set the attributes of the mouse devices.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_setattr_mouse_dev',`
gen_require(`
type device_t, mouse_device_t;
')
setattr_chr_files_pattern($1, device_t, mouse_device_t)
')
########################################
## <summary>
## Read the mouse devices.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_read_mouse',`
gen_require(`
type device_t, mouse_device_t;
')
read_chr_files_pattern($1, device_t, mouse_device_t)
')
########################################
## <summary>
## Read and write to mouse devices.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_rw_mouse',`
gen_require(`
type device_t, mouse_device_t;
')
rw_chr_files_pattern($1, device_t, mouse_device_t)
')
########################################
## <summary>
## Get the attributes of the memory type range
## registers (MTRR) device.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_getattr_mtrr_dev',`
gen_require(`
type device_t, mtrr_device_t;
')
getattr_files_pattern($1, device_t, mtrr_device_t)
getattr_chr_files_pattern($1, device_t, mtrr_device_t)
')
########################################
## <summary>
## Read the memory type range
## registers (MTRR). (Deprecated)
## </summary>
## <desc>
## <p>
## Read the memory type range
## registers (MTRR). This interface has
## been deprecated, dev_rw_mtrr() should be
## used instead.
## </p>
## <p>
## The MTRR device ioctls can be used for
## reading and writing; thus, read access to the
## device cannot be separated from write access.
## </p>
## </desc>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_read_mtrr',`
refpolicywarn(`$0($*) has been replaced with dev_rw_mtrr().')
dev_rw_mtrr($1)
')
########################################
## <summary>
## Write the memory type range
## registers (MTRR). (Deprecated)
## </summary>
## <desc>
## <p>
## Write the memory type range
## registers (MTRR). This interface has
## been deprecated, dev_rw_mtrr() should be
## used instead.
## </p>
## <p>
## The MTRR device ioctls can be used for
## reading and writing; thus, write access to the
## device cannot be separated from read access.
## </p>
## </desc>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_write_mtrr',`
refpolicywarn(`$0($*) has been replaced with dev_rw_mtrr().')
dev_rw_mtrr($1)
')
########################################
## <summary>
## Do not audit attempts to write the memory type
## range registers (MTRR).
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`dev_dontaudit_write_mtrr',`
gen_require(`
type mtrr_device_t;
')
dontaudit $1 mtrr_device_t:file write;
dontaudit $1 mtrr_device_t:chr_file write;
')
########################################
## <summary>
## Read and write the memory type range registers (MTRR).
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_rw_mtrr',`
gen_require(`
type device_t, mtrr_device_t;
')
rw_files_pattern($1, device_t, mtrr_device_t)
rw_chr_files_pattern($1, device_t, mtrr_device_t)
')
########################################
## <summary>
## Get the attributes of the network control device
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_getattr_netcontrol_dev',`
gen_require(`
type device_t, netcontrol_device_t;
')
getattr_chr_files_pattern($1, device_t, netcontrol_device_t)
')
########################################
## <summary>
## Read the network control identity.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_read_netcontrol',`
gen_require(`
type device_t, netcontrol_device_t;
')
read_chr_files_pattern($1, device_t, netcontrol_device_t)
')
########################################
## <summary>
## Read and write the the network control device.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_rw_netcontrol',`
gen_require(`
type device_t, netcontrol_device_t;
')
rw_chr_files_pattern($1, device_t, netcontrol_device_t)
')
########################################
## <summary>
## Get the attributes of the null device nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_getattr_null_dev',`
gen_require(`
type device_t, null_device_t;
')
getattr_chr_files_pattern($1, device_t, null_device_t)
')
########################################
## <summary>
## Set the attributes of the null device nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_setattr_null_dev',`
gen_require(`
type device_t, null_device_t;
')
setattr_chr_files_pattern($1, device_t, null_device_t)
')
########################################
## <summary>
## Delete the null device (/dev/null).
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_delete_null',`
gen_require(`
type device_t, null_device_t;
')
delete_chr_files_pattern($1, device_t, null_device_t)
')
########################################
## <summary>
## Read and write to the null device (/dev/null).
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_rw_null',`
gen_require(`
type device_t, null_device_t;
')
rw_chr_files_pattern($1, device_t, null_device_t)
')
########################################
## <summary>
## Create the null device (/dev/null).
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_create_null_dev',`
gen_require(`
type device_t, null_device_t;
')
create_chr_files_pattern($1, device_t, null_device_t)
')
########################################
## <summary>
## Do not audit attempts to get the attributes
## of the BIOS non-volatile RAM device.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`dev_dontaudit_getattr_nvram_dev',`
gen_require(`
type nvram_device_t;
')
dontaudit $1 nvram_device_t:chr_file getattr;
')
########################################
## <summary>
## Read and write BIOS non-volatile RAM.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_rw_nvram',`
gen_require(`
type nvram_device_t;
')
rw_chr_files_pattern($1, device_t, nvram_device_t)
')
########################################
## <summary>
## Get the attributes of the printer device nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_getattr_printer_dev',`
gen_require(`
type device_t, printer_device_t;
')
getattr_chr_files_pattern($1, device_t, printer_device_t)
')
########################################
## <summary>
## Set the attributes of the printer device nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_setattr_printer_dev',`
gen_require(`
type device_t, printer_device_t;
')
setattr_chr_files_pattern($1, device_t, printer_device_t)
')
########################################
## <summary>
## Append the printer device.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
# cjp: added for lpd/checkpc_t
interface(`dev_append_printer',`
gen_require(`
type device_t, printer_device_t;
')
append_chr_files_pattern($1, device_t, printer_device_t)
')
########################################
## <summary>
## Read and write the printer device.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_rw_printer',`
gen_require(`
type device_t, printer_device_t;
')
rw_chr_files_pattern($1, device_t, printer_device_t)
')
########################################
## <summary>
## Read printk devices (e.g., /dev/kmsg /dev/mcelog)
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_read_printk',`
gen_require(`
type device_t, printk_device_t;
')
read_chr_files_pattern($1, device_t, printk_device_t)
')
########################################
## <summary>
## Get the attributes of the QEMU
## microcode and id interfaces.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_getattr_qemu_dev',`
gen_require(`
type device_t, qemu_device_t;
')
getattr_chr_files_pattern($1, device_t, qemu_device_t)
')
########################################
## <summary>
## Set the attributes of the QEMU
## microcode and id interfaces.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_setattr_qemu_dev',`
gen_require(`
type device_t, qemu_device_t;
')
setattr_chr_files_pattern($1, device_t, qemu_device_t)
')
########################################
## <summary>
## Read the QEMU device
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_read_qemu',`
gen_require(`
type device_t, qemu_device_t;
')
read_chr_files_pattern($1, device_t, qemu_device_t)
')
########################################
## <summary>
## Read and write the the QEMU device.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_rw_qemu',`
gen_require(`
type device_t, qemu_device_t;
')
rw_chr_files_pattern($1, device_t, qemu_device_t)
')
########################################
## <summary>
## Read from random number generator
## devices (e.g., /dev/random).
## </summary>
## <desc>
## <p>
## Allow the specified domain to read from random number
## generator devices (e.g., /dev/random). Typically this is
## used in situations when a cryptographically secure random
## number is needed.
## </p>
## <p>
## Related interface:
## </p>
## <ul>
## <li>dev_read_urand()</li>
## </ul>
## </desc>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`dev_read_rand',`
gen_require(`
type device_t, random_device_t;
')
read_chr_files_pattern($1, device_t, random_device_t)
')
########################################
## <summary>
## Do not audit attempts to read from random
## number generator devices (e.g., /dev/random)
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`dev_dontaudit_read_rand',`
gen_require(`
type random_device_t;
')
dontaudit $1 random_device_t:chr_file { getattr read };
')
########################################
## <summary>
## Do not audit attempts to append to random
## number generator devices (e.g., /dev/random)
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`dev_dontaudit_append_rand',`
gen_require(`
type random_device_t;
')
dontaudit $1 random_device_t:chr_file append_chr_file_perms;
')
########################################
## <summary>
## Write to the random device (e.g., /dev/random). This adds
## entropy used to generate the random data read from the
## random device.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_write_rand',`
gen_require(`
type device_t, random_device_t;
')
write_chr_files_pattern($1, device_t, random_device_t)
')
########################################
## <summary>
## Read the realtime clock (/dev/rtc).
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_read_realtime_clock',`
gen_require(`
type device_t, clock_device_t;
')
read_chr_files_pattern($1, device_t, clock_device_t)
')
########################################
## <summary>
## Set the realtime clock (/dev/rtc).
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_write_realtime_clock',`
gen_require(`
type device_t, clock_device_t;
')
write_chr_files_pattern($1, device_t, clock_device_t)
allow $1 clock_device_t:chr_file setattr;
')
