Karl MacMillan 870049
## <summary>
Chris PeBenito 414e41
## Device nodes and interfaces for many basic system devices.
Karl MacMillan 870049
## </summary>
Chris PeBenito 261e0e
## <desc>
Chris PeBenito 414e41
## 

Chris PeBenito 414e41
## This module creates the device node concept and provides
Chris PeBenito 414e41
## the policy for many of the device files. Notable exceptions are
Chris PeBenito 414e41
## the mass storage and terminal devices that are covered by other
Chris PeBenito 414e41
## modules.
Chris PeBenito 414e41
## 

Chris PeBenito 414e41
## 

Chris PeBenito 414e41
## This module creates the concept of a device node. That is a
Chris PeBenito 414e41
## char or block device file, usually in /dev. All types that
Chris PeBenito 414e41
## are used to label device nodes should use the dev_node macro.
Chris PeBenito 414e41
## 

Chris PeBenito 414e41
## 

Chris PeBenito 414e41
## Additionally, this module controls access to three things:
Chris PeBenito 414e41
##	
    Chris PeBenito 414e41
    ##		
  • the device directories containing device nodes
  • Chris PeBenito 414e41
    ##		
  • device nodes as a group
  • Chris PeBenito 414e41
    ##		
  • individual access to specific device nodes covered by
  • Chris PeBenito 414e41
    ##		this module.
    Chris PeBenito 414e41
    ##	
    Chris PeBenito 414e41
    ## 

    Chris PeBenito 261e0e
    ## </desc>
    Chris PeBenito fb0a3a
    ## <required val="true">
    Chris PeBenito fb0a3a
    ##	Depended on by other required modules.
    Chris PeBenito fb0a3a
    ## </required>
    Karl MacMillan f0c985
    Karl MacMillan f0c985
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito 414e41
    ##	Make the passed in type a type appropriate for
    Chris PeBenito 414e41
    ##	use on device nodes (usually files in /dev).
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="object_type">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	The object type that will be used on device nodes.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito b4cd15
    #
    Chris PeBenito 199895
    interface(`dev_node',`
    Chris PeBenito 7a2f20
    	gen_require(`
    Chris PeBenito 7a2f20
    		attribute device_node;
    Chris PeBenito 7a2f20
    	')
    Chris PeBenito 419699
    Chris PeBenito 419699
    	typeattribute $1 device_node;
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Chris PeBenito b4cd15
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito 414e41
    ##	Allow full relabeling (to and from) of all device nodes.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain allowed to relabel.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito bbcd3c
    ## <rolecap/>
    Chris PeBenito b4cd15
    #
    Chris PeBenito 199895
    interface(`dev_relabel_all_dev_nodes',`
    Chris PeBenito 7a2f20
    	gen_require(`
    Chris PeBenito 7a2f20
    		attribute device_node;
    Chris PeBenito 7a2f20
    		type device_t;
    Chris PeBenito 7a2f20
    	')
    Chris PeBenito 419699
    Chris PeBenito c0868a
    	relabelfrom_dirs_pattern($1,device_t,device_node)
    Chris PeBenito c0868a
    	relabelfrom_files_pattern($1,device_t,device_node)
    Chris PeBenito c0868a
    	relabelfrom_lnk_files_pattern($1,device_t,device_node)
    Chris PeBenito c0868a
    	relabelfrom_fifo_files_pattern($1,device_t,device_node)
    Chris PeBenito c0868a
    	relabelfrom_sock_files_pattern($1,device_t,device_node)
    Chris PeBenito c0868a
    	relabel_blk_files_pattern($1,device_t,{ device_t device_node })
    Chris PeBenito c0868a
    	relabel_chr_files_pattern($1,device_t,{ device_t device_node })
    Chris PeBenito ee5772
    ')
    Chris PeBenito ee5772
    Chris PeBenito ee5772
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito 414e41
    ##	List all of the device nodes in a device directory.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain allowed to list device nodes.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito ee5772
    #
    Chris PeBenito 199895
    interface(`dev_list_all_dev_nodes',`
    Chris PeBenito cbc9d6
    	gen_require(`
    Chris PeBenito cbc9d6
    		type device_t;
    Chris PeBenito cbc9d6
    	')
    Chris PeBenito 419699
    Chris PeBenito c0868a
    Chris PeBenito c0868a
    	list_dirs_pattern($1,device_t,device_t)
    Chris PeBenito c0868a
    	read_lnk_files_pattern($1,device_t,device_t)
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Chris PeBenito b4cd15
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito a42ca7
    ##	Set the attributes of /dev directories.
    Chris PeBenito a42ca7
    ## </summary>
    Chris PeBenito a42ca7
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito a42ca7
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito a42ca7
    ## </param>
    Chris PeBenito a42ca7
    #
    Chris PeBenito 207c47
    interface(`dev_setattr_generic_dirs',`
    Chris PeBenito a42ca7
    	gen_require(`
    Chris PeBenito a42ca7
    		type device_t;
    Chris PeBenito a42ca7
    	')
    Chris PeBenito a42ca7
    Chris PeBenito c0868a
    	setattr_dirs_pattern($1,device_t,device_t)
    Chris PeBenito a42ca7
    ')
    Chris PeBenito a42ca7
    Chris PeBenito a42ca7
    ########################################
    Chris PeBenito a42ca7
    ## <summary>
    Chris PeBenito 414e41
    ##	Dontaudit attempts to list all device nodes.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain to dontaudit listing of device nodes.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito b4cd15
    #
    Chris PeBenito 199895
    interface(`dev_dontaudit_list_all_dev_nodes',`
    Chris PeBenito cbc9d6
    	gen_require(`
    Chris PeBenito cbc9d6
    		type device_t;
    Chris PeBenito cbc9d6
    	')
    Chris PeBenito 419699
    Chris PeBenito c0868a
    	dontaudit $1 device_t:dir list_dir_perms;
    Chris PeBenito c0868a
    ')
    Chris PeBenito c0868a
    Chris PeBenito c0868a
    ########################################
    Chris PeBenito c0868a
    ## <summary>
    Chris PeBenito c0868a
    ##	Add entries to directories in /dev.
    Chris PeBenito c0868a
    ## </summary>
    Chris PeBenito c0868a
    ## <param name="domain">
    Chris PeBenito c0868a
    ##	<summary>
    Chris PeBenito c0868a
    ##	Domain allowed to add entries.
    Chris PeBenito c0868a
    ##	</summary>
    Chris PeBenito c0868a
    ## </param>
    Chris PeBenito c0868a
    #
    Chris PeBenito c0868a
    interface(`dev_add_entry_generic_dirs',`
    Chris PeBenito c0868a
    	gen_require(`
    Chris PeBenito c0868a
    		type device_t;
    Chris PeBenito c0868a
    	')
    Chris PeBenito c0868a
    Chris PeBenito c0868a
    	allow $1 device_t:dir add_entry_dir_perms;
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Chris PeBenito c3dff2
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito 414e41
    ##	Create a directory in the device directory.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain allowed to create the directory.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito c3dff2
    #
    Chris PeBenito 207c47
    interface(`dev_create_generic_dirs',`
    Chris PeBenito cbc9d6
    	gen_require(`
    Chris PeBenito cbc9d6
    		type device_t;
    Chris PeBenito cbc9d6
    	')
    Chris PeBenito 419699
    Chris PeBenito c0868a
    	create_dirs_pattern($1,device_t,device_t)
    Chris PeBenito 129318
    ')
    Chris PeBenito 129318
    Chris PeBenito 129318
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito bf469d
    ##	Delete a directory in the device directory.
    Chris PeBenito bf469d
    ## </summary>
    Chris PeBenito bf469d
    ## <param name="domain">
    Chris PeBenito bf469d
    ##	<summary>
    Chris PeBenito bf469d
    ##	Domain allowed to create the directory.
    Chris PeBenito bf469d
    ##	</summary>
    Chris PeBenito bf469d
    ## </param>
    Chris PeBenito bf469d
    #
    Chris PeBenito bf469d
    interface(`dev_delete_generic_dirs',`
    Chris PeBenito bf469d
    	gen_require(`
    Chris PeBenito bf469d
    		type device_t;
    Chris PeBenito bf469d
    	')
    Chris PeBenito bf469d
    Chris PeBenito c0868a
    	delete_dirs_pattern($1,device_t,device_t)
    Chris PeBenito bf469d
    ')
    Chris PeBenito bf469d
    Chris PeBenito bf469d
    ########################################
    Chris PeBenito bf469d
    ## <summary>
    Chris PeBenito 414e41
    ##	Allow full relabeling (to and from) of directories in /dev.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain allowed to relabel.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito c9428d
    #
    Chris PeBenito 207c47
    interface(`dev_relabel_generic_dev_dirs',`
    Chris PeBenito cbc9d6
    	gen_require(`
    Chris PeBenito cbc9d6
    		type device_t;
    Chris PeBenito cbc9d6
    	')
    Chris PeBenito c9428d
    Chris PeBenito c0868a
    	relabel_dirs_pattern($1,device_t,device_t)
    Chris PeBenito c9428d
    ')
    Chris PeBenito c9428d
    Chris PeBenito c9428d
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito bff907
    ##	dontaudit getattr generic files in /dev.
    Chris PeBenito bff907
    ## </summary>
    Chris PeBenito bff907
    ## <param name="domain">
    Chris PeBenito bff907
    ##	<summary>
    Chris PeBenito bff907
    ##	Domain to not audit.
    Chris PeBenito bff907
    ##	</summary>
    Chris PeBenito bff907
    ## </param>
    Chris PeBenito bff907
    #
    Chris PeBenito bff907
    interface(`dev_dontaudit_getattr_generic_files',`
    Chris PeBenito bff907
    	gen_require(`
    Chris PeBenito bff907
    		type device_t;
    Chris PeBenito bff907
    	')
    Chris PeBenito bff907
    Chris PeBenito bff907
    	dontaudit $1 device_t:file getattr;
    Chris PeBenito bff907
    ')
