|
Karl MacMillan |
870049 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Device nodes and interfaces for many basic system devices.
|
|
Karl MacMillan |
870049 |
## </summary>
|
|
Chris PeBenito |
261e0e |
## <desc>
|
|
Chris PeBenito |
414e41 |
##
|
|
Chris PeBenito |
414e41 |
## This module creates the device node concept and provides
|
|
Chris PeBenito |
414e41 |
## the policy for many of the device files. Notable exceptions are
|
|
Chris PeBenito |
414e41 |
## the mass storage and terminal devices that are covered by other
|
|
Chris PeBenito |
414e41 |
## modules.
|
|
Chris PeBenito |
414e41 |
##
|
|
Chris PeBenito |
414e41 |
##
|
|
Chris PeBenito |
414e41 |
## This module creates the concept of a device node. That is a
|
|
Chris PeBenito |
414e41 |
## char or block device file, usually in /dev. All types that
|
|
Chris PeBenito |
414e41 |
## are used to label device nodes should use the dev_node macro.
|
|
Chris PeBenito |
414e41 |
##
|
|
Chris PeBenito |
414e41 |
##
|
|
Chris PeBenito |
414e41 |
## Additionally, this module controls access to three things:
|
|
Chris PeBenito |
414e41 |
##
|
|
Chris PeBenito |
414e41 |
## the device directories containing device nodes
|
|
Chris PeBenito |
414e41 |
## device nodes as a group
|
|
Chris PeBenito |
414e41 |
## individual access to specific device nodes covered by
|
|
Chris PeBenito |
414e41 |
## this module.
|
|
Chris PeBenito |
414e41 |
##
|
|
Chris PeBenito |
414e41 |
##
|
|
Chris PeBenito |
261e0e |
## </desc>
|
|
Chris PeBenito |
fb0a3a |
## <required val="true">
|
|
Chris PeBenito |
fb0a3a |
## Depended on by other required modules.
|
|
Chris PeBenito |
fb0a3a |
## </required>
|
|
Karl MacMillan |
f0c985 |
|
|
Karl MacMillan |
f0c985 |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Make the passed in type a type appropriate for
|
|
Chris PeBenito |
414e41 |
## use on device nodes (usually files in /dev).
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="object_type">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## The object type that will be used on device nodes.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
199895 |
interface(`dev_node',`
|
|
Chris PeBenito |
7a2f20 |
gen_require(`
|
|
Chris PeBenito |
7a2f20 |
attribute device_node;
|
|
Chris PeBenito |
7a2f20 |
')
|
|
Chris PeBenito |
419699 |
|
|
Chris PeBenito |
419699 |
typeattribute $1 device_node;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Allow full relabeling (to and from) of all device nodes.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain allowed to relabel.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
bbcd3c |
## <rolecap/>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
199895 |
interface(`dev_relabel_all_dev_nodes',`
|
|
Chris PeBenito |
7a2f20 |
gen_require(`
|
|
Chris PeBenito |
7a2f20 |
attribute device_node;
|
|
Chris PeBenito |
7a2f20 |
type device_t;
|
|
Chris PeBenito |
7a2f20 |
')
|
|
Chris PeBenito |
419699 |
|
|
Chris PeBenito |
c0868a |
relabelfrom_dirs_pattern($1,device_t,device_node)
|
|
Chris PeBenito |
c0868a |
relabelfrom_files_pattern($1,device_t,device_node)
|
|
Chris PeBenito |
c0868a |
relabelfrom_lnk_files_pattern($1,device_t,device_node)
|
|
Chris PeBenito |
c0868a |
relabelfrom_fifo_files_pattern($1,device_t,device_node)
|
|
Chris PeBenito |
c0868a |
relabelfrom_sock_files_pattern($1,device_t,device_node)
|
|
Chris PeBenito |
c0868a |
relabel_blk_files_pattern($1,device_t,{ device_t device_node })
|
|
Chris PeBenito |
c0868a |
relabel_chr_files_pattern($1,device_t,{ device_t device_node })
|
|
Chris PeBenito |
ee5772 |
')
|
|
Chris PeBenito |
ee5772 |
|
|
Chris PeBenito |
ee5772 |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## List all of the device nodes in a device directory.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain allowed to list device nodes.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
ee5772 |
#
|
|
Chris PeBenito |
199895 |
interface(`dev_list_all_dev_nodes',`
|
|
Chris PeBenito |
cbc9d6 |
gen_require(`
|
|
Chris PeBenito |
cbc9d6 |
type device_t;
|
|
Chris PeBenito |
cbc9d6 |
')
|
|
Chris PeBenito |
419699 |
|
|
Chris PeBenito |
c0868a |
|
|
Chris PeBenito |
c0868a |
list_dirs_pattern($1,device_t,device_t)
|
|
Chris PeBenito |
c0868a |
read_lnk_files_pattern($1,device_t,device_t)
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
a42ca7 |
## Set the attributes of /dev directories.
|
|
Chris PeBenito |
a42ca7 |
## </summary>
|
|
Chris PeBenito |
a42ca7 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
a42ca7 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
a42ca7 |
## </param>
|
|
Chris PeBenito |
a42ca7 |
#
|
|
Chris PeBenito |
207c47 |
interface(`dev_setattr_generic_dirs',`
|
|
Chris PeBenito |
a42ca7 |
gen_require(`
|
|
Chris PeBenito |
a42ca7 |
type device_t;
|
|
Chris PeBenito |
a42ca7 |
')
|
|
Chris PeBenito |
a42ca7 |
|
|
Chris PeBenito |
c0868a |
setattr_dirs_pattern($1,device_t,device_t)
|
|
Chris PeBenito |
a42ca7 |
')
|
|
Chris PeBenito |
a42ca7 |
|
|
Chris PeBenito |
a42ca7 |
########################################
|
|
Chris PeBenito |
a42ca7 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Dontaudit attempts to list all device nodes.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain to dontaudit listing of device nodes.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
199895 |
interface(`dev_dontaudit_list_all_dev_nodes',`
|
|
Chris PeBenito |
cbc9d6 |
gen_require(`
|
|
Chris PeBenito |
cbc9d6 |
type device_t;
|
|
Chris PeBenito |
cbc9d6 |
')
|
|
Chris PeBenito |
419699 |
|
|
Chris PeBenito |
c0868a |
dontaudit $1 device_t:dir list_dir_perms;
|
|
Chris PeBenito |
c0868a |
')
|
|
Chris PeBenito |
c0868a |
|
|
Chris PeBenito |
c0868a |
########################################
|
|
Chris PeBenito |
c0868a |
## <summary>
|
|
Chris PeBenito |
c0868a |
## Add entries to directories in /dev.
|
|
Chris PeBenito |
c0868a |
## </summary>
|
|
Chris PeBenito |
c0868a |
## <param name="domain">
|
|
Chris PeBenito |
c0868a |
## <summary>
|
|
Chris PeBenito |
c0868a |
## Domain allowed to add entries.
|
|
Chris PeBenito |
c0868a |
## </summary>
|
|
Chris PeBenito |
c0868a |
## </param>
|
|
Chris PeBenito |
c0868a |
#
|
|
Chris PeBenito |
c0868a |
interface(`dev_add_entry_generic_dirs',`
|
|
Chris PeBenito |
c0868a |
gen_require(`
|
|
Chris PeBenito |
c0868a |
type device_t;
|
|
Chris PeBenito |
c0868a |
')
|
|
Chris PeBenito |
c0868a |
|
|
Chris PeBenito |
c0868a |
allow $1 device_t:dir add_entry_dir_perms;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
c3dff2 |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Create a directory in the device directory.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain allowed to create the directory.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
c3dff2 |
#
|
|
Chris PeBenito |
207c47 |
interface(`dev_create_generic_dirs',`
|
|
Chris PeBenito |
cbc9d6 |
gen_require(`
|
|
Chris PeBenito |
cbc9d6 |
type device_t;
|
|
Chris PeBenito |
cbc9d6 |
')
|
|
Chris PeBenito |
419699 |
|
|
Chris PeBenito |
c0868a |
create_dirs_pattern($1,device_t,device_t)
|
|
Chris PeBenito |
129318 |
')
|
|
Chris PeBenito |
129318 |
|
|
Chris PeBenito |
129318 |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
bf469d |
## Delete a directory in the device directory.
|
|
Chris PeBenito |
bf469d |
## </summary>
|
|
Chris PeBenito |
bf469d |
## <param name="domain">
|
|
Chris PeBenito |
bf469d |
## <summary>
|
|
Chris PeBenito |
bf469d |
## Domain allowed to create the directory.
|
|
Chris PeBenito |
bf469d |
## </summary>
|
|
Chris PeBenito |
bf469d |
## </param>
|
|
Chris PeBenito |
bf469d |
#
|
|
Chris PeBenito |
bf469d |
interface(`dev_delete_generic_dirs',`
|
|
Chris PeBenito |
bf469d |
gen_require(`
|
|
Chris PeBenito |
bf469d |
type device_t;
|
|
Chris PeBenito |
bf469d |
')
|
|
Chris PeBenito |
bf469d |
|
|
Chris PeBenito |
c0868a |
delete_dirs_pattern($1,device_t,device_t)
|
|
Chris PeBenito |
bf469d |
')
|
|
Chris PeBenito |
bf469d |
|
|
Chris PeBenito |
bf469d |
########################################
|
|
Chris PeBenito |
bf469d |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Allow full relabeling (to and from) of directories in /dev.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain allowed to relabel.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
c9428d |
#
|
|
Chris PeBenito |
207c47 |
interface(`dev_relabel_generic_dev_dirs',`
|
|
Chris PeBenito |
cbc9d6 |
gen_require(`
|
|
Chris PeBenito |
cbc9d6 |
type device_t;
|
|
Chris PeBenito |
cbc9d6 |
')
|
|
Chris PeBenito |
c9428d |
|
|
Chris PeBenito |
c0868a |
relabel_dirs_pattern($1,device_t,device_t)
|
|
Chris PeBenito |
c9428d |
')
|
|
Chris PeBenito |
c9428d |
|
|
Chris PeBenito |
c9428d |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
bff907 |
## dontaudit getattr generic files in /dev.
|
|
Chris PeBenito |
bff907 |
## </summary>
|
|
Chris PeBenito |
bff907 |
## <param name="domain">
|
|
Chris PeBenito |
bff907 |
## <summary>
|
|
Chris PeBenito |
bff907 |
## Domain to not audit.
|
|
Chris PeBenito |
bff907 |
## </summary>
|
|
Chris PeBenito |
bff907 |
## </param>
|
|
Chris PeBenito |
bff907 |
#
|
|
Chris PeBenito |
bff907 |
interface(`dev_dontaudit_getattr_generic_files',`
|
|
Chris PeBenito |
bff907 |
gen_require(`
|
|
Chris PeBenito |
bff907 |
type device_t;
|
|
Chris PeBenito |
bff907 |
')
|
|
Chris PeBenito |
bff907 |
|
|
Chris PeBenito |
bff907 |
dontaudit $1 device_t:file getattr;
|
|
Chris PeBenito |
bff907 |
')
|
|
Chris PeBenito |
bff907 |
|
|
Chris PeBenito |
bff907 |
########################################
|
|
Chris PeBenito |
bff907 |
## <summary>
|
|
Chris PeBenito |
ae9e27 |
## Read and write generic files in /dev.
|
|
Chris PeBenito |
ae9e27 |
## </summary>
|
|
Chris PeBenito |
ae9e27 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
ae9e27 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
ae9e27 |
## </param>
|
|
Chris PeBenito |
ae9e27 |
#
|
|
Chris PeBenito |
207c47 |
interface(`dev_rw_generic_files',`
|
|
Chris PeBenito |
ae9e27 |
gen_require(`
|
|
Chris PeBenito |
ae9e27 |
type device_t;
|
|
Chris PeBenito |
ae9e27 |
')
|
|
Chris PeBenito |
ae9e27 |
|
|
Chris PeBenito |
c0868a |
rw_files_pattern($1,device_t,device_t)
|
|
Chris PeBenito |
ae9e27 |
')
|
|
Chris PeBenito |
ae9e27 |
|
|
Chris PeBenito |
ae9e27 |
########################################
|
|
Chris PeBenito |
ae9e27 |
## <summary>
|
|
Chris PeBenito |
98a8ea |
## Delete generic files in /dev.
|
|
Chris PeBenito |
98a8ea |
## </summary>
|
|
Chris PeBenito |
98a8ea |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
98a8ea |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
98a8ea |
## </param>
|
|
Chris PeBenito |
98a8ea |
#
|
|
Chris PeBenito |
207c47 |
interface(`dev_delete_generic_files',`
|
|
Chris PeBenito |
98a8ea |
gen_require(`
|
|
Chris PeBenito |
98a8ea |
type device_t;
|
|
Chris PeBenito |
98a8ea |
')
|
|
Chris PeBenito |
98a8ea |
|
|
Chris PeBenito |
c0868a |
delete_files_pattern($1,device_t,device_t)
|
|
Chris PeBenito |
98a8ea |
')
|
|
Chris PeBenito |
98a8ea |
|
|
Chris PeBenito |
98a8ea |
########################################
|
|
Chris PeBenito |
46c69c |
## <summary>
|
|
Chris PeBenito |
46c69c |
## Create a file in the device directory.
|
|
Chris PeBenito |
46c69c |
## </summary>
|
|
Chris PeBenito |
46c69c |
## <param name="domain">
|
|
Chris PeBenito |
46c69c |
## <summary>
|
|
Chris PeBenito |
46c69c |
## Domain allowed to create the files.
|
|
Chris PeBenito |
46c69c |
## </summary>
|
|
Chris PeBenito |
46c69c |
## </param>
|
|
Chris PeBenito |
46c69c |
#
|
|
Chris PeBenito |
46c69c |
interface(`dev_manage_generic_files',`
|
|
Chris PeBenito |
46c69c |
gen_require(`
|
|
Chris PeBenito |
46c69c |
type device_t;
|
|
Chris PeBenito |
46c69c |
')
|
|
Chris PeBenito |
46c69c |
|
|
Chris PeBenito |
c0868a |
manage_files_pattern($1,device_t,device_t)
|
|
Chris PeBenito |
46c69c |
')
|
|
Chris PeBenito |
46c69c |
|
|
Chris PeBenito |
46c69c |
########################################
|
|
Chris PeBenito |
98a8ea |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Dontaudit getattr on generic pipes.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain to dontaudit.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
129318 |
#
|
|
Chris PeBenito |
207c47 |
interface(`dev_dontaudit_getattr_generic_pipes',`
|
|
Chris PeBenito |
cbc9d6 |
gen_require(`
|
|
Chris PeBenito |
cbc9d6 |
type device_t;
|
|
Chris PeBenito |
cbc9d6 |
')
|
|
Chris PeBenito |
419699 |
|
|
Chris PeBenito |
419699 |
dontaudit $1 device_t:fifo_file getattr;
|
|
Chris PeBenito |
f5c42b |
')
|
|
Chris PeBenito |
f5c42b |
|
|
Chris PeBenito |
f5c42b |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Allow getattr on generic block devices.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
f5c42b |
#
|
|
Chris PeBenito |
207c47 |
interface(`dev_getattr_generic_blk_files',`
|
|
Chris PeBenito |
cbc9d6 |
gen_require(`
|
|
Chris PeBenito |
cbc9d6 |
type device_t;
|
|
Chris PeBenito |
cbc9d6 |
')
|
|
Chris PeBenito |
419699 |
|
|
Chris PeBenito |
c0868a |
getattr_blk_files_pattern($1,device_t,device_t)
|
|
Chris PeBenito |
c3dff2 |
')
|
|
Chris PeBenito |
c3dff2 |
|
|
Chris PeBenito |
7bba9d |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Dontaudit getattr on generic block devices.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain to dontaudit access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
7bba9d |
#
|
|
Chris PeBenito |
207c47 |
interface(`dev_dontaudit_getattr_generic_blk_files',`
|
|
Chris PeBenito |
cbc9d6 |
gen_require(`
|
|
Chris PeBenito |
cbc9d6 |
type device_t;
|
|
Chris PeBenito |
cbc9d6 |
')
|
|
Chris PeBenito |
419699 |
|
|
Chris PeBenito |
419699 |
dontaudit $1 device_t:blk_file getattr;
|
|
Chris PeBenito |
7bba9d |
')
|
|
Chris PeBenito |
7bba9d |
|
|
Chris PeBenito |
7bba9d |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Dontaudit setattr on generic block devices.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain to dontaudit access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
7a2f20 |
#
|
|
Chris PeBenito |
207c47 |
interface(`dev_dontaudit_setattr_generic_blk_files',`
|
|
Chris PeBenito |
7a2f20 |
gen_require(`
|
|
Chris PeBenito |
7a2f20 |
type device_t;
|
|
Chris PeBenito |
7a2f20 |
')
|
|
Chris PeBenito |
7a2f20 |
|
|
Chris PeBenito |
7a2f20 |
dontaudit $1 device_t:blk_file setattr;
|
|
Chris PeBenito |
7a2f20 |
')
|
|
Chris PeBenito |
7a2f20 |
|
|
Chris PeBenito |
7a2f20 |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Allow read, write, and create for generic character device files.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
d115b2 |
#
|
|
Chris PeBenito |
207c47 |
interface(`dev_create_generic_chr_files',`
|
|
Chris PeBenito |
cbc9d6 |
gen_require(`
|
|
Chris PeBenito |
cbc9d6 |
type device_t;
|
|
Chris PeBenito |
cbc9d6 |
')
|
|
Chris PeBenito |
419699 |
|
|
Chris PeBenito |
c0868a |
create_chr_files_pattern($1,device_t,device_t)
|
|
Chris PeBenito |
f5c42b |
')
|
|
Chris PeBenito |
f5c42b |
|
|
Chris PeBenito |
f5c42b |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Allow getattr for generic character device files.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
f5c42b |
#
|
|
Chris PeBenito |
207c47 |
interface(`dev_getattr_generic_chr_files',`
|
|
Chris PeBenito |
cbc9d6 |
gen_require(`
|
|
Chris PeBenito |
cbc9d6 |
type device_t;
|
|
Chris PeBenito |
cbc9d6 |
')
|
|
Chris PeBenito |
419699 |
|
|
Chris PeBenito |
c0868a |
getattr_chr_files_pattern($1,device_t,device_t)
|
|
Chris PeBenito |
c3dff2 |
')
|
|
Chris PeBenito |
c3dff2 |
|
|
Chris PeBenito |
c3dff2 |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Dontaudit getattr for generic character device files.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain to dontaudit access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
c3dff2 |
#
|
|
Chris PeBenito |
207c47 |
interface(`dev_dontaudit_getattr_generic_chr_files',`
|
|
Chris PeBenito |
cbc9d6 |
gen_require(`
|
|
Chris PeBenito |
cbc9d6 |
type device_t;
|
|
Chris PeBenito |
cbc9d6 |
')
|
|
Chris PeBenito |
419699 |
|
|
Chris PeBenito |
419699 |
dontaudit $1 device_t:chr_file getattr;
|
|
Chris PeBenito |
7bba9d |
')
|
|
Chris PeBenito |
7bba9d |
|
|
Chris PeBenito |
7bba9d |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Dontaudit setattr for generic character device files.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain to dontaudit access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
7a2f20 |
#
|
|
Chris PeBenito |
207c47 |
interface(`dev_dontaudit_setattr_generic_chr_files',`
|
|
Chris PeBenito |
7a2f20 |
gen_require(`
|
|
Chris PeBenito |
7a2f20 |
type device_t;
|
|
Chris PeBenito |
7a2f20 |
')
|
|
Chris PeBenito |
7a2f20 |
|
|
Chris PeBenito |
7a2f20 |
dontaudit $1 device_t:chr_file setattr;
|
|
Chris PeBenito |
7a2f20 |
')