########################################
## <summary>
## Read and set the realtime clock (/dev/rtc).
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_rw_realtime_clock',`
dev_read_realtime_clock($1)
dev_write_realtime_clock($1)
')
########################################
## <summary>
## Get the attributes of the scanner device.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_getattr_scanner_dev',`
gen_require(`
type device_t, scanner_device_t;
')
getattr_chr_files_pattern($1, device_t, scanner_device_t)
')
########################################
## <summary>
## Do not audit attempts to get the attributes of
## the scanner device.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`dev_dontaudit_getattr_scanner_dev',`
gen_require(`
type scanner_device_t;
')
dontaudit $1 scanner_device_t:chr_file getattr;
')
########################################
## <summary>
## Set the attributes of the scanner device.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_setattr_scanner_dev',`
gen_require(`
type device_t, scanner_device_t;
')
setattr_chr_files_pattern($1, device_t, scanner_device_t)
')
########################################
## <summary>
## Do not audit attempts to set the attributes of
## the scanner device.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`dev_dontaudit_setattr_scanner_dev',`
gen_require(`
type scanner_device_t;
')
dontaudit $1 scanner_device_t:chr_file setattr;
')
########################################
## <summary>
## Read and write the scanner device.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_rw_scanner',`
gen_require(`
type device_t, scanner_device_t;
')
rw_chr_files_pattern($1, device_t, scanner_device_t)
')
########################################
## <summary>
## Get the attributes of the sound devices.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_getattr_sound_dev',`
gen_require(`
type device_t, sound_device_t;
')
getattr_chr_files_pattern($1, device_t, sound_device_t)
')
########################################
## <summary>
## Set the attributes of the sound devices.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_setattr_sound_dev',`
gen_require(`
type device_t, sound_device_t;
')
setattr_chr_files_pattern($1, device_t, sound_device_t)
')
########################################
## <summary>
## Read the sound devices.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_read_sound',`
gen_require(`
type device_t, sound_device_t;
')
read_chr_files_pattern($1, device_t, sound_device_t)
')
########################################
## <summary>
## Write the sound devices.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_write_sound',`
gen_require(`
type device_t, sound_device_t;
')
write_chr_files_pattern($1, device_t, sound_device_t)
')
########################################
## <summary>
## Read the sound mixer devices.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_read_sound_mixer',`
gen_require(`
type device_t, sound_device_t;
')
read_chr_files_pattern($1, device_t, sound_device_t)
')
########################################
## <summary>
## Write the sound mixer devices.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_write_sound_mixer',`
gen_require(`
type device_t, sound_device_t;
')
write_chr_files_pattern($1, device_t, sound_device_t)
')
########################################
## <summary>
## Get the attributes of the the power management device.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_getattr_power_mgmt_dev',`
gen_require(`
type device_t, power_device_t;
')
getattr_chr_files_pattern($1, device_t, power_device_t)
')
########################################
## <summary>
## Set the attributes of the the power management device.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_setattr_power_mgmt_dev',`
gen_require(`
type device_t, power_device_t;
')
setattr_chr_files_pattern($1, device_t, power_device_t)
')
########################################
## <summary>
## Read and write the the power management device.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_rw_power_management',`
gen_require(`
type device_t, power_device_t;
')
rw_chr_files_pattern($1, device_t, power_device_t)
')
########################################
## <summary>
## Getattr on smartcard devices
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_getattr_smartcard_dev',`
gen_require(`
type smartcard_device_t;
')
allow $1 smartcard_device_t:chr_file getattr;
')
########################################
## <summary>
## dontaudit getattr on smartcard devices
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`dev_dontaudit_getattr_smartcard_dev',`
gen_require(`
type smartcard_device_t;
')
dontaudit $1 smartcard_device_t:chr_file getattr;
')
########################################
## <summary>
## Read and write smartcard devices.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_rw_smartcard',`
gen_require(`
type device_t, smartcard_device_t;
')
rw_chr_files_pattern($1, device_t, smartcard_device_t)
')
########################################
## <summary>
## Create, read, write, and delete smartcard devices.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_manage_smartcard',`
gen_require(`
type device_t, smartcard_device_t;
')
manage_chr_files_pattern($1, device_t, smartcard_device_t)
')
########################################
## <summary>
## Associate a file to a sysfs filesystem.
## </summary>
## <param name="file_type">
## <summary>
## The type of the file to be associated to sysfs.
## </summary>
## </param>
#
interface(`dev_associate_sysfs',`
gen_require(`
type sysfs_t;
')
allow $1 sysfs_t:filesystem associate;
')
########################################
## <summary>
## Get the attributes of sysfs directories.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_getattr_sysfs_dirs',`
gen_require(`
type sysfs_t;
')
allow $1 sysfs_t:dir getattr_dir_perms;
')
########################################
## <summary>
## Search the sysfs directories.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_search_sysfs',`
gen_require(`
type sysfs_t;
')
search_dirs_pattern($1, sysfs_t, sysfs_t)
')
########################################
## <summary>
## Do not audit attempts to search sysfs.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`dev_dontaudit_search_sysfs',`
gen_require(`
type sysfs_t;
')
dontaudit $1 sysfs_t:dir search_dir_perms;
')
########################################
## <summary>
## List the contents of the sysfs directories.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_list_sysfs',`
gen_require(`
type sysfs_t;
')
list_dirs_pattern($1, sysfs_t, sysfs_t)
')
########################################
## <summary>
## Write in a sysfs directories.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
# cjp: added for cpuspeed
interface(`dev_write_sysfs_dirs',`
gen_require(`
type sysfs_t;
')
allow $1 sysfs_t:dir write;
')
########################################
## <summary>
## Read hardware state information.
## </summary>
## <desc>
## <p>
## Allow the specified domain to read the contents of
## the sysfs filesystem. This filesystem contains
## information, parameters, and other settings on the
## hardware installed on the system.
## </p>
## </desc>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`dev_read_sysfs',`
gen_require(`
type sysfs_t;
')
read_files_pattern($1, sysfs_t, sysfs_t)
read_lnk_files_pattern($1, sysfs_t, sysfs_t)
list_dirs_pattern($1, sysfs_t, sysfs_t)
')
########################################
## <summary>
## Allow caller to modify hardware state information.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_rw_sysfs',`
gen_require(`
type sysfs_t;
')
rw_files_pattern($1, sysfs_t, sysfs_t)
read_lnk_files_pattern($1, sysfs_t, sysfs_t)
list_dirs_pattern($1, sysfs_t, sysfs_t)
')
########################################
## <summary>
## Allow caller to modify hardware state information.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_manage_sysfs_dirs',`
gen_require(`
type sysfs_t;
')
manage_dirs_pattern($1, sysfs_t, sysfs_t)
')
########################################
## <summary>
## Read from pseudo random number generator devices (e.g., /dev/urandom).
## </summary>
## <desc>
## <p>
## Allow the specified domain to read from pseudo random number
## generator devices (e.g., /dev/urandom). Typically this is
## used in situations when a cryptographically secure random
## number is not necessarily needed. One example is the Stack
## Smashing Protector (SSP, formerly known as ProPolice) support
## that may be compiled into programs.
## </p>
## <p>
## Related interface:
## </p>
## <ul>
## <li>dev_read_rand()</li>
## </ul>
## <p>
## Related tunable:
## </p>
## <ul>
## <li>global_ssp</li>
## </ul>
## </desc>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`dev_read_urand',`
gen_require(`
type device_t, urandom_device_t;
')
read_chr_files_pattern($1, device_t, urandom_device_t)
')
########################################
## <summary>
## Do not audit attempts to read from pseudo
## random devices (e.g., /dev/urandom)
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`dev_dontaudit_read_urand',`
gen_require(`
type urandom_device_t;
')
dontaudit $1 urandom_device_t:chr_file { getattr read };
')
########################################
## <summary>
## Write to the pseudo random device (e.g., /dev/urandom). This
## sets the random number generator seed.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_write_urand',`
gen_require(`
type device_t, urandom_device_t;
')
write_chr_files_pattern($1, device_t, urandom_device_t)
')
########################################
## <summary>
## Getattr generic the USB devices.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_getattr_generic_usb_dev',`
gen_require(`
type usb_device_t;
')
getattr_chr_files_pattern($1, device_t, usb_device_t)
')
########################################
## <summary>
## Setattr generic the USB devices.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_setattr_generic_usb_dev',`
gen_require(`
type usb_device_t;
')
setattr_chr_files_pattern($1, device_t, usb_device_t)
')
########################################
## <summary>
## Read generic the USB devices.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_read_generic_usb_dev',`
gen_require(`
type usb_device_t;
')
read_chr_files_pattern($1, device_t, usb_device_t)
')
########################################
## <summary>
## Read and write generic the USB devices.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_rw_generic_usb_dev',`
gen_require(`
type device_t, usb_device_t;
')
rw_chr_files_pattern($1, device_t, usb_device_t)
')
########################################
## <summary>
## Read USB monitor devices.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_read_usbmon_dev',`
gen_require(`
type device_t, usbmon_device_t;
')
read_chr_files_pattern($1, device_t, usbmon_device_t)
')
########################################
## <summary>
## Write USB monitor devices.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_write_usbmon_dev',`
gen_require(`
type device_t, usbmon_device_t;
')
write_chr_files_pattern($1, device_t, usbmon_device_t)
')
########################################
## <summary>
## Mount a usbfs filesystem.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_mount_usbfs',`
gen_require(`
type usbfs_t;
')
allow $1 usbfs_t:filesystem mount;
')