    Chris PeBenito bff907
    Chris PeBenito bff907
    ########################################
    Chris PeBenito bff907
    ## <summary>
    Chris PeBenito ae9e27
    ##	Read and write generic files in /dev.
    Chris PeBenito ae9e27
    ## </summary>
    Chris PeBenito ae9e27
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito ae9e27
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito ae9e27
    ## </param>
    Chris PeBenito ae9e27
    #
    Chris PeBenito 207c47
    interface(`dev_rw_generic_files',`
    Chris PeBenito ae9e27
    	gen_require(`
    Chris PeBenito ae9e27
    		type device_t;
    Chris PeBenito ae9e27
    	')
    Chris PeBenito ae9e27
    Chris PeBenito c0868a
    	rw_files_pattern($1,device_t,device_t)
    Chris PeBenito ae9e27
    ')
    Chris PeBenito ae9e27
    Chris PeBenito ae9e27
    ########################################
    Chris PeBenito ae9e27
    ## <summary>
    Chris PeBenito 98a8ea
    ##	Delete generic files in /dev.
    Chris PeBenito 98a8ea
    ## </summary>
    Chris PeBenito 98a8ea
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 98a8ea
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 98a8ea
    ## </param>
    Chris PeBenito 98a8ea
    #
    Chris PeBenito 207c47
    interface(`dev_delete_generic_files',`
    Chris PeBenito 98a8ea
    	gen_require(`
    Chris PeBenito 98a8ea
    		type device_t;
    Chris PeBenito 98a8ea
    	')
    Chris PeBenito 98a8ea
    Chris PeBenito c0868a
    	delete_files_pattern($1,device_t,device_t)
    Chris PeBenito 98a8ea
    ')
    Chris PeBenito 98a8ea
    Chris PeBenito 98a8ea
    ########################################
    Chris PeBenito 46c69c
    ## <summary>
    Chris PeBenito 46c69c
    ##	Create a file in the device directory.
    Chris PeBenito 46c69c
    ## </summary>
    Chris PeBenito 46c69c
    ## <param name="domain">
    Chris PeBenito 46c69c
    ##	<summary>
    Chris PeBenito 46c69c
    ##	Domain allowed to create the files.
    Chris PeBenito 46c69c
    ##	</summary>
    Chris PeBenito 46c69c
    ## </param>
    Chris PeBenito 46c69c
    #
    Chris PeBenito 46c69c
    interface(`dev_manage_generic_files',`
    Chris PeBenito 46c69c
    	gen_require(`
    Chris PeBenito 46c69c
    		type device_t;
    Chris PeBenito 46c69c
    	')
    Chris PeBenito 46c69c
    Chris PeBenito c0868a
    	manage_files_pattern($1,device_t,device_t)
    Chris PeBenito 46c69c
    ')
    Chris PeBenito 46c69c
    Chris PeBenito 46c69c
    ########################################
    Chris PeBenito 98a8ea
    ## <summary>
    Chris PeBenito 414e41
    ##	Dontaudit getattr on generic pipes.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain to dontaudit.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito 129318
    #
    Chris PeBenito 207c47
    interface(`dev_dontaudit_getattr_generic_pipes',`
    Chris PeBenito cbc9d6
    	gen_require(`
    Chris PeBenito cbc9d6
    		type device_t;
    Chris PeBenito cbc9d6
    	')
    Chris PeBenito 419699
    Chris PeBenito 419699
    	dontaudit $1 device_t:fifo_file getattr;
    Chris PeBenito f5c42b
    ')
    Chris PeBenito f5c42b
    Chris PeBenito f5c42b
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito 414e41
    ##	Allow getattr on generic block devices.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito f5c42b
    #
    Chris PeBenito 207c47
    interface(`dev_getattr_generic_blk_files',`
    Chris PeBenito cbc9d6
    	gen_require(`
    Chris PeBenito cbc9d6
    		type device_t;
    Chris PeBenito cbc9d6
    	')
    Chris PeBenito 419699
    Chris PeBenito c0868a
    	getattr_blk_files_pattern($1,device_t,device_t)
    Chris PeBenito c3dff2
    ')
    Chris PeBenito c3dff2
    Chris PeBenito 7bba9d
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito 414e41
    ##	Dontaudit getattr on generic block devices.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain to dontaudit access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito 7bba9d
    #
    Chris PeBenito 207c47
    interface(`dev_dontaudit_getattr_generic_blk_files',`
    Chris PeBenito cbc9d6
    	gen_require(`
    Chris PeBenito cbc9d6
    		type device_t;
    Chris PeBenito cbc9d6
    	')
    Chris PeBenito 419699
    Chris PeBenito 419699
    	dontaudit $1 device_t:blk_file getattr;
    Chris PeBenito 7bba9d
    ')
    Chris PeBenito 7bba9d
    Chris PeBenito 7bba9d
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito 414e41
    ##	Dontaudit setattr on generic block devices.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain to dontaudit access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito 7a2f20
    #
    Chris PeBenito 207c47
    interface(`dev_dontaudit_setattr_generic_blk_files',`
    Chris PeBenito 7a2f20
    	gen_require(`
    Chris PeBenito 7a2f20
    		type device_t;
    Chris PeBenito 7a2f20
    	')
    Chris PeBenito 7a2f20
    Chris PeBenito 7a2f20
    	dontaudit $1 device_t:blk_file setattr;
    Chris PeBenito 7a2f20
    ')
    Chris PeBenito 7a2f20
    Chris PeBenito 7a2f20
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito 414e41
    ##	Allow read, write, and create for generic character device files.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito d115b2
    #
    Chris PeBenito 207c47
    interface(`dev_create_generic_chr_files',`
    Chris PeBenito cbc9d6
    	gen_require(`
    Chris PeBenito cbc9d6
    		type device_t;
    Chris PeBenito cbc9d6
    	')
    Chris PeBenito 419699
    Chris PeBenito c0868a
    	create_chr_files_pattern($1,device_t,device_t)
    Chris PeBenito f5c42b
    ')
    Chris PeBenito f5c42b
    Chris PeBenito f5c42b
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito 414e41
    ##	Allow getattr for generic character device files.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito f5c42b
    #
    Chris PeBenito 207c47
    interface(`dev_getattr_generic_chr_files',`
    Chris PeBenito cbc9d6
    	gen_require(`
    Chris PeBenito cbc9d6
    		type device_t;
    Chris PeBenito cbc9d6
    	')
    Chris PeBenito 419699
    Chris PeBenito c0868a
    	getattr_chr_files_pattern($1,device_t,device_t)
    Chris PeBenito c3dff2
    ')
    Chris PeBenito c3dff2
    Chris PeBenito c3dff2
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito 414e41
    ##	Dontaudit getattr for generic character device files.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain to dontaudit access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito c3dff2
    #
    Chris PeBenito 207c47
    interface(`dev_dontaudit_getattr_generic_chr_files',`
    Chris PeBenito cbc9d6
    	gen_require(`
    Chris PeBenito cbc9d6
    		type device_t;
    Chris PeBenito cbc9d6
    	')
    Chris PeBenito 419699
    Chris PeBenito 419699
    	dontaudit $1 device_t:chr_file getattr;
    Chris PeBenito 7bba9d
    ')
    Chris PeBenito 7bba9d
    Chris PeBenito 7bba9d
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito 414e41
    ##	Dontaudit setattr for generic character device files.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain to dontaudit access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito 7a2f20
    #
    Chris PeBenito 207c47
    interface(`dev_dontaudit_setattr_generic_chr_files',`
    Chris PeBenito 7a2f20
    	gen_require(`
    Chris PeBenito 7a2f20
    		type device_t;
    Chris PeBenito 7a2f20
    	')
    Chris PeBenito 7a2f20
    Chris PeBenito 7a2f20
    	dontaudit $1 device_t:chr_file setattr;
    Chris PeBenito 7a2f20
    ')
    Chris PeBenito 7a2f20
    Chris PeBenito 7a2f20
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito ae9e27
    ##	Do not audit attempts to set the attributes
    Chris PeBenito ae9e27
    ##	of symbolic links in device directories (/dev).
    Chris PeBenito ae9e27
    ## </summary>
    Chris PeBenito ae9e27
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito ae9e27
    ##	Domain to not audit.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito ae9e27
    ## </param>
    Chris PeBenito ae9e27
    #
    Chris PeBenito 207c47
    interface(`dev_dontaudit_setattr_generic_symlinks',`
    Chris PeBenito ae9e27
    	gen_require(`
    Chris PeBenito ae9e27
    		type device_t;
    Chris PeBenito ae9e27
    	')
    Chris PeBenito ae9e27
    Chris PeBenito ae9e27
    	dontaudit $1 device_t:lnk_file setattr;
    Chris PeBenito ae9e27
    ')
    Chris PeBenito ae9e27
    Chris PeBenito ae9e27
    ########################################
    Chris PeBenito ae9e27
    ## <summary>
    Chris PeBenito bbcd3c
    ##	Create symbolic links in device directories.
    Chris PeBenito bbcd3c
    ## </summary>
    Chris PeBenito bbcd3c
    ## <param name="domain">
    Chris PeBenito bbcd3c
    ##	<summary>
    Chris PeBenito bbcd3c
    ##	Domain allowed access.
    Chris PeBenito bbcd3c
    ##	</summary>
    Chris PeBenito bbcd3c
    ## </param>
    Chris PeBenito bbcd3c
    #
    Chris PeBenito bbcd3c
    interface(`dev_create_generic_symlinks',`
    Chris PeBenito bbcd3c
    	gen_require(`
    Chris PeBenito bbcd3c
    		type device_t;
    Chris PeBenito bbcd3c
    	')
    Chris PeBenito bbcd3c
    Chris PeBenito c0868a
    	create_lnk_files_pattern($1,device_t,device_t)
    Chris PeBenito bbcd3c
    ')
    Chris PeBenito bbcd3c
    Chris PeBenito bbcd3c
    ########################################
    Chris PeBenito bbcd3c
    ## <summary>
    Chris PeBenito 414e41
    ##	Delete symbolic links in device directories.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito dc771f
    #
    Chris PeBenito 207c47
    interface(`dev_delete_generic_symlinks',`
    Chris PeBenito 7a2f20
    	gen_require(`
    Chris PeBenito 7a2f20
    		type device_t;
    Chris PeBenito 7a2f20
    	')
    Chris PeBenito 419699
    Chris PeBenito c0868a
    	delete_lnk_files_pattern($1,device_t,device_t)
    Chris PeBenito dc771f
    ')
    Chris PeBenito dc771f
    Chris PeBenito dc771f
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito 414e41
    ##	Create, delete, read, and write symbolic links in device directories.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito 7bba9d
    #
    Chris PeBenito 199895
    interface(`dev_manage_generic_symlinks',`
    Chris PeBenito 7a2f20
    	gen_require(`
    Chris PeBenito 7a2f20
    		type device_t;
    Chris PeBenito 7a2f20
    	')
    Chris PeBenito 419699
    Chris PeBenito c0868a
    	manage_lnk_files_pattern($1,device_t,device_t)
    Chris PeBenito 7bba9d
    ')