|
|
Chris PeBenito |
7a2f20 |
|
|
Chris PeBenito |
7a2f20 |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
ae9e27 |
## Do not audit attempts to set the attributes
|
|
Chris PeBenito |
ae9e27 |
## of symbolic links in device directories (/dev).
|
|
Chris PeBenito |
ae9e27 |
## </summary>
|
|
Chris PeBenito |
ae9e27 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
ae9e27 |
## Domain to not audit.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
ae9e27 |
## </param>
|
|
Chris PeBenito |
ae9e27 |
#
|
|
Chris PeBenito |
207c47 |
interface(`dev_dontaudit_setattr_generic_symlinks',`
|
|
Chris PeBenito |
ae9e27 |
gen_require(`
|
|
Chris PeBenito |
ae9e27 |
type device_t;
|
|
Chris PeBenito |
ae9e27 |
')
|
|
Chris PeBenito |
ae9e27 |
|
|
Chris PeBenito |
ae9e27 |
dontaudit $1 device_t:lnk_file setattr;
|
|
Chris PeBenito |
ae9e27 |
')
|
|
Chris PeBenito |
ae9e27 |
|
|
Chris PeBenito |
ae9e27 |
########################################
|
|
Chris PeBenito |
ae9e27 |
## <summary>
|
|
Chris PeBenito |
bbcd3c |
## Create symbolic links in device directories.
|
|
Chris PeBenito |
bbcd3c |
## </summary>
|
|
Chris PeBenito |
bbcd3c |
## <param name="domain">
|
|
Chris PeBenito |
bbcd3c |
## <summary>
|
|
Chris PeBenito |
bbcd3c |
## Domain allowed access.
|
|
Chris PeBenito |
bbcd3c |
## </summary>
|
|
Chris PeBenito |
bbcd3c |
## </param>
|
|
Chris PeBenito |
bbcd3c |
#
|
|
Chris PeBenito |
bbcd3c |
interface(`dev_create_generic_symlinks',`
|
|
Chris PeBenito |
bbcd3c |
gen_require(`
|
|
Chris PeBenito |
bbcd3c |
type device_t;
|
|
Chris PeBenito |
bbcd3c |
')
|
|
Chris PeBenito |
bbcd3c |
|
|
Chris PeBenito |
c0868a |
create_lnk_files_pattern($1,device_t,device_t)
|
|
Chris PeBenito |
bbcd3c |
')
|
|
Chris PeBenito |
bbcd3c |
|
|
Chris PeBenito |
bbcd3c |
########################################
|
|
Chris PeBenito |
bbcd3c |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Delete symbolic links in device directories.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
dc771f |
#
|
|
Chris PeBenito |
207c47 |
interface(`dev_delete_generic_symlinks',`
|
|
Chris PeBenito |
7a2f20 |
gen_require(`
|
|
Chris PeBenito |
7a2f20 |
type device_t;
|
|
Chris PeBenito |
7a2f20 |
')
|
|
Chris PeBenito |
419699 |
|
|
Chris PeBenito |
c0868a |
delete_lnk_files_pattern($1,device_t,device_t)
|
|
Chris PeBenito |
dc771f |
')
|
|
Chris PeBenito |
dc771f |
|
|
Chris PeBenito |
dc771f |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Create, delete, read, and write symbolic links in device directories.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
7bba9d |
#
|
|
Chris PeBenito |
199895 |
interface(`dev_manage_generic_symlinks',`
|
|
Chris PeBenito |
7a2f20 |
gen_require(`
|
|
Chris PeBenito |
7a2f20 |
type device_t;
|
|
Chris PeBenito |
7a2f20 |
')
|
|
Chris PeBenito |
419699 |
|
|
Chris PeBenito |
c0868a |
manage_lnk_files_pattern($1,device_t,device_t)
|
|
Chris PeBenito |
7bba9d |
')
|
|
Chris PeBenito |
7bba9d |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
783b38 |
## Relabel symbolic links in device directories.
|
|
Chris PeBenito |
783b38 |
## </summary>
|
|
Chris PeBenito |
783b38 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
783b38 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
783b38 |
## </param>
|
|
Chris PeBenito |
783b38 |
#
|
|
Chris PeBenito |
783b38 |
interface(`dev_relabel_generic_symlinks',`
|
|
Chris PeBenito |
783b38 |
gen_require(`
|
|
Chris PeBenito |
783b38 |
type device_t;
|
|
Chris PeBenito |
783b38 |
')
|
|
Chris PeBenito |
783b38 |
|
|
Chris PeBenito |
c0868a |
relabel_lnk_files_pattern($1,device_t,device_t)
|
|
Chris PeBenito |
783b38 |
')
|
|
Chris PeBenito |
783b38 |
|
|
Chris PeBenito |
783b38 |
########################################
|
|
Chris PeBenito |
783b38 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Create, delete, read, and write device nodes in device directories.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
207c47 |
interface(`dev_manage_all_dev_nodes',`
|
|
Chris PeBenito |
cbc9d6 |
gen_require(`
|
|
Chris PeBenito |
cbc9d6 |
attribute device_node, memory_raw_read, memory_raw_write;
|
|
Chris PeBenito |
cbc9d6 |
type device_t;
|
|
Chris PeBenito |
cbc9d6 |
')
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
c0868a |
manage_dirs_pattern($1,device_t,device_t)
|
|
Chris PeBenito |
c0868a |
manage_sock_files_pattern($1,device_t,device_t)
|
|
Chris PeBenito |
c0868a |
manage_lnk_files_pattern($1,device_t,device_t)
|
|
Chris PeBenito |
c0868a |
manage_chr_files_pattern($1,device_t,{ device_t device_node })
|
|
Chris PeBenito |
c0868a |
manage_blk_files_pattern($1,device_t,{ device_t device_node })
|
|
Chris PeBenito |
c0868a |
relabel_dirs_pattern($1,device_t,device_t)
|
|
Chris PeBenito |
c0868a |
relabel_chr_files_pattern($1,device_t,{ device_t device_node })
|
|
Chris PeBenito |
c0868a |
relabel_blk_files_pattern($1,device_t,{ device_t device_node })
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
# these next rules are to satisfy assertions broken by the above lines.
|
|
Chris PeBenito |
0c73cd |
# the permissions hopefully can be cut back a lot
|
|
Chris PeBenito |
0c73cd |
storage_raw_read_fixed_disk($1)
|
|
Chris PeBenito |
0c73cd |
storage_raw_write_fixed_disk($1)
|
|
Chris PeBenito |
0c73cd |
storage_read_scsi_generic($1)
|
|
Chris PeBenito |
0c73cd |
storage_write_scsi_generic($1)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
typeattribute $1 memory_raw_read;
|
|
Chris PeBenito |
0c73cd |
typeattribute $1 memory_raw_write;
|
|
Chris PeBenito |
07d6e3 |
')
|
|
Chris PeBenito |
07d6e3 |
|
|
Chris PeBenito |
07d6e3 |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Dontaudit getattr for generic device files.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain to dontaudit access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
07d6e3 |
#
|
|
Chris PeBenito |
199895 |
interface(`dev_dontaudit_rw_generic_dev_nodes',`
|
|
Chris PeBenito |
cbc9d6 |
gen_require(`
|
|
Chris PeBenito |
cbc9d6 |
type device_t;
|
|
Chris PeBenito |
cbc9d6 |
')
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
dontaudit $1 device_t:{ chr_file blk_file } { getattr read write ioctl };
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Create, delete, read, and write block device files.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
207c47 |
interface(`dev_manage_generic_blk_files',`
|
|
Chris PeBenito |
cbc9d6 |
gen_require(`
|
|
Chris PeBenito |
cbc9d6 |
type device_t;
|
|
Chris PeBenito |
cbc9d6 |
')
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
c0868a |
manage_blk_files_pattern($1,device_t,device_t)
|
|
Chris PeBenito |
32e53a |
')
|
|
Chris PeBenito |
32e53a |
|
|
Chris PeBenito |
32e53a |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Create, delete, read, and write character device files.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
32e53a |
#
|
|
Chris PeBenito |
207c47 |
interface(`dev_manage_generic_chr_files',`
|
|
Chris PeBenito |
cbc9d6 |
gen_require(`
|
|
Chris PeBenito |
cbc9d6 |
type device_t;
|
|
Chris PeBenito |
cbc9d6 |
')
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
c0868a |
manage_chr_files_pattern($1,device_t,device_t)
|
|
Chris PeBenito |
32e53a |
')
|
|
Chris PeBenito |
32e53a |
|
|
Chris PeBenito |
32e53a |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Create, read, and write device nodes. The node
|
|
Chris PeBenito |
414e41 |
## will be transitioned to the type provided.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
414e41 |
## <param name="file">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Type to which the created node will be transitioned.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
414e41 |
## <param name="objectclass(es)">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Object class(es) (single or set including {}) for which this
|
|
Chris PeBenito |
414e41 |
## the transition will occur.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
32e53a |
#
|
|
Chris PeBenito |
103fe2 |
interface(`dev_filetrans',`
|
|
Chris PeBenito |
cbc9d6 |
gen_require(`
|
|
Chris PeBenito |
cbc9d6 |
type device_t;
|
|
Chris PeBenito |
cbc9d6 |
')
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
c0868a |
filetrans_pattern($1,device_t,$2,$3)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
31a1c2 |
fs_associate_tmpfs($2)
|
|
Chris PeBenito |
31a1c2 |
files_associate_tmp($2)
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Getattr on all block file device nodes.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
bbcd3c |
## <rolecap/>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
199895 |
interface(`dev_getattr_all_blk_files',`
|
|
Chris PeBenito |
cbc9d6 |
gen_require(`
|
|
Chris PeBenito |
cbc9d6 |
attribute device_node;
|
|
Chris PeBenito |
c0868a |
type device_t;
|
|
Chris PeBenito |
cbc9d6 |
')
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
c0868a |
getattr_blk_files_pattern($1,device_t,device_node)
|
|
Chris PeBenito |
8a0da1 |
')
|
|
Chris PeBenito |
8a0da1 |
|
|
Chris PeBenito |
7bba9d |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Dontaudit getattr on all block file device nodes.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain to dontaudit access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
7bba9d |
#
|
|
Chris PeBenito |
199895 |
interface(`dev_dontaudit_getattr_all_blk_files',`
|
|
Chris PeBenito |
cbc9d6 |
gen_require(`
|
|
Chris PeBenito |
cbc9d6 |
attribute device_node;
|
|
Chris PeBenito |
cbc9d6 |
')
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
2db2c7 |
dontaudit $1 device_node:blk_file getattr;
|
|
Chris PeBenito |
7bba9d |
')
|
|
Chris PeBenito |
7bba9d |
|
|
Chris PeBenito |
8a0da1 |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Getattr on all character file device nodes.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
bbcd3c |
## <rolecap/>
|
|
Chris PeBenito |
8a0da1 |
#
|
|
Chris PeBenito |
199895 |
interface(`dev_getattr_all_chr_files',`
|
|
Chris PeBenito |
cbc9d6 |
gen_require(`
|
|
Chris PeBenito |
cbc9d6 |
attribute device_node;
|
|
Chris PeBenito |
cbc9d6 |
')
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
c0868a |
getattr_chr_files_pattern($1,device_t,device_node)
|
|
Chris PeBenito |
8a0da1 |
')
|
|
Chris PeBenito |
8a0da1 |
|
|
Chris PeBenito |
7bba9d |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Dontaudit getattr on all character file device nodes.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain to dontaudit access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
7bba9d |
#
|
|
Chris PeBenito |
199895 |
interface(`dev_dontaudit_getattr_all_chr_files',`
|
|
Chris PeBenito |
cbc9d6 |
gen_require(`
|
|
Chris PeBenito |
cbc9d6 |
attribute device_node;
|
|
Chris PeBenito |
cbc9d6 |
')
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
dontaudit $1 device_node:chr_file getattr;
|
|
Chris PeBenito |
7bba9d |
')
|
|
Chris PeBenito |
7bba9d |
|
|
Chris PeBenito |
8a0da1 |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Setattr on all block file device nodes.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
bbcd3c |
## <rolecap/>
|
|
Chris PeBenito |
8a0da1 |
#
|
|
Chris PeBenito |
199895 |
interface(`dev_setattr_all_blk_files',`
|
|
Chris PeBenito |
cbc9d6 |
gen_require(`
|
|
Chris PeBenito |
cbc9d6 |
attribute device_node;
|
|
Chris PeBenito |
cbc9d6 |
')
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
c0868a |
setattr_blk_files_pattern($1,device_t,device_node)
|
|
Chris PeBenito |
8a0da1 |
')
|
|
Chris PeBenito |
8a0da1 |
|
|
Chris PeBenito |
8a0da1 |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Setattr on all character file device nodes.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
bbcd3c |
## <rolecap/>
|
|
Chris PeBenito |
8a0da1 |
#
|
|
Chris PeBenito |
199895 |
interface(`dev_setattr_all_chr_files',`
|
|
Chris PeBenito |
cbc9d6 |
gen_require(`
|
|
Chris PeBenito |
cbc9d6 |
attribute device_node;
|
|
Chris PeBenito |
cbc9d6 |
')
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
c0868a |
setattr_chr_files_pattern($1,device_t,device_node)
|
|
Chris PeBenito |
8a0da1 |
')
|
|
Chris PeBenito |
8a0da1 |
|
|
Chris PeBenito |
8a0da1 |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
cf6a7d |
## Dontaudit read on all block file device nodes.
|
|
Chris PeBenito |
cf6a7d |
## </summary>
|
|
Chris PeBenito |
cf6a7d |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
cf6a7d |
## Domain to not audit.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
cf6a7d |
## </param>
|
|
Chris PeBenito |
cf6a7d |
#
|
|
Chris PeBenito |
cf6a7d |
interface(`dev_dontaudit_read_all_blk_files',`
|
|
Chris PeBenito |
cf6a7d |
gen_require(`
|
|
Chris PeBenito |
cf6a7d |
attribute device_node;
|
|
Chris PeBenito |
cf6a7d |
')
|
|
Chris PeBenito |
cf6a7d |
|
|
Chris PeBenito |
cf6a7d |
dontaudit $1 device_node:blk_file { getattr read };
|
|
Chris PeBenito |
cf6a7d |
')
|
|
Chris PeBenito |
cf6a7d |
|
|
Chris PeBenito |
cf6a7d |
########################################
|
|
Chris PeBenito |
cf6a7d |
## <summary>
|
|
Chris PeBenito |
cf6a7d |
## Dontaudit read on all character file device nodes.
|
|
Chris PeBenito |
cf6a7d |
## </summary>
|
|
Chris PeBenito |
cf6a7d |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
cf6a7d |
## Domain to not audit.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
cf6a7d |
## </param>
|
|
Chris PeBenito |
cf6a7d |
#
|
|
Chris PeBenito |
cf6a7d |
interface(`dev_dontaudit_read_all_chr_files',`
|
|
Chris PeBenito |
cf6a7d |
gen_require(`
|
|
Chris PeBenito |
cf6a7d |
attribute device_node;
|
|
Chris PeBenito |
cf6a7d |
')
|
|
Chris PeBenito |
cf6a7d |
|
|
Chris PeBenito |
cf6a7d |
dontaudit $1 device_node:chr_file { getattr read };
|
|
Chris PeBenito |
cf6a7d |
')
|
|
Chris PeBenito |
cf6a7d |
|
|
Chris PeBenito |
cf6a7d |
########################################
|
|
Chris PeBenito |
cf6a7d |
## <summary>
|
|
Chris PeBenito |
bbcd3c |
## Create all block device files.
|
|
Chris PeBenito |
bbcd3c |
## </summary>
|
|
Chris PeBenito |
bbcd3c |
## <param name="domain">
|
|
Chris PeBenito |
bbcd3c |
## <summary>
|
|
Chris PeBenito |
bbcd3c |
## Domain allowed access.
|
|
Chris PeBenito |
bbcd3c |
## </summary>
|
|
Chris PeBenito |
bbcd3c |
## </param>
|
|
Chris PeBenito |
bbcd3c |
#
|
|
Chris PeBenito |
bbcd3c |
interface(`dev_create_all_blk_files',`
|
|
Chris PeBenito |
bbcd3c |
gen_require(`
|
|
Chris PeBenito |
bbcd3c |
attribute device_node;
|
|
Chris PeBenito |
bbcd3c |
')
|
|
Chris PeBenito |
bbcd3c |
|
|
Chris PeBenito |
c0868a |
create_blk_files_pattern($1,device_t,device_node)
|
|
Chris PeBenito |
bbcd3c |
')
|
|
Chris PeBenito |
bbcd3c |
|
|
Chris PeBenito |
bbcd3c |
########################################
|
|
Chris PeBenito |
bbcd3c |
## <summary>
|
|
Chris PeBenito |
bbcd3c |
## Create all character device files.
|
|
Chris PeBenito |
bbcd3c |
## </summary>
|
|
Chris PeBenito |
bbcd3c |
## <param name="domain">
|
|
Chris PeBenito |
bbcd3c |
## <summary>
|
|
Chris PeBenito |
bbcd3c |
## Domain allowed access.
|
|
Chris PeBenito |
bbcd3c |
## </summary>
|
|
Chris PeBenito |
bbcd3c |
## </param>
|
|
Chris PeBenito |
bbcd3c |
#
|
|
Chris PeBenito |
bbcd3c |
interface(`dev_create_all_chr_files',`
|
|
Chris PeBenito |
bbcd3c |
gen_require(`
|
|
Chris PeBenito |
bbcd3c |
attribute device_node;
|
|
Chris PeBenito |
bbcd3c |
')
|
|
Chris PeBenito |
bbcd3c |
|
|
Chris PeBenito |
c0868a |
create_chr_files_pattern($1,device_t,device_node)
|
|
Chris PeBenito |
bbcd3c |
')
|
|
Chris PeBenito |
bbcd3c |
|
|
Chris PeBenito |
bbcd3c |
########################################
|
|
Chris PeBenito |
bbcd3c |
## <summary>
|
|
Chris PeBenito |
bbcd3c |
## Delete all block device files.
|
|
Chris PeBenito |
bbcd3c |
## </summary>
|
|
Chris PeBenito |
bbcd3c |
## <param name="domain">
|
|
Chris PeBenito |
bbcd3c |
## <summary>
|
|
Chris PeBenito |
bbcd3c |
## Domain allowed access.
|
|
Chris PeBenito |
bbcd3c |
## </summary>
|
|
Chris PeBenito |
bbcd3c |
## </param>
|
|
Chris PeBenito |
bbcd3c |
#
|
|
Chris PeBenito |
bbcd3c |
interface(`dev_delete_all_blk_files',`
|
|
Chris PeBenito |
bbcd3c |
gen_require(`
|
|
Chris PeBenito |
bbcd3c |
attribute device_node;
|
|
Chris PeBenito |
bbcd3c |
')
|
|
Chris PeBenito |
bbcd3c |
|
|
Chris PeBenito |
c0868a |
delete_blk_files_pattern($1,device_t,device_node)
|
|
Chris PeBenito |
bbcd3c |
')
|
|
Chris PeBenito |
bbcd3c |
|
|
Chris PeBenito |
bbcd3c |
########################################
|
|
Chris PeBenito |
bbcd3c |
## <summary>
|
|
Chris PeBenito |
bbcd3c |
## Delete all character device files.
|
|
Chris PeBenito |
bbcd3c |
## </summary>
|
|
Chris PeBenito |
bbcd3c |
## <param name="domain">
|
|
Chris PeBenito |
bbcd3c |
## <summary>
|
|
Chris PeBenito |
bbcd3c |
## Domain allowed access.
|
|
Chris PeBenito |
bbcd3c |
## </summary>
|
|
Chris PeBenito |
bbcd3c |
## </param>
|
|
Chris PeBenito |
bbcd3c |
#
|
|
Chris PeBenito |
bbcd3c |
interface(`dev_delete_all_chr_files',`
|
|
Chris PeBenito |
bbcd3c |
gen_require(`
|
|
Chris PeBenito |
bbcd3c |
attribute device_node;
|
|
Chris PeBenito |
bbcd3c |
')
|
|
Chris PeBenito |
bbcd3c |
|
|
Chris PeBenito |
c0868a |
delete_chr_files_pattern($1,device_t,device_node)
|
|
Chris PeBenito |
bbcd3c |
')