########################################
## <summary>
## Associate a file to a usbfs filesystem.
## </summary>
## <param name="file_type">
## <summary>
## The type of the file to be associated to usbfs.
## </summary>
## </param>
#
interface(`dev_associate_usbfs',`
gen_require(`
type usbfs_t;
')
allow $1 usbfs_t:filesystem associate;
')
########################################
## <summary>
## Get the attributes of a directory in the usb filesystem.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_getattr_usbfs_dirs',`
gen_require(`
type usbfs_t;
')
allow $1 usbfs_t:dir getattr_dir_perms;
')
########################################
## <summary>
## Do not audit attempts to get the attributes
## of a directory in the usb filesystem.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`dev_dontaudit_getattr_usbfs_dirs',`
gen_require(`
type usbfs_t;
')
dontaudit $1 usbfs_t:dir getattr_dir_perms;
')
########################################
## <summary>
## Search the directory containing USB hardware information.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_search_usbfs',`
gen_require(`
type usbfs_t;
')
search_dirs_pattern($1, usbfs_t, usbfs_t)
')
########################################
## <summary>
## Allow caller to get a list of usb hardware.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_list_usbfs',`
gen_require(`
type usbfs_t;
')
read_lnk_files_pattern($1, usbfs_t, usbfs_t)
getattr_files_pattern($1, usbfs_t, usbfs_t)
list_dirs_pattern($1, usbfs_t, usbfs_t)
')
########################################
## <summary>
## Set the attributes of usbfs filesystem.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_setattr_usbfs_files',`
gen_require(`
type usbfs_t;
')
setattr_files_pattern($1, usbfs_t, usbfs_t)
list_dirs_pattern($1, usbfs_t, usbfs_t)
')
########################################
## <summary>
## Read USB hardware information using
## the usbfs filesystem interface.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_read_usbfs',`
gen_require(`
type usbfs_t;
')
read_files_pattern($1, usbfs_t, usbfs_t)
read_lnk_files_pattern($1, usbfs_t, usbfs_t)
list_dirs_pattern($1, usbfs_t, usbfs_t)
')
########################################
## <summary>
## Allow caller to modify usb hardware configuration files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_rw_usbfs',`
gen_require(`
type usbfs_t;
')
list_dirs_pattern($1, usbfs_t, usbfs_t)
rw_files_pattern($1, usbfs_t, usbfs_t)
read_lnk_files_pattern($1, usbfs_t, usbfs_t)
')
########################################
## <summary>
## Get the attributes of video4linux devices.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_getattr_video_dev',`
gen_require(`
type device_t, v4l_device_t;
')
getattr_chr_files_pattern($1, device_t, v4l_device_t)
')
######################################
## <summary>
## Read and write userio device.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_rw_userio_dev',`
gen_require(`
type device_t, userio_device_t;
')
rw_chr_files_pattern($1, device_t, userio_device_t)
')
########################################
## <summary>
## Do not audit attempts to get the attributes
## of video4linux device nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`dev_dontaudit_getattr_video_dev',`
gen_require(`
type v4l_device_t;
')
dontaudit $1 v4l_device_t:chr_file getattr;
')
########################################
## <summary>
## Set the attributes of video4linux device nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_setattr_video_dev',`
gen_require(`
type device_t, v4l_device_t;
')
setattr_chr_files_pattern($1, device_t, v4l_device_t)
')
########################################
## <summary>
## Do not audit attempts to set the attributes
## of video4linux device nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`dev_dontaudit_setattr_video_dev',`
gen_require(`
type v4l_device_t;
')
dontaudit $1 v4l_device_t:chr_file setattr;
')
########################################
## <summary>
## Read the video4linux devices.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_read_video_dev',`
gen_require(`
type device_t, v4l_device_t;
')
read_chr_files_pattern($1, device_t, v4l_device_t)
')
########################################
## <summary>
## Write the video4linux devices.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_write_video_dev',`
gen_require(`
type device_t, v4l_device_t;
')
write_chr_files_pattern($1, device_t, v4l_device_t)
')
########################################
## <summary>
## Allow read/write the vhost net device
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_rw_vhost',`
gen_require(`
type device_t, vhost_device_t;
')
rw_chr_files_pattern($1, device_t, vhost_device_t)
')
########################################
## <summary>
## Read and write VMWare devices.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_rw_vmware',`
gen_require(`
type device_t, vmware_device_t;
')
rw_chr_files_pattern($1, device_t, vmware_device_t)
')
########################################
## <summary>
## Read, write, and mmap VMWare devices.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_rwx_vmware',`
gen_require(`
type device_t, vmware_device_t;
')
dev_rw_vmware($1)
allow $1 vmware_device_t:chr_file execute;
')
########################################
## <summary>
## Write to watchdog devices.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_write_watchdog',`
gen_require(`
type device_t, watchdog_device_t;
')
write_chr_files_pattern($1, device_t, watchdog_device_t)
')
########################################
## <summary>
## Read and write the the wireless device.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_rw_wireless',`
gen_require(`
type device_t, wireless_device_t;
')
rw_chr_files_pattern($1, device_t, wireless_device_t)
')
########################################
## <summary>
## Read and write Xen devices.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_rw_xen',`
gen_require(`
type device_t, xen_device_t;
')
rw_chr_files_pattern($1, device_t, xen_device_t)
')
########################################
## <summary>
## Create, read, write, and delete Xen devices.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_manage_xen',`
gen_require(`
type device_t, xen_device_t;
')
manage_chr_files_pattern($1, device_t, xen_device_t)
')
########################################
## <summary>
## Automatic type transition to the type
## for xen device nodes when created in /dev.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_filetrans_xen',`
gen_require(`
type device_t, xen_device_t;
')
filetrans_pattern($1, device_t, xen_device_t, chr_file)
')
########################################
## <summary>
## Get the attributes of X server miscellaneous devices.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_getattr_xserver_misc_dev',`
gen_require(`
type device_t, xserver_misc_device_t;
')
getattr_chr_files_pattern($1, device_t, xserver_misc_device_t)
')
########################################
## <summary>
## Set the attributes of X server miscellaneous devices.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_setattr_xserver_misc_dev',`
gen_require(`
type device_t, xserver_misc_device_t;
')
setattr_chr_files_pattern($1, device_t, xserver_misc_device_t)
')
########################################
## <summary>
## Read and write X server miscellaneous devices.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_rw_xserver_misc',`
gen_require(`
type device_t, xserver_misc_device_t;
')
rw_chr_files_pattern($1, device_t, xserver_misc_device_t)
')
########################################
## <summary>
## Read and write to the zero device (/dev/zero).
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_rw_zero',`
gen_require(`
type device_t, zero_device_t;
')
rw_chr_files_pattern($1, device_t, zero_device_t)
')
########################################
## <summary>
## Read, write, and execute the zero device (/dev/zero).
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_rwx_zero',`
gen_require(`
type zero_device_t;
')
dev_rw_zero($1)
allow $1 zero_device_t:chr_file execute;
')
########################################
## <summary>
## Execmod the zero device (/dev/zero).
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_execmod_zero',`
gen_require(`
type zero_device_t;
')
dev_rw_zero($1)
allow $1 zero_device_t:chr_file execmod;
')
########################################
## <summary>
## Create the zero device (/dev/zero).
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_create_zero_dev',`
gen_require(`
type device_t, zero_device_t;
')
create_chr_files_pattern($1, device_t, zero_device_t)
')
########################################
## <summary>
## Unconfined access to devices.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_unconfined',`
gen_require(`
attribute devices_unconfined_type;
')
typeattribute $1 devices_unconfined_type;
')
########################################
## <summary>
## Automatic type transition to the type
## for xen device nodes when created in /dev.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_filetrans_named_dev',`
gen_require(`