    Chris PeBenito 7bba9d
    Chris PeBenito b4cd15
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito 783b38
    ##	Relabel symbolic links in device directories.
    Chris PeBenito 783b38
    ## </summary>
    Chris PeBenito 783b38
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 783b38
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 783b38
    ## </param>
    Chris PeBenito 783b38
    #
    Chris PeBenito 783b38
    interface(`dev_relabel_generic_symlinks',`
    Chris PeBenito 783b38
    	gen_require(`
    Chris PeBenito 783b38
    		type device_t;
    Chris PeBenito 783b38
    	')
    Chris PeBenito 783b38
    Chris PeBenito c0868a
    	relabel_lnk_files_pattern($1,device_t,device_t)
    Chris PeBenito 783b38
    ')
    Chris PeBenito 783b38
    Chris PeBenito 783b38
    ########################################
    Chris PeBenito 783b38
    ## <summary>
    Chris PeBenito 414e41
    ##	Create, delete, read, and write device nodes in device directories.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito b4cd15
    #
    Chris PeBenito 207c47
    interface(`dev_manage_all_dev_nodes',`
    Chris PeBenito cbc9d6
    	gen_require(`
    Chris PeBenito cbc9d6
    		attribute device_node, memory_raw_read, memory_raw_write;
    Chris PeBenito cbc9d6
    		type device_t;
    Chris PeBenito cbc9d6
    	')
    Chris PeBenito 0c73cd
    Chris PeBenito c0868a
    	manage_dirs_pattern($1,device_t,device_t)
    Chris PeBenito c0868a
    	manage_sock_files_pattern($1,device_t,device_t)
    Chris PeBenito c0868a
    	manage_lnk_files_pattern($1,device_t,device_t)
    Chris PeBenito c0868a
    	manage_chr_files_pattern($1,device_t,{ device_t device_node })
    Chris PeBenito c0868a
    	manage_blk_files_pattern($1,device_t,{ device_t device_node })
    Chris PeBenito c0868a
    	relabel_dirs_pattern($1,device_t,device_t)
    Chris PeBenito c0868a
    	relabel_chr_files_pattern($1,device_t,{ device_t device_node })
    Chris PeBenito c0868a
    	relabel_blk_files_pattern($1,device_t,{ device_t device_node })
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	# these next rules are to satisfy assertions broken by the above lines.
    Chris PeBenito 0c73cd
    	# the permissions hopefully can be cut back a lot
    Chris PeBenito 0c73cd
    	storage_raw_read_fixed_disk($1)
    Chris PeBenito 0c73cd
    	storage_raw_write_fixed_disk($1)
    Chris PeBenito 0c73cd
    	storage_read_scsi_generic($1)
    Chris PeBenito 0c73cd
    	storage_write_scsi_generic($1)
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	typeattribute $1 memory_raw_read;
    Chris PeBenito 0c73cd
    	typeattribute $1 memory_raw_write;
    Chris PeBenito 07d6e3
    ')
    Chris PeBenito 07d6e3
    Chris PeBenito 07d6e3
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito 414e41
    ##	Dontaudit getattr for generic device files.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain to dontaudit access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito 07d6e3
    #
    Chris PeBenito 199895
    interface(`dev_dontaudit_rw_generic_dev_nodes',`
    Chris PeBenito cbc9d6
    	gen_require(`
    Chris PeBenito cbc9d6
    		type device_t;
    Chris PeBenito cbc9d6
    	')
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	dontaudit $1 device_t:{ chr_file blk_file } { getattr read write ioctl };
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Chris PeBenito b4cd15
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito 414e41
    ##	Create, delete, read, and write block device files.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito b4cd15
    #
    Chris PeBenito 207c47
    interface(`dev_manage_generic_blk_files',`
    Chris PeBenito cbc9d6
    	gen_require(`
    Chris PeBenito cbc9d6
    		type device_t;
    Chris PeBenito cbc9d6
    	')
    Chris PeBenito 0c73cd
    Chris PeBenito c0868a
    	manage_blk_files_pattern($1,device_t,device_t)
    Chris PeBenito 32e53a
    ')
    Chris PeBenito 32e53a
    Chris PeBenito 32e53a
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito 414e41
    ##	Create, delete, read, and write character device files.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito 32e53a
    #
    Chris PeBenito 207c47
    interface(`dev_manage_generic_chr_files',`
    Chris PeBenito cbc9d6
    	gen_require(`
    Chris PeBenito cbc9d6
    		type device_t;
    Chris PeBenito cbc9d6
    	')
    Chris PeBenito 0c73cd
    Chris PeBenito c0868a
    	manage_chr_files_pattern($1,device_t,device_t)
    Chris PeBenito 32e53a
    ')
    Chris PeBenito 32e53a
    Chris PeBenito 32e53a
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito 414e41
    ##	Create, read, and write device nodes. The node
    Chris PeBenito 414e41
    ##	will be transitioned to the type provided.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito 414e41
    ## <param name="file">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Type to which the created node will be transitioned.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito 414e41
    ## <param name="objectclass(es)">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Object class(es) (single or set including {}) for which this
    Chris PeBenito 414e41
    ##	the transition will occur.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito 32e53a
    #
    Chris PeBenito 103fe2
    interface(`dev_filetrans',`
    Chris PeBenito cbc9d6
    	gen_require(`
    Chris PeBenito cbc9d6
    		type device_t;
    Chris PeBenito cbc9d6
    	')
    Chris PeBenito 0c73cd
    Chris PeBenito c0868a
    	filetrans_pattern($1,device_t,$2,$3)
    Chris PeBenito 0c73cd
    Chris PeBenito 31a1c2
    	fs_associate_tmpfs($2)
    Chris PeBenito 31a1c2
    	files_associate_tmp($2)
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Chris PeBenito b4cd15
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito 414e41
    ##	Getattr on all block file device nodes.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito bbcd3c
    ## <rolecap/>
    Chris PeBenito b4cd15
    #
    Chris PeBenito 199895
    interface(`dev_getattr_all_blk_files',`
    Chris PeBenito cbc9d6
    	gen_require(`
    Chris PeBenito cbc9d6
    		attribute device_node;
    Chris PeBenito c0868a
    		type device_t;
    Chris PeBenito cbc9d6
    	')
    Chris PeBenito 0c73cd
    Chris PeBenito c0868a
    	getattr_blk_files_pattern($1,device_t,device_node)
    Chris PeBenito 8a0da1
    ')
    Chris PeBenito 8a0da1
    Chris PeBenito 7bba9d
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito 414e41
    ##	Dontaudit getattr on all block file device nodes.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain to dontaudit access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito 7bba9d
    #
    Chris PeBenito 199895
    interface(`dev_dontaudit_getattr_all_blk_files',`
    Chris PeBenito cbc9d6
    	gen_require(`
    Chris PeBenito cbc9d6
    		attribute device_node;
    Chris PeBenito cbc9d6
    	')
    Chris PeBenito 0c73cd
    Chris PeBenito 2db2c7
    	dontaudit $1 device_node:blk_file getattr;
    Chris PeBenito 7bba9d
    ')
    Chris PeBenito 7bba9d
    Chris PeBenito 8a0da1
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito 414e41
    ##	Getattr on all character file device nodes.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito bbcd3c
    ## <rolecap/>
    Chris PeBenito 8a0da1
    #
    Chris PeBenito 199895
    interface(`dev_getattr_all_chr_files',`
    Chris PeBenito cbc9d6
    	gen_require(`
    Chris PeBenito cbc9d6
    		attribute device_node;
    Chris PeBenito cbc9d6
    	')
    Chris PeBenito 0c73cd
    Chris PeBenito c0868a
    	getattr_chr_files_pattern($1,device_t,device_node)
    Chris PeBenito 8a0da1
    ')
    Chris PeBenito 8a0da1
    Chris PeBenito 7bba9d
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito 414e41
    ##	Dontaudit getattr on all character file device nodes.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain to dontaudit access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito 7bba9d
    #
    Chris PeBenito 199895
    interface(`dev_dontaudit_getattr_all_chr_files',`
    Chris PeBenito cbc9d6
    	gen_require(`
    Chris PeBenito cbc9d6
    		attribute device_node;
    Chris PeBenito cbc9d6
    	')
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	dontaudit $1 device_node:chr_file getattr;
    Chris PeBenito 7bba9d
    ')
    Chris PeBenito 7bba9d
    Chris PeBenito 8a0da1
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito 414e41
    ##	Setattr on all block file device nodes.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito bbcd3c
    ## <rolecap/>
    Chris PeBenito 8a0da1
    #
    Chris PeBenito 199895
    interface(`dev_setattr_all_blk_files',`
    Chris PeBenito cbc9d6
    	gen_require(`
    Chris PeBenito cbc9d6
    		attribute device_node;
    Chris PeBenito cbc9d6
    	')
    Chris PeBenito 0c73cd
    Chris PeBenito c0868a
    	setattr_blk_files_pattern($1,device_t,device_node)
    Chris PeBenito 8a0da1
    ')
    Chris PeBenito 8a0da1
    Chris PeBenito 8a0da1
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito 414e41
    ##	Setattr on all character file device nodes.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito bbcd3c
    ## <rolecap/>
    Chris PeBenito 8a0da1
    #
    Chris PeBenito 199895
    interface(`dev_setattr_all_chr_files',`
    Chris PeBenito cbc9d6
    	gen_require(`
    Chris PeBenito cbc9d6
    		attribute device_node;
    Chris PeBenito cbc9d6
    	')
    Chris PeBenito 0c73cd
    Chris PeBenito c0868a
    	setattr_chr_files_pattern($1,device_t,device_node)
    Chris PeBenito 8a0da1
    ')
    Chris PeBenito 8a0da1
    Chris PeBenito 8a0da1
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito cf6a7d
    ##	Dontaudit read on all block file device nodes.
    Chris PeBenito cf6a7d
    ## </summary>
    Chris PeBenito cf6a7d
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito cf6a7d
    ##	Domain to not audit.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito cf6a7d
    ## </param>
    Chris PeBenito cf6a7d
    #
    Chris PeBenito cf6a7d
    interface(`dev_dontaudit_read_all_blk_files',`
    Chris PeBenito cf6a7d
    	gen_require(`
    Chris PeBenito cf6a7d
    		attribute device_node;
    Chris PeBenito cf6a7d
    	')
    Chris PeBenito cf6a7d
    Chris PeBenito cf6a7d
    	dontaudit $1 device_node:blk_file { getattr read };
    Chris PeBenito cf6a7d
    ')