|
|
Chris PeBenito |
bbcd3c |
|
|
Chris PeBenito |
bbcd3c |
########################################
|
|
Chris PeBenito |
bbcd3c |
## <summary>
|
|
Chris PeBenito |
bbcd3c |
## Rename all block device files.
|
|
Chris PeBenito |
bbcd3c |
## </summary>
|
|
Chris PeBenito |
bbcd3c |
## <param name="domain">
|
|
Chris PeBenito |
bbcd3c |
## <summary>
|
|
Chris PeBenito |
bbcd3c |
## Domain allowed access.
|
|
Chris PeBenito |
bbcd3c |
## </summary>
|
|
Chris PeBenito |
bbcd3c |
## </param>
|
|
Chris PeBenito |
bbcd3c |
#
|
|
Chris PeBenito |
bbcd3c |
interface(`dev_rename_all_blk_files',`
|
|
Chris PeBenito |
bbcd3c |
gen_require(`
|
|
Chris PeBenito |
bbcd3c |
attribute device_node;
|
|
Chris PeBenito |
bbcd3c |
')
|
|
Chris PeBenito |
bbcd3c |
|
|
Chris PeBenito |
c0868a |
rename_blk_files_pattern($1,device_t,device_node)
|
|
Chris PeBenito |
bbcd3c |
')
|
|
Chris PeBenito |
bbcd3c |
|
|
Chris PeBenito |
bbcd3c |
########################################
|
|
Chris PeBenito |
bbcd3c |
## <summary>
|
|
Chris PeBenito |
bbcd3c |
## Rename all character device files.
|
|
Chris PeBenito |
bbcd3c |
## </summary>
|
|
Chris PeBenito |
bbcd3c |
## <param name="domain">
|
|
Chris PeBenito |
bbcd3c |
## <summary>
|
|
Chris PeBenito |
bbcd3c |
## Domain allowed access.
|
|
Chris PeBenito |
bbcd3c |
## </summary>
|
|
Chris PeBenito |
bbcd3c |
## </param>
|
|
Chris PeBenito |
bbcd3c |
#
|
|
Chris PeBenito |
bbcd3c |
interface(`dev_rename_all_chr_files',`
|
|
Chris PeBenito |
bbcd3c |
gen_require(`
|
|
Chris PeBenito |
bbcd3c |
attribute device_node;
|
|
Chris PeBenito |
bbcd3c |
')
|
|
Chris PeBenito |
bbcd3c |
|
|
Chris PeBenito |
c0868a |
rename_chr_files_pattern($1,device_t,device_node)
|
|
Chris PeBenito |
bbcd3c |
')
|
|
Chris PeBenito |
bbcd3c |
|
|
Chris PeBenito |
bbcd3c |
########################################
|
|
Chris PeBenito |
bbcd3c |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Read, write, create, and delete all block device files.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
8a0da1 |
#
|
|
Chris PeBenito |
199895 |
interface(`dev_manage_all_blk_files',`
|
|
Chris PeBenito |
cbc9d6 |
gen_require(`
|
|
Chris PeBenito |
cbc9d6 |
attribute device_node;
|
|
Chris PeBenito |
cbc9d6 |
')
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
c0868a |
manage_blk_files_pattern($1,device_t,device_node)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
# these next rules are to satisfy assertions broken by the above lines.
|
|
Chris PeBenito |
0c73cd |
storage_raw_read_fixed_disk($1)
|
|
Chris PeBenito |
0c73cd |
storage_raw_write_fixed_disk($1)
|
|
Chris PeBenito |
0c73cd |
storage_read_scsi_generic($1)
|
|
Chris PeBenito |
0c73cd |
storage_write_scsi_generic($1)
|
|
Chris PeBenito |
32e53a |
')
|
|
Chris PeBenito |
32e53a |
|
|
Chris PeBenito |
32e53a |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Read, write, create, and delete all character device files.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
32e53a |
#
|
|
Chris PeBenito |
199895 |
interface(`dev_manage_all_chr_files',`
|
|
Chris PeBenito |
cbc9d6 |
gen_require(`
|
|
Chris PeBenito |
cbc9d6 |
attribute device_node, memory_raw_read, memory_raw_write;
|
|
Chris PeBenito |
cbc9d6 |
')
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
c0868a |
manage_chr_files_pattern($1,device_t,device_node)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
typeattribute $1 memory_raw_read, memory_raw_write;
|
|
Chris PeBenito |
32e53a |
')
|
|
Chris PeBenito |
32e53a |
|
|
Chris PeBenito |
32e53a |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
2ce6b0 |
## Getattr the agp devices.
|
|
Chris PeBenito |
2ce6b0 |
## </summary>
|
|
Chris PeBenito |
2ce6b0 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
2ce6b0 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
2ce6b0 |
## </param>
|
|
Chris PeBenito |
2ce6b0 |
#
|
|
Chris PeBenito |
2ce6b0 |
interface(`dev_getattr_agp_dev',`
|
|
Chris PeBenito |
2ce6b0 |
gen_require(`
|
|
Chris PeBenito |
4ace0f |
type device_t, agp_device_t;
|
|
Chris PeBenito |
2ce6b0 |
')
|
|
Chris PeBenito |
2ce6b0 |
|
|
Chris PeBenito |
c0868a |
getattr_chr_files_pattern($1,device_t,agp_device_t)
|
|
Chris PeBenito |
2ce6b0 |
')
|
|
Chris PeBenito |
2ce6b0 |
|
|
Chris PeBenito |
2ce6b0 |
########################################
|
|
Chris PeBenito |
2ce6b0 |
## <summary>
|
|
Chris PeBenito |
f136a9 |
## Read and write the agp devices.
|
|
Chris PeBenito |
f136a9 |
## </summary>
|
|
Chris PeBenito |
f136a9 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
f136a9 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
f136a9 |
## </param>
|
|
Chris PeBenito |
f136a9 |
#
|
|
Chris PeBenito |
207c47 |
interface(`dev_rw_agp',`
|
|
Chris PeBenito |
f136a9 |
gen_require(`
|
|
Chris PeBenito |
f136a9 |
type device_t, agp_device_t;
|
|
Chris PeBenito |
f136a9 |
')
|
|
Chris PeBenito |
f136a9 |
|
|
Chris PeBenito |
c0868a |
rw_chr_files_pattern($1,device_t,agp_device_t)
|
|
Chris PeBenito |
f136a9 |
')
|
|
Chris PeBenito |
f136a9 |
|
|
Chris PeBenito |
f136a9 |
########################################
|
|
Chris PeBenito |
f136a9 |
## <summary>
|
|
Chris PeBenito |
fd89e1 |
## Get the attributes of the apm bios device node.
|
|
Chris PeBenito |
fd89e1 |
## </summary>
|
|
Chris PeBenito |
fd89e1 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
fd89e1 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
fd89e1 |
## </param>
|
|
Chris PeBenito |
fd89e1 |
#
|
|
Chris PeBenito |
207c47 |
interface(`dev_getattr_apm_bios_dev',`
|
|
Chris PeBenito |
fd89e1 |
gen_require(`
|
|
Chris PeBenito |
fd89e1 |
type device_t, apm_bios_t;
|
|
Chris PeBenito |
fd89e1 |
')
|
|
Chris PeBenito |
fd89e1 |
|
|
Chris PeBenito |
c0868a |
getattr_chr_files_pattern($1,device_t,apm_bios_t)
|
|
Chris PeBenito |
fd89e1 |
')
|
|
Chris PeBenito |
fd89e1 |
|
|
Chris PeBenito |
fd89e1 |
########################################
|
|
Chris PeBenito |
fd89e1 |
## <summary>
|
|
Chris PeBenito |
fd89e1 |
## Do not audit attempts to get the attributes of
|
|
Chris PeBenito |
fd89e1 |
## the apm bios device node.
|
|
Chris PeBenito |
fd89e1 |
## </summary>
|
|
Chris PeBenito |
fd89e1 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
fd89e1 |
## Domain to not audit.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
fd89e1 |
## </param>
|
|
Chris PeBenito |
fd89e1 |
#
|
|
Chris PeBenito |
207c47 |
interface(`dev_dontaudit_getattr_apm_bios_dev',`
|
|
Chris PeBenito |
fd89e1 |
gen_require(`
|
|
Chris PeBenito |
fd89e1 |
type apm_bios_t;
|
|
Chris PeBenito |
fd89e1 |
')
|
|
Chris PeBenito |
fd89e1 |
|
|
Chris PeBenito |
fd89e1 |
dontaudit $1 apm_bios_t:chr_file getattr;
|
|
Chris PeBenito |
fd89e1 |
')
|
|
Chris PeBenito |
fd89e1 |
|
|
Chris PeBenito |
fd89e1 |
########################################
|
|
Chris PeBenito |
fd89e1 |
## <summary>
|
|
Chris PeBenito |
fd89e1 |
## Set the attributes of the apm bios device node.
|
|
Chris PeBenito |
fd89e1 |
## </summary>
|
|
Chris PeBenito |
fd89e1 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
fd89e1 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
fd89e1 |
## </param>
|
|
Chris PeBenito |
fd89e1 |
#
|
|
Chris PeBenito |
207c47 |
interface(`dev_setattr_apm_bios_dev',`
|
|
Chris PeBenito |
fd89e1 |
gen_require(`
|
|
Chris PeBenito |
fd89e1 |
type device_t, apm_bios_t;
|
|
Chris PeBenito |
fd89e1 |
')
|
|
Chris PeBenito |
fd89e1 |
|
|
Chris PeBenito |
c0868a |
setattr_chr_files_pattern($1,device_t,apm_bios_t)
|
|
Chris PeBenito |
fd89e1 |
')
|
|
Chris PeBenito |
fd89e1 |
|
|
Chris PeBenito |
fd89e1 |
########################################
|
|
Chris PeBenito |
fd89e1 |
## <summary>
|
|
Chris PeBenito |
fd89e1 |
## Do not audit attempts to set the attributes of
|
|
Chris PeBenito |
fd89e1 |
## the apm bios device node.
|
|
Chris PeBenito |
fd89e1 |
## </summary>
|
|
Chris PeBenito |
fd89e1 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
fd89e1 |
## Domain to not audit.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
fd89e1 |
## </param>
|
|
Chris PeBenito |
fd89e1 |
#
|
|
Chris PeBenito |
207c47 |
interface(`dev_dontaudit_setattr_apm_bios_dev',`
|
|
Chris PeBenito |
fd89e1 |
gen_require(`
|
|
Chris PeBenito |
fd89e1 |
type apm_bios_t;
|
|
Chris PeBenito |
fd89e1 |
')
|
|
Chris PeBenito |
fd89e1 |
|
|
Chris PeBenito |
fd89e1 |
dontaudit $1 apm_bios_t:chr_file setattr;
|
|
Chris PeBenito |
fd89e1 |
')
|
|
Chris PeBenito |
fd89e1 |
|
|
Chris PeBenito |
fd89e1 |
########################################
|
|
Chris PeBenito |
fd89e1 |
## <summary>
|
|
Chris PeBenito |
ebdc3b |
## Read and write the apm bios.
|
|
Chris PeBenito |
ebdc3b |
## </summary>
|
|
Chris PeBenito |
ebdc3b |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
ebdc3b |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
ebdc3b |
## </param>
|
|
Chris PeBenito |
ebdc3b |
#
|
|
Chris PeBenito |
ebdc3b |
interface(`dev_rw_apm_bios',`
|
|
Chris PeBenito |
ebdc3b |
gen_require(`
|
|
Chris PeBenito |
ebdc3b |
type device_t, apm_bios_t;
|
|
Chris PeBenito |
ebdc3b |
')
|
|
Chris PeBenito |
ebdc3b |
|
|
Chris PeBenito |
c0868a |
rw_chr_files_pattern($1,device_t,apm_bios_t)
|
|
Chris PeBenito |
ebdc3b |
')
|
|
Chris PeBenito |
ebdc3b |
|
|
Chris PeBenito |
ebdc3b |
########################################
|
|
Chris PeBenito |
ebdc3b |
## <summary>
|
|
Chris PeBenito |
725926 |
## Read and write the PCMCIA card manager device.
|
|
Chris PeBenito |
725926 |
## </summary>
|
|
Chris PeBenito |
725926 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
725926 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
725926 |
## </param>
|
|
Chris PeBenito |
725926 |
#
|
|
Chris PeBenito |
725926 |
interface(`dev_rw_cardmgr',`
|
|
Chris PeBenito |
725926 |
gen_require(`
|
|
Chris PeBenito |
725926 |
type cardmgr_dev_t;
|
|
Chris PeBenito |
725926 |
')
|
|
Chris PeBenito |
725926 |
|
|
Chris PeBenito |
c0868a |
rw_chr_files_pattern($1,device_t,cardmgr_dev_t)
|
|
Chris PeBenito |
725926 |
')
|
|
Chris PeBenito |
725926 |
|
|
Chris PeBenito |
725926 |
########################################
|
|
Chris PeBenito |
725926 |
## <summary>
|
|
Chris PeBenito |
50f650 |
## Do not audit attempts to read and
|
|
Chris PeBenito |
50f650 |
## write the PCMCIA card manager device.
|
|
Chris PeBenito |
50f650 |
## </summary>
|
|
Chris PeBenito |
50f650 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
50f650 |
## Domain to not audit.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
50f650 |
## </param>
|
|
Chris PeBenito |
50f650 |
#
|
|
Chris PeBenito |
50f650 |
interface(`dev_dontaudit_rw_cardmgr',`
|
|
Chris PeBenito |
50f650 |
gen_require(`
|
|
Chris PeBenito |
50f650 |
type cardmgr_dev_t;
|
|
Chris PeBenito |
50f650 |
')
|
|
Chris PeBenito |
50f650 |
|
|
Chris PeBenito |
50f650 |
dontaudit $1 cardmgr_dev_t:chr_file { read write };
|
|
Chris PeBenito |
50f650 |
')
|
|
Chris PeBenito |
50f650 |
|
|
Chris PeBenito |
50f650 |
########################################
|
|
Chris PeBenito |
50f650 |
## <summary>
|
|
Chris PeBenito |
9fd4b8 |
## Create, read, write, and delete
|
|
Chris PeBenito |
9fd4b8 |
## the PCMCIA card manager device.
|
|
Chris PeBenito |
9fd4b8 |
## </summary>
|
|
Chris PeBenito |
9fd4b8 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
9fd4b8 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
9fd4b8 |
## </param>
|
|
Chris PeBenito |
9fd4b8 |
#
|
|
Chris PeBenito |
207c47 |
interface(`dev_manage_cardmgr_dev',`
|
|
Chris PeBenito |
9fd4b8 |
gen_require(`
|
|
Chris PeBenito |
9fd4b8 |
type device_t, cardmgr_dev_t;
|
|
Chris PeBenito |
9fd4b8 |
')
|
|
Chris PeBenito |
9fd4b8 |
|
|
Chris PeBenito |
c0868a |
manage_chr_files_pattern($1,device_t,cardmgr_dev_t)
|
|
Chris PeBenito |
c0868a |
manage_blk_files_pattern($1,device_t,cardmgr_dev_t)
|
|
Chris PeBenito |
9fd4b8 |
')
|
|
Chris PeBenito |
9fd4b8 |
|
|
Chris PeBenito |
9fd4b8 |
########################################
|
|
Chris PeBenito |
9fd4b8 |
## <summary>
|
|
Chris PeBenito |
9fd4b8 |
## Create, read, write, and delete
|
|
Chris PeBenito |
9fd4b8 |
## the PCMCIA card manager device
|
|
Chris PeBenito |
9fd4b8 |
## with the correct type.
|
|
Chris PeBenito |
9fd4b8 |
## </summary>
|
|
Chris PeBenito |
9fd4b8 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
9fd4b8 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
9fd4b8 |
## </param>
|
|
Chris PeBenito |
9fd4b8 |
#
|
|
Chris PeBenito |
207c47 |
interface(`dev_create_cardmgr_dev',`
|
|
Chris PeBenito |
9fd4b8 |
gen_require(`
|
|
Chris PeBenito |
9fd4b8 |
type device_t, cardmgr_dev_t;
|
|
Chris PeBenito |
9fd4b8 |
')
|
|
Chris PeBenito |
9fd4b8 |
|
|
Chris PeBenito |
c0868a |
create_chr_files_pattern($1,device_t,cardmgr_dev_t)
|
|
Chris PeBenito |
c0868a |
create_blk_files_pattern($1,device_t,cardmgr_dev_t)
|
|
Chris PeBenito |
c0868a |
filetrans_pattern($1,device_t,cardmgr_dev_t,{ chr_file blk_file })
|
|
Chris PeBenito |
9fd4b8 |
')
|
|
Chris PeBenito |
9fd4b8 |
|
|
Chris PeBenito |
9fd4b8 |
########################################
|
|
Chris PeBenito |
9fd4b8 |
## <summary>
|
|
Chris PeBenito |
921055 |
## Get the attributes of the CPU
|
|
Chris PeBenito |
921055 |
## microcode and id interfaces.
|
|
Chris PeBenito |
921055 |
## </summary>
|
|
Chris PeBenito |
921055 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
921055 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
921055 |
## </param>
|
|
Chris PeBenito |
921055 |
#
|
|
Chris PeBenito |
207c47 |
interface(`dev_getattr_cpu_dev',`
|
|
Chris PeBenito |
921055 |
gen_require(`
|
|
Chris PeBenito |
921055 |
type device_t, cpu_device_t;
|
|
Chris PeBenito |
921055 |
')
|
|
Chris PeBenito |
921055 |
|
|
Chris PeBenito |
c0868a |
getattr_chr_files_pattern($1,device_t,cpu_device_t)
|
|
Chris PeBenito |
921055 |
')
|
|
Chris PeBenito |
921055 |
|
|
Chris PeBenito |
921055 |
########################################
|
|
Chris PeBenito |
921055 |
## <summary>
|
|
Chris PeBenito |
f136a9 |
## Read the CPU identity.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
32e53a |
#
|
|
Chris PeBenito |
f136a9 |
interface(`dev_read_cpuid',`
|
|
Chris PeBenito |
cbc9d6 |
gen_require(`
|
|
Chris PeBenito |
f136a9 |
type device_t, cpu_device_t;
|
|
Chris PeBenito |
cbc9d6 |
')
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
c0868a |
read_chr_files_pattern($1,device_t,cpu_device_t)
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
f136a9 |
## Read and write the the CPU microcode device. This
|
|
Chris PeBenito |
f136a9 |
## is required to load CPU microcode.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
f136a9 |
interface(`dev_rw_cpu_microcode',`
|
|
Chris PeBenito |
cbc9d6 |
gen_require(`
|
|
Chris PeBenito |
f136a9 |
type device_t, cpu_device_t;
|
|
Chris PeBenito |
cbc9d6 |
')
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
c0868a |
rw_chr_files_pattern($1,device_t,cpu_device_t)
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
c2b18f |
## Read and write the the hardware SSL accelerator.
|
|
Chris PeBenito |
c2b18f |
## </summary>
|
|
Chris PeBenito |
c2b18f |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
c2b18f |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
c2b18f |
## </param>
|
|
Chris PeBenito |
c2b18f |
#
|
|
Chris PeBenito |
c2b18f |
interface(`dev_rw_crypto',`
|
|
Chris PeBenito |
c2b18f |
gen_require(`
|
|
Chris PeBenito |
c2b18f |
type device_t, crypt_device_t;
|
|
Chris PeBenito |
c2b18f |
')
|
|
Chris PeBenito |
c2b18f |
|
|
Chris PeBenito |
c0868a |
rw_chr_files_pattern($1,device_t,crypt_device_t)
|
|
Chris PeBenito |
c2b18f |
')