type device_t;
type usb_device_t;
type xserver_misc_device_t;
type sound_device_t;
type apm_bios_t;
type mouse_device_t;
type autofs_device_t;
type lvm_control_t;
type clock_device_t;
type v4l_device_t;
type event_device_t;
type xen_device_t;
type framebuf_device_t;
type null_device_t;
type random_device_t;
type dri_device_t;
type ipmi_device_t;
type printer_device_t;
type memory_device_t;
type kmsg_device_t;
type qemu_device_t;
type ksm_device_t;
type kvm_device_t;
type lirc_device_t;
type cpu_device_t;
type dlm_control_device_t;
type scanner_device_t;
type modem_device_t;
type vhost_device_t;
type netcontrol_device_t;
type nvram_device_t;
type power_device_t;
type wireless_device_t;
type tpm_device_t;
type userio_device_t;
type urandom_device_t;
type usbmon_device_t;
type vmware_device_t;
type watchdog_device_t;
type crypt_device_t;
type zero_device_t;
type smartcard_device_t;
type mtrr_device_t;
')
filetrans_pattern($1, device_t, usb_device_t, chr_file, 0)
filetrans_pattern($1, device_t, usb_device_t, chr_file, 1)
filetrans_pattern($1, device_t, usb_device_t, chr_file, 2)
filetrans_pattern($1, device_t, usb_device_t, chr_file, 3)
filetrans_pattern($1, device_t, usb_device_t, chr_file, 4)
filetrans_pattern($1, device_t, usb_device_t, chr_file, 5)
filetrans_pattern($1, device_t, usb_device_t, chr_file, 6)
filetrans_pattern($1, device_t, usb_device_t, chr_file, 7)
filetrans_pattern($1, device_t, usb_device_t, chr_file, 8)
filetrans_pattern($1, device_t, usb_device_t, chr_file, 9)
filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, 3dfx)
filetrans_pattern($1, device_t, sound_device_t, chr_file, admmidi0)
filetrans_pattern($1, device_t, sound_device_t, chr_file, admmidi1)
filetrans_pattern($1, device_t, sound_device_t, chr_file, admmidi2)
filetrans_pattern($1, device_t, sound_device_t, chr_file, admmidi3)
filetrans_pattern($1, device_t, sound_device_t, chr_file, admmidi4)
filetrans_pattern($1, device_t, sound_device_t, chr_file, admmidi5)
filetrans_pattern($1, device_t, sound_device_t, chr_file, admmidi6)
filetrans_pattern($1, device_t, sound_device_t, chr_file, admmidi7)
filetrans_pattern($1, device_t, sound_device_t, chr_file, admmidi8)
filetrans_pattern($1, device_t, sound_device_t, chr_file, admmidi9)
filetrans_pattern($1, device_t, sound_device_t, chr_file, adsp0)
filetrans_pattern($1, device_t, sound_device_t, chr_file, adsp1)
filetrans_pattern($1, device_t, sound_device_t, chr_file, adsp2)
filetrans_pattern($1, device_t, sound_device_t, chr_file, adsp3)
filetrans_pattern($1, device_t, sound_device_t, chr_file, adsp4)
filetrans_pattern($1, device_t, sound_device_t, chr_file, adsp5)
filetrans_pattern($1, device_t, sound_device_t, chr_file, adsp6)
filetrans_pattern($1, device_t, sound_device_t, chr_file, adsp7)
filetrans_pattern($1, device_t, sound_device_t, chr_file, adsp8)
filetrans_pattern($1, device_t, sound_device_t, chr_file, adsp9)
filetrans_pattern($1, device_t, sound_device_t, chr_file, aload0)
filetrans_pattern($1, device_t, sound_device_t, chr_file, aload1)
filetrans_pattern($1, device_t, sound_device_t, chr_file, aload2)
filetrans_pattern($1, device_t, sound_device_t, chr_file, aload3)
filetrans_pattern($1, device_t, sound_device_t, chr_file, aload4)
filetrans_pattern($1, device_t, sound_device_t, chr_file, aload5)
filetrans_pattern($1, device_t, sound_device_t, chr_file, aload6)
filetrans_pattern($1, device_t, sound_device_t, chr_file, aload7)
filetrans_pattern($1, device_t, sound_device_t, chr_file, aload8)
filetrans_pattern($1, device_t, sound_device_t, chr_file, aload9)
filetrans_pattern($1, device_t, sound_device_t, chr_file, amidi0)
filetrans_pattern($1, device_t, sound_device_t, chr_file, amidi1)
filetrans_pattern($1, device_t, sound_device_t, chr_file, amidi2)
filetrans_pattern($1, device_t, sound_device_t, chr_file, amidi3)
filetrans_pattern($1, device_t, sound_device_t, chr_file, amidi4)
filetrans_pattern($1, device_t, sound_device_t, chr_file, amidi5)
filetrans_pattern($1, device_t, sound_device_t, chr_file, amidi6)
filetrans_pattern($1, device_t, sound_device_t, chr_file, amidi7)
filetrans_pattern($1, device_t, sound_device_t, chr_file, amidi8)
filetrans_pattern($1, device_t, sound_device_t, chr_file, amidi9)
filetrans_pattern($1, device_t, sound_device_t, chr_file, amixer0)
filetrans_pattern($1, device_t, sound_device_t, chr_file, amixer1)
filetrans_pattern($1, device_t, sound_device_t, chr_file, amixer2)
filetrans_pattern($1, device_t, sound_device_t, chr_file, amixer3)
filetrans_pattern($1, device_t, sound_device_t, chr_file, amixer4)
filetrans_pattern($1, device_t, sound_device_t, chr_file, amixer5)
filetrans_pattern($1, device_t, sound_device_t, chr_file, amixer6)
filetrans_pattern($1, device_t, sound_device_t, chr_file, amixer7)
filetrans_pattern($1, device_t, sound_device_t, chr_file, amixer8)
filetrans_pattern($1, device_t, sound_device_t, chr_file, amixer9)
filetrans_pattern($1, device_t, apm_bios_t, chr_file, apm_bios)
filetrans_pattern($1, device_t, mouse_device_t, chr_file, atibm)
filetrans_pattern($1, device_t, sound_device_t, chr_file, audio0)
filetrans_pattern($1, device_t, sound_device_t, chr_file, audio1)
filetrans_pattern($1, device_t, sound_device_t, chr_file, audio2)
filetrans_pattern($1, device_t, sound_device_t, chr_file, audio3)
filetrans_pattern($1, device_t, sound_device_t, chr_file, audio4)
filetrans_pattern($1, device_t, sound_device_t, chr_file, audio5)
filetrans_pattern($1, device_t, sound_device_t, chr_file, audio6)
filetrans_pattern($1, device_t, sound_device_t, chr_file, audio7)
filetrans_pattern($1, device_t, sound_device_t, chr_file, audio8)
filetrans_pattern($1, device_t, sound_device_t, chr_file, audio9)
filetrans_pattern($1, device_t, autofs_device_t, chr_file, autofs0)
filetrans_pattern($1, device_t, autofs_device_t, chr_file, autofs1)
filetrans_pattern($1, device_t, autofs_device_t, chr_file, autofs2)
filetrans_pattern($1, device_t, autofs_device_t, chr_file, autofs3)
filetrans_pattern($1, device_t, autofs_device_t, chr_file, autofs4)
filetrans_pattern($1, device_t, autofs_device_t, chr_file, autofs5)
filetrans_pattern($1, device_t, autofs_device_t, chr_file, autofs6)
filetrans_pattern($1, device_t, autofs_device_t, chr_file, autofs7)
filetrans_pattern($1, device_t, autofs_device_t, chr_file, autofs8)
filetrans_pattern($1, device_t, autofs_device_t, chr_file, autofs9)
filetrans_pattern($1, device_t, sound_device_t, chr_file, beep)
filetrans_pattern($1, device_t, lvm_control_t, chr_file, btrfs-control)
filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, controlD64)
filetrans_pattern($1, device_t, sound_device_t, chr_file, dmfm)
filetrans_pattern($1, device_t, sound_device_t, chr_file, dmmidi0)
filetrans_pattern($1, device_t, sound_device_t, chr_file, dmmidi1)
filetrans_pattern($1, device_t, sound_device_t, chr_file, dmmidi2)
filetrans_pattern($1, device_t, sound_device_t, chr_file, dmmidi3)
filetrans_pattern($1, device_t, sound_device_t, chr_file, dmmidi4)
filetrans_pattern($1, device_t, sound_device_t, chr_file, dmmidi5)
filetrans_pattern($1, device_t, sound_device_t, chr_file, dmmidi6)
filetrans_pattern($1, device_t, sound_device_t, chr_file, dmmidi7)
filetrans_pattern($1, device_t, sound_device_t, chr_file, dmmidi8)
filetrans_pattern($1, device_t, sound_device_t, chr_file, dmmidi9)
filetrans_pattern($1, device_t, sound_device_t, chr_file, dsp0)
filetrans_pattern($1, device_t, sound_device_t, chr_file, dsp1)
filetrans_pattern($1, device_t, sound_device_t, chr_file, dsp2)
filetrans_pattern($1, device_t, sound_device_t, chr_file, dsp3)
filetrans_pattern($1, device_t, sound_device_t, chr_file, dsp4)
filetrans_pattern($1, device_t, sound_device_t, chr_file, dsp5)
filetrans_pattern($1, device_t, sound_device_t, chr_file, dsp6)
filetrans_pattern($1, device_t, sound_device_t, chr_file, dsp7)
filetrans_pattern($1, device_t, sound_device_t, chr_file, dsp8)
filetrans_pattern($1, device_t, sound_device_t, chr_file, dsp9)
filetrans_pattern($1, device_t, clock_device_t, chr_file, efirtc)
filetrans_pattern($1, device_t, mouse_device_t, chr_file, e2201)
filetrans_pattern($1, device_t, v4l_device_t, chr_file, em83000)
filetrans_pattern($1, device_t, v4l_device_t, chr_file, em83001)
filetrans_pattern($1, device_t, v4l_device_t, chr_file, em83002)
filetrans_pattern($1, device_t, v4l_device_t, chr_file, em83003)
filetrans_pattern($1, device_t, v4l_device_t, chr_file, em83004)
filetrans_pattern($1, device_t, v4l_device_t, chr_file, em83005)
filetrans_pattern($1, device_t, v4l_device_t, chr_file, em83006)
filetrans_pattern($1, device_t, v4l_device_t, chr_file, em83007)
filetrans_pattern($1, device_t, v4l_device_t, chr_file, em83008)
filetrans_pattern($1, device_t, v4l_device_t, chr_file, em83009)
filetrans_pattern($1, device_t, event_device_t, chr_file, event0)
filetrans_pattern($1, device_t, event_device_t, chr_file, event1)
filetrans_pattern($1, device_t, event_device_t, chr_file, event2)
filetrans_pattern($1, device_t, event_device_t, chr_file, event3)
filetrans_pattern($1, device_t, event_device_t, chr_file, event4)