    Chris PeBenito cf6a7d
    Chris PeBenito cf6a7d
    ########################################
    Chris PeBenito cf6a7d
    ## <summary>
    Chris PeBenito cf6a7d
    ##	Dontaudit read on all character file device nodes.
    Chris PeBenito cf6a7d
    ## </summary>
    Chris PeBenito cf6a7d
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito cf6a7d
    ##	Domain to not audit.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito cf6a7d
    ## </param>
    Chris PeBenito cf6a7d
    #
    Chris PeBenito cf6a7d
    interface(`dev_dontaudit_read_all_chr_files',`
    Chris PeBenito cf6a7d
    	gen_require(`
    Chris PeBenito cf6a7d
    		attribute device_node;
    Chris PeBenito cf6a7d
    	')
    Chris PeBenito cf6a7d
    Chris PeBenito cf6a7d
    	dontaudit $1 device_node:chr_file { getattr read };
    Chris PeBenito cf6a7d
    ')
    Chris PeBenito cf6a7d
    Chris PeBenito cf6a7d
    ########################################
    Chris PeBenito cf6a7d
    ## <summary>
    Chris PeBenito bbcd3c
    ##	Create all block device files.
    Chris PeBenito bbcd3c
    ## </summary>
    Chris PeBenito bbcd3c
    ## <param name="domain">
    Chris PeBenito bbcd3c
    ##	<summary>
    Chris PeBenito bbcd3c
    ##	Domain allowed access.
    Chris PeBenito bbcd3c
    ##	</summary>
    Chris PeBenito bbcd3c
    ## </param>
    Chris PeBenito bbcd3c
    #
    Chris PeBenito bbcd3c
    interface(`dev_create_all_blk_files',`
    Chris PeBenito bbcd3c
    	gen_require(`
    Chris PeBenito bbcd3c
    		attribute device_node;
    Chris PeBenito bbcd3c
    	')
    Chris PeBenito bbcd3c
    Chris PeBenito c0868a
    	create_blk_files_pattern($1,device_t,device_node)
    Chris PeBenito bbcd3c
    ')
    Chris PeBenito bbcd3c
    Chris PeBenito bbcd3c
    ########################################
    Chris PeBenito bbcd3c
    ## <summary>
    Chris PeBenito bbcd3c
    ##	Create all character device files.
    Chris PeBenito bbcd3c
    ## </summary>
    Chris PeBenito bbcd3c
    ## <param name="domain">
    Chris PeBenito bbcd3c
    ##	<summary>
    Chris PeBenito bbcd3c
    ##	Domain allowed access.
    Chris PeBenito bbcd3c
    ##	</summary>
    Chris PeBenito bbcd3c
    ## </param>
    Chris PeBenito bbcd3c
    #
    Chris PeBenito bbcd3c
    interface(`dev_create_all_chr_files',`
    Chris PeBenito bbcd3c
    	gen_require(`
    Chris PeBenito bbcd3c
    		attribute device_node;
    Chris PeBenito bbcd3c
    	')
    Chris PeBenito bbcd3c
    Chris PeBenito c0868a
    	create_chr_files_pattern($1,device_t,device_node)
    Chris PeBenito bbcd3c
    ')
    Chris PeBenito bbcd3c
    Chris PeBenito bbcd3c
    ########################################
    Chris PeBenito bbcd3c
    ## <summary>
    Chris PeBenito bbcd3c
    ##	Delete all block device files.
    Chris PeBenito bbcd3c
    ## </summary>
    Chris PeBenito bbcd3c
    ## <param name="domain">
    Chris PeBenito bbcd3c
    ##	<summary>
    Chris PeBenito bbcd3c
    ##	Domain allowed access.
    Chris PeBenito bbcd3c
    ##	</summary>
    Chris PeBenito bbcd3c
    ## </param>
    Chris PeBenito bbcd3c
    #
    Chris PeBenito bbcd3c
    interface(`dev_delete_all_blk_files',`
    Chris PeBenito bbcd3c
    	gen_require(`
    Chris PeBenito bbcd3c
    		attribute device_node;
    Chris PeBenito bbcd3c
    	')
    Chris PeBenito bbcd3c
    Chris PeBenito c0868a
    	delete_blk_files_pattern($1,device_t,device_node)
    Chris PeBenito bbcd3c
    ')
    Chris PeBenito bbcd3c
    Chris PeBenito bbcd3c
    ########################################
    Chris PeBenito bbcd3c
    ## <summary>
    Chris PeBenito bbcd3c
    ##	Delete all character device files.
    Chris PeBenito bbcd3c
    ## </summary>
    Chris PeBenito bbcd3c
    ## <param name="domain">
    Chris PeBenito bbcd3c
    ##	<summary>
    Chris PeBenito bbcd3c
    ##	Domain allowed access.
    Chris PeBenito bbcd3c
    ##	</summary>
    Chris PeBenito bbcd3c
    ## </param>
    Chris PeBenito bbcd3c
    #
    Chris PeBenito bbcd3c
    interface(`dev_delete_all_chr_files',`
    Chris PeBenito bbcd3c
    	gen_require(`
    Chris PeBenito bbcd3c
    		attribute device_node;
    Chris PeBenito bbcd3c
    	')
    Chris PeBenito bbcd3c
    Chris PeBenito c0868a
    	delete_chr_files_pattern($1,device_t,device_node)
    Chris PeBenito bbcd3c
    ')
    Chris PeBenito bbcd3c
    Chris PeBenito bbcd3c
    ########################################
    Chris PeBenito bbcd3c
    ## <summary>
    Chris PeBenito bbcd3c
    ##	Rename all block device files.
    Chris PeBenito bbcd3c
    ## </summary>
    Chris PeBenito bbcd3c
    ## <param name="domain">
    Chris PeBenito bbcd3c
    ##	<summary>
    Chris PeBenito bbcd3c
    ##	Domain allowed access.
    Chris PeBenito bbcd3c
    ##	</summary>
    Chris PeBenito bbcd3c
    ## </param>
    Chris PeBenito bbcd3c
    #
    Chris PeBenito bbcd3c
    interface(`dev_rename_all_blk_files',`
    Chris PeBenito bbcd3c
    	gen_require(`
    Chris PeBenito bbcd3c
    		attribute device_node;
    Chris PeBenito bbcd3c
    	')
    Chris PeBenito bbcd3c
    Chris PeBenito c0868a
    	rename_blk_files_pattern($1,device_t,device_node)
    Chris PeBenito bbcd3c
    ')
    Chris PeBenito bbcd3c
    Chris PeBenito bbcd3c
    ########################################
    Chris PeBenito bbcd3c
    ## <summary>
    Chris PeBenito bbcd3c
    ##	Rename all character device files.
    Chris PeBenito bbcd3c
    ## </summary>
    Chris PeBenito bbcd3c
    ## <param name="domain">
    Chris PeBenito bbcd3c
    ##	<summary>
    Chris PeBenito bbcd3c
    ##	Domain allowed access.
    Chris PeBenito bbcd3c
    ##	</summary>
    Chris PeBenito bbcd3c
    ## </param>
    Chris PeBenito bbcd3c
    #
    Chris PeBenito bbcd3c
    interface(`dev_rename_all_chr_files',`
    Chris PeBenito bbcd3c
    	gen_require(`
    Chris PeBenito bbcd3c
    		attribute device_node;
    Chris PeBenito bbcd3c
    	')
    Chris PeBenito bbcd3c
    Chris PeBenito c0868a
    	rename_chr_files_pattern($1,device_t,device_node)
    Chris PeBenito bbcd3c
    ')
    Chris PeBenito bbcd3c
    Chris PeBenito bbcd3c
    ########################################
    Chris PeBenito bbcd3c
    ## <summary>
    Chris PeBenito 414e41
    ##	Read, write, create, and delete all block device files.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito 8a0da1
    #
    Chris PeBenito 199895
    interface(`dev_manage_all_blk_files',`
    Chris PeBenito cbc9d6
    	gen_require(`
    Chris PeBenito cbc9d6
    		attribute device_node;
    Chris PeBenito cbc9d6
    	')
    Chris PeBenito 0c73cd
    Chris PeBenito c0868a
    	manage_blk_files_pattern($1,device_t,device_node)
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	# these next rules are to satisfy assertions broken by the above lines.
    Chris PeBenito 0c73cd
    	storage_raw_read_fixed_disk($1)
    Chris PeBenito 0c73cd
    	storage_raw_write_fixed_disk($1)
    Chris PeBenito 0c73cd
    	storage_read_scsi_generic($1)
    Chris PeBenito 0c73cd
    	storage_write_scsi_generic($1)
    Chris PeBenito 32e53a
    ')
    Chris PeBenito 32e53a
    Chris PeBenito 32e53a
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito 414e41
    ##	Read, write, create, and delete all character device files.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito 32e53a
    #
    Chris PeBenito 199895
    interface(`dev_manage_all_chr_files',`
    Chris PeBenito cbc9d6
    	gen_require(`
    Chris PeBenito cbc9d6
    		attribute device_node, memory_raw_read, memory_raw_write;
    Chris PeBenito cbc9d6
    	')
    Chris PeBenito 0c73cd
    Chris PeBenito c0868a
    	manage_chr_files_pattern($1,device_t,device_node)
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	typeattribute $1 memory_raw_read, memory_raw_write;
    Chris PeBenito 32e53a
    ')
    Chris PeBenito 32e53a
    Chris PeBenito 32e53a
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito 2ce6b0
    ##	Getattr the agp devices.
    Chris PeBenito 2ce6b0
    ## </summary>
    Chris PeBenito 2ce6b0
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 2ce6b0
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 2ce6b0
    ## </param>
    Chris PeBenito 2ce6b0
    #
    Chris PeBenito 2ce6b0
    interface(`dev_getattr_agp_dev',`
    Chris PeBenito 2ce6b0
    	gen_require(`
    Chris PeBenito 4ace0f
    		type device_t, agp_device_t;
    Chris PeBenito 2ce6b0
    	')
    Chris PeBenito 2ce6b0
    Chris PeBenito c0868a
    	getattr_chr_files_pattern($1,device_t,agp_device_t)
    Chris PeBenito 2ce6b0
    ')