|
|
Chris PeBenito |
c2b18f |
|
|
Chris PeBenito |
c2b18f |
########################################
|
|
Chris PeBenito |
c2b18f |
## <summary>
|
|
Chris PeBenito |
02bcb8 |
## getattr the dri devices.
|
|
Chris PeBenito |
02bcb8 |
## </summary>
|
|
Chris PeBenito |
02bcb8 |
## <param name="domain">
|
|
Chris PeBenito |
02bcb8 |
## <summary>
|
|
Chris PeBenito |
02bcb8 |
## Domain allowed access.
|
|
Chris PeBenito |
02bcb8 |
## </summary>
|
|
Chris PeBenito |
02bcb8 |
## </param>
|
|
Chris PeBenito |
02bcb8 |
#
|
|
Chris PeBenito |
02bcb8 |
interface(`dev_getattr_dri_dev',`
|
|
Chris PeBenito |
02bcb8 |
gen_require(`
|
|
Chris PeBenito |
02bcb8 |
type device_t, dri_device_t;
|
|
Chris PeBenito |
02bcb8 |
')
|
|
Chris PeBenito |
02bcb8 |
|
|
Chris PeBenito |
c0868a |
getattr_chr_files_pattern($1,device_t,dri_device_t)
|
|
Chris PeBenito |
02bcb8 |
')
|
|
Chris PeBenito |
02bcb8 |
|
|
Chris PeBenito |
02bcb8 |
########################################
|
|
Chris PeBenito |
02bcb8 |
## <summary>
|
|
Chris PeBenito |
02bcb8 |
## Setattr the dri devices.
|
|
Chris PeBenito |
02bcb8 |
## </summary>
|
|
Chris PeBenito |
02bcb8 |
## <param name="domain">
|
|
Chris PeBenito |
02bcb8 |
## <summary>
|
|
Chris PeBenito |
02bcb8 |
## Domain allowed access.
|
|
Chris PeBenito |
02bcb8 |
## </summary>
|
|
Chris PeBenito |
02bcb8 |
## </param>
|
|
Chris PeBenito |
02bcb8 |
#
|
|
Chris PeBenito |
02bcb8 |
interface(`dev_setattr_dri_dev',`
|
|
Chris PeBenito |
02bcb8 |
gen_require(`
|
|
Chris PeBenito |
02bcb8 |
type device_t, dri_device_t;
|
|
Chris PeBenito |
02bcb8 |
')
|
|
Chris PeBenito |
02bcb8 |
|
|
Chris PeBenito |
c0868a |
setattr_chr_files_pattern($1,device_t,dri_device_t)
|
|
Chris PeBenito |
02bcb8 |
')
|
|
Chris PeBenito |
02bcb8 |
|
|
Chris PeBenito |
02bcb8 |
########################################
|
|
Chris PeBenito |
02bcb8 |
## <summary>
|
|
Chris PeBenito |
2ce6b0 |
## Read and write the dri devices.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
207c47 |
interface(`dev_rw_dri',`
|
|
Chris PeBenito |
cbc9d6 |
gen_require(`
|
|
Chris PeBenito |
f136a9 |
type device_t, dri_device_t;
|
|
Chris PeBenito |
cbc9d6 |
')
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
c0868a |
rw_chr_files_pattern($1,device_t,dri_device_t)
|
|
Chris PeBenito |
f5c42b |
')
|
|
Chris PeBenito |
f5c42b |
|
|
Chris PeBenito |
f5c42b |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
2ce6b0 |
## Dontaudit read and write on the dri devices.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
2ce6b0 |
## Domain to dontaudit access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
f5c42b |
#
|
|
Chris PeBenito |
207c47 |
interface(`dev_dontaudit_rw_dri',`
|
|
Chris PeBenito |
cbc9d6 |
gen_require(`
|
|
Chris PeBenito |
2ce6b0 |
type dri_device_t;
|
|
Chris PeBenito |
cbc9d6 |
')
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
2ce6b0 |
dontaudit $1 dri_device_t:chr_file { getattr read write ioctl };
|
|
Chris PeBenito |
f5c42b |
')
|
|
Chris PeBenito |
f5c42b |
|
|
Chris PeBenito |
f5c42b |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
2ce6b0 |
## Create, read, write, and delete the dri devices.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
2ce6b0 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
f5c42b |
#
|
|
Chris PeBenito |
2ce6b0 |
interface(`dev_manage_dri_dev',`
|
|
Chris PeBenito |
cbc9d6 |
gen_require(`
|
|
Chris PeBenito |
2ce6b0 |
type device_t, dri_device_t;
|
|
Chris PeBenito |
cbc9d6 |
')
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
c0868a |
manage_chr_files_pattern($1,device_t,dri_device_t)
|
|
Chris PeBenito |
c0868a |
filetrans_pattern($1,device_t,dri_device_t,chr_file)
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
f136a9 |
## Read input event devices (/dev/input).
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
f136a9 |
interface(`dev_read_input',`
|
|
Chris PeBenito |
cbc9d6 |
gen_require(`
|
|
Chris PeBenito |
f136a9 |
type device_t, event_device_t;
|
|
Chris PeBenito |
cbc9d6 |
')
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
c0868a |
read_chr_files_pattern($1,device_t,event_device_t)
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
2ce6b0 |
## Read input event devices (/dev/input).
|
|
Chris PeBenito |
2ce6b0 |
## </summary>
|
|
Chris PeBenito |
2ce6b0 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
2ce6b0 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
2ce6b0 |
## </param>
|
|
Chris PeBenito |
2ce6b0 |
#
|
|
Chris PeBenito |
2ce6b0 |
interface(`dev_rw_input_dev',`
|
|
Chris PeBenito |
2ce6b0 |
gen_require(`
|
|
Chris PeBenito |
2ce6b0 |
type device_t, event_device_t;
|
|
Chris PeBenito |
2ce6b0 |
')
|
|
Chris PeBenito |
2ce6b0 |
|
|
Chris PeBenito |
c0868a |
rw_chr_files_pattern($1,device_t,event_device_t)
|
|
Chris PeBenito |
2ce6b0 |
')
|
|
Chris PeBenito |
2ce6b0 |
|
|
Chris PeBenito |
2ce6b0 |
########################################
|
|
Chris PeBenito |
2ce6b0 |
## <summary>
|
|
Chris PeBenito |
f136a9 |
## Get the attributes of the framebuffer device node.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
207c47 |
interface(`dev_getattr_framebuffer_dev',`
|
|
Chris PeBenito |
cbc9d6 |
gen_require(`
|
|
Chris PeBenito |
f136a9 |
type device_t, framebuf_device_t;
|
|
Chris PeBenito |
cbc9d6 |
')
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
c0868a |
getattr_chr_files_pattern($1,device_t,framebuf_device_t)
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
f136a9 |
## Set the attributes of the framebuffer device node.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
207c47 |
interface(`dev_setattr_framebuffer_dev',`
|
|
Chris PeBenito |
cbc9d6 |
gen_require(`
|
|
Chris PeBenito |
f136a9 |
type device_t, framebuf_device_t;
|
|
Chris PeBenito |
cbc9d6 |
')
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
c0868a |
setattr_chr_files_pattern($1,device_t,framebuf_device_t)
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
f136a9 |
## Dot not audit attempts to set the attributes
|
|
Chris PeBenito |
f136a9 |
## of the framebuffer device node.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
f136a9 |
## Domain to not audit.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
207c47 |
interface(`dev_dontaudit_setattr_framebuffer_dev',`
|
|
Chris PeBenito |
cbc9d6 |
gen_require(`
|
|
Chris PeBenito |
f136a9 |
type framebuf_device_t;
|
|
Chris PeBenito |
cbc9d6 |
')
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
f136a9 |
dontaudit $1 framebuf_device_t:chr_file setattr;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
f136a9 |
## Read the framebuffer.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
f136a9 |
interface(`dev_read_framebuffer',`
|
|
Chris PeBenito |
cbc9d6 |
gen_require(`
|
|
Chris PeBenito |
f136a9 |
type framebuf_device_t;
|
|
Chris PeBenito |
cbc9d6 |
')
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
c0868a |
read_chr_files_pattern($1,device_t,framebuf_device_t)
|
|
Chris PeBenito |
a9a20d |
')
|
|
Chris PeBenito |
a9a20d |
|
|
Chris PeBenito |
a9a20d |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
f136a9 |
## Do not audit attempts to read the framebuffer.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
a9a20d |
#
|
|
Chris PeBenito |
f136a9 |
interface(`dev_dontaudit_read_framebuffer',`
|
|
Chris PeBenito |
cbc9d6 |
gen_require(`
|
|
Chris PeBenito |
f136a9 |
type framebuf_device_t;
|
|
Chris PeBenito |
cbc9d6 |
')
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
f136a9 |
dontaudit $1 framebuf_device_t:chr_file { getattr read };
|
|
Chris PeBenito |
f5c42b |
')
|
|
Chris PeBenito |
f5c42b |
|
|
Chris PeBenito |
f5c42b |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
f136a9 |
## Write the framebuffer.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
f5c42b |
#
|
|
Chris PeBenito |
f136a9 |
interface(`dev_write_framebuffer',`
|
|
Chris PeBenito |
cbc9d6 |
gen_require(`
|
|
Chris PeBenito |
f136a9 |
type device_t, framebuf_device_t;
|
|
Chris PeBenito |
cbc9d6 |
')
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
c0868a |
write_chr_files_pattern($1,device_t,framebuf_device_t)
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
2ce6b0 |
## Read and write the framebuffer.
|
|
Chris PeBenito |
2ce6b0 |
## </summary>
|
|
Chris PeBenito |
2ce6b0 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
2ce6b0 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
2ce6b0 |
## </param>
|
|
Chris PeBenito |
2ce6b0 |
#
|
|
Chris PeBenito |
2ce6b0 |
interface(`dev_rw_framebuffer',`
|
|
Chris PeBenito |
2ce6b0 |
gen_require(`
|
|
Chris PeBenito |
2ce6b0 |
type device_t, framebuf_device_t;
|
|
Chris PeBenito |
2ce6b0 |
')
|
|
Chris PeBenito |
2ce6b0 |
|
|
Chris PeBenito |
c0868a |
rw_chr_files_pattern($1,device_t,framebuf_device_t)
|
|
Chris PeBenito |
2ce6b0 |
')
|
|
Chris PeBenito |
2ce6b0 |
|
|
Chris PeBenito |
2ce6b0 |
########################################
|
|
Chris PeBenito |
2ce6b0 |
## <summary>
|
|
Chris PeBenito |
f136a9 |
## Read the lvm comtrol device.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
f136a9 |
interface(`dev_read_lvm_control',`
|
|
Chris PeBenito |
cbc9d6 |
gen_require(`
|
|
Chris PeBenito |
f136a9 |
type device_t, lvm_control_t;
|
|
Chris PeBenito |
cbc9d6 |
')
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
c0868a |
read_chr_files_pattern($1,device_t,lvm_control_t)
|
|
Chris PeBenito |
44a43b |
')
|
|
Chris PeBenito |
44a43b |
|
|
Chris PeBenito |
44a43b |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
f136a9 |
## Read and write the lvm control device.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
7a2f20 |
#
|
|
Chris PeBenito |
f136a9 |
interface(`dev_rw_lvm_control',`
|
|
Chris PeBenito |
7a2f20 |
gen_require(`
|
|
Chris PeBenito |
f136a9 |
type device_t, lvm_control_t;
|
|
Chris PeBenito |
7a2f20 |
')
|
|
Chris PeBenito |
7a2f20 |
|
|
Chris PeBenito |
c0868a |
rw_chr_files_pattern($1,device_t,lvm_control_t)
|
|
Chris PeBenito |
7a2f20 |
')
|
|
Chris PeBenito |
7a2f20 |
|
|
Chris PeBenito |
7a2f20 |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
f136a9 |
## Delete the lvm control device.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
7a2f20 |
#
|
|
Chris PeBenito |
207c47 |
interface(`dev_delete_lvm_control_dev',`
|
|
Chris PeBenito |
7a2f20 |
gen_require(`
|
|
Chris PeBenito |
f136a9 |
type device_t, lvm_control_t;
|
|
Chris PeBenito |
7a2f20 |
')
|
|
Chris PeBenito |
7a2f20 |
|
|
Chris PeBenito |
c0868a |
delete_chr_files_pattern($1,device_t,lvm_control_t)
|
|
Chris PeBenito |
7a2f20 |
')
|
|
Chris PeBenito |
7a2f20 |
|
|
Chris PeBenito |
7a2f20 |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
93727e |
## dontaudit getattr raw memory devices (e.g. /dev/mem).
|
|
Chris PeBenito |
93727e |
## </summary>
|
|
Chris PeBenito |
93727e |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
93727e |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
93727e |
## </param>
|
|
Chris PeBenito |
93727e |
#
|
|
Chris PeBenito |
93727e |
interface(`dev_dontaudit_getattr_memory_dev',`
|
|
Chris PeBenito |
93727e |
gen_require(`
|
|
Chris PeBenito |
93727e |
type memory_device_t;
|
|
Chris PeBenito |
93727e |
')
|
|
Chris PeBenito |
93727e |
|
|
Chris PeBenito |
93727e |
dontaudit $1 memory_device_t:chr_file getattr;
|
|
Chris PeBenito |
93727e |
')
|
|
Chris PeBenito |
93727e |
|
|
Chris PeBenito |
93727e |
########################################
|
|
Chris PeBenito |
93727e |
## <summary>
|
|
Chris PeBenito |
f136a9 |
## Read raw memory devices (e.g. /dev/mem).
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
44a43b |
#
|
|
Chris PeBenito |
f136a9 |
interface(`dev_read_raw_memory',`
|
|
Chris PeBenito |
7a2f20 |
gen_require(`
|
|
Chris PeBenito |
f136a9 |
type device_t, memory_device_t;
|
|
Chris PeBenito |
f136a9 |
attribute memory_raw_read;
|
|
Chris PeBenito |
7a2f20 |
')
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
c0868a |
read_chr_files_pattern($1,device_t,memory_device_t)
|
|
Chris PeBenito |
f136a9 |
|
|
Chris PeBenito |
f136a9 |
allow $1 self:capability sys_rawio;
|
|
Chris PeBenito |
f136a9 |
typeattribute $1 memory_raw_read;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
f136a9 |
## Write raw memory devices (e.g. /dev/mem).
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
f136a9 |
interface(`dev_write_raw_memory',`
|
|
Chris PeBenito |
7a2f20 |
gen_require(`
|
|
Chris PeBenito |
f136a9 |
type device_t, memory_device_t;
|
|
Chris PeBenito |
f136a9 |
attribute memory_raw_write;
|
|
Chris PeBenito |
7a2f20 |
')
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
c0868a |
write_chr_files_pattern($1,device_t,memory_device_t)
|
|
Chris PeBenito |
f136a9 |
|
|
Chris PeBenito |
f136a9 |
allow $1 self:capability sys_rawio;
|
|
Chris PeBenito |
f136a9 |
typeattribute $1 memory_raw_write;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
f136a9 |
## Read and execute raw memory devices (e.g. /dev/mem).
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
f136a9 |
interface(`dev_rx_raw_memory',`
|
|
Chris PeBenito |
7a2f20 |
gen_require(`
|
|
Chris PeBenito |
f136a9 |
type device_t, memory_device_t;
|
|
Chris PeBenito |
7a2f20 |
')
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
f136a9 |
dev_read_raw_memory($1)
|
|
Chris PeBenito |
f136a9 |
allow $1 memory_device_t:chr_file execute;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
f136a9 |
## Write and execute raw memory devices (e.g. /dev/mem).
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
f136a9 |
interface(`dev_wx_raw_memory',`
|
|
Chris PeBenito |
7a2f20 |
gen_require(`
|
|
Chris PeBenito |
f136a9 |
type device_t, memory_device_t;
|
|
Chris PeBenito |
7a2f20 |
')
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
f136a9 |
dev_write_raw_memory($1)
|
|
Chris PeBenito |
f136a9 |
allow $1 memory_device_t:chr_file execute;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
f136a9 |
## Get the attributes of miscellaneous devices.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
207c47 |
interface(`dev_getattr_misc_dev',`
|
|
Chris PeBenito |
cbc9d6 |
gen_require(`
|
|
Chris PeBenito |
f136a9 |
type device_t, misc_device_t;
|
|
Chris PeBenito |
cbc9d6 |
')
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
c0868a |
getattr_chr_files_pattern($1,device_t,misc_device_t)
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
f136a9 |
## Do not audit attempts to get the attributes
|
|
Chris PeBenito |
f136a9 |
## of miscellaneous devices.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
207c47 |
interface(`dev_dontaudit_getattr_misc_dev',`
|
|
Chris PeBenito |
cbc9d6 |
gen_require(`
|
|
Chris PeBenito |
f136a9 |
type misc_device_t;
|
|
Chris PeBenito |
cbc9d6 |
')
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
f136a9 |
dontaudit $1 misc_device_t:chr_file getattr;
|
|
Chris PeBenito |
b16c6b |
')
|
|
Chris PeBenito |
b16c6b |
|
|
Chris PeBenito |
b16c6b |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
f136a9 |
## Set the attributes of miscellaneous devices.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
b16c6b |
#
|
|
Chris PeBenito |
207c47 |
interface(`dev_setattr_misc_dev',`
|
|
Chris PeBenito |
cbc9d6 |
gen_require(`
|
|
Chris PeBenito |
f136a9 |
type device_t, misc_device_t;
|
|
Chris PeBenito |
cbc9d6 |
')
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
c0868a |
setattr_chr_files_pattern($1,device_t,misc_device_t)
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
f136a9 |
## Do not audit attempts to set the attributes
|
|
Chris PeBenito |
f136a9 |
## of miscellaneous devices.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
f136a9 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
207c47 |
interface(`dev_dontaudit_setattr_misc_dev',`
|
|
Chris PeBenito |
cbc9d6 |
gen_require(`
|
|
Chris PeBenito |
f136a9 |
type misc_device_t;
|
|
Chris PeBenito |
cbc9d6 |
')
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
f136a9 |
dontaudit $1 misc_device_t:chr_file setattr;
|
|
Chris PeBenito |
b16c6b |
')
|
|
Chris PeBenito |
b16c6b |
|
|
Chris PeBenito |
b16c6b |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
f136a9 |
## Read miscellaneous devices.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
b16c6b |
#
|
|
Chris PeBenito |
f136a9 |
interface(`dev_read_misc',`
|
|
Chris PeBenito |
cbc9d6 |
gen_require(`
|
|
Chris PeBenito |
f136a9 |
type device_t, misc_device_t;
|
|
Chris PeBenito |
cbc9d6 |
')
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
c0868a |
read_chr_files_pattern($1,device_t,misc_device_t)
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
f136a9 |
## Write miscellaneous devices.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
f136a9 |
interface(`dev_write_misc',`
|
|
Chris PeBenito |
cbc9d6 |
gen_require(`
|
|
Chris PeBenito |
f136a9 |
type device_t, misc_device_t;
|
|
Chris PeBenito |
cbc9d6 |
')
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
c0868a |
write_chr_files_pattern($1,device_t,misc_device_t)