filetrans_pattern($1, device_t, event_device_t, chr_file, event5)
filetrans_pattern($1, device_t, event_device_t, chr_file, event6)
filetrans_pattern($1, device_t, event_device_t, chr_file, event7)
filetrans_pattern($1, device_t, event_device_t, chr_file, event8)
filetrans_pattern($1, device_t, event_device_t, chr_file, event9)
filetrans_pattern($1, device_t, xen_device_t, chr_file, evtchn)
filetrans_pattern($1, device_t, framebuf_device_t, chr_file, fb0)
filetrans_pattern($1, device_t, framebuf_device_t, chr_file, fb1)
filetrans_pattern($1, device_t, framebuf_device_t, chr_file, fb2)
filetrans_pattern($1, device_t, framebuf_device_t, chr_file, fb3)
filetrans_pattern($1, device_t, framebuf_device_t, chr_file, fb4)
filetrans_pattern($1, device_t, framebuf_device_t, chr_file, fb5)
filetrans_pattern($1, device_t, framebuf_device_t, chr_file, fb6)
filetrans_pattern($1, device_t, framebuf_device_t, chr_file, fb7)
filetrans_pattern($1, device_t, framebuf_device_t, chr_file, fb8)
filetrans_pattern($1, device_t, framebuf_device_t, chr_file, fb9)
filetrans_pattern($1, device_t, null_device_t, chr_file, full)
filetrans_pattern($1, device_t, usb_device_t, chr_file, fw0)
filetrans_pattern($1, device_t, usb_device_t, chr_file, fw1)
filetrans_pattern($1, device_t, usb_device_t, chr_file, fw2)
filetrans_pattern($1, device_t, usb_device_t, chr_file, fw3)
filetrans_pattern($1, device_t, usb_device_t, chr_file, fw4)
filetrans_pattern($1, device_t, usb_device_t, chr_file, fw5)
filetrans_pattern($1, device_t, usb_device_t, chr_file, fw6)
filetrans_pattern($1, device_t, usb_device_t, chr_file, fw7)
filetrans_pattern($1, device_t, usb_device_t, chr_file, fw8)
filetrans_pattern($1, device_t, usb_device_t, chr_file, fw9)
filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, gfx)
filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, graphics)
filetrans_pattern($1, device_t, clock_device_t, chr_file, gtrsc0)
filetrans_pattern($1, device_t, clock_device_t, chr_file, gtrsc1)
filetrans_pattern($1, device_t, clock_device_t, chr_file, gtrsc2)
filetrans_pattern($1, device_t, clock_device_t, chr_file, gtrsc3)
filetrans_pattern($1, device_t, clock_device_t, chr_file, gtrsc4)
filetrans_pattern($1, device_t, clock_device_t, chr_file, gtrsc5)
filetrans_pattern($1, device_t, clock_device_t, chr_file, gtrsc6)
filetrans_pattern($1, device_t, clock_device_t, chr_file, gtrsc7)
filetrans_pattern($1, device_t, clock_device_t, chr_file, gtrsc8)
filetrans_pattern($1, device_t, clock_device_t, chr_file, gtrsc9)
filetrans_pattern($1, device_t, sound_device_t, chr_file, hfmodem)
filetrans_pattern($1, device_t, usb_device_t, chr_file, hiddev0)
filetrans_pattern($1, device_t, usb_device_t, chr_file, hiddev1)
filetrans_pattern($1, device_t, usb_device_t, chr_file, hiddev2)
filetrans_pattern($1, device_t, usb_device_t, chr_file, hiddev3)
filetrans_pattern($1, device_t, usb_device_t, chr_file, hiddev4)
filetrans_pattern($1, device_t, usb_device_t, chr_file, hiddev5)
filetrans_pattern($1, device_t, usb_device_t, chr_file, hiddev6)
filetrans_pattern($1, device_t, usb_device_t, chr_file, hiddev7)
filetrans_pattern($1, device_t, usb_device_t, chr_file, hiddev8)
filetrans_pattern($1, device_t, usb_device_t, chr_file, hiddev9)
filetrans_pattern($1, device_t, usb_device_t, chr_file, hidraw0)
filetrans_pattern($1, device_t, usb_device_t, chr_file, hidraw1)
filetrans_pattern($1, device_t, usb_device_t, chr_file, hidraw2)
filetrans_pattern($1, device_t, usb_device_t, chr_file, hidraw3)
filetrans_pattern($1, device_t, usb_device_t, chr_file, hidraw4)
filetrans_pattern($1, device_t, usb_device_t, chr_file, hidraw5)
filetrans_pattern($1, device_t, usb_device_t, chr_file, hidraw6)
filetrans_pattern($1, device_t, usb_device_t, chr_file, hidraw7)
filetrans_pattern($1, device_t, usb_device_t, chr_file, hidraw8)
filetrans_pattern($1, device_t, usb_device_t, chr_file, hidraw9)
filetrans_pattern($1, device_t, clock_device_t, chr_file, hpet)
filetrans_pattern($1, device_t, random_device_t, chr_file, hw_random)
filetrans_pattern($1, device_t, random_device_t, chr_file, hwrng)
filetrans_pattern($1, device_t, dri_device_t, chr_file, i915)
filetrans_pattern($1, device_t, mouse_device_t, chr_file, inportbm)
filetrans_pattern($1, device_t, ipmi_device_t, chr_file, ipmi0)
filetrans_pattern($1, device_t, ipmi_device_t, chr_file, ipmi1)
filetrans_pattern($1, device_t, ipmi_device_t, chr_file, ipmi2)
filetrans_pattern($1, device_t, ipmi_device_t, chr_file, ipmi3)
filetrans_pattern($1, device_t, ipmi_device_t, chr_file, ipmi4)
filetrans_pattern($1, device_t, ipmi_device_t, chr_file, ipmi5)
filetrans_pattern($1, device_t, ipmi_device_t, chr_file, ipmi6)
filetrans_pattern($1, device_t, ipmi_device_t, chr_file, ipmi7)
filetrans_pattern($1, device_t, ipmi_device_t, chr_file, ipmi8)
filetrans_pattern($1, device_t, ipmi_device_t, chr_file, ipmi9)
filetrans_pattern($1, device_t, ipmi_device_t, chr_file, 0)
filetrans_pattern($1, device_t, ipmi_device_t, chr_file, 1)
filetrans_pattern($1, device_t, ipmi_device_t, chr_file, 2)
filetrans_pattern($1, device_t, ipmi_device_t, chr_file, 3)
filetrans_pattern($1, device_t, ipmi_device_t, chr_file, 4)
filetrans_pattern($1, device_t, ipmi_device_t, chr_file, 5)
filetrans_pattern($1, device_t, ipmi_device_t, chr_file, 6)
filetrans_pattern($1, device_t, ipmi_device_t, chr_file, 7)
filetrans_pattern($1, device_t, ipmi_device_t, chr_file, 8)
filetrans_pattern($1, device_t, ipmi_device_t, chr_file, 9)
filetrans_pattern($1, device_t, printer_device_t, chr_file, irlpt0)
filetrans_pattern($1, device_t, printer_device_t, chr_file, irlpt1)
filetrans_pattern($1, device_t, printer_device_t, chr_file, irlpt2)
filetrans_pattern($1, device_t, printer_device_t, chr_file, irlpt3)
filetrans_pattern($1, device_t, printer_device_t, chr_file, irlpt4)
filetrans_pattern($1, device_t, printer_device_t, chr_file, irlpt5)
filetrans_pattern($1, device_t, printer_device_t, chr_file, irlpt6)
filetrans_pattern($1, device_t, printer_device_t, chr_file, irlpt7)
filetrans_pattern($1, device_t, printer_device_t, chr_file, irlpt8)
filetrans_pattern($1, device_t, printer_device_t, chr_file, irlpt9)
filetrans_pattern($1, device_t, mouse_device_t, chr_file, jbm)
filetrans_pattern($1, device_t, mouse_device_t, chr_file, js0)
filetrans_pattern($1, device_t, mouse_device_t, chr_file, js1)
filetrans_pattern($1, device_t, mouse_device_t, chr_file, js2)
filetrans_pattern($1, device_t, mouse_device_t, chr_file, js3)
filetrans_pattern($1, device_t, mouse_device_t, chr_file, js4)
filetrans_pattern($1, device_t, mouse_device_t, chr_file, js5)
filetrans_pattern($1, device_t, mouse_device_t, chr_file, js6)
filetrans_pattern($1, device_t, mouse_device_t, chr_file, js7)
filetrans_pattern($1, device_t, mouse_device_t, chr_file, js8)
filetrans_pattern($1, device_t, mouse_device_t, chr_file, js9)
filetrans_pattern($1, device_t, memory_device_t, chr_file, kmem)
filetrans_pattern($1, device_t, kmsg_device_t, chr_file, kmsg)
filetrans_pattern($1, device_t, qemu_device_t, chr_file, kqemu)
filetrans_pattern($1, device_t, ksm_device_t, chr_file, ksm)
filetrans_pattern($1, device_t, kvm_device_t, chr_file, kvm)
filetrans_pattern($1, device_t, event_device_t, chr_file, lik0)
filetrans_pattern($1, device_t, event_device_t, chr_file, lik1)
filetrans_pattern($1, device_t, event_device_t, chr_file, lik2)
filetrans_pattern($1, device_t, event_device_t, chr_file, lik3)
filetrans_pattern($1, device_t, event_device_t, chr_file, lik4)
filetrans_pattern($1, device_t, event_device_t, chr_file, lik5)
filetrans_pattern($1, device_t, event_device_t, chr_file, lik6)
filetrans_pattern($1, device_t, event_device_t, chr_file, lik7)
filetrans_pattern($1, device_t, event_device_t, chr_file, lik8)
filetrans_pattern($1, device_t, event_device_t, chr_file, lik9)
filetrans_pattern($1, device_t, lirc_device_t, chr_file, lirc0)
filetrans_pattern($1, device_t, lirc_device_t, chr_file, lirc1)
filetrans_pattern($1, device_t, lirc_device_t, chr_file, lirc2)
filetrans_pattern($1, device_t, lirc_device_t, chr_file, lirc3)
filetrans_pattern($1, device_t, lirc_device_t, chr_file, lirc4)
filetrans_pattern($1, device_t, lirc_device_t, chr_file, lirc5)
filetrans_pattern($1, device_t, lirc_device_t, chr_file, lirc6)
filetrans_pattern($1, device_t, lirc_device_t, chr_file, lirc7)
filetrans_pattern($1, device_t, lirc_device_t, chr_file, lirc8)
filetrans_pattern($1, device_t, lirc_device_t, chr_file, lirc9)
filetrans_pattern($1, device_t, mouse_device_t, chr_file, lircm)
filetrans_pattern($1, device_t, mouse_device_t, chr_file, logibm)
filetrans_pattern($1, device_t, printer_device_t, chr_file, lp0)
filetrans_pattern($1, device_t, printer_device_t, chr_file, lp1)
filetrans_pattern($1, device_t, printer_device_t, chr_file, lp2)
filetrans_pattern($1, device_t, printer_device_t, chr_file, lp3)
filetrans_pattern($1, device_t, printer_device_t, chr_file, lp4)
filetrans_pattern($1, device_t, printer_device_t, chr_file, lp5)
filetrans_pattern($1, device_t, printer_device_t, chr_file, lp6)