    Chris PeBenito 2ce6b0
    Chris PeBenito 2ce6b0
    ########################################
    Chris PeBenito 2ce6b0
    ## <summary>
    Chris PeBenito f136a9
    ##	Read and write the agp devices.
    Chris PeBenito f136a9
    ## </summary>
    Chris PeBenito f136a9
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito f136a9
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito f136a9
    ## </param>
    Chris PeBenito f136a9
    #
    Chris PeBenito 207c47
    interface(`dev_rw_agp',`
    Chris PeBenito f136a9
    	gen_require(`
    Chris PeBenito f136a9
    		type device_t, agp_device_t;
    Chris PeBenito f136a9
    	')
    Chris PeBenito f136a9
    Chris PeBenito c0868a
    	rw_chr_files_pattern($1,device_t,agp_device_t)
    Chris PeBenito f136a9
    ')
    Chris PeBenito f136a9
    Chris PeBenito f136a9
    ########################################
    Chris PeBenito f136a9
    ## <summary>
    Chris PeBenito fd89e1
    ##	Get the attributes of the apm bios device node.
    Chris PeBenito fd89e1
    ## </summary>
    Chris PeBenito fd89e1
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito fd89e1
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito fd89e1
    ## </param>
    Chris PeBenito fd89e1
    #
    Chris PeBenito 207c47
    interface(`dev_getattr_apm_bios_dev',`
    Chris PeBenito fd89e1
    	gen_require(`
    Chris PeBenito fd89e1
    		type device_t, apm_bios_t;
    Chris PeBenito fd89e1
    	')
    Chris PeBenito fd89e1
    Chris PeBenito c0868a
    	getattr_chr_files_pattern($1,device_t,apm_bios_t)
    Chris PeBenito fd89e1
    ')
    Chris PeBenito fd89e1
    Chris PeBenito fd89e1
    ########################################
    Chris PeBenito fd89e1
    ## <summary>
    Chris PeBenito fd89e1
    ##	Do not audit attempts to get the attributes of
    Chris PeBenito fd89e1
    ##	the apm bios device node.
    Chris PeBenito fd89e1
    ## </summary>
    Chris PeBenito fd89e1
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito fd89e1
    ##	Domain to not audit.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito fd89e1
    ## </param>
    Chris PeBenito fd89e1
    #
    Chris PeBenito 207c47
    interface(`dev_dontaudit_getattr_apm_bios_dev',`
    Chris PeBenito fd89e1
    	gen_require(`
    Chris PeBenito fd89e1
    		type apm_bios_t;
    Chris PeBenito fd89e1
    	')
    Chris PeBenito fd89e1
    Chris PeBenito fd89e1
    	dontaudit $1 apm_bios_t:chr_file getattr;
    Chris PeBenito fd89e1
    ')
    Chris PeBenito fd89e1
    Chris PeBenito fd89e1
    ########################################
    Chris PeBenito fd89e1
    ## <summary>
    Chris PeBenito fd89e1
    ##	Set the attributes of the apm bios device node.
    Chris PeBenito fd89e1
    ## </summary>
    Chris PeBenito fd89e1
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito fd89e1
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito fd89e1
    ## </param>
    Chris PeBenito fd89e1
    #
    Chris PeBenito 207c47
    interface(`dev_setattr_apm_bios_dev',`
    Chris PeBenito fd89e1
    	gen_require(`
    Chris PeBenito fd89e1
    		type device_t, apm_bios_t;
    Chris PeBenito fd89e1
    	')
    Chris PeBenito fd89e1
    Chris PeBenito c0868a
    	setattr_chr_files_pattern($1,device_t,apm_bios_t)
    Chris PeBenito fd89e1
    ')
    Chris PeBenito fd89e1
    Chris PeBenito fd89e1
    ########################################
    Chris PeBenito fd89e1
    ## <summary>
    Chris PeBenito fd89e1
    ##	Do not audit attempts to set the attributes of
    Chris PeBenito fd89e1
    ##	the apm bios device node.
    Chris PeBenito fd89e1
    ## </summary>
    Chris PeBenito fd89e1
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito fd89e1
    ##	Domain to not audit.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito fd89e1
    ## </param>
    Chris PeBenito fd89e1
    #
    Chris PeBenito 207c47
    interface(`dev_dontaudit_setattr_apm_bios_dev',`
    Chris PeBenito fd89e1
    	gen_require(`
    Chris PeBenito fd89e1
    		type apm_bios_t;
    Chris PeBenito fd89e1
    	')
    Chris PeBenito fd89e1
    Chris PeBenito fd89e1
    	dontaudit $1 apm_bios_t:chr_file setattr;
    Chris PeBenito fd89e1
    ')
    Chris PeBenito fd89e1
    Chris PeBenito fd89e1
    ########################################
    Chris PeBenito fd89e1
    ## <summary>
    Chris PeBenito ebdc3b
    ##	Read and write the apm bios.
    Chris PeBenito ebdc3b
    ## </summary>
    Chris PeBenito ebdc3b
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito ebdc3b
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito ebdc3b
    ## </param>
    Chris PeBenito ebdc3b
    #
    Chris PeBenito ebdc3b
    interface(`dev_rw_apm_bios',`
    Chris PeBenito ebdc3b
    	gen_require(`
    Chris PeBenito ebdc3b
    		type device_t, apm_bios_t;
    Chris PeBenito ebdc3b
    	')
    Chris PeBenito ebdc3b
    Chris PeBenito c0868a
    	rw_chr_files_pattern($1,device_t,apm_bios_t)
    Chris PeBenito ebdc3b
    ')
    Chris PeBenito ebdc3b
    Chris PeBenito ebdc3b
    ########################################
    Chris PeBenito ebdc3b
    ## <summary>
    Chris PeBenito 725926
    ##	Read and write the PCMCIA card manager device.
    Chris PeBenito 725926
    ## </summary>
    Chris PeBenito 725926
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 725926
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 725926
    ## </param>
    Chris PeBenito 725926
    #
    Chris PeBenito 725926
    interface(`dev_rw_cardmgr',`
    Chris PeBenito 725926
    	gen_require(`
    Chris PeBenito 725926
    		type cardmgr_dev_t;
    Chris PeBenito 725926
    	')
    Chris PeBenito 725926
    Chris PeBenito c0868a
    	rw_chr_files_pattern($1,device_t,cardmgr_dev_t)
    Chris PeBenito 725926
    ')
    Chris PeBenito 725926
    Chris PeBenito 725926
    ########################################
    Chris PeBenito 725926
    ## <summary>
    Chris PeBenito 50f650
    ##	Do not audit attempts to read and
    Chris PeBenito 50f650
    ##	write the PCMCIA card manager device.
    Chris PeBenito 50f650
    ## </summary>
    Chris PeBenito 50f650
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 50f650
    ##	Domain to not audit.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 50f650
    ## </param>
    Chris PeBenito 50f650
    #
    Chris PeBenito 50f650
    interface(`dev_dontaudit_rw_cardmgr',`
    Chris PeBenito 50f650
    	gen_require(`
    Chris PeBenito 50f650
    		type cardmgr_dev_t;
    Chris PeBenito 50f650
    	')
    Chris PeBenito 50f650
    Chris PeBenito 50f650
    	dontaudit $1 cardmgr_dev_t:chr_file { read write };
    Chris PeBenito 50f650
    ')
    Chris PeBenito 50f650
    Chris PeBenito 50f650
    ########################################
    Chris PeBenito 50f650
    ## <summary>
    Chris PeBenito 9fd4b8
    ##	Create, read, write, and delete
    Chris PeBenito 9fd4b8
    ##	the PCMCIA card manager device.
    Chris PeBenito 9fd4b8
    ## </summary>
    Chris PeBenito 9fd4b8
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 9fd4b8
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 9fd4b8
    ## </param>
    Chris PeBenito 9fd4b8
    #
    Chris PeBenito 207c47
    interface(`dev_manage_cardmgr_dev',`
    Chris PeBenito 9fd4b8
    	gen_require(`
    Chris PeBenito 9fd4b8
    		type device_t, cardmgr_dev_t;
    Chris PeBenito 9fd4b8
    	')
    Chris PeBenito 9fd4b8
    Chris PeBenito c0868a
    	manage_chr_files_pattern($1,device_t,cardmgr_dev_t)
    Chris PeBenito c0868a
    	manage_blk_files_pattern($1,device_t,cardmgr_dev_t)
    Chris PeBenito 9fd4b8
    ')
    Chris PeBenito 9fd4b8
    Chris PeBenito 9fd4b8
    ########################################
    Chris PeBenito 9fd4b8
    ## <summary>
    Chris PeBenito 9fd4b8
    ##	Create, read, write, and delete
    Chris PeBenito 9fd4b8
    ##	the PCMCIA card manager device
    Chris PeBenito 9fd4b8
    ##	with the correct type.
    Chris PeBenito 9fd4b8
    ## </summary>
    Chris PeBenito 9fd4b8
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 9fd4b8
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 9fd4b8
    ## </param>
    Chris PeBenito 9fd4b8
    #
    Chris PeBenito 207c47
    interface(`dev_create_cardmgr_dev',`
    Chris PeBenito 9fd4b8
    	gen_require(`
    Chris PeBenito 9fd4b8
    		type device_t, cardmgr_dev_t;
    Chris PeBenito 9fd4b8
    	')
    Chris PeBenito 9fd4b8
    Chris PeBenito c0868a
    	create_chr_files_pattern($1,device_t,cardmgr_dev_t)
    Chris PeBenito c0868a
    	create_blk_files_pattern($1,device_t,cardmgr_dev_t)
    Chris PeBenito c0868a
    	filetrans_pattern($1,device_t,cardmgr_dev_t,{ chr_file blk_file })
    Chris PeBenito 9fd4b8
    ')