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
07620c |
## Do not audit attempts to read and write miscellaneous devices.
|
|
Chris PeBenito |
07620c |
## </summary>
|
|
Chris PeBenito |
07620c |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
07620c |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
07620c |
## </param>
|
|
Chris PeBenito |
07620c |
#
|
|
Chris PeBenito |
07620c |
interface(`dev_dontaudit_rw_misc',`
|
|
Chris PeBenito |
07620c |
gen_require(`
|
|
Chris PeBenito |
07620c |
type misc_device_t;
|
|
Chris PeBenito |
07620c |
')
|
|
Chris PeBenito |
07620c |
|
|
Chris PeBenito |
07620c |
dontaudit $1 misc_device_t:chr_file rw_file_perms;
|
|
Chris PeBenito |
07620c |
')
|
|
Chris PeBenito |
07620c |
|
|
Chris PeBenito |
07620c |
########################################
|
|
Chris PeBenito |
07620c |
## <summary>
|
|
Chris PeBenito |
f136a9 |
## Get the attributes of the mouse devices.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
7a2f20 |
#
|
|
Chris PeBenito |
207c47 |
interface(`dev_getattr_mouse_dev',`
|
|
Chris PeBenito |
7a2f20 |
gen_require(`
|
|
Chris PeBenito |
f136a9 |
type device_t, mouse_device_t;
|
|
Chris PeBenito |
7a2f20 |
')
|
|
Chris PeBenito |
7a2f20 |
|
|
Chris PeBenito |
c0868a |
getattr_chr_files_pattern($1,device_t,mouse_device_t)
|
|
Chris PeBenito |
7a2f20 |
')
|
|
Chris PeBenito |
7a2f20 |
|
|
Chris PeBenito |
7a2f20 |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
f136a9 |
## Set the attributes of the mouse devices.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
7a2f20 |
#
|
|
Chris PeBenito |
207c47 |
interface(`dev_setattr_mouse_dev',`
|
|
Chris PeBenito |
7a2f20 |
gen_require(`
|
|
Chris PeBenito |
f136a9 |
type device_t, mouse_device_t;
|
|
Chris PeBenito |
7a2f20 |
')
|
|
Chris PeBenito |
7a2f20 |
|
|
Chris PeBenito |
c0868a |
setattr_chr_files_pattern($1,device_t,mouse_device_t)
|
|
Chris PeBenito |
fd89e1 |
')
|
|
Chris PeBenito |
fd89e1 |
|
|
Chris PeBenito |
fd89e1 |
########################################
|
|
Chris PeBenito |
fd89e1 |
## <summary>
|
|
Chris PeBenito |
f136a9 |
## Read the mouse devices.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
f136a9 |
interface(`dev_read_mouse',`
|
|
Chris PeBenito |
7a2f20 |
gen_require(`
|
|
Chris PeBenito |
f136a9 |
type device_t, mouse_device_t;
|
|
Chris PeBenito |
7a2f20 |
')
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
c0868a |
read_chr_files_pattern($1,device_t,mouse_device_t)
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
842859 |
## Read and write to mouse devices.
|
|
Chris PeBenito |
842859 |
## </summary>
|
|
Chris PeBenito |
842859 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
842859 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
842859 |
## </param>
|
|
Chris PeBenito |
842859 |
#
|
|
Chris PeBenito |
842859 |
interface(`dev_rw_mouse',`
|
|
Chris PeBenito |
842859 |
gen_require(`
|
|
Chris PeBenito |
842859 |
type device_t, mouse_device_t;
|
|
Chris PeBenito |
842859 |
')
|
|
Chris PeBenito |
842859 |
|
|
Chris PeBenito |
c0868a |
rw_chr_files_pattern($1,device_t,mouse_device_t)
|
|
Chris PeBenito |
842859 |
')
|
|
Chris PeBenito |
842859 |
|
|
Chris PeBenito |
842859 |
########################################
|
|
Chris PeBenito |
842859 |
## <summary>
|
|
Chris PeBenito |
85476e |
## Get the attributes of the memory type range
|
|
Chris PeBenito |
85476e |
## registers (MTRR) device.
|
|
Chris PeBenito |
30910b |
## </summary>
|
|
Chris PeBenito |
30910b |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
30910b |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
30910b |
## </param>
|
|
Chris PeBenito |
30910b |
#
|
|
Chris PeBenito |
207c47 |
interface(`dev_getattr_mtrr_dev',`
|
|
Chris PeBenito |
30910b |
gen_require(`
|
|
Chris PeBenito |
30910b |
type device_t, mtrr_device_t;
|
|
Chris PeBenito |
30910b |
')
|
|
Chris PeBenito |
30910b |
|
|
Chris PeBenito |
c0868a |
getattr_files_pattern($1,device_t,mtrr_device_t)
|
|
Chris PeBenito |
c0868a |
getattr_chr_files_pattern($1,device_t,mtrr_device_t)
|
|
Chris PeBenito |
30910b |
')
|
|
Chris PeBenito |
30910b |
|
|
Chris PeBenito |
30910b |
########################################
|
|
Chris PeBenito |
30910b |
## <summary>
|
|
Chris PeBenito |
85476e |
## Read the memory type range
|
|
Chris PeBenito |
85476e |
## registers (MTRR). (Deprecated)
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
85476e |
## <desc>
|
|
Chris PeBenito |
85476e |
##
|
|
Chris PeBenito |
85476e |
## Read the memory type range
|
|
Chris PeBenito |
85476e |
## registers (MTRR). This interface has
|
|
Chris PeBenito |
85476e |
## been deprecated, dev_rw_mtrr() should be
|
|
Chris PeBenito |
85476e |
## used instead.
|
|
Chris PeBenito |
85476e |
##
|
|
Chris PeBenito |
85476e |
##
|
|
Chris PeBenito |
85476e |
## The MTRR device ioctls can be used for
|
|
Chris PeBenito |
85476e |
## reading and writing; thus, read access to the
|
|
Chris PeBenito |
85476e |
## device cannot be separated from write access.
|
|
Chris PeBenito |
85476e |
##
|
|
Chris PeBenito |
85476e |
## </desc>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
f136a9 |
interface(`dev_read_mtrr',`
|
|
Chris PeBenito |
85476e |
refpolicywarn(`$0($*) has been replaced with dev_rw_mtrr().')
|
|
Chris PeBenito |
85476e |
dev_rw_mtrr($1)
|
|
Chris PeBenito |
d490eb |
')
|
|
Chris PeBenito |
d490eb |
|
|
Chris PeBenito |
d490eb |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
85476e |
## Write the memory type range
|
|
Chris PeBenito |
85476e |
## registers (MTRR). (Deprecated)
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
85476e |
## <desc>
|
|
Chris PeBenito |
85476e |
##
|
|
Chris PeBenito |
85476e |
## Write the memory type range
|
|
Chris PeBenito |
85476e |
## registers (MTRR). This interface has
|
|
Chris PeBenito |
85476e |
## been deprecated, dev_rw_mtrr() should be
|
|
Chris PeBenito |
85476e |
## used instead.
|
|
Chris PeBenito |
85476e |
##
|
|
Chris PeBenito |
85476e |
##
|
|
Chris PeBenito |
85476e |
## The MTRR device ioctls can be used for
|
|
Chris PeBenito |
85476e |
## reading and writing; thus, write access to the
|
|
Chris PeBenito |
85476e |
## device cannot be separated from read access.
|
|
Chris PeBenito |
85476e |
##
|
|
Chris PeBenito |
85476e |
## </desc>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
d490eb |
#
|
|
Chris PeBenito |
f136a9 |
interface(`dev_write_mtrr',`
|
|
Chris PeBenito |
85476e |
refpolicywarn(`$0($*) has been replaced with dev_rw_mtrr().')
|
|
Chris PeBenito |
85476e |
dev_rw_mtrr($1)
|
|
Chris PeBenito |
d490eb |
')
|
|
Chris PeBenito |
d490eb |
|
|
Chris PeBenito |
d490eb |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
85476e |
## Read and write the memory type range registers (MTRR).
|
|
Chris PeBenito |
2ce6b0 |
## </summary>
|
|
Chris PeBenito |
2ce6b0 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
2ce6b0 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
2ce6b0 |
## </param>
|
|
Chris PeBenito |
2ce6b0 |
#
|
|
Chris PeBenito |
2ce6b0 |
interface(`dev_rw_mtrr',`
|
|
Chris PeBenito |
85476e |
gen_require(`
|
|
Chris PeBenito |
85476e |
type device_t, mtrr_device_t;
|
|
Chris PeBenito |
85476e |
')
|
|
Chris PeBenito |
85476e |
|
|
Chris PeBenito |
c0868a |
rw_files_pattern($1,device_t,mtrr_device_t)
|
|
Chris PeBenito |
c0868a |
rw_chr_files_pattern($1,device_t,mtrr_device_t)
|
|
Chris PeBenito |
2ce6b0 |
')
|
|
Chris PeBenito |
2ce6b0 |
|
|
Chris PeBenito |
2ce6b0 |
########################################
|
|
Chris PeBenito |
2ce6b0 |
## <summary>
|
|
Chris PeBenito |
f136a9 |
## Read and write to the null device (/dev/null).
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
7a2f20 |
#
|
|
Chris PeBenito |
207c47 |
interface(`dev_rw_null',`
|
|
Chris PeBenito |
7a2f20 |
gen_require(`
|
|
Chris PeBenito |
f136a9 |
type device_t, null_device_t;
|
|
Chris PeBenito |
7a2f20 |
')
|
|
Chris PeBenito |
7a2f20 |
|
|
Chris PeBenito |
c0868a |
rw_chr_files_pattern($1,device_t,null_device_t)
|
|
Chris PeBenito |
7a2f20 |
')
|
|
Chris PeBenito |
7a2f20 |
|
|
Chris PeBenito |
7a2f20 |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
d15dd5 |
## Create the null device (/dev/null).
|
|
Chris PeBenito |
d15dd5 |
## </summary>
|
|
Chris PeBenito |
d15dd5 |
## <param name="domain">
|
|
Chris PeBenito |
d15dd5 |
## <summary>
|
|
Chris PeBenito |
d15dd5 |
## Domain allowed access.
|
|
Chris PeBenito |
d15dd5 |
## </summary>
|
|
Chris PeBenito |
d15dd5 |
## </param>
|
|
Chris PeBenito |
d15dd5 |
#
|
|
Chris PeBenito |
d15dd5 |
interface(`dev_create_null_dev',`
|
|
Chris PeBenito |
d15dd5 |
gen_require(`
|
|
Chris PeBenito |
d15dd5 |
type device_t, null_device_t;
|
|
Chris PeBenito |
d15dd5 |
')
|
|
Chris PeBenito |
d15dd5 |
|
|
Chris PeBenito |
c0868a |
create_chr_files_pattern($1,device_t,null_device_t)
|
|
Chris PeBenito |
d15dd5 |
')
|
|
Chris PeBenito |
d15dd5 |
|
|
Chris PeBenito |
d15dd5 |
########################################
|
|
Chris PeBenito |
d15dd5 |
## <summary>
|
|
Chris PeBenito |
6c6399 |
## Do not audit attempts to get the attributes
|
|
Chris PeBenito |
6c6399 |
## of the BIOS non-volatile RAM device.
|
|
Chris PeBenito |
6c6399 |
## </summary>
|
|
Chris PeBenito |
6c6399 |
## <param name="domain">
|
|
Chris PeBenito |
6c6399 |
## <summary>
|
|
Chris PeBenito |
6c6399 |
## Domain allowed access.
|
|
Chris PeBenito |
6c6399 |
## </summary>
|
|
Chris PeBenito |
6c6399 |
## </param>
|
|
Chris PeBenito |
6c6399 |
#
|
|
Chris PeBenito |
6c6399 |
interface(`dev_dontaudit_getattr_nvram_dev',`
|
|
Chris PeBenito |
6c6399 |
gen_require(`
|
|
Chris PeBenito |
6c6399 |
type nvram_device_t;
|
|
Chris PeBenito |
6c6399 |
')
|
|
Chris PeBenito |
6c6399 |
|
|
Chris PeBenito |
6c6399 |
dontaudit $1 nvram_device_t:chr_file getattr;
|
|
Chris PeBenito |
6c6399 |
')
|
|
Chris PeBenito |
6c6399 |
|
|
Chris PeBenito |
6c6399 |
########################################
|
|
Chris PeBenito |
6c6399 |
## <summary>
|
|
Chris PeBenito |
a5e213 |
## Read and write BIOS non-volatile RAM.
|
|
Chris PeBenito |
a5e213 |
## </summary>
|
|
Chris PeBenito |
a5e213 |
## <param name="domain">
|
|
Chris PeBenito |
a5e213 |
## <summary>
|
|
Chris PeBenito |
a5e213 |
## Domain allowed access.
|
|
Chris PeBenito |
a5e213 |
## </summary>
|
|
Chris PeBenito |
a5e213 |
## </param>
|
|
Chris PeBenito |
a5e213 |
#
|
|
Chris PeBenito |
a5e213 |
interface(`dev_rw_nvram',`
|
|
Chris PeBenito |
a5e213 |
gen_require(`
|
|
Chris PeBenito |
a5e213 |
type nvram_device_t;
|
|
Chris PeBenito |
a5e213 |
')
|
|
Chris PeBenito |
a5e213 |
|
|
Chris PeBenito |
c0868a |
rw_chr_files_pattern($1,device_t,nvram_device_t)
|
|
Chris PeBenito |
a5e213 |
')
|
|
Chris PeBenito |
a5e213 |
|
|
Chris PeBenito |
a5e213 |
########################################
|
|
Chris PeBenito |
a5e213 |
## <summary>
|
|
Chris PeBenito |
9c1c08 |
## Get the attributes of the printer device nodes.
|
|
Chris PeBenito |
9c1c08 |
## </summary>
|
|
Chris PeBenito |
9c1c08 |
## <param name="domain">
|
|
Chris PeBenito |
9c1c08 |
## <summary>
|
|
Chris PeBenito |
9c1c08 |
## Domain allowed access.
|
|
Chris PeBenito |
9c1c08 |
## </summary>
|
|
Chris PeBenito |
9c1c08 |
## </param>
|
|
Chris PeBenito |
9c1c08 |
#
|
|
Chris PeBenito |
9c1c08 |
interface(`dev_getattr_printer_dev',`
|
|
Chris PeBenito |
9c1c08 |
gen_require(`
|
|
Chris PeBenito |
9c1c08 |
type device_t, printer_device_t;
|
|
Chris PeBenito |
9c1c08 |
')
|
|
Chris PeBenito |
9c1c08 |
|
|
Chris PeBenito |
c0868a |
getattr_chr_files_pattern($1,device_t,printer_device_t)
|
|
Chris PeBenito |
9c1c08 |
')
|
|
Chris PeBenito |
9c1c08 |
|
|
Chris PeBenito |
9c1c08 |
########################################
|
|
Chris PeBenito |
9c1c08 |
## <summary>
|
|
Chris PeBenito |
f136a9 |
## Set the attributes of the printer device nodes.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
7a2f20 |
#
|
|
Chris PeBenito |
207c47 |
interface(`dev_setattr_printer_dev',`
|
|
Chris PeBenito |
7a2f20 |
gen_require(`
|
|
Chris PeBenito |
f136a9 |
type device_t, printer_device_t;
|
|
Chris PeBenito |
7a2f20 |
')
|
|
Chris PeBenito |
7a2f20 |
|
|
Chris PeBenito |
c0868a |
setattr_chr_files_pattern($1,device_t,printer_device_t)
|
|
Chris PeBenito |
7a2f20 |
')
|
|
Chris PeBenito |
7a2f20 |
|
|
Chris PeBenito |
7a2f20 |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
ad3b9d |
## Append the printer device.
|
|
Chris PeBenito |
ad3b9d |
## </summary>
|
|
Chris PeBenito |
ad3b9d |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
ad3b9d |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
ad3b9d |
## </param>
|
|
Chris PeBenito |
ad3b9d |
#
|
|
Chris PeBenito |
ad3b9d |
# cjp: added for lpd/checkpc_t
|
|
Chris PeBenito |
ad3b9d |
interface(`dev_append_printer',`
|
|
Chris PeBenito |
ad3b9d |
gen_require(`
|
|
Chris PeBenito |
ad3b9d |
type device_t, printer_device_t;
|
|
Chris PeBenito |
ad3b9d |
')
|
|
Chris PeBenito |
ad3b9d |
|
|
Chris PeBenito |
c0868a |
append_chr_files_pattern($1,device_t,printer_device_t)
|
|
Chris PeBenito |
ad3b9d |
')
|
|
Chris PeBenito |
ad3b9d |
|
|
Chris PeBenito |
ad3b9d |
########################################
|
|
Chris PeBenito |
ad3b9d |
## <summary>
|
|
Chris PeBenito |
fdae8e |
## Read and write the printer device.
|
|
Chris PeBenito |
fdae8e |
## </summary>
|
|
Chris PeBenito |
fdae8e |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
fdae8e |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
fdae8e |
## </param>
|
|
Chris PeBenito |
fdae8e |
#
|
|
Chris PeBenito |
fdae8e |
interface(`dev_rw_printer',`
|
|
Chris PeBenito |
fdae8e |
gen_require(`
|
|
Chris PeBenito |
fdae8e |
type device_t, printer_device_t;
|
|
Chris PeBenito |
fdae8e |
')
|
|
Chris PeBenito |
fdae8e |
|
|
Chris PeBenito |
c0868a |
rw_chr_files_pattern($1,device_t,printer_device_t)
|
|
Chris PeBenito |
fdae8e |
')
|
|
Chris PeBenito |
fdae8e |
|
|
Chris PeBenito |
fdae8e |
########################################
|
|
Chris PeBenito |
fdae8e |
## <summary>
|
|
Chris PeBenito |
e1c414 |
## Read from random number generator
|
|
Chris PeBenito |
e1c414 |
## devices (e.g., /dev/random)
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
7a2f20 |
#
|
|
Chris PeBenito |
f136a9 |
interface(`dev_read_rand',`
|
|
Chris PeBenito |
7a2f20 |
gen_require(`
|
|
Chris PeBenito |
f136a9 |
type device_t, random_device_t;
|
|
Chris PeBenito |
7a2f20 |
')
|
|
Chris PeBenito |
7a2f20 |
|
|
Chris PeBenito |
c0868a |
read_chr_files_pattern($1,device_t,random_device_t)
|
|
Chris PeBenito |
7a2f20 |
')
|
|
Chris PeBenito |
7a2f20 |
|
|
Chris PeBenito |
7a2f20 |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
e1c414 |
## Do not audit attempts to read from random
|
|
Chris PeBenito |
e1c414 |
## number generator devices (e.g., /dev/random)
|
|
Chris PeBenito |
e1c414 |
## </summary>
|
|
Chris PeBenito |
e1c414 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
e1c414 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
e1c414 |
## </param>
|
|
Chris PeBenito |
e1c414 |
#
|
|
Chris PeBenito |
e1c414 |
interface(`dev_dontaudit_read_rand',`
|
|
Chris PeBenito |
e1c414 |
gen_require(`
|
|
Chris PeBenito |
e1c414 |
type random_device_t;
|
|
Chris PeBenito |
e1c414 |
')
|
|
Chris PeBenito |
e1c414 |
|
|
Chris PeBenito |
e1c414 |
dontaudit $1 random_device_t:chr_file { getattr read };
|
|
Chris PeBenito |
e1c414 |
')
|
|
Chris PeBenito |
e1c414 |
|
|
Chris PeBenito |
e1c414 |
########################################
|
|
Chris PeBenito |
e1c414 |
## <summary>
|
|
Chris PeBenito |
f136a9 |
## Write to the random device (e.g., /dev/random). This adds
|
|
Chris PeBenito |
f136a9 |
## entropy used to generate the random data read from the
|
|
Chris PeBenito |
f136a9 |
## random device.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
7a2f20 |
#
|
|
Chris PeBenito |
f136a9 |
interface(`dev_write_rand',`
|
|
Chris PeBenito |
7a2f20 |
gen_require(`
|
|
Chris PeBenito |
f136a9 |
type device_t, random_device_t;
|
|
Chris PeBenito |
7a2f20 |
')
|
|
Chris PeBenito |
7a2f20 |
|
|
Chris PeBenito |
c0868a |
write_chr_files_pattern($1,device_t,random_device_t)
|
|
Chris PeBenito |
7a2f20 |
')
|
|
Chris PeBenito |
7a2f20 |
|
|
Chris PeBenito |
7a2f20 |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
f136a9 |
## Read the realtime clock (/dev/rtc).
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
d490eb |
#
|
|
Chris PeBenito |
f136a9 |
interface(`dev_read_realtime_clock',`
|
|
Chris PeBenito |
7a2f20 |
gen_require(`
|
|
Chris PeBenito |
f136a9 |
type device_t, clock_device_t;
|
|
Chris PeBenito |
7a2f20 |
')
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
c0868a |
read_chr_files_pattern($1,device_t,clock_device_t)