filetrans_pattern($1, device_t, printer_device_t, chr_file, lp7)
filetrans_pattern($1, device_t, printer_device_t, chr_file, lp8)
filetrans_pattern($1, device_t, printer_device_t, chr_file, lp9)
filetrans_pattern($1, device_t, kmsg_device_t, chr_file, mcelog)
filetrans_pattern($1, device_t, memory_device_t, chr_file, mem)
filetrans_pattern($1, device_t, memory_device_t, chr_file, mergemem)
filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, mga_vid0)
filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, mga_vid1)
filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, mga_vid2)
filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, mga_vid3)
filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, mga_vid4)
filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, mga_vid5)
filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, mga_vid6)
filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, mga_vid7)
filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, mga_vid8)
filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, mga_vid9)
filetrans_pattern($1, device_t, mouse_device_t, chr_file, mice)
filetrans_pattern($1, device_t, cpu_device_t, chr_file, microcode)
filetrans_pattern($1, device_t, sound_device_t, chr_file, midi0)
filetrans_pattern($1, device_t, sound_device_t, chr_file, midi1)
filetrans_pattern($1, device_t, sound_device_t, chr_file, midi2)
filetrans_pattern($1, device_t, sound_device_t, chr_file, midi3)
filetrans_pattern($1, device_t, sound_device_t, chr_file, midi4)
filetrans_pattern($1, device_t, sound_device_t, chr_file, midi5)
filetrans_pattern($1, device_t, sound_device_t, chr_file, midi6)
filetrans_pattern($1, device_t, sound_device_t, chr_file, midi7)
filetrans_pattern($1, device_t, sound_device_t, chr_file, midi8)
filetrans_pattern($1, device_t, sound_device_t, chr_file, midi9)
filetrans_pattern($1, device_t, dlm_control_device_t, chr_file, dlm0)
filetrans_pattern($1, device_t, dlm_control_device_t, chr_file, dlm1)
filetrans_pattern($1, device_t, dlm_control_device_t, chr_file, dlm2)
filetrans_pattern($1, device_t, dlm_control_device_t, chr_file, dlm3)
filetrans_pattern($1, device_t, dlm_control_device_t, chr_file, dlm4)
filetrans_pattern($1, device_t, dlm_control_device_t, chr_file, dlm5)
filetrans_pattern($1, device_t, dlm_control_device_t, chr_file, dlm6)
filetrans_pattern($1, device_t, dlm_control_device_t, chr_file, dlm7)
filetrans_pattern($1, device_t, dlm_control_device_t, chr_file, dlm8)
filetrans_pattern($1, device_t, dlm_control_device_t, chr_file, dlm9)
filetrans_pattern($1, device_t, sound_device_t, chr_file, mixer0)
filetrans_pattern($1, device_t, sound_device_t, chr_file, mixer1)
filetrans_pattern($1, device_t, sound_device_t, chr_file, mixer2)
filetrans_pattern($1, device_t, sound_device_t, chr_file, mixer3)
filetrans_pattern($1, device_t, sound_device_t, chr_file, mixer4)
filetrans_pattern($1, device_t, sound_device_t, chr_file, mixer5)
filetrans_pattern($1, device_t, sound_device_t, chr_file, mixer6)
filetrans_pattern($1, device_t, sound_device_t, chr_file, mixer7)
filetrans_pattern($1, device_t, sound_device_t, chr_file, mixer8)
filetrans_pattern($1, device_t, sound_device_t, chr_file, mixer9)
filetrans_pattern($1, device_t, scanner_device_t, chr_file, mmetfgrab)
filetrans_pattern($1, device_t, modem_device_t, chr_file, modem)
filetrans_pattern($1, device_t, sound_device_t, chr_file, mpu4010)
filetrans_pattern($1, device_t, sound_device_t, chr_file, mpu4011)
filetrans_pattern($1, device_t, sound_device_t, chr_file, mpu4012)
filetrans_pattern($1, device_t, sound_device_t, chr_file, mpu4013)
filetrans_pattern($1, device_t, sound_device_t, chr_file, mpu4014)
filetrans_pattern($1, device_t, sound_device_t, chr_file, mpu4015)
filetrans_pattern($1, device_t, sound_device_t, chr_file, mpu4016)
filetrans_pattern($1, device_t, sound_device_t, chr_file, mpu4017)
filetrans_pattern($1, device_t, sound_device_t, chr_file, mpu4018)
filetrans_pattern($1, device_t, sound_device_t, chr_file, mpu4019)
filetrans_pattern($1, device_t, cpu_device_t, chr_file, msr0)
filetrans_pattern($1, device_t, cpu_device_t, chr_file, msr1)
filetrans_pattern($1, device_t, cpu_device_t, chr_file, msr2)
filetrans_pattern($1, device_t, cpu_device_t, chr_file, msr3)
filetrans_pattern($1, device_t, cpu_device_t, chr_file, msr4)
filetrans_pattern($1, device_t, cpu_device_t, chr_file, msr5)
filetrans_pattern($1, device_t, cpu_device_t, chr_file, msr6)
filetrans_pattern($1, device_t, cpu_device_t, chr_file, msr7)
filetrans_pattern($1, device_t, cpu_device_t, chr_file, msr8)
filetrans_pattern($1, device_t, cpu_device_t, chr_file, msr9)
filetrans_pattern($1, device_t, vhost_device_t, chr_file, vhost)
filetrans_pattern($1, device_t, netcontrol_device_t, chr_file, network_latency)
filetrans_pattern($1, device_t, netcontrol_device_t, chr_file, network_throughput)
filetrans_pattern($1, device_t, modem_device_t, chr_file, noz0)
filetrans_pattern($1, device_t, modem_device_t, chr_file, noz1)
filetrans_pattern($1, device_t, modem_device_t, chr_file, noz2)
filetrans_pattern($1, device_t, modem_device_t, chr_file, noz3)
filetrans_pattern($1, device_t, modem_device_t, chr_file, noz4)
filetrans_pattern($1, device_t, modem_device_t, chr_file, noz5)
filetrans_pattern($1, device_t, modem_device_t, chr_file, noz6)
filetrans_pattern($1, device_t, modem_device_t, chr_file, noz7)
filetrans_pattern($1, device_t, modem_device_t, chr_file, noz8)
filetrans_pattern($1, device_t, modem_device_t, chr_file, noz9)
filetrans_pattern($1, device_t, null_device_t, chr_file, null)
filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, nvidia0)
filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, nvidia1)
filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, nvidia2)
filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, nvidia3)
filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, nvidia4)
filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, nvidia5)
filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, nvidia6)
filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, nvidia7)
filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, nvidia8)
filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, nvidia9)
filetrans_pattern($1, device_t, nvram_device_t, chr_file, nvram)
filetrans_pattern($1, device_t, memory_device_t, chr_file, oldmem)
filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, opengl)
filetrans_pattern($1, device_t, printer_device_t, chr_file, par0)
filetrans_pattern($1, device_t, printer_device_t, chr_file, par1)
filetrans_pattern($1, device_t, printer_device_t, chr_file, par2)
filetrans_pattern($1, device_t, printer_device_t, chr_file, par3)
filetrans_pattern($1, device_t, printer_device_t, chr_file, par4)
filetrans_pattern($1, device_t, printer_device_t, chr_file, par5)
filetrans_pattern($1, device_t, printer_device_t, chr_file, par6)
filetrans_pattern($1, device_t, printer_device_t, chr_file, par7)
filetrans_pattern($1, device_t, printer_device_t, chr_file, par8)
filetrans_pattern($1, device_t, printer_device_t, chr_file, par9)
filetrans_pattern($1, device_t, sound_device_t, chr_file, patmgr[01])
filetrans_pattern($1, device_t, mouse_device_t, chr_file, pc110pad)
filetrans_pattern($1, device_t, clock_device_t, chr_file, pcfclock0)
filetrans_pattern($1, device_t, clock_device_t, chr_file, pcfclock1)
filetrans_pattern($1, device_t, clock_device_t, chr_file, pcfclock2)
filetrans_pattern($1, device_t, clock_device_t, chr_file, pcfclock3)
filetrans_pattern($1, device_t, clock_device_t, chr_file, pcfclock4)
filetrans_pattern($1, device_t, clock_device_t, chr_file, pcfclock5)
filetrans_pattern($1, device_t, clock_device_t, chr_file, pcfclock6)
filetrans_pattern($1, device_t, clock_device_t, chr_file, pcfclock7)
filetrans_pattern($1, device_t, clock_device_t, chr_file, pcfclock8)
filetrans_pattern($1, device_t, clock_device_t, chr_file, pcfclock9)
filetrans_pattern($1, device_t, power_device_t, chr_file, pmu)
filetrans_pattern($1, device_t, memory_device_t, chr_file, port)
filetrans_pattern($1, device_t, clock_device_t, chr_file, pps0)
filetrans_pattern($1, device_t, clock_device_t, chr_file, pps1)
filetrans_pattern($1, device_t, clock_device_t, chr_file, pps2)
filetrans_pattern($1, device_t, clock_device_t, chr_file, pps3)
filetrans_pattern($1, device_t, clock_device_t, chr_file, pps4)
filetrans_pattern($1, device_t, clock_device_t, chr_file, pps5)
filetrans_pattern($1, device_t, clock_device_t, chr_file, pps6)
filetrans_pattern($1, device_t, clock_device_t, chr_file, pps7)
filetrans_pattern($1, device_t, clock_device_t, chr_file, pps8)
filetrans_pattern($1, device_t, clock_device_t, chr_file, pps9)
filetrans_pattern($1, device_t, sound_device_t, chr_file, rmidi0)
filetrans_pattern($1, device_t, sound_device_t, chr_file, rmidi1)
filetrans_pattern($1, device_t, sound_device_t, chr_file, rmidi2)
filetrans_pattern($1, device_t, sound_device_t, chr_file, rmidi3)
filetrans_pattern($1, device_t, sound_device_t, chr_file, rmidi4)