    Chris PeBenito 9fd4b8
    Chris PeBenito 9fd4b8
    ########################################
    Chris PeBenito 9fd4b8
    ## <summary>
    Chris PeBenito 921055
    ##	Get the attributes of the CPU
    Chris PeBenito 921055
    ##	microcode and id interfaces.
    Chris PeBenito 921055
    ## </summary>
    Chris PeBenito 921055
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 921055
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 921055
    ## </param>
    Chris PeBenito 921055
    #
    Chris PeBenito 207c47
    interface(`dev_getattr_cpu_dev',`
    Chris PeBenito 921055
    	gen_require(`
    Chris PeBenito 921055
    		type device_t, cpu_device_t;
    Chris PeBenito 921055
    	')
    Chris PeBenito 921055
    Chris PeBenito c0868a
    	getattr_chr_files_pattern($1,device_t,cpu_device_t)
    Chris PeBenito 921055
    ')
    Chris PeBenito 921055
    Chris PeBenito 921055
    ########################################
    Chris PeBenito 921055
    ## <summary>
    Chris PeBenito f136a9
    ##	Read the CPU identity.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito 32e53a
    #
    Chris PeBenito f136a9
    interface(`dev_read_cpuid',`
    Chris PeBenito cbc9d6
    	gen_require(`
    Chris PeBenito f136a9
    		type device_t, cpu_device_t;
    Chris PeBenito cbc9d6
    	')
    Chris PeBenito 0c73cd
    Chris PeBenito c0868a
    	read_chr_files_pattern($1,device_t,cpu_device_t)
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Chris PeBenito b4cd15
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito f136a9
    ##	Read and write the the CPU microcode device. This
    Chris PeBenito f136a9
    ##	is required to load CPU microcode.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito b4cd15
    #
    Chris PeBenito f136a9
    interface(`dev_rw_cpu_microcode',`
    Chris PeBenito cbc9d6
    	gen_require(`
    Chris PeBenito f136a9
    		type device_t, cpu_device_t;
    Chris PeBenito cbc9d6
    	')
    Chris PeBenito 0c73cd
    Chris PeBenito c0868a
    	rw_chr_files_pattern($1,device_t,cpu_device_t)
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Chris PeBenito b4cd15
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito c2b18f
    ##	Read and write the the hardware SSL accelerator.
    Chris PeBenito c2b18f
    ## </summary>
    Chris PeBenito c2b18f
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito c2b18f
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito c2b18f
    ## </param>
    Chris PeBenito c2b18f
    #
    Chris PeBenito c2b18f
    interface(`dev_rw_crypto',`
    Chris PeBenito c2b18f
    	gen_require(`
    Chris PeBenito c2b18f
    		type device_t, crypt_device_t;
    Chris PeBenito c2b18f
    	')
    Chris PeBenito c2b18f
    Chris PeBenito c0868a
    	rw_chr_files_pattern($1,device_t,crypt_device_t)
    Chris PeBenito c2b18f
    ')
    Chris PeBenito c2b18f
    Chris PeBenito c2b18f
    ########################################
    Chris PeBenito c2b18f
    ## <summary>
    Chris PeBenito 02bcb8
    ##	getattr the dri devices.
    Chris PeBenito 02bcb8
    ## </summary>
    Chris PeBenito 02bcb8
    ## <param name="domain">
    Chris PeBenito 02bcb8
    ##	<summary>
    Chris PeBenito 02bcb8
    ##	Domain allowed access.
    Chris PeBenito 02bcb8
    ##	</summary>
    Chris PeBenito 02bcb8
    ## </param>
    Chris PeBenito 02bcb8
    #
    Chris PeBenito 02bcb8
    interface(`dev_getattr_dri_dev',`
    Chris PeBenito 02bcb8
    	gen_require(`
    Chris PeBenito 02bcb8
    		type device_t, dri_device_t;
    Chris PeBenito 02bcb8
    	')
    Chris PeBenito 02bcb8
    Chris PeBenito c0868a
    	getattr_chr_files_pattern($1,device_t,dri_device_t)
    Chris PeBenito 02bcb8
    ')
    Chris PeBenito 02bcb8
    Chris PeBenito 02bcb8
    ########################################
    Chris PeBenito 02bcb8
    ## <summary>
    Chris PeBenito 02bcb8
    ##	Setattr the dri devices.
    Chris PeBenito 02bcb8
    ## </summary>
    Chris PeBenito 02bcb8
    ## <param name="domain">
    Chris PeBenito 02bcb8
    ##	<summary>
    Chris PeBenito 02bcb8
    ##	Domain allowed access.
    Chris PeBenito 02bcb8
    ##	</summary>
    Chris PeBenito 02bcb8
    ## </param>
    Chris PeBenito 02bcb8
    #
    Chris PeBenito 02bcb8
    interface(`dev_setattr_dri_dev',`
    Chris PeBenito 02bcb8
    	gen_require(`
    Chris PeBenito 02bcb8
    		type device_t, dri_device_t;
    Chris PeBenito 02bcb8
    	')
    Chris PeBenito 02bcb8
    Chris PeBenito c0868a
    	setattr_chr_files_pattern($1,device_t,dri_device_t)
    Chris PeBenito 02bcb8
    ')
    Chris PeBenito 02bcb8
    Chris PeBenito 02bcb8
    ########################################
    Chris PeBenito 02bcb8
    ## <summary>
    Chris PeBenito 2ce6b0
    ##	Read and write the dri devices.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito b4cd15
    #
    Chris PeBenito 207c47
    interface(`dev_rw_dri',`
    Chris PeBenito cbc9d6
    	gen_require(`
    Chris PeBenito f136a9
    		type device_t, dri_device_t;
    Chris PeBenito cbc9d6
    	')
    Chris PeBenito 0c73cd
    Chris PeBenito c0868a
    	rw_chr_files_pattern($1,device_t,dri_device_t)
    Chris PeBenito f5c42b
    ')
    Chris PeBenito f5c42b
    Chris PeBenito f5c42b
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito 2ce6b0
    ##	Dontaudit read and write on the dri devices.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 2ce6b0
    ##	Domain to dontaudit access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito f5c42b
    #
    Chris PeBenito 207c47
    interface(`dev_dontaudit_rw_dri',`
    Chris PeBenito cbc9d6
    	gen_require(`
    Chris PeBenito 2ce6b0
    		type dri_device_t;
    Chris PeBenito cbc9d6
    	')
    Chris PeBenito 0c73cd
    Chris PeBenito 2ce6b0
    	dontaudit $1 dri_device_t:chr_file { getattr read write ioctl };
    Chris PeBenito f5c42b
    ')
    Chris PeBenito f5c42b
    Chris PeBenito f5c42b
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito 2ce6b0
    ##	Create, read, write, and delete the dri devices.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 2ce6b0
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito f5c42b
    #
    Chris PeBenito 2ce6b0
    interface(`dev_manage_dri_dev',`
    Chris PeBenito cbc9d6
    	gen_require(`
    Chris PeBenito 2ce6b0
    		type device_t, dri_device_t;
    Chris PeBenito cbc9d6
    	')
    Chris PeBenito 0c73cd
    Chris PeBenito c0868a
    	manage_chr_files_pattern($1,device_t,dri_device_t)
    Chris PeBenito c0868a
    	filetrans_pattern($1,device_t,dri_device_t,chr_file)
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Chris PeBenito b4cd15
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito f136a9
    ##	Read input event devices (/dev/input).
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito b4cd15
    #
    Chris PeBenito f136a9
    interface(`dev_read_input',`
    Chris PeBenito cbc9d6
    	gen_require(`
    Chris PeBenito f136a9
    		type device_t, event_device_t;
    Chris PeBenito cbc9d6
    	')
    Chris PeBenito 0c73cd
    Chris PeBenito c0868a
    	read_chr_files_pattern($1,device_t,event_device_t)
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Chris PeBenito b4cd15
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito 2ce6b0
    ##	Read input event devices (/dev/input).
    Chris PeBenito 2ce6b0
    ## </summary>
    Chris PeBenito 2ce6b0
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 2ce6b0
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 2ce6b0
    ## </param>
    Chris PeBenito 2ce6b0
    #
    Chris PeBenito 2ce6b0
    interface(`dev_rw_input_dev',`
    Chris PeBenito 2ce6b0
    	gen_require(`
    Chris PeBenito 2ce6b0
    		type device_t, event_device_t;
    Chris PeBenito 2ce6b0
    	')
    Chris PeBenito 2ce6b0
    Chris PeBenito c0868a
    	rw_chr_files_pattern($1,device_t,event_device_t)
    Chris PeBenito 2ce6b0
    ')
    Chris PeBenito 2ce6b0
    Chris PeBenito 2ce6b0
    ########################################
    Chris PeBenito 2ce6b0
    ## <summary>
    Chris PeBenito f136a9
    ##	Get the attributes of the framebuffer device node.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito b4cd15
    #
    Chris PeBenito 207c47
    interface(`dev_getattr_framebuffer_dev',`
    Chris PeBenito cbc9d6
    	gen_require(`
    Chris PeBenito f136a9
    		type device_t, framebuf_device_t;
    Chris PeBenito cbc9d6
    	')
    Chris PeBenito 0c73cd
    Chris PeBenito c0868a
    	getattr_chr_files_pattern($1,device_t,framebuf_device_t)
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Chris PeBenito b4cd15
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito f136a9
    ##	Set the attributes of the framebuffer device node.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito b4cd15
    #
    Chris PeBenito 207c47
    interface(`dev_setattr_framebuffer_dev',`
    Chris PeBenito cbc9d6
    	gen_require(`
    Chris PeBenito f136a9
    		type device_t, framebuf_device_t;
    Chris PeBenito cbc9d6
    	')
    Chris PeBenito 0c73cd
    Chris PeBenito c0868a
    	setattr_chr_files_pattern($1,device_t,framebuf_device_t)
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Chris PeBenito b4cd15
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito f136a9
    ##	Dot not audit attempts to set the attributes
    Chris PeBenito f136a9
    ##	of the framebuffer device node.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito f136a9
    ##	Domain to not audit.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito b4cd15
    #
    Chris PeBenito 207c47
    interface(`dev_dontaudit_setattr_framebuffer_dev',`
    Chris PeBenito cbc9d6
    	gen_require(`
    Chris PeBenito f136a9
    		type framebuf_device_t;
    Chris PeBenito cbc9d6
    	')
    Chris PeBenito 0c73cd
    Chris PeBenito f136a9
    	dontaudit $1 framebuf_device_t:chr_file setattr;
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Chris PeBenito b4cd15
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito f136a9
    ##	Read the framebuffer.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito b4cd15
    #
    Chris PeBenito f136a9
    interface(`dev_read_framebuffer',`
    Chris PeBenito cbc9d6
    	gen_require(`
    Chris PeBenito f136a9
    		type framebuf_device_t;
    Chris PeBenito cbc9d6
    	')
    Chris PeBenito 0c73cd
    Chris PeBenito c0868a
    	read_chr_files_pattern($1,device_t,framebuf_device_t)
    Chris PeBenito a9a20d
    ')
    Chris PeBenito a9a20d
    Chris PeBenito a9a20d
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito f136a9
    ##	Do not audit attempts to read the framebuffer.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito a9a20d
    #
    Chris PeBenito f136a9
    interface(`dev_dontaudit_read_framebuffer',`
    Chris PeBenito cbc9d6
    	gen_require(`
    Chris PeBenito f136a9
    		type framebuf_device_t;
    Chris PeBenito cbc9d6
    	')
    Chris PeBenito 0c73cd
    Chris PeBenito f136a9
    	dontaudit $1 framebuf_device_t:chr_file { getattr read };
    Chris PeBenito f5c42b
    ')
    Chris PeBenito f5c42b
    Chris PeBenito f5c42b
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito f136a9
    ##	Write the framebuffer.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito f5c42b
    #
    Chris PeBenito f136a9
    interface(`dev_write_framebuffer',`
    Chris PeBenito cbc9d6
    	gen_require(`
    Chris PeBenito f136a9
    		type device_t, framebuf_device_t;
    Chris PeBenito cbc9d6
    	')
    Chris PeBenito 0c73cd
    Chris PeBenito c0868a
    	write_chr_files_pattern($1,device_t,framebuf_device_t)