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
f136a9 |
## Set the realtime clock (/dev/rtc).
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
f136a9 |
interface(`dev_write_realtime_clock',`
|
|
Chris PeBenito |
7a2f20 |
gen_require(`
|
|
Chris PeBenito |
f136a9 |
type device_t, clock_device_t;
|
|
Chris PeBenito |
7a2f20 |
')
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
c0868a |
write_chr_files_pattern($1,device_t,clock_device_t)
|
|
Chris PeBenito |
c0868a |
|
|
Chris PeBenito |
c0868a |
allow $1 clock_device_t:chr_file setattr;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
7a2f20 |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
f136a9 |
## Read and set the realtime clock (/dev/rtc).
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
7a2f20 |
#
|
|
Chris PeBenito |
f136a9 |
interface(`dev_rw_realtime_clock',`
|
|
Chris PeBenito |
f136a9 |
dev_read_realtime_clock($1)
|
|
Chris PeBenito |
f136a9 |
dev_write_realtime_clock($1)
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
f136a9 |
## Get the attributes of the scanner device.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
207c47 |
interface(`dev_getattr_scanner_dev',`
|
|
Chris PeBenito |
7a2f20 |
gen_require(`
|
|
Chris PeBenito |
f136a9 |
type device_t, scanner_device_t;
|
|
Chris PeBenito |
7a2f20 |
')
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
c0868a |
getattr_chr_files_pattern($1,device_t,scanner_device_t)
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
7a2f20 |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
f136a9 |
## Do not audit attempts to get the attributes of
|
|
Chris PeBenito |
f136a9 |
## the scanner device.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
f136a9 |
## Domain to not audit.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
7a2f20 |
#
|
|
Chris PeBenito |
207c47 |
interface(`dev_dontaudit_getattr_scanner_dev',`
|
|
Chris PeBenito |
7a2f20 |
gen_require(`
|
|
Chris PeBenito |
f136a9 |
type scanner_device_t;
|
|
Chris PeBenito |
7a2f20 |
')
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
f136a9 |
dontaudit $1 scanner_device_t:chr_file getattr;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
f136a9 |
## Set the attributes of the scanner device.
|
|
Chris PeBenito |
a42ca7 |
## </summary>
|
|
Chris PeBenito |
a42ca7 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
a42ca7 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
a42ca7 |
## </param>
|
|
Chris PeBenito |
a42ca7 |
#
|
|
Chris PeBenito |
207c47 |
interface(`dev_setattr_scanner_dev',`
|
|
Chris PeBenito |
a42ca7 |
gen_require(`
|
|
Chris PeBenito |
f136a9 |
type device_t, scanner_device_t;
|
|
Chris PeBenito |
a42ca7 |
')
|
|
Chris PeBenito |
a42ca7 |
|
|
Chris PeBenito |
c0868a |
setattr_chr_files_pattern($1,device_t,scanner_device_t)
|
|
Chris PeBenito |
a42ca7 |
')
|
|
Chris PeBenito |
a42ca7 |
|
|
Chris PeBenito |
a42ca7 |
########################################
|
|
Chris PeBenito |
a42ca7 |
## <summary>
|
|
Chris PeBenito |
f136a9 |
## Do not audit attempts to set the attributes of
|
|
Chris PeBenito |
f136a9 |
## the scanner device.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
f136a9 |
## Domain to not audit.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
207c47 |
interface(`dev_dontaudit_setattr_scanner_dev',`
|
|
Chris PeBenito |
cbc9d6 |
gen_require(`
|
|
Chris PeBenito |
f136a9 |
type scanner_device_t;
|
|
Chris PeBenito |
cbc9d6 |
')
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
f136a9 |
dontaudit $1 scanner_device_t:chr_file setattr;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
f136a9 |
## Read and write the scanner device.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
f136a9 |
interface(`dev_rw_scanner',`
|
|
Chris PeBenito |
cbc9d6 |
gen_require(`
|
|
Chris PeBenito |
f136a9 |
type device_t, scanner_device_t;
|
|
Chris PeBenito |
cbc9d6 |
')
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
c0868a |
rw_chr_files_pattern($1,device_t,scanner_device_t)
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
f136a9 |
## Get the attributes of the sound devices.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
207c47 |
interface(`dev_getattr_sound_dev',`
|
|
Chris PeBenito |
7a2f20 |
gen_require(`
|
|
Chris PeBenito |
f136a9 |
type device_t, sound_device_t;
|
|
Chris PeBenito |
7a2f20 |
')
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
c0868a |
getattr_chr_files_pattern($1,device_t,sound_device_t)
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
7a2f20 |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
f136a9 |
## Set the attributes of the sound devices.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
7a2f20 |
#
|
|
Chris PeBenito |
207c47 |
interface(`dev_setattr_sound_dev',`
|
|
Chris PeBenito |
7a2f20 |
gen_require(`
|
|
Chris PeBenito |
f136a9 |
type device_t, sound_device_t;
|
|
Chris PeBenito |
7a2f20 |
')
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
c0868a |
setattr_chr_files_pattern($1,device_t,sound_device_t)
|
|
Chris PeBenito |
7a2f20 |
')
|
|
Chris PeBenito |
7a2f20 |
|
|
Chris PeBenito |
7a2f20 |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
f136a9 |
## Read the sound devices.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
f136a9 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
7a2f20 |
#
|
|
Chris PeBenito |
207c47 |
interface(`dev_read_sound',`
|
|
Chris PeBenito |
7a2f20 |
gen_require(`
|
|
Chris PeBenito |
f136a9 |
type device_t, sound_device_t;
|
|
Chris PeBenito |
7a2f20 |
')
|
|
Chris PeBenito |
7a2f20 |
|
|
Chris PeBenito |
c0868a |
read_chr_files_pattern($1,device_t,sound_device_t)
|
|
Chris PeBenito |
7a2f20 |
')
|
|
Chris PeBenito |
7a2f20 |
|
|
Chris PeBenito |
7a2f20 |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
f136a9 |
## Write the sound devices.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
7a2f20 |
#
|
|
Chris PeBenito |
207c47 |
interface(`dev_write_sound',`
|
|
Chris PeBenito |
7a2f20 |
gen_require(`
|
|
Chris PeBenito |
f136a9 |
type device_t, sound_device_t;
|
|
Chris PeBenito |
7a2f20 |
')
|
|
Chris PeBenito |
7a2f20 |
|
|
Chris PeBenito |
c0868a |
write_chr_files_pattern($1,device_t,sound_device_t)
|
|
Chris PeBenito |
7a2f20 |
')
|
|
Chris PeBenito |
7a2f20 |
|
|
Chris PeBenito |
7a2f20 |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
f136a9 |
## Read the sound mixer devices.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
f136a9 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
7a2f20 |
#
|
|
Chris PeBenito |
207c47 |
interface(`dev_read_sound_mixer',`
|
|
Chris PeBenito |
7a2f20 |
gen_require(`
|
|
Chris PeBenito |
f136a9 |
type device_t, sound_device_t;
|
|
Chris PeBenito |
7a2f20 |
')
|
|
Chris PeBenito |
7a2f20 |
|
|
Chris PeBenito |
c0868a |
read_chr_files_pattern($1,device_t,sound_device_t)
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
f136a9 |
## Write the sound mixer devices.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
207c47 |
interface(`dev_write_sound_mixer',`
|
|
Chris PeBenito |
7a2f20 |
gen_require(`
|
|
Chris PeBenito |
f136a9 |
type device_t, sound_device_t;
|
|
Chris PeBenito |
7a2f20 |
')
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
c0868a |
write_chr_files_pattern($1,device_t,sound_device_t)
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
7a2f20 |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Get the attributes of the the power management device.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
7a2f20 |
#
|
|
Chris PeBenito |
207c47 |
interface(`dev_getattr_power_mgmt_dev',`
|
|
Chris PeBenito |
7a2f20 |
gen_require(`
|
|
Chris PeBenito |
7a2f20 |
type device_t, power_device_t;
|
|
Chris PeBenito |
7a2f20 |
')
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
c0868a |
getattr_chr_files_pattern($1,device_t,power_device_t)
|
|
Chris PeBenito |
7a2f20 |
')
|
|
Chris PeBenito |
7a2f20 |
|
|
Chris PeBenito |
7a2f20 |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Set the attributes of the the power management device.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
7a2f20 |
#
|
|
Chris PeBenito |
207c47 |
interface(`dev_setattr_power_mgmt_dev',`
|
|
Chris PeBenito |
7a2f20 |
gen_require(`
|
|
Chris PeBenito |
7a2f20 |
type device_t, power_device_t;
|
|
Chris PeBenito |
7a2f20 |
')
|
|
Chris PeBenito |
7a2f20 |
|
|
Chris PeBenito |
c0868a |
setattr_chr_files_pattern($1,device_t,power_device_t)
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Read and write the the power management device.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
199895 |
interface(`dev_rw_power_management',`
|
|
Chris PeBenito |
7a2f20 |
gen_require(`
|
|
Chris PeBenito |
7a2f20 |
type device_t, power_device_t;
|
|
Chris PeBenito |
7a2f20 |
')
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
c0868a |
rw_chr_files_pattern($1,device_t,power_device_t)
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
7a2f20 |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
d534d3 |
## Getattr on smartcard devices
|
|
Chris PeBenito |
d534d3 |
## </summary>
|
|
Chris PeBenito |
d534d3 |
## <param name="domain">
|
|
Chris PeBenito |
d534d3 |
## <summary>
|
|
Chris PeBenito |
d534d3 |
## Domain allowed access.
|
|
Chris PeBenito |
d534d3 |
## </summary>
|
|
Chris PeBenito |
d534d3 |
## </param>
|
|
Chris PeBenito |
d534d3 |
#
|
|
Chris PeBenito |
d534d3 |
interface(`dev_getattr_smartcard_dev',`
|
|
Chris PeBenito |
d534d3 |
gen_require(`
|
|
Chris PeBenito |
d534d3 |
type smartcard_device_t;
|
|
Chris PeBenito |
d534d3 |
')
|
|
Chris PeBenito |
d534d3 |
|
|
Chris PeBenito |
d534d3 |
allow $1 smartcard_device_t:chr_file getattr;
|
|
Chris PeBenito |
d534d3 |
|
|
Chris PeBenito |
d534d3 |
')
|
|
Chris PeBenito |
d534d3 |
|
|
Chris PeBenito |
d534d3 |
########################################
|
|
Chris PeBenito |
d534d3 |
## <summary>
|
|
Chris PeBenito |
d534d3 |
## dontaudit getattr on smartcard devices
|
|
Chris PeBenito |
d534d3 |
## </summary>
|
|
Chris PeBenito |
d534d3 |
## <param name="domain">
|
|
Chris PeBenito |
d534d3 |
## <summary>
|
|
Chris PeBenito |
d534d3 |
## Domain allowed access.
|
|
Chris PeBenito |
d534d3 |
## </summary>
|
|
Chris PeBenito |
d534d3 |
## </param>
|
|
Chris PeBenito |
d534d3 |
#
|
|
Chris PeBenito |
d534d3 |
interface(`dev_dontaudit_getattr_smartcard_dev',`
|
|
Chris PeBenito |
d534d3 |
gen_require(`
|
|
Chris PeBenito |
d534d3 |
type smartcard_device_t;
|
|
Chris PeBenito |
d534d3 |
')
|
|
Chris PeBenito |
d534d3 |
|
|
Chris PeBenito |
d534d3 |
dontaudit $1 smartcard_device_t:chr_file getattr;
|
|
Chris PeBenito |
d534d3 |
|
|
Chris PeBenito |
d534d3 |
')
|
|
Chris PeBenito |
d534d3 |
|
|
Chris PeBenito |
d534d3 |
########################################
|
|
Chris PeBenito |
d534d3 |
## <summary>
|
|
Chris PeBenito |
d534d3 |
## Read and write smartcard devices.
|
|
Chris PeBenito |
d534d3 |
## </summary>
|
|
Chris PeBenito |
d534d3 |
## <param name="domain">
|
|
Chris PeBenito |
d534d3 |
## <summary>
|
|
Chris PeBenito |
d534d3 |
## Domain allowed access.
|
|
Chris PeBenito |
d534d3 |
## </summary>
|
|
Chris PeBenito |
d534d3 |
## </param>
|
|
Chris PeBenito |
d534d3 |
#
|
|
Chris PeBenito |
d534d3 |
interface(`dev_rw_smartcard',`
|
|
Chris PeBenito |
d534d3 |
gen_require(`
|
|
Chris PeBenito |
d534d3 |
type device_t, smartcard_device_t;
|
|
Chris PeBenito |
d534d3 |
')
|
|
Chris PeBenito |
d534d3 |
|
|
Chris PeBenito |
d534d3 |
rw_chr_files_pattern($1,device_t,smartcard_device_t)
|
|
Chris PeBenito |
d534d3 |
')
|
|
Chris PeBenito |
d534d3 |
|
|
Chris PeBenito |
d534d3 |
########################################
|
|
Chris PeBenito |
d534d3 |
## <summary>
|
|
Chris PeBenito |
d534d3 |
## Create, read, write, and delete smartcard devices.
|
|
Chris PeBenito |
d534d3 |
## </summary>
|
|
Chris PeBenito |
d534d3 |
## <param name="domain">
|
|
Chris PeBenito |
d534d3 |
## <summary>
|
|
Chris PeBenito |
d534d3 |
## Domain allowed access.
|
|
Chris PeBenito |
d534d3 |
## </summary>
|
|
Chris PeBenito |
d534d3 |
## </param>
|
|
Chris PeBenito |
d534d3 |
#
|
|
Chris PeBenito |
d534d3 |
interface(`dev_manage_smartcard',`
|
|
Chris PeBenito |
d534d3 |
gen_require(`
|
|
Chris PeBenito |
d534d3 |
type device_t, smartcard_device_t;
|
|
Chris PeBenito |
d534d3 |
')
|
|
Chris PeBenito |
d534d3 |
|
|
Chris PeBenito |
d534d3 |
manage_chr_files_pattern($1,device_t,smartcard_device_t)
|
|
Chris PeBenito |
d534d3 |
')
|
|
Chris PeBenito |
d534d3 |
|
|
Chris PeBenito |
d534d3 |
########################################
|
|
Chris PeBenito |
d534d3 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Get the attributes of sysfs directories.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## The type of the process performing this action.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
7a2f20 |
#
|
|
Chris PeBenito |
207c47 |
interface(`dev_getattr_sysfs_dirs',`
|
|
Chris PeBenito |
7a2f20 |
gen_require(`
|
|
Chris PeBenito |
7a2f20 |
type sysfs_t;
|
|
Chris PeBenito |
7a2f20 |
')
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
c0868a |
allow $1 sysfs_t:dir getattr_dir_perms;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
3b857e |
|
|
Chris PeBenito |
8bd678 |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
b24f35 |
## Search the sysfs directories.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## The type of the process performing this action.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
8bd678 |
#
|
|
Chris PeBenito |
199895 |
interface(`dev_search_sysfs',`
|
|
Chris PeBenito |
7a2f20 |
gen_require(`
|
|
Chris PeBenito |
7a2f20 |
type sysfs_t;
|
|
Chris PeBenito |
7a2f20 |
')
|
|
Chris PeBenito |
8bd678 |
|
|
Chris PeBenito |
c0868a |
search_dirs_pattern($1,sysfs_t,sysfs_t)
|
|
Chris PeBenito |
8bd678 |
')
|
|
Chris PeBenito |
8bd678 |
|
|
Chris PeBenito |
8bd678 |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
ebdc3b |
## Do not audit attempts to search sysfs.
|
|
Chris PeBenito |
ebdc3b |
## </summary>
|
|
Chris PeBenito |
ebdc3b |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
ebdc3b |
## The type of the process performing this action.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
ebdc3b |
## </param>
|
|
Chris PeBenito |
ebdc3b |
#
|
|
Chris PeBenito |
ebdc3b |
interface(`dev_dontaudit_search_sysfs',`
|
|
Chris PeBenito |
ebdc3b |
gen_require(`
|
|
Chris PeBenito |
ebdc3b |
type sysfs_t;
|
|
Chris PeBenito |
ebdc3b |
')
|
|
Chris PeBenito |
ebdc3b |
|
|
Chris PeBenito |
c0868a |
dontaudit $1 sysfs_t:dir search_dir_perms;
|
|
Chris PeBenito |
ebdc3b |
')
|
|
Chris PeBenito |
ebdc3b |
|
|
Chris PeBenito |
ebdc3b |
########################################
|
|
Chris PeBenito |
ebdc3b |
## <summary>
|
|
Chris PeBenito |
b24f35 |
## List the contents of the sysfs directories.
|
|
Chris PeBenito |
b24f35 |
## </summary>
|
|
Chris PeBenito |
b24f35 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
b24f35 |
## The type of the process performing this action.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
b24f35 |
## </param>
|
|
Chris PeBenito |
b24f35 |
#
|
|
Chris PeBenito |
b24f35 |
interface(`dev_list_sysfs',`
|
|
Chris PeBenito |
b24f35 |
gen_require(`
|
|
Chris PeBenito |
b24f35 |
type sysfs_t;
|
|
Chris PeBenito |
b24f35 |
')
|
|
Chris PeBenito |
b24f35 |
|
|
Chris PeBenito |
c0868a |
list_dirs_pattern($1,sysfs_t,sysfs_t)
|
|
Chris PeBenito |
b24f35 |
')