filetrans_pattern($1, device_t, sound_device_t, chr_file, rmidi5)
filetrans_pattern($1, device_t, sound_device_t, chr_file, rmidi6)
filetrans_pattern($1, device_t, sound_device_t, chr_file, rmidi7)
filetrans_pattern($1, device_t, sound_device_t, chr_file, rmidi8)
filetrans_pattern($1, device_t, sound_device_t, chr_file, rmidi9)
filetrans_pattern($1, device_t, dri_device_t, chr_file, radeon)
filetrans_pattern($1, device_t, v4l_device_t, chr_file, radio0)
filetrans_pattern($1, device_t, v4l_device_t, chr_file, radio1)
filetrans_pattern($1, device_t, v4l_device_t, chr_file, radio2)
filetrans_pattern($1, device_t, v4l_device_t, chr_file, radio3)
filetrans_pattern($1, device_t, v4l_device_t, chr_file, radio4)
filetrans_pattern($1, device_t, v4l_device_t, chr_file, radio5)
filetrans_pattern($1, device_t, v4l_device_t, chr_file, radio6)
filetrans_pattern($1, device_t, v4l_device_t, chr_file, radio7)
filetrans_pattern($1, device_t, v4l_device_t, chr_file, radio8)
filetrans_pattern($1, device_t, v4l_device_t, chr_file, radio9)
filetrans_pattern($1, device_t, random_device_t, chr_file, random)
filetrans_pattern($1, device_t, v4l_device_t, chr_file, raw13940)
filetrans_pattern($1, device_t, v4l_device_t, chr_file, raw13941)
filetrans_pattern($1, device_t, v4l_device_t, chr_file, raw13942)
filetrans_pattern($1, device_t, v4l_device_t, chr_file, raw13943)
filetrans_pattern($1, device_t, v4l_device_t, chr_file, raw13944)
filetrans_pattern($1, device_t, v4l_device_t, chr_file, raw13945)
filetrans_pattern($1, device_t, v4l_device_t, chr_file, raw13946)
filetrans_pattern($1, device_t, v4l_device_t, chr_file, raw13947)
filetrans_pattern($1, device_t, v4l_device_t, chr_file, raw13948)
filetrans_pattern($1, device_t, v4l_device_t, chr_file, raw13949)
filetrans_pattern($1, device_t, wireless_device_t, chr_file, rfkill)
filetrans_pattern($1, device_t, sound_device_t, chr_file, sequencer)
filetrans_pattern($1, device_t, sound_device_t, chr_file, sequencer2)
filetrans_pattern($1, device_t, sound_device_t, chr_file, smpte0)
filetrans_pattern($1, device_t, sound_device_t, chr_file, smpte1)
filetrans_pattern($1, device_t, sound_device_t, chr_file, smpte2)
filetrans_pattern($1, device_t, sound_device_t, chr_file, smpte3)
filetrans_pattern($1, device_t, sound_device_t, chr_file, smpte4)
filetrans_pattern($1, device_t, sound_device_t, chr_file, smpte5)
filetrans_pattern($1, device_t, sound_device_t, chr_file, smpte6)
filetrans_pattern($1, device_t, sound_device_t, chr_file, smpte7)
filetrans_pattern($1, device_t, sound_device_t, chr_file, smpte8)
filetrans_pattern($1, device_t, sound_device_t, chr_file, smpte9)
filetrans_pattern($1, device_t, power_device_t, chr_file, smu)
filetrans_pattern($1, device_t, sound_device_t, chr_file, srnd[0-7])
filetrans_pattern($1, device_t, apm_bios_t, chr_file, snapshot)
filetrans_pattern($1, device_t, sound_device_t, chr_file, sndstat)
filetrans_pattern($1, device_t, v4l_device_t, chr_file, sonypi)
filetrans_pattern($1, device_t, v4l_device_t, chr_file, tlk[0-3])
filetrans_pattern($1, device_t, tpm_device_t, chr_file, tpm0)
filetrans_pattern($1, device_t, tpm_device_t, chr_file, tpm1)
filetrans_pattern($1, device_t, tpm_device_t, chr_file, tpm2)
filetrans_pattern($1, device_t, tpm_device_t, chr_file, tpm3)
filetrans_pattern($1, device_t, tpm_device_t, chr_file, tpm4)
filetrans_pattern($1, device_t, tpm_device_t, chr_file, tpm5)
filetrans_pattern($1, device_t, tpm_device_t, chr_file, tpm6)
filetrans_pattern($1, device_t, tpm_device_t, chr_file, tpm7)
filetrans_pattern($1, device_t, tpm_device_t, chr_file, tpm8)
filetrans_pattern($1, device_t, tpm_device_t, chr_file, tpm9)
filetrans_pattern($1, device_t, event_device_t, chr_file, uinput)
filetrans_pattern($1, device_t, userio_device_t, chr_file, uio0)
filetrans_pattern($1, device_t, userio_device_t, chr_file, uio1)
filetrans_pattern($1, device_t, userio_device_t, chr_file, uio2)
filetrans_pattern($1, device_t, userio_device_t, chr_file, uio3)
filetrans_pattern($1, device_t, userio_device_t, chr_file, uio4)
filetrans_pattern($1, device_t, userio_device_t, chr_file, uio5)
filetrans_pattern($1, device_t, userio_device_t, chr_file, uio6)
filetrans_pattern($1, device_t, userio_device_t, chr_file, uio7)
filetrans_pattern($1, device_t, userio_device_t, chr_file, uio8)
filetrans_pattern($1, device_t, userio_device_t, chr_file, uio9)
filetrans_pattern($1, device_t, urandom_device_t, chr_file, urandom)
filetrans_pattern($1, device_t, usb_device_t, chr_file, ub[a-c])
filetrans_pattern($1, device_t, usb_device_t, chr_file, usb.+)
filetrans_pattern($1, device_t, printer_device_t, chr_file, usblp0)
filetrans_pattern($1, device_t, printer_device_t, chr_file, usblp1)
filetrans_pattern($1, device_t, printer_device_t, chr_file, usblp2)
filetrans_pattern($1, device_t, printer_device_t, chr_file, usblp3)
filetrans_pattern($1, device_t, printer_device_t, chr_file, usblp4)
filetrans_pattern($1, device_t, printer_device_t, chr_file, usblp5)
filetrans_pattern($1, device_t, printer_device_t, chr_file, usblp6)
filetrans_pattern($1, device_t, printer_device_t, chr_file, usblp7)
filetrans_pattern($1, device_t, printer_device_t, chr_file, usblp8)
filetrans_pattern($1, device_t, printer_device_t, chr_file, usblp9)
filetrans_pattern($1, device_t, usbmon_device_t, chr_file, usbmon.+)
filetrans_pattern($1, device_t, scanner_device_t, chr_file, usbscanner)
filetrans_pattern($1, device_t, vhost_device_t, chr_file, vhost-net)
filetrans_pattern($1, device_t, v4l_device_t, chr_file, vbi0)
filetrans_pattern($1, device_t, v4l_device_t, chr_file, vbi1)
filetrans_pattern($1, device_t, v4l_device_t, chr_file, vbi2)
filetrans_pattern($1, device_t, v4l_device_t, chr_file, vbi3)
filetrans_pattern($1, device_t, v4l_device_t, chr_file, vbi4)
filetrans_pattern($1, device_t, v4l_device_t, chr_file, vbi5)
filetrans_pattern($1, device_t, v4l_device_t, chr_file, vbi6)
filetrans_pattern($1, device_t, v4l_device_t, chr_file, vbi7)
filetrans_pattern($1, device_t, v4l_device_t, chr_file, vbi8)
filetrans_pattern($1, device_t, v4l_device_t, chr_file, vbi9)
filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, vbox0)
filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, vbox1)
filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, vbox2)
filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, vbox3)
filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, vbox4)
filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, vbox5)
filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, vbox6)
filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, vbox7)
filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, vbox8)
filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, vbox9)
filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, vga_arbiter)
filetrans_pattern($1, device_t, vmware_device_t, chr_file, vmmon)
filetrans_pattern($1, device_t, vmware_device_t, chr_file, vmnet0)
filetrans_pattern($1, device_t, vmware_device_t, chr_file, vmnet1)
filetrans_pattern($1, device_t, vmware_device_t, chr_file, vmnet2)
filetrans_pattern($1, device_t, vmware_device_t, chr_file, vmnet3)
filetrans_pattern($1, device_t, vmware_device_t, chr_file, vmnet4)
filetrans_pattern($1, device_t, vmware_device_t, chr_file, vmnet5)
filetrans_pattern($1, device_t, vmware_device_t, chr_file, vmnet6)
filetrans_pattern($1, device_t, vmware_device_t, chr_file, vmnet7)
filetrans_pattern($1, device_t, vmware_device_t, chr_file, vmnet8)
filetrans_pattern($1, device_t, vmware_device_t, chr_file, vmnet9)
filetrans_pattern($1, device_t, v4l_device_t, chr_file, video0)
filetrans_pattern($1, device_t, v4l_device_t, chr_file, video1)
filetrans_pattern($1, device_t, v4l_device_t, chr_file, video2)
filetrans_pattern($1, device_t, v4l_device_t, chr_file, video3)
filetrans_pattern($1, device_t, v4l_device_t, chr_file, video4)
filetrans_pattern($1, device_t, v4l_device_t, chr_file, video5)
filetrans_pattern($1, device_t, v4l_device_t, chr_file, video6)
filetrans_pattern($1, device_t, v4l_device_t, chr_file, video7)
filetrans_pattern($1, device_t, v4l_device_t, chr_file, video8)
filetrans_pattern($1, device_t, v4l_device_t, chr_file, video9)
filetrans_pattern($1, device_t, mouse_device_t, chr_file, vrtpanel)
filetrans_pattern($1, device_t, v4l_device_t, chr_file, vttuner)
filetrans_pattern($1, device_t, v4l_device_t, chr_file, vtx0)
filetrans_pattern($1, device_t, v4l_device_t, chr_file, vtx1)
filetrans_pattern($1, device_t, v4l_device_t, chr_file, vtx2)
filetrans_pattern($1, device_t, v4l_device_t, chr_file, vtx3)
filetrans_pattern($1, device_t, v4l_device_t, chr_file, vtx4)
filetrans_pattern($1, device_t, v4l_device_t, chr_file, vtx5)
filetrans_pattern($1, device_t, v4l_device_t, chr_file, vtx6)
filetrans_pattern($1, device_t, v4l_device_t, chr_file, vtx7)
filetrans_pattern($1, device_t, v4l_device_t, chr_file, vtx8)
filetrans_pattern($1, device_t, v4l_device_t, chr_file, vtx9)
filetrans_pattern($1, device_t, watchdog_device_t, chr_file, watchdog)
filetrans_pattern($1, device_t, v4l_device_t, chr_file, winradio.)