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Chris PeBenito b4cd15
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito 2ce6b0
    ##	Read and write the framebuffer.
    Chris PeBenito 2ce6b0
    ## </summary>
    Chris PeBenito 2ce6b0
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 2ce6b0
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 2ce6b0
    ## </param>
    Chris PeBenito 2ce6b0
    #
    Chris PeBenito 2ce6b0
    interface(`dev_rw_framebuffer',`
    Chris PeBenito 2ce6b0
    	gen_require(`
    Chris PeBenito 2ce6b0
    		type device_t, framebuf_device_t;
    Chris PeBenito 2ce6b0
    	')
    Chris PeBenito 2ce6b0
    Chris PeBenito c0868a
    	rw_chr_files_pattern($1,device_t,framebuf_device_t)
    Chris PeBenito 2ce6b0
    ')
    Chris PeBenito 2ce6b0
    Chris PeBenito 2ce6b0
    ########################################
    Chris PeBenito 2ce6b0
    ## <summary>
    Chris PeBenito f136a9
    ##	Read the lvm comtrol device.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito b4cd15
    #
    Chris PeBenito f136a9
    interface(`dev_read_lvm_control',`
    Chris PeBenito cbc9d6
    	gen_require(`
    Chris PeBenito f136a9
    		type device_t, lvm_control_t;
    Chris PeBenito cbc9d6
    	')
    Chris PeBenito 0c73cd
    Chris PeBenito c0868a
    	read_chr_files_pattern($1,device_t,lvm_control_t)
    Chris PeBenito 44a43b
    ')
    Chris PeBenito 44a43b
    Chris PeBenito 44a43b
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito f136a9
    ##	Read and write the lvm control device.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito 7a2f20
    #
    Chris PeBenito f136a9
    interface(`dev_rw_lvm_control',`
    Chris PeBenito 7a2f20
    	gen_require(`
    Chris PeBenito f136a9
    		type device_t, lvm_control_t;
    Chris PeBenito 7a2f20
    	')
    Chris PeBenito 7a2f20
    Chris PeBenito c0868a
    	rw_chr_files_pattern($1,device_t,lvm_control_t)
    Chris PeBenito 7a2f20
    ')
    Chris PeBenito 7a2f20
    Chris PeBenito 7a2f20
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito f136a9
    ##	Delete the lvm control device.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito 7a2f20
    #
    Chris PeBenito 207c47
    interface(`dev_delete_lvm_control_dev',`
    Chris PeBenito 7a2f20
    	gen_require(`
    Chris PeBenito f136a9
    		type device_t, lvm_control_t;
    Chris PeBenito 7a2f20
    	')
    Chris PeBenito 7a2f20
    Chris PeBenito c0868a
    	delete_chr_files_pattern($1,device_t,lvm_control_t)
    Chris PeBenito 7a2f20
    ')
    Chris PeBenito 7a2f20
    Chris PeBenito 7a2f20
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito 93727e
    ##	dontaudit getattr raw memory devices (e.g. /dev/mem).
    Chris PeBenito 93727e
    ## </summary>
    Chris PeBenito 93727e
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 93727e
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 93727e
    ## </param>
    Chris PeBenito 93727e
    #
    Chris PeBenito 93727e
    interface(`dev_dontaudit_getattr_memory_dev',`
    Chris PeBenito 93727e
    	gen_require(`
    Chris PeBenito 93727e
    		type memory_device_t;
    Chris PeBenito 93727e
    	')
    Chris PeBenito 93727e
    Chris PeBenito 93727e
    	dontaudit $1 memory_device_t:chr_file getattr;
    Chris PeBenito 93727e
    ')
    Chris PeBenito 93727e
    Chris PeBenito 93727e
    ########################################
    Chris PeBenito 93727e
    ## <summary>
    Chris PeBenito f136a9
    ##	Read raw memory devices (e.g. /dev/mem).
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito 44a43b
    #
    Chris PeBenito f136a9
    interface(`dev_read_raw_memory',`
    Chris PeBenito 7a2f20
    	gen_require(`
    Chris PeBenito f136a9
    		type device_t, memory_device_t;
    Chris PeBenito f136a9
    		attribute memory_raw_read;
    Chris PeBenito 7a2f20
    	')
    Chris PeBenito 0c73cd
    Chris PeBenito c0868a
    	read_chr_files_pattern($1,device_t,memory_device_t)
    Chris PeBenito f136a9
    Chris PeBenito f136a9
    	allow $1 self:capability sys_rawio;
    Chris PeBenito f136a9
    	typeattribute $1 memory_raw_read;
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Chris PeBenito b4cd15
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito f136a9
    ##	Write raw memory devices (e.g. /dev/mem).
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito b4cd15
    #
    Chris PeBenito f136a9
    interface(`dev_write_raw_memory',`
    Chris PeBenito 7a2f20
    	gen_require(`
    Chris PeBenito f136a9
    		type device_t, memory_device_t;
    Chris PeBenito f136a9
    		attribute memory_raw_write;
    Chris PeBenito 7a2f20
    	')
    Chris PeBenito 0c73cd
    Chris PeBenito c0868a
    	write_chr_files_pattern($1,device_t,memory_device_t)
    Chris PeBenito f136a9
    Chris PeBenito f136a9
    	allow $1 self:capability sys_rawio;
    Chris PeBenito f136a9
    	typeattribute $1 memory_raw_write;
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Chris PeBenito b4cd15
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito f136a9
    ##	Read and execute raw memory devices (e.g. /dev/mem).
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito b4cd15
    #
    Chris PeBenito f136a9
    interface(`dev_rx_raw_memory',`
    Chris PeBenito 7a2f20
    	gen_require(`
    Chris PeBenito f136a9
    		type device_t, memory_device_t;
    Chris PeBenito 7a2f20
    	')
    Chris PeBenito 0c73cd
    Chris PeBenito f136a9
    	dev_read_raw_memory($1)
    Chris PeBenito f136a9
    	allow $1 memory_device_t:chr_file execute;
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Chris PeBenito b4cd15
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito f136a9
    ##	Write and execute raw memory devices (e.g. /dev/mem).
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito b4cd15
    #
    Chris PeBenito f136a9
    interface(`dev_wx_raw_memory',`
    Chris PeBenito 7a2f20
    	gen_require(`
    Chris PeBenito f136a9
    		type device_t, memory_device_t;
    Chris PeBenito 7a2f20
    	')
    Chris PeBenito 0c73cd
    Chris PeBenito f136a9
    	dev_write_raw_memory($1)
    Chris PeBenito f136a9
    	allow $1 memory_device_t:chr_file execute;
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Chris PeBenito b4cd15
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito f136a9
    ##	Get the attributes of miscellaneous devices.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito b4cd15
    #
    Chris PeBenito 207c47
    interface(`dev_getattr_misc_dev',`
    Chris PeBenito cbc9d6
    	gen_require(`
    Chris PeBenito f136a9
    		type device_t, misc_device_t;
    Chris PeBenito cbc9d6
    	')
    Chris PeBenito 0c73cd
    Chris PeBenito c0868a
    	getattr_chr_files_pattern($1,device_t,misc_device_t)
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Chris PeBenito b4cd15
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito f136a9
    ##	Do not audit attempts to get the attributes
    Chris PeBenito f136a9
    ##	of miscellaneous devices.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito b4cd15
    #
    Chris PeBenito 207c47
    interface(`dev_dontaudit_getattr_misc_dev',`
    Chris PeBenito cbc9d6
    	gen_require(`
    Chris PeBenito f136a9
    		type misc_device_t;
    Chris PeBenito cbc9d6
    	')
    Chris PeBenito 0c73cd
    Chris PeBenito f136a9
    	dontaudit $1 misc_device_t:chr_file getattr;
    Chris PeBenito b16c6b
    ')
    Chris PeBenito b16c6b
    Chris PeBenito b16c6b
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito f136a9
    ##	Set the attributes of miscellaneous devices.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito b16c6b
    #
    Chris PeBenito 207c47
    interface(`dev_setattr_misc_dev',`
    Chris PeBenito cbc9d6
    	gen_require(`
    Chris PeBenito f136a9
    		type device_t, misc_device_t;
    Chris PeBenito cbc9d6
    	')
    Chris PeBenito 0c73cd
    Chris PeBenito c0868a
    	setattr_chr_files_pattern($1,device_t,misc_device_t)
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Chris PeBenito b4cd15
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito f136a9
    ##	Do not audit attempts to set the attributes
    Chris PeBenito f136a9
    ##	of miscellaneous devices.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito f136a9
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito b4cd15
    #
    Chris PeBenito 207c47
    interface(`dev_dontaudit_setattr_misc_dev',`
    Chris PeBenito cbc9d6
    	gen_require(`
    Chris PeBenito f136a9
    		type misc_device_t;
    Chris PeBenito cbc9d6
    	')
    Chris PeBenito 0c73cd
    Chris PeBenito f136a9
    	dontaudit $1 misc_device_t:chr_file setattr;
    Chris PeBenito b16c6b
    ')
    Chris PeBenito b16c6b
    Chris PeBenito b16c6b
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito f136a9
    ##	Read miscellaneous devices.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito b16c6b
    #
    Chris PeBenito f136a9
    interface(`dev_read_misc',`
    Chris PeBenito cbc9d6
    	gen_require(`
    Chris PeBenito f136a9
    		type device_t, misc_device_t;
    Chris PeBenito cbc9d6
    	')
    Chris PeBenito 0c73cd
    Chris PeBenito c0868a
    	read_chr_files_pattern($1,device_t,misc_device_t)
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Chris PeBenito b4cd15
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito f136a9
    ##	Write miscellaneous devices.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito b4cd15
    #
    Chris PeBenito f136a9
    interface(`dev_write_misc',`
    Chris PeBenito cbc9d6
    	gen_require(`
    Chris PeBenito f136a9
    		type device_t, misc_device_t;
    Chris PeBenito cbc9d6
    	')
    Chris PeBenito 0c73cd
    Chris PeBenito c0868a
    	write_chr_files_pattern($1,device_t,misc_device_t)