|
|
Chris PeBenito |
b24f35 |
|
|
Chris PeBenito |
b24f35 |
########################################
|
|
Chris PeBenito |
b24f35 |
## <summary>
|
|
Chris PeBenito |
9e8f65 |
## Write in a sysfs directories.
|
|
Chris PeBenito |
9e8f65 |
## </summary>
|
|
Chris PeBenito |
9e8f65 |
## <param name="domain">
|
|
Chris PeBenito |
9e8f65 |
## <summary>
|
|
Chris PeBenito |
9e8f65 |
## The type of the process performing this action.
|
|
Chris PeBenito |
9e8f65 |
## </summary>
|
|
Chris PeBenito |
9e8f65 |
## </param>
|
|
Chris PeBenito |
9e8f65 |
#
|
|
Chris PeBenito |
9e8f65 |
# cjp: added for cpuspeed
|
|
Chris PeBenito |
9e8f65 |
interface(`dev_write_sysfs_dirs',`
|
|
Chris PeBenito |
9e8f65 |
gen_require(`
|
|
Chris PeBenito |
9e8f65 |
type sysfs_t;
|
|
Chris PeBenito |
9e8f65 |
')
|
|
Chris PeBenito |
9e8f65 |
|
|
Chris PeBenito |
9e8f65 |
allow $1 sysfs_t:dir write;
|
|
Chris PeBenito |
9e8f65 |
')
|
|
Chris PeBenito |
9e8f65 |
|
|
Chris PeBenito |
9e8f65 |
########################################
|
|
Chris PeBenito |
9e8f65 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Allow caller to read hardware state information.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## The process type reading hardware state information.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
8bd678 |
#
|
|
Chris PeBenito |
199895 |
interface(`dev_read_sysfs',`
|
|
Chris PeBenito |
7a2f20 |
gen_require(`
|
|
Chris PeBenito |
7a2f20 |
type sysfs_t;
|
|
Chris PeBenito |
7a2f20 |
')
|
|
Chris PeBenito |
8bd678 |
|
|
Chris PeBenito |
c0868a |
read_files_pattern($1,sysfs_t,sysfs_t)
|
|
Chris PeBenito |
c0868a |
read_lnk_files_pattern($1,sysfs_t,sysfs_t)
|
|
Chris PeBenito |
c0868a |
|
|
Chris PeBenito |
c0868a |
list_dirs_pattern($1,sysfs_t,sysfs_t)
|
|
Chris PeBenito |
8bd678 |
')
|
|
Chris PeBenito |
8bd678 |
|
|
Chris PeBenito |
8bd678 |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Allow caller to modify hardware state information.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## The process type modifying hardware state information.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
8bd678 |
#
|
|
Chris PeBenito |
199895 |
interface(`dev_rw_sysfs',`
|
|
Chris PeBenito |
7a2f20 |
gen_require(`
|
|
Chris PeBenito |
7a2f20 |
type sysfs_t;
|
|
Chris PeBenito |
7a2f20 |
')
|
|
Chris PeBenito |
8bd678 |
|
|
Chris PeBenito |
c0868a |
|
|
Chris PeBenito |
c0868a |
rw_files_pattern($1,sysfs_t,sysfs_t)
|
|
Chris PeBenito |
c0868a |
read_lnk_files_pattern($1,sysfs_t,sysfs_t)
|
|
Chris PeBenito |
c0868a |
|
|
Chris PeBenito |
c0868a |
list_dirs_pattern($1,sysfs_t,sysfs_t)
|
|
Chris PeBenito |
8bd678 |
')
|
|
Chris PeBenito |
8bd678 |
|
|
Chris PeBenito |
8bd678 |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
f136a9 |
## Read from pseudo random devices (e.g., /dev/urandom)
|
|
Chris PeBenito |
f136a9 |
## </summary>
|
|
Chris PeBenito |
f136a9 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
f136a9 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
f136a9 |
## </param>
|
|
Chris PeBenito |
f136a9 |
#
|
|
Chris PeBenito |
f136a9 |
interface(`dev_read_urand',`
|
|
Chris PeBenito |
f136a9 |
gen_require(`
|
|
Chris PeBenito |
f136a9 |
type device_t, urandom_device_t;
|
|
Chris PeBenito |
f136a9 |
')
|
|
Chris PeBenito |
f136a9 |
|
|
Chris PeBenito |
c0868a |
read_chr_files_pattern($1,device_t,urandom_device_t)
|
|
Chris PeBenito |
f136a9 |
')
|
|
Chris PeBenito |
f136a9 |
|
|
Chris PeBenito |
f136a9 |
########################################
|
|
Chris PeBenito |
f136a9 |
## <summary>
|
|
Chris PeBenito |
d592b6 |
## Do not audit attempts to read from pseudo
|
|
Chris PeBenito |
d592b6 |
## random devices (e.g., /dev/urandom)
|
|
Chris PeBenito |
d592b6 |
## </summary>
|
|
Chris PeBenito |
d592b6 |
## <param name="domain">
|
|
Chris PeBenito |
d592b6 |
## <summary>
|
|
Chris PeBenito |
d592b6 |
## Domain to not audit.
|
|
Chris PeBenito |
d592b6 |
## </summary>
|
|
Chris PeBenito |
d592b6 |
## </param>
|
|
Chris PeBenito |
d592b6 |
#
|
|
Chris PeBenito |
d592b6 |
interface(`dev_dontaudit_read_urand',`
|
|
Chris PeBenito |
d592b6 |
gen_require(`
|
|
Chris PeBenito |
d592b6 |
type urandom_device_t;
|
|
Chris PeBenito |
d592b6 |
')
|
|
Chris PeBenito |
d592b6 |
|
|
Chris PeBenito |
d592b6 |
dontaudit $1 urandom_device_t:chr_file { getattr read };
|
|
Chris PeBenito |
d592b6 |
')
|
|
Chris PeBenito |
d592b6 |
|
|
Chris PeBenito |
d592b6 |
########################################
|
|
Chris PeBenito |
d592b6 |
## <summary>
|
|
Chris PeBenito |
f136a9 |
## Write to the pseudo random device (e.g., /dev/urandom). This
|
|
Chris PeBenito |
f136a9 |
## sets the random number generator seed.
|
|
Chris PeBenito |
f136a9 |
## </summary>
|
|
Chris PeBenito |
f136a9 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
f136a9 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
f136a9 |
## </param>
|
|
Chris PeBenito |
f136a9 |
#
|
|
Chris PeBenito |
f136a9 |
interface(`dev_write_urand',`
|
|
Chris PeBenito |
f136a9 |
gen_require(`
|
|
Chris PeBenito |
f136a9 |
type device_t, urandom_device_t;
|
|
Chris PeBenito |
f136a9 |
')
|
|
Chris PeBenito |
f136a9 |
|
|
Chris PeBenito |
c0868a |
write_chr_files_pattern($1,device_t,urandom_device_t)
|
|
Chris PeBenito |
f136a9 |
')
|
|
Chris PeBenito |
f136a9 |
|
|
Chris PeBenito |
f136a9 |
########################################
|
|
Chris PeBenito |
f136a9 |
## <summary>
|
|
Chris PeBenito |
724925 |
## Getattr generic the USB devices.
|
|
Chris PeBenito |
724925 |
## </summary>
|
|
Chris PeBenito |
724925 |
## <param name="domain">
|
|
Chris PeBenito |
724925 |
## <summary>
|
|
Chris PeBenito |
724925 |
## Domain allowed access.
|
|
Chris PeBenito |
724925 |
## </summary>
|
|
Chris PeBenito |
724925 |
## </param>
|
|
Chris PeBenito |
724925 |
#
|
|
Chris PeBenito |
724925 |
interface(`dev_getattr_generic_usb_dev',`
|
|
Chris PeBenito |
724925 |
gen_require(`
|
|
Chris PeBenito |
724925 |
type usb_device_t;
|
|
Chris PeBenito |
724925 |
')
|
|
Chris PeBenito |
724925 |
|
|
Chris PeBenito |
c0868a |
getattr_chr_files_pattern($1,device_t,usb_device_t)
|
|
Chris PeBenito |
724925 |
')
|
|
Chris PeBenito |
724925 |
|
|
Chris PeBenito |
724925 |
########################################
|
|
Chris PeBenito |
724925 |
## <summary>
|
|
Chris PeBenito |
724925 |
## Setattr generic the USB devices.
|
|
Chris PeBenito |
724925 |
## </summary>
|
|
Chris PeBenito |
724925 |
## <param name="domain">
|
|
Chris PeBenito |
724925 |
## <summary>
|
|
Chris PeBenito |
724925 |
## Domain allowed access.
|
|
Chris PeBenito |
724925 |
## </summary>
|
|
Chris PeBenito |
724925 |
## </param>
|
|
Chris PeBenito |
724925 |
#
|
|
Chris PeBenito |
724925 |
interface(`dev_setattr_generic_usb_dev',`
|
|
Chris PeBenito |
724925 |
gen_require(`
|
|
Chris PeBenito |
724925 |
type usb_device_t;
|
|
Chris PeBenito |
724925 |
')
|
|
Chris PeBenito |
724925 |
|
|
Chris PeBenito |
c0868a |
setattr_chr_files_pattern($1,device_t,usb_device_t)
|
|
Chris PeBenito |
724925 |
')
|
|
Chris PeBenito |
724925 |
|
|
Chris PeBenito |
724925 |
########################################
|
|
Chris PeBenito |
724925 |
## <summary>
|
|
Chris PeBenito |
8cf671 |
## Read and write generic the USB devices.
|
|
Chris PeBenito |
8cf671 |
## </summary>
|
|
Chris PeBenito |
8cf671 |
## <param name="domain">
|
|
Chris PeBenito |
8cf671 |
## <summary>
|
|
Chris PeBenito |
8cf671 |
## Domain allowed access.
|
|
Chris PeBenito |
8cf671 |
## </summary>
|
|
Chris PeBenito |
8cf671 |
## </param>
|
|
Chris PeBenito |
8cf671 |
#
|
|
Chris PeBenito |
8cf671 |
interface(`dev_rw_generic_usb_dev',`
|
|
Chris PeBenito |
8cf671 |
gen_require(`
|
|
Chris PeBenito |
8cf671 |
type usb_device_t;
|
|
Chris PeBenito |
8cf671 |
')
|
|
Chris PeBenito |
8cf671 |
|
|
Chris PeBenito |
c0868a |
rw_chr_files_pattern($1,device_t,usb_device_t)
|
|
Chris PeBenito |
8cf671 |
')
|
|
Chris PeBenito |
8cf671 |
|
|
Chris PeBenito |
8cf671 |
########################################
|
|
Chris PeBenito |
8cf671 |
## <summary>
|
|
Chris PeBenito |
fd89e1 |
## Mount a usbfs filesystem.
|
|
Chris PeBenito |
fd89e1 |
## </summary>
|
|
Chris PeBenito |
fd89e1 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
fd89e1 |
## The type of the process performing this action.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
fd89e1 |
## </param>
|
|
Chris PeBenito |
fd89e1 |
#
|
|
Chris PeBenito |
fd89e1 |
interface(`dev_mount_usbfs',`
|
|
Chris PeBenito |
fd89e1 |
gen_require(`
|
|
Chris PeBenito |
fd89e1 |
type usbfs_t;
|
|
Chris PeBenito |
fd89e1 |
')
|
|
Chris PeBenito |
fd89e1 |
|
|
Chris PeBenito |
fd89e1 |
allow $1 usbfs_t:filesystem mount;
|
|
Chris PeBenito |
fd89e1 |
')
|
|
Chris PeBenito |
fd89e1 |
|
|
Chris PeBenito |
fd89e1 |
########################################
|
|
Chris PeBenito |
fd89e1 |
## <summary>
|
|
Chris PeBenito |
157610 |
## Associate a file to a usbfs filesystem.
|
|
Chris PeBenito |
60789e |
## </summary>
|
|
Chris PeBenito |
157610 |
## <param name="file_type">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
157610 |
## The type of the file to be associated to usbfs.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
60789e |
## </param>
|
|
Chris PeBenito |
60789e |
#
|
|
Chris PeBenito |
60789e |
interface(`dev_associate_usbfs',`
|
|
Chris PeBenito |
60789e |
gen_require(`
|
|
Chris PeBenito |
60789e |
type usbfs_t;
|
|
Chris PeBenito |
60789e |
')
|
|
Chris PeBenito |
60789e |
|
|
Chris PeBenito |
60789e |
allow $1 usbfs_t:filesystem associate;
|
|
Chris PeBenito |
60789e |
')
|
|
Chris PeBenito |
60789e |
|
|
Chris PeBenito |
60789e |
########################################
|
|
Chris PeBenito |
60789e |
## <summary>
|
|
Chris PeBenito |
a42ca7 |
## Get the attributes of a directory in the usb filesystem.
|
|
Chris PeBenito |
a42ca7 |
## </summary>
|
|
Chris PeBenito |
a42ca7 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
a42ca7 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
a42ca7 |
## </param>
|
|
Chris PeBenito |
a42ca7 |
#
|
|
Chris PeBenito |
207c47 |
interface(`dev_getattr_usbfs_dirs',`
|
|
Chris PeBenito |
a42ca7 |
gen_require(`
|
|
Chris PeBenito |
a42ca7 |
type usbfs_t;
|
|
Chris PeBenito |
a42ca7 |
')
|
|
Chris PeBenito |
a42ca7 |
|
|
Chris PeBenito |
c0868a |
allow $1 usbfs_t:dir getattr_dir_perms;
|
|
Chris PeBenito |
a42ca7 |
')
|
|
Chris PeBenito |
a42ca7 |
|
|
Chris PeBenito |
a42ca7 |
########################################
|
|
Chris PeBenito |
a42ca7 |
## <summary>
|
|
Chris PeBenito |
725926 |
## Do not audit attempts to get the attributes
|
|
Chris PeBenito |
725926 |
## of a directory in the usb filesystem.
|
|
Chris PeBenito |
725926 |
## </summary>
|
|
Chris PeBenito |
725926 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
725926 |
## Domain to not audit.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
725926 |
## </param>
|
|
Chris PeBenito |
725926 |
#
|
|
Chris PeBenito |
207c47 |
interface(`dev_dontaudit_getattr_usbfs_dirs',`
|
|
Chris PeBenito |
725926 |
gen_require(`
|
|
Chris PeBenito |
725926 |
type usbfs_t;
|
|
Chris PeBenito |
725926 |
')
|
|
Chris PeBenito |
725926 |
|
|
Chris PeBenito |
c0868a |
dontaudit $1 usbfs_t:dir getattr_dir_perms;
|
|
Chris PeBenito |
725926 |
')
|
|
Chris PeBenito |
725926 |
|
|
Chris PeBenito |
725926 |
########################################
|
|
Chris PeBenito |
725926 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Search the directory containing USB hardware information.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## The type of the process performing this action.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
8bd678 |
#
|
|
Chris PeBenito |
199895 |
interface(`dev_search_usbfs',`
|
|
Chris PeBenito |
7a2f20 |
gen_require(`
|
|
Chris PeBenito |
7a2f20 |
type usbfs_t;
|
|
Chris PeBenito |
7a2f20 |
')
|
|
Chris PeBenito |
8bd678 |
|
|
Chris PeBenito |
c0868a |
search_dirs_pattern($1,usbfs_t,usbfs_t)
|
|
Chris PeBenito |
8bd678 |
')
|
|
Chris PeBenito |
8bd678 |
|
|
Chris PeBenito |
8bd678 |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Allow caller to get a list of usb hardware.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## The process type getting the list.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
8bd678 |
#
|
|
Chris PeBenito |
199895 |
interface(`dev_list_usbfs',`
|
|
Chris PeBenito |
7a2f20 |
gen_require(`
|
|
Chris PeBenito |
7a2f20 |
type usbfs_t;
|
|
Chris PeBenito |
7a2f20 |
')
|
|
Chris PeBenito |
8bd678 |
|
|
Chris PeBenito |
c0868a |
read_lnk_files_pattern($1,usbfs_t,usbfs_t)
|
|
Chris PeBenito |
c0868a |
getattr_files_pattern($1,usbfs_t,usbfs_t)
|
|
Chris PeBenito |
c0868a |
|
|
Chris PeBenito |
c0868a |
list_dirs_pattern($1,usbfs_t,usbfs_t)
|
|
Chris PeBenito |
8bd678 |
')
|
|
Chris PeBenito |
8bd678 |
|
|
Chris PeBenito |
8bd678 |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
c655ec |
## Set the attributes of usbfs filesystem.
|
|
Chris PeBenito |
c655ec |
## </summary>
|
|
Chris PeBenito |
c655ec |
## <param name="domain">
|
|
Chris PeBenito |
c655ec |
## <summary>
|
|
Chris PeBenito |
c655ec |
## Domain allowed access.
|
|
Chris PeBenito |
c655ec |
## </summary>
|
|
Chris PeBenito |
c655ec |
## </param>
|
|
Chris PeBenito |
c655ec |
#
|
|
Chris PeBenito |
c655ec |
interface(`dev_setattr_usbfs_files',`
|
|
Chris PeBenito |
c655ec |
gen_require(`
|
|
Chris PeBenito |
c655ec |
type usbfs_t;
|
|
Chris PeBenito |
c655ec |
')
|
|
Chris PeBenito |
c655ec |
|
|
Chris PeBenito |
c0868a |
setattr_files_pattern($1,usbfs_t,usbfs_t)
|
|
Chris PeBenito |
c0868a |
list_dirs_pattern($1,usbfs_t,usbfs_t)
|
|
Chris PeBenito |
c655ec |
')
|
|
Chris PeBenito |
c655ec |
|
|
Chris PeBenito |
c655ec |
########################################
|
|
Chris PeBenito |
c655ec |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Read USB hardware information using
|
|
Chris PeBenito |
414e41 |
## the usbfs filesystem interface.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## The type of the process performing this action.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
8bd678 |
#
|
|
Chris PeBenito |
199895 |
interface(`dev_read_usbfs',`
|
|
Chris PeBenito |
7a2f20 |
gen_require(`
|
|
Chris PeBenito |
7a2f20 |
type usbfs_t;
|
|
Chris PeBenito |
7a2f20 |
')
|
|
Chris PeBenito |
8bd678 |
|
|
Chris PeBenito |
c0868a |
read_files_pattern($1,usbfs_t,usbfs_t)
|
|
Chris PeBenito |
c0868a |
read_lnk_files_pattern($1,usbfs_t,usbfs_t)
|
|
Chris PeBenito |
c0868a |
list_dirs_pattern($1,usbfs_t,usbfs_t)
|
|
Chris PeBenito |
8bd678 |
')
|
|
Chris PeBenito |
8bd678 |
|
|
Chris PeBenito |
8bd678 |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Allow caller to modify usb hardware configuration files.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## The process type modifying the options.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
8bd678 |
#
|
|
Chris PeBenito |
199895 |
interface(`dev_rw_usbfs',`
|
|
Chris PeBenito |
7a2f20 |
gen_require(`
|
|
Chris PeBenito |
7a2f20 |
type usbfs_t;
|
|
Chris PeBenito |
7a2f20 |
')
|
|
Chris PeBenito |
8bd678 |
|
|
Chris PeBenito |
c0868a |
list_dirs_pattern($1,usbfs_t,usbfs_t)
|
|
Chris PeBenito |
c0868a |
rw_files_pattern($1,usbfs_t,usbfs_t)
|
|
Chris PeBenito |
c0868a |
read_lnk_files_pattern($1,usbfs_t,usbfs_t)
|
|
Chris PeBenito |
8bd678 |
')
|
|
Chris PeBenito |
8bd678 |
|
|
Chris PeBenito |
7a2f20 |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Get the attributes of video4linux devices.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
fd89e1 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
7a2f20 |
#
|
|
Chris PeBenito |
199895 |
interface(`dev_getattr_video_dev',`
|
|
Chris PeBenito |
7a2f20 |
gen_require(`
|
|
Chris PeBenito |
7a2f20 |
type device_t, v4l_device_t;
|
|
Chris PeBenito |
7a2f20 |
')
|
|
Chris PeBenito |
8bd678 |
|
|
Chris PeBenito |
c0868a |
getattr_chr_files_pattern($1,device_t,v4l_device_t)
|
|
Chris PeBenito |
7a2f20 |
')
|
|
Chris PeBenito |
7a2f20 |
|
|
Chris PeBenito |
7a2f20 |
########################################
|
|
Chris PeBenito |
414e41 |
## <summary>
|
|
Chris PeBenito |
fd89e1 |
## Do not audit attempts to get the attributes
|
|
Chris PeBenito |
fd89e1 |
## of video4linux device nodes.
|
|
Chris PeBenito |
414e41 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
fd89e1 |
## Domain to not audit.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
fd89e1 |
## </param>
|
|
Chris PeBenito |
fd89e1 |
#
|
|
Chris PeBenito |
fd89e1 |
interface(`dev_dontaudit_getattr_video_dev',`
|
|
Chris PeBenito |
fd89e1 |
gen_require(`
|
|
Chris PeBenito |
fd89e1 |
type v4l_device_t;
|
|
Chris PeBenito |
fd89e1 |
')
|
|
Chris PeBenito |
fd89e1 |
|
|
Chris PeBenito |
fd89e1 |
dontaudit $1 v4l_device_t:chr_file getattr;
|
|
Chris PeBenito |
fd89e1 |
')
|
|
Chris PeBenito |
fd89e1 |
|
|
Chris PeBenito |
fd89e1 |
########################################
|
|
Chris PeBenito |
fd89e1 |
## <summary>
|
|
Chris PeBenito |
fd89e1 |
## Set the attributes of video4linux device nodes.
|
|
Chris PeBenito |
fd89e1 |
## </summary>
|
|
Chris PeBenito |
fd89e1 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
fd89e1 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
7a2f20 |
#
|
|
Chris PeBenito |
199895 |
interface(`dev_setattr_video_dev',`
|
|
Chris PeBenito |
7a2f20 |
gen_require(`
|
|
Chris PeBenito |
7a2f20 |
type device_t, v4l_device_t;
|
|
Chris PeBenito |
7a2f20 |
')
|
|
Chris PeBenito |
7a2f20 |
|
|
Chris PeBenito |
c0868a |
setattr_chr_files_pattern($1,device_t,v4l_device_t)
|
|
Chris PeBenito |
8bd678 |
')