filetrans_pattern($1, device_t, crypt_device_t, chr_file, z90crypt)
filetrans_pattern($1, device_t, zero_device_t, chr_file, zero)
filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, card0)
filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, card1)
filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, card2)
filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, card3)
filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, card4)
filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, card5)
filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, card6)
filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, card7)
filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, card8)
filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, card9)
filetrans_pattern($1, device_t, smartcard_device_t, chr_file, cmx0)
filetrans_pattern($1, device_t, smartcard_device_t, chr_file, cmx1)
filetrans_pattern($1, device_t, smartcard_device_t, chr_file, cmx2)
filetrans_pattern($1, device_t, smartcard_device_t, chr_file, cmx3)
filetrans_pattern($1, device_t, smartcard_device_t, chr_file, cmx4)
filetrans_pattern($1, device_t, smartcard_device_t, chr_file, cmx5)
filetrans_pattern($1, device_t, smartcard_device_t, chr_file, cmx6)
filetrans_pattern($1, device_t, smartcard_device_t, chr_file, cmx7)
filetrans_pattern($1, device_t, smartcard_device_t, chr_file, cmx8)
filetrans_pattern($1, device_t, smartcard_device_t, chr_file, cmx9)
filetrans_pattern($1, device_t, netcontrol_device_t, chr_file, cpu_dma_latency)
filetrans_pattern($1, device_t, cpu_device_t, chr_file, cpu0)
filetrans_pattern($1, device_t, cpu_device_t, chr_file, cpu1)
filetrans_pattern($1, device_t, cpu_device_t, chr_file, cpu2)
filetrans_pattern($1, device_t, cpu_device_t, chr_file, cpu3)
filetrans_pattern($1, device_t, cpu_device_t, chr_file, cpu4)
filetrans_pattern($1, device_t, cpu_device_t, chr_file, cpu5)
filetrans_pattern($1, device_t, cpu_device_t, chr_file, cpu6)
filetrans_pattern($1, device_t, cpu_device_t, chr_file, cpu7)
filetrans_pattern($1, device_t, cpu_device_t, chr_file, cpu8)
filetrans_pattern($1, device_t, cpu_device_t, chr_file, cpu9)
filetrans_pattern($1, device_t, mtrr_device_t, chr_file, mtrr)
filetrans_pattern($1, device_t, event_device_t, chr_file, sensor0)
filetrans_pattern($1, device_t, event_device_t, chr_file, sensor1)
filetrans_pattern($1, device_t, event_device_t, chr_file, sensor2)
filetrans_pattern($1, device_t, event_device_t, chr_file, sensor3)
filetrans_pattern($1, device_t, event_device_t, chr_file, sensor4)
filetrans_pattern($1, device_t, event_device_t, chr_file, sensor5)
filetrans_pattern($1, device_t, event_device_t, chr_file, sensor6)
filetrans_pattern($1, device_t, event_device_t, chr_file, sensor7)
filetrans_pattern($1, device_t, event_device_t, chr_file, sensor8)
filetrans_pattern($1, device_t, event_device_t, chr_file, sensor9)
filetrans_pattern($1, device_t, mouse_device_t, chr_file, m0)
filetrans_pattern($1, device_t, mouse_device_t, chr_file, m1)
filetrans_pattern($1, device_t, mouse_device_t, chr_file, m2)
filetrans_pattern($1, device_t, mouse_device_t, chr_file, m3)
filetrans_pattern($1, device_t, mouse_device_t, chr_file, m4)
filetrans_pattern($1, device_t, mouse_device_t, chr_file, m5)
filetrans_pattern($1, device_t, mouse_device_t, chr_file, m6)
filetrans_pattern($1, device_t, mouse_device_t, chr_file, m7)
filetrans_pattern($1, device_t, mouse_device_t, chr_file, m8)
filetrans_pattern($1, device_t, mouse_device_t, chr_file, m9)
filetrans_pattern($1, device_t, event_device_t, chr_file, keyboard0)
filetrans_pattern($1, device_t, event_device_t, chr_file, keyboard1)
filetrans_pattern($1, device_t, event_device_t, chr_file, keyboard2)
filetrans_pattern($1, device_t, event_device_t, chr_file, keyboard3)
filetrans_pattern($1, device_t, event_device_t, chr_file, keyboard4)
filetrans_pattern($1, device_t, event_device_t, chr_file, keyboard5)
filetrans_pattern($1, device_t, event_device_t, chr_file, keyboard6)
filetrans_pattern($1, device_t, event_device_t, chr_file, keyboard7)
filetrans_pattern($1, device_t, event_device_t, chr_file, keyboard8)
filetrans_pattern($1, device_t, event_device_t, chr_file, keyboard9)
filetrans_pattern($1, device_t, lvm_control_t, chr_file, control)
filetrans_pattern($1, device_t, mouse_device_t, chr_file, ucb1x00)
filetrans_pattern($1, device_t, mouse_device_t, chr_file, mk712)
filetrans_pattern($1, device_t, scanner_device_t, chr_file, dc2xx0)
filetrans_pattern($1, device_t, scanner_device_t, chr_file, dc2xx1)
filetrans_pattern($1, device_t, scanner_device_t, chr_file, dc2xx2)
filetrans_pattern($1, device_t, scanner_device_t, chr_file, dc2xx3)
filetrans_pattern($1, device_t, scanner_device_t, chr_file, dc2xx4)
filetrans_pattern($1, device_t, scanner_device_t, chr_file, dc2xx5)
filetrans_pattern($1, device_t, scanner_device_t, chr_file, dc2xx6)
filetrans_pattern($1, device_t, scanner_device_t, chr_file, dc2xx7)
filetrans_pattern($1, device_t, scanner_device_t, chr_file, dc2xx8)
filetrans_pattern($1, device_t, scanner_device_t, chr_file, dc2xx9)
filetrans_pattern($1, device_t, scanner_device_t, chr_file, mdc8000)
filetrans_pattern($1, device_t, scanner_device_t, chr_file, mdc8001)
filetrans_pattern($1, device_t, scanner_device_t, chr_file, mdc8002)
filetrans_pattern($1, device_t, scanner_device_t, chr_file, mdc8003)
filetrans_pattern($1, device_t, scanner_device_t, chr_file, mdc8004)
filetrans_pattern($1, device_t, scanner_device_t, chr_file, mdc8005)
filetrans_pattern($1, device_t, scanner_device_t, chr_file, mdc8006)
filetrans_pattern($1, device_t, scanner_device_t, chr_file, mdc8007)
filetrans_pattern($1, device_t, scanner_device_t, chr_file, mdc8008)
filetrans_pattern($1, device_t, scanner_device_t, chr_file, mdc8009)
filetrans_pattern($1, device_t, scanner_device_t, chr_file, scanner0)
filetrans_pattern($1, device_t, scanner_device_t, chr_file, scanner1)
filetrans_pattern($1, device_t, scanner_device_t, chr_file, scanner2)
filetrans_pattern($1, device_t, scanner_device_t, chr_file, scanner3)
filetrans_pattern($1, device_t, scanner_device_t, chr_file, scanner4)
filetrans_pattern($1, device_t, scanner_device_t, chr_file, scanner5)
filetrans_pattern($1, device_t, scanner_device_t, chr_file, scanner6)
filetrans_pattern($1, device_t, scanner_device_t, chr_file, scanner7)
filetrans_pattern($1, device_t, scanner_device_t, chr_file, scanner8)
filetrans_pattern($1, device_t, scanner_device_t, chr_file, scanner9)
filetrans_pattern($1, device_t, xen_device_t, chr_file, blktap0)
filetrans_pattern($1, device_t, xen_device_t, chr_file, blktap1)
filetrans_pattern($1, device_t, xen_device_t, chr_file, blktap2)
filetrans_pattern($1, device_t, xen_device_t, chr_file, blktap3)
filetrans_pattern($1, device_t, xen_device_t, chr_file, blktap4)
filetrans_pattern($1, device_t, xen_device_t, chr_file, blktap5)
filetrans_pattern($1, device_t, xen_device_t, chr_file, blktap6)
filetrans_pattern($1, device_t, xen_device_t, chr_file, blktap7)
filetrans_pattern($1, device_t, xen_device_t, chr_file, blktap8)
filetrans_pattern($1, device_t, xen_device_t, chr_file, blktap9)
')
Reference in New Issue View Git Blame Copy Permalink