|
|
Chris PeBenito |
8bd678 |
|
|
Chris PeBenito |
fd89e1 |
########################################
|
|
Chris PeBenito |
fd89e1 |
## <summary>
|
|
Chris PeBenito |
fd89e1 |
## Do not audit attempts to set the attributes
|
|
Chris PeBenito |
fd89e1 |
## of video4linux device nodes.
|
|
Chris PeBenito |
fd89e1 |
## </summary>
|
|
Chris PeBenito |
fd89e1 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
fd89e1 |
## Domain to not audit.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
fd89e1 |
## </param>
|
|
Chris PeBenito |
fd89e1 |
#
|
|
Chris PeBenito |
fd89e1 |
interface(`dev_dontaudit_setattr_video_dev',`
|
|
Chris PeBenito |
fd89e1 |
gen_require(`
|
|
Chris PeBenito |
fd89e1 |
type v4l_device_t;
|
|
Chris PeBenito |
fd89e1 |
')
|
|
Chris PeBenito |
fd89e1 |
|
|
Chris PeBenito |
fd89e1 |
dontaudit $1 v4l_device_t:chr_file setattr;
|
|
Chris PeBenito |
fd89e1 |
')
|
|
Chris PeBenito |
9726b3 |
|
|
Chris PeBenito |
9726b3 |
########################################
|
|
Chris PeBenito |
9726b3 |
## <summary>
|
|
Chris PeBenito |
77b81c |
## Read the video4linux devices.
|
|
Chris PeBenito |
77b81c |
## </summary>
|
|
Chris PeBenito |
77b81c |
## <param name="domain">
|
|
Chris PeBenito |
77b81c |
## <summary>
|
|
Chris PeBenito |
77b81c |
## Domain allowed access.
|
|
Chris PeBenito |
77b81c |
## </summary>
|
|
Chris PeBenito |
77b81c |
## </param>
|
|
Chris PeBenito |
77b81c |
#
|
|
Chris PeBenito |
77b81c |
interface(`dev_read_video_dev',`
|
|
Chris PeBenito |
77b81c |
gen_require(`
|
|
Chris PeBenito |
77b81c |
type device_t, v4l_device_t;
|
|
Chris PeBenito |
77b81c |
')
|
|
Chris PeBenito |
77b81c |
|
|
Chris PeBenito |
c0868a |
read_chr_files_pattern($1,device_t,v4l_device_t)
|
|
Chris PeBenito |
77b81c |
')
|
|
Chris PeBenito |
77b81c |
|
|
Chris PeBenito |
77b81c |
########################################
|
|
Chris PeBenito |
77b81c |
## <summary>
|
|
Chris PeBenito |
12217c |
## Write the video4linux devices.
|
|
Chris PeBenito |
12217c |
## </summary>
|
|
Chris PeBenito |
12217c |
## <param name="domain">
|
|
Chris PeBenito |
12217c |
## <summary>
|
|
Chris PeBenito |
12217c |
## Domain allowed access.
|
|
Chris PeBenito |
12217c |
## </summary>
|
|
Chris PeBenito |
12217c |
## </param>
|
|
Chris PeBenito |
12217c |
#
|
|
Chris PeBenito |
12217c |
interface(`dev_write_video_dev',`
|
|
Chris PeBenito |
12217c |
gen_require(`
|
|
Chris PeBenito |
12217c |
type device_t, v4l_device_t;
|
|
Chris PeBenito |
12217c |
')
|
|
Chris PeBenito |
12217c |
|
|
Chris PeBenito |
12217c |
write_chr_files_pattern($1,device_t,v4l_device_t)
|
|
Chris PeBenito |
12217c |
')
|
|
Chris PeBenito |
12217c |
|
|
Chris PeBenito |
12217c |
########################################
|
|
Chris PeBenito |
12217c |
## <summary>
|
|
Chris PeBenito |
a6a638 |
## Read and write VMWare devices.
|
|
Chris PeBenito |
a6a638 |
## </summary>
|
|
Chris PeBenito |
a6a638 |
## <param name="domain">
|
|
Chris PeBenito |
a6a638 |
## <summary>
|
|
Chris PeBenito |
a6a638 |
## Domain allowed access.
|
|
Chris PeBenito |
a6a638 |
## </summary>
|
|
Chris PeBenito |
a6a638 |
## </param>
|
|
Chris PeBenito |
a6a638 |
#
|
|
Chris PeBenito |
a6a638 |
interface(`dev_rw_vmware',`
|
|
Chris PeBenito |
a6a638 |
gen_require(`
|
|
Chris PeBenito |
a6a638 |
type device_t, vmware_device_t;
|
|
Chris PeBenito |
a6a638 |
')
|
|
Chris PeBenito |
a6a638 |
|
|
Chris PeBenito |
c0868a |
rw_chr_files_pattern($1,device_t,vmware_device_t)
|
|
Chris PeBenito |
a6a638 |
')
|
|
Chris PeBenito |
a6a638 |
|
|
Chris PeBenito |
a6a638 |
########################################
|
|
Chris PeBenito |
a6a638 |
## <summary>
|
|
Chris PeBenito |
03d797 |
## Read, write, and mmap VMWare devices.
|
|
Chris PeBenito |
03d797 |
## </summary>
|
|
Chris PeBenito |
03d797 |
## <param name="domain">
|
|
Chris PeBenito |
03d797 |
## <summary>
|
|
Chris PeBenito |
03d797 |
## Domain allowed access.
|
|
Chris PeBenito |
03d797 |
## </summary>
|
|
Chris PeBenito |
03d797 |
## </param>
|
|
Chris PeBenito |
03d797 |
#
|
|
Chris PeBenito |
03d797 |
interface(`dev_rwx_vmware',`
|
|
Chris PeBenito |
03d797 |
gen_require(`
|
|
Chris PeBenito |
03d797 |
type device_t, vmware_device_t;
|
|
Chris PeBenito |
03d797 |
')
|
|
Chris PeBenito |
03d797 |
|
|
Chris PeBenito |
c0868a |
dev_rw_vmware($1)
|
|
Chris PeBenito |
c0868a |
allow $1 vmware_device_t:chr_file execute;
|
|
Chris PeBenito |
03d797 |
')
|
|
Chris PeBenito |
03d797 |
|
|
Chris PeBenito |
03d797 |
########################################
|
|
Chris PeBenito |
03d797 |
## <summary>
|
|
Chris PeBenito |
d592b6 |
## Write to watchdog devices.
|
|
Chris PeBenito |
d592b6 |
## </summary>
|
|
Chris PeBenito |
d592b6 |
## <param name="domain">
|
|
Chris PeBenito |
d592b6 |
## <summary>
|
|
Chris PeBenito |
d592b6 |
## Domain allowed access.
|
|
Chris PeBenito |
d592b6 |
## </summary>
|
|
Chris PeBenito |
d592b6 |
## </param>
|
|
Chris PeBenito |
d592b6 |
#
|
|
Chris PeBenito |
d592b6 |
interface(`dev_write_watchdog',`
|
|
Chris PeBenito |
d592b6 |
gen_require(`
|
|
Chris PeBenito |
d592b6 |
type device_t, watchdog_device_t;
|
|
Chris PeBenito |
d592b6 |
')
|
|
Chris PeBenito |
d592b6 |
|
|
Chris PeBenito |
c0868a |
write_chr_files_pattern($1,device_t,watchdog_device_t)
|
|
Chris PeBenito |
d592b6 |
')
|
|
Chris PeBenito |
d592b6 |
|
|
Chris PeBenito |
d592b6 |
########################################
|
|
Chris PeBenito |
d592b6 |
## <summary>
|
|
Chris PeBenito |
a3cf80 |
## Read and write Xen devices.
|
|
Chris PeBenito |
a3cf80 |
## </summary>
|
|
Chris PeBenito |
a3cf80 |
## <param name="domain">
|
|
Chris PeBenito |
a3cf80 |
## <summary>
|
|
Chris PeBenito |
a3cf80 |
## Domain allowed access.
|
|
Chris PeBenito |
a3cf80 |
## </summary>
|
|
Chris PeBenito |
a3cf80 |
## </param>
|
|
Chris PeBenito |
a3cf80 |
#
|
|
Chris PeBenito |
a3cf80 |
interface(`dev_rw_xen',`
|
|
Chris PeBenito |
a3cf80 |
gen_require(`
|
|
Chris PeBenito |
a3cf80 |
type device_t, xen_device_t;
|
|
Chris PeBenito |
a3cf80 |
')
|
|
Chris PeBenito |
a3cf80 |
|
|
Chris PeBenito |
c0868a |
rw_chr_files_pattern($1,device_t,xen_device_t)
|
|
Chris PeBenito |
a3cf80 |
')
|
|
Chris PeBenito |
a3cf80 |
|
|
Chris PeBenito |
a3cf80 |
########################################
|
|
Chris PeBenito |
a3cf80 |
## <summary>
|
|
Chris PeBenito |
a3cf80 |
## Create, read, write, and delete Xen devices.
|
|
Chris PeBenito |
a3cf80 |
## </summary>
|
|
Chris PeBenito |
a3cf80 |
## <param name="domain">
|
|
Chris PeBenito |
a3cf80 |
## <summary>
|
|
Chris PeBenito |
a3cf80 |
## Domain allowed access.
|
|
Chris PeBenito |
a3cf80 |
## </summary>
|
|
Chris PeBenito |
a3cf80 |
## </param>
|
|
Chris PeBenito |
a3cf80 |
#
|
|
Chris PeBenito |
a3cf80 |
interface(`dev_manage_xen',`
|
|
Chris PeBenito |
a3cf80 |
gen_require(`
|
|
Chris PeBenito |
a3cf80 |
type device_t, xen_device_t;
|
|
Chris PeBenito |
a3cf80 |
')
|
|
Chris PeBenito |
a3cf80 |
|
|
Chris PeBenito |
c0868a |
manage_chr_files_pattern($1,device_t,xen_device_t)
|
|
Chris PeBenito |
a3cf80 |
')
|
|
Chris PeBenito |
a3cf80 |
|
|
Chris PeBenito |
a3cf80 |
########################################
|
|
Chris PeBenito |
a3cf80 |
## <summary>
|
|
Chris PeBenito |
a3cf80 |
## Automatic type transition to the type
|
|
Chris PeBenito |
a3cf80 |
## for xen device nodes when created in /dev.
|
|
Chris PeBenito |
a3cf80 |
## </summary>
|
|
Chris PeBenito |
a3cf80 |
## <param name="domain">
|
|
Chris PeBenito |
a3cf80 |
## <summary>
|
|
Chris PeBenito |
a3cf80 |
## Domain allowed access.
|
|
Chris PeBenito |
a3cf80 |
## </summary>
|
|
Chris PeBenito |
a3cf80 |
## </param>
|
|
Chris PeBenito |
a3cf80 |
#
|
|
Chris PeBenito |
a3cf80 |
interface(`dev_filetrans_xen',`
|
|
Chris PeBenito |
a3cf80 |
gen_require(`
|
|
Chris PeBenito |
a3cf80 |
type device_t, xen_device_t;
|
|
Chris PeBenito |
a3cf80 |
')
|
|
Chris PeBenito |
a3cf80 |
|
|
Chris PeBenito |
c0868a |
filetrans_pattern($1,device_t,xen_device_t,chr_file)
|
|
Chris PeBenito |
a3cf80 |
')
|
|
Chris PeBenito |
a3cf80 |
|
|
Chris PeBenito |
a3cf80 |
########################################
|
|
Chris PeBenito |
a3cf80 |
## <summary>
|
|
Chris PeBenito |
cf6a7d |
## Get the attributes of X server miscellaneous devices.
|
|
Chris PeBenito |
cf6a7d |
## </summary>
|
|
Chris PeBenito |
cf6a7d |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
cf6a7d |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
cf6a7d |
## </param>
|
|
Chris PeBenito |
cf6a7d |
#
|
|
Chris PeBenito |
cf6a7d |
interface(`dev_getattr_xserver_misc_dev',`
|
|
Chris PeBenito |
cf6a7d |
gen_require(`
|
|
Chris PeBenito |
cf6a7d |
type device_t, xserver_misc_device_t;
|
|
Chris PeBenito |
cf6a7d |
')
|
|
Chris PeBenito |
cf6a7d |
|
|
Chris PeBenito |
c0868a |
getattr_chr_files_pattern($1,device_t,xserver_misc_device_t)
|
|
Chris PeBenito |
cf6a7d |
')
|
|
Chris PeBenito |
cf6a7d |
|
|
Chris PeBenito |
cf6a7d |
########################################
|
|
Chris PeBenito |
cf6a7d |
## <summary>
|
|
Chris PeBenito |
cf6a7d |
## Set the attributes of X server miscellaneous devices.
|
|
Chris PeBenito |
cf6a7d |
## </summary>
|
|
Chris PeBenito |
cf6a7d |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
cf6a7d |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
cf6a7d |
## </param>
|
|
Chris PeBenito |
cf6a7d |
#
|
|
Chris PeBenito |
cf6a7d |
interface(`dev_setattr_xserver_misc_dev',`
|
|
Chris PeBenito |
cf6a7d |
gen_require(`
|
|
Chris PeBenito |
cf6a7d |
type device_t, xserver_misc_device_t;
|
|
Chris PeBenito |
cf6a7d |
')
|
|
Chris PeBenito |
cf6a7d |
|
|
Chris PeBenito |
c0868a |
setattr_chr_files_pattern($1,device_t,xserver_misc_device_t)
|
|
Chris PeBenito |
cf6a7d |
')
|
|
Chris PeBenito |
cf6a7d |
|
|
Chris PeBenito |
cf6a7d |
########################################
|
|
Chris PeBenito |
cf6a7d |
## <summary>
|
|
Chris PeBenito |
2ce6b0 |
## Read and write X server miscellaneous devices.
|
|
Chris PeBenito |
2ce6b0 |
## </summary>
|
|
Chris PeBenito |
2ce6b0 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
2ce6b0 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
2ce6b0 |
## </param>
|
|
Chris PeBenito |
2ce6b0 |
#
|
|
Chris PeBenito |
207c47 |
interface(`dev_rw_xserver_misc',`
|
|
Chris PeBenito |
2ce6b0 |
gen_require(`
|
|
Chris PeBenito |
2ce6b0 |
type device_t, xserver_misc_device_t;
|
|
Chris PeBenito |
2ce6b0 |
')
|
|
Chris PeBenito |
2ce6b0 |
|
|
Chris PeBenito |
c0868a |
rw_chr_files_pattern($1,device_t,xserver_misc_device_t)
|
|
Chris PeBenito |
2ce6b0 |
')
|
|
Chris PeBenito |
2ce6b0 |
|
|
Chris PeBenito |
2ce6b0 |
########################################
|
|
Chris PeBenito |
2ce6b0 |
## <summary>
|
|
Chris PeBenito |
f136a9 |
## Read and write to the zero device (/dev/zero).
|
|
Chris PeBenito |
f136a9 |
## </summary>
|
|
Chris PeBenito |
f136a9 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
f136a9 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
f136a9 |
## </param>
|
|
Chris PeBenito |
f136a9 |
#
|
|
Chris PeBenito |
207c47 |
interface(`dev_rw_zero',`
|
|
Chris PeBenito |
f136a9 |
gen_require(`
|
|
Chris PeBenito |
f136a9 |
type device_t, zero_device_t;
|
|
Chris PeBenito |
f136a9 |
')
|
|
Chris PeBenito |
f136a9 |
|
|
Chris PeBenito |
c0868a |
rw_chr_files_pattern($1,device_t,zero_device_t)
|
|
Chris PeBenito |
f136a9 |
')
|
|
Chris PeBenito |
f136a9 |
|
|
Chris PeBenito |
f136a9 |
########################################
|
|
Chris PeBenito |
f136a9 |
## <summary>
|
|
Chris PeBenito |
f136a9 |
## Read, write, and execute the zero device (/dev/zero).
|
|
Chris PeBenito |
f136a9 |
## </summary>
|
|
Chris PeBenito |
f136a9 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
f136a9 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
f136a9 |
## </param>
|
|
Chris PeBenito |
f136a9 |
#
|
|
Chris PeBenito |
207c47 |
interface(`dev_rwx_zero',`
|
|
Chris PeBenito |
f136a9 |
gen_require(`
|
|
Chris PeBenito |
f136a9 |
type zero_device_t;
|
|
Chris PeBenito |
f136a9 |
')
|
|
Chris PeBenito |
f136a9 |
|
|
Chris PeBenito |
207c47 |
dev_rw_zero($1)
|
|
Chris PeBenito |
f136a9 |
allow $1 zero_device_t:chr_file execute;
|
|
Chris PeBenito |
f136a9 |
')
|
|
Chris PeBenito |
f136a9 |
|
|
Chris PeBenito |
f136a9 |
########################################
|
|
Chris PeBenito |
f136a9 |
## <summary>
|
|
Chris PeBenito |
77b81c |
## Execmod the zero device (/dev/zero).
|
|
Chris PeBenito |
77b81c |
## </summary>
|
|
Chris PeBenito |
77b81c |
## <param name="domain">
|
|
Chris PeBenito |
77b81c |
## <summary>
|
|
Chris PeBenito |
77b81c |
## Domain allowed access.
|
|
Chris PeBenito |
77b81c |
## </summary>
|
|
Chris PeBenito |
77b81c |
## </param>
|
|
Chris PeBenito |
77b81c |
#
|
|
Chris PeBenito |
77b81c |
interface(`dev_execmod_zero',`
|
|
Chris PeBenito |
77b81c |
gen_require(`
|
|
Chris PeBenito |
77b81c |
type zero_device_t;
|
|
Chris PeBenito |
77b81c |
')
|
|
Chris PeBenito |
77b81c |
|
|
Chris PeBenito |
77b81c |
dev_rw_zero($1)
|
|
Chris PeBenito |
77b81c |
allow $1 zero_device_t:chr_file execmod;
|
|
Chris PeBenito |
77b81c |
')
|
|
Chris PeBenito |
77b81c |
|
|
Chris PeBenito |
77b81c |
########################################
|
|
Chris PeBenito |
77b81c |
## <summary>
|
|
Chris PeBenito |
d15dd5 |
## Create the zero device (/dev/zero).
|
|
Chris PeBenito |
d15dd5 |
## </summary>
|
|
Chris PeBenito |
d15dd5 |
## <param name="domain">
|
|
Chris PeBenito |
d15dd5 |
## <summary>
|
|
Chris PeBenito |
d15dd5 |
## Domain allowed access.
|
|
Chris PeBenito |
d15dd5 |
## </summary>
|
|
Chris PeBenito |
d15dd5 |
## </param>
|
|
Chris PeBenito |
d15dd5 |
#
|
|
Chris PeBenito |
d15dd5 |
interface(`dev_create_zero_dev',`
|
|
Chris PeBenito |
d15dd5 |
gen_require(`
|
|
Chris PeBenito |
d15dd5 |
type device_t, zero_device_t;
|
|
Chris PeBenito |
d15dd5 |
')
|
|
Chris PeBenito |
d15dd5 |
|
|
Chris PeBenito |
c0868a |
create_chr_files_pattern($1,device_t,zero_device_t)
|
|
Chris PeBenito |
d15dd5 |
')
|
|
Chris PeBenito |
d15dd5 |
|
|
Chris PeBenito |
d15dd5 |
########################################
|
|
Chris PeBenito |
d15dd5 |
## <summary>
|
|
Chris PeBenito |
9726b3 |
## Unconfined access to devices.
|
|
Chris PeBenito |
9726b3 |
## </summary>
|
|
Chris PeBenito |
9726b3 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
9726b3 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
9726b3 |
## </param>
|
|
Chris PeBenito |
9726b3 |
#
|
|
Chris PeBenito |
9726b3 |
interface(`dev_unconfined',`
|
|
Chris PeBenito |
9726b3 |
gen_require(`
|
|
Chris PeBenito |
b518fc |
attribute devices_unconfined_type;
|
|
Chris PeBenito |
9726b3 |
')
|
|
Chris PeBenito |
9726b3 |
|
|
Chris PeBenito |
b518fc |
typeattribute $1 devices_unconfined_type;
|
|
Chris PeBenito |
9726b3 |
')
|