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Chris PeBenito b4cd15
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito 07620c
    ##	Do not audit attempts to read and write miscellaneous devices.
    Chris PeBenito 07620c
    ## </summary>
    Chris PeBenito 07620c
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 07620c
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 07620c
    ## </param>
    Chris PeBenito 07620c
    #
    Chris PeBenito 07620c
    interface(`dev_dontaudit_rw_misc',`
    Chris PeBenito 07620c
    	gen_require(`
    Chris PeBenito 07620c
    		type misc_device_t;
    Chris PeBenito 07620c
    	')
    Chris PeBenito 07620c
    Chris PeBenito 07620c
    	dontaudit $1 misc_device_t:chr_file rw_file_perms;
    Chris PeBenito 07620c
    ')
    Chris PeBenito 07620c
    Chris PeBenito 07620c
    ########################################
    Chris PeBenito 07620c
    ## <summary>
    Chris PeBenito f136a9
    ##	Get the attributes of the mouse devices.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito 7a2f20
    #
    Chris PeBenito 207c47
    interface(`dev_getattr_mouse_dev',`
    Chris PeBenito 7a2f20
    	gen_require(`
    Chris PeBenito f136a9
    		type device_t, mouse_device_t;
    Chris PeBenito 7a2f20
    	')
    Chris PeBenito 7a2f20
    Chris PeBenito c0868a
    	getattr_chr_files_pattern($1,device_t,mouse_device_t)
    Chris PeBenito 7a2f20
    ')
    Chris PeBenito 7a2f20
    Chris PeBenito 7a2f20
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito f136a9
    ##	Set the attributes of the mouse devices.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito 7a2f20
    #
    Chris PeBenito 207c47
    interface(`dev_setattr_mouse_dev',`
    Chris PeBenito 7a2f20
    	gen_require(`
    Chris PeBenito f136a9
    		type device_t, mouse_device_t;
    Chris PeBenito 7a2f20
    	')
    Chris PeBenito 7a2f20
    Chris PeBenito c0868a
    	setattr_chr_files_pattern($1,device_t,mouse_device_t)
    Chris PeBenito fd89e1
    ')
    Chris PeBenito fd89e1
    Chris PeBenito fd89e1
    ########################################
    Chris PeBenito fd89e1
    ## <summary>
    Chris PeBenito f136a9
    ##	Read the mouse devices.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito b4cd15
    #
    Chris PeBenito f136a9
    interface(`dev_read_mouse',`
    Chris PeBenito 7a2f20
    	gen_require(`
    Chris PeBenito f136a9
    		type device_t, mouse_device_t;
    Chris PeBenito 7a2f20
    	')
    Chris PeBenito 0c73cd
    Chris PeBenito c0868a
    	read_chr_files_pattern($1,device_t,mouse_device_t)
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Chris PeBenito b4cd15
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito 842859
    ##      Read and write to mouse devices.
    Chris PeBenito 842859
    ## </summary>
    Chris PeBenito 842859
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 842859
    ##      Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 842859
    ## </param>
    Chris PeBenito 842859
    #
    Chris PeBenito 842859
    interface(`dev_rw_mouse',`
    Chris PeBenito 842859
    	gen_require(`
    Chris PeBenito 842859
    		type device_t, mouse_device_t;
    Chris PeBenito 842859
    	')
    Chris PeBenito 842859
    Chris PeBenito c0868a
    	rw_chr_files_pattern($1,device_t,mouse_device_t)
    Chris PeBenito 842859
    ')
    Chris PeBenito 842859
    Chris PeBenito 842859
    ########################################
    Chris PeBenito 842859
    ## <summary>
    Chris PeBenito 85476e
    ##	Get the attributes of the memory type range
    Chris PeBenito 85476e
    ##	registers (MTRR) device.
    Chris PeBenito 30910b
    ## </summary>
    Chris PeBenito 30910b
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 30910b
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 30910b
    ## </param>
    Chris PeBenito 30910b
    #
    Chris PeBenito 207c47
    interface(`dev_getattr_mtrr_dev',`
    Chris PeBenito 30910b
    	gen_require(`
    Chris PeBenito 30910b
    		type device_t, mtrr_device_t;
    Chris PeBenito 30910b
    	')
    Chris PeBenito 30910b
    Chris PeBenito c0868a
    	getattr_files_pattern($1,device_t,mtrr_device_t)
    Chris PeBenito c0868a
    	getattr_chr_files_pattern($1,device_t,mtrr_device_t)
    Chris PeBenito 30910b
    ')
    Chris PeBenito 30910b
    Chris PeBenito 30910b
    ########################################
    Chris PeBenito 30910b
    ## <summary>
    Chris PeBenito 85476e
    ##	Read the memory type range
    Chris PeBenito 85476e
    ##	registers (MTRR).  (Deprecated)
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 85476e
    ## <desc>
    Chris PeBenito 85476e
    ##	

    Chris PeBenito 85476e
    ##	Read the memory type range
    Chris PeBenito 85476e
    ##	registers (MTRR).  This interface has
    Chris PeBenito 85476e
    ##	been deprecated, dev_rw_mtrr() should be
    Chris PeBenito 85476e
    ##	used instead.
    Chris PeBenito 85476e
    ##	

    Chris PeBenito 85476e
    ##	

    Chris PeBenito 85476e
    ##	The MTRR device ioctls can be used for
    Chris PeBenito 85476e
    ##	reading and writing; thus, read access to the
    Chris PeBenito 85476e
    ##	device cannot be separated from write access.
    Chris PeBenito 85476e
    ##	

    Chris PeBenito 85476e
    ## </desc>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito b4cd15
    #
    Chris PeBenito f136a9
    interface(`dev_read_mtrr',`
    Chris PeBenito 85476e
    	refpolicywarn(`$0($*) has been replaced with dev_rw_mtrr().')
    Chris PeBenito 85476e
    	dev_rw_mtrr($1)
    Chris PeBenito d490eb
    ')
    Chris PeBenito d490eb
    Chris PeBenito d490eb
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito 85476e
    ##	Write the memory type range
    Chris PeBenito 85476e
    ##	registers (MTRR).  (Deprecated)
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 85476e
    ## <desc>
    Chris PeBenito 85476e
    ##	

    Chris PeBenito 85476e
    ##	Write the memory type range
    Chris PeBenito 85476e
    ##	registers (MTRR).  This interface has
    Chris PeBenito 85476e
    ##	been deprecated, dev_rw_mtrr() should be
    Chris PeBenito 85476e
    ##	used instead.
    Chris PeBenito 85476e
    ##	

    Chris PeBenito 85476e
    ##	

    Chris PeBenito 85476e
    ##	The MTRR device ioctls can be used for
    Chris PeBenito 85476e
    ##	reading and writing; thus, write access to the
    Chris PeBenito 85476e
    ##	device cannot be separated from read access.
    Chris PeBenito 85476e
    ##	

    Chris PeBenito 85476e
    ## </desc>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito d490eb
    #
    Chris PeBenito f136a9
    interface(`dev_write_mtrr',`
    Chris PeBenito 85476e
    	refpolicywarn(`$0($*) has been replaced with dev_rw_mtrr().')
    Chris PeBenito 85476e
    	dev_rw_mtrr($1)
    Chris PeBenito d490eb
    ')
    Chris PeBenito d490eb
    Chris PeBenito d490eb
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito 85476e
    ##	Read and write the memory type range registers (MTRR).
    Chris PeBenito 2ce6b0
    ## </summary>
    Chris PeBenito 2ce6b0
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 2ce6b0
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 2ce6b0
    ## </param>
    Chris PeBenito 2ce6b0
    #
    Chris PeBenito 2ce6b0
    interface(`dev_rw_mtrr',`
    Chris PeBenito 85476e
    	gen_require(`
    Chris PeBenito 85476e
    		type device_t, mtrr_device_t;
    Chris PeBenito 85476e
    	')
    Chris PeBenito 85476e
    Chris PeBenito c0868a
    	rw_files_pattern($1,device_t,mtrr_device_t)
    Chris PeBenito c0868a
    	rw_chr_files_pattern($1,device_t,mtrr_device_t)
    Chris PeBenito 2ce6b0
    ')
    Chris PeBenito 2ce6b0
    Chris PeBenito 2ce6b0
    ########################################
    Chris PeBenito 2ce6b0
    ## <summary>
    Chris PeBenito f136a9
    ##	Read and write to the null device (/dev/null).
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito 7a2f20
    #
    Chris PeBenito 207c47
    interface(`dev_rw_null',`
    Chris PeBenito 7a2f20
    	gen_require(`
    Chris PeBenito f136a9
    		type device_t, null_device_t;
    Chris PeBenito 7a2f20
    	')
    Chris PeBenito 7a2f20
    Chris PeBenito c0868a
    	rw_chr_files_pattern($1,device_t,null_device_t)
    Chris PeBenito 7a2f20
    ')
    Chris PeBenito 7a2f20
    Chris PeBenito 7a2f20
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito d15dd5
    ##	Create the null device (/dev/null).
    Chris PeBenito d15dd5
    ## </summary>
    Chris PeBenito d15dd5
    ## <param name="domain">
    Chris PeBenito d15dd5
    ##	<summary>
    Chris PeBenito d15dd5
    ##	Domain allowed access.
    Chris PeBenito d15dd5
    ##	</summary>
    Chris PeBenito d15dd5
    ## </param>
    Chris PeBenito d15dd5
    #
    Chris PeBenito d15dd5
    interface(`dev_create_null_dev',`
    Chris PeBenito d15dd5
    	gen_require(`
    Chris PeBenito d15dd5
    		type device_t, null_device_t;
    Chris PeBenito d15dd5
    	')
    Chris PeBenito d15dd5
    Chris PeBenito c0868a
    	create_chr_files_pattern($1,device_t,null_device_t)
    Chris PeBenito d15dd5
    ')
    Chris PeBenito d15dd5
    Chris PeBenito d15dd5
    ########################################
    Chris PeBenito d15dd5
    ## <summary>
    Chris PeBenito 6c6399
    ##	Do not audit attempts to get the attributes
    Chris PeBenito 6c6399
    ##	of the BIOS non-volatile RAM device.
    Chris PeBenito 6c6399
    ## </summary>
    Chris PeBenito 6c6399
    ## <param name="domain">
    Chris PeBenito 6c6399
    ##	<summary>
    Chris PeBenito 6c6399
    ##	Domain allowed access.
    Chris PeBenito 6c6399
    ##	</summary>
    Chris PeBenito 6c6399
    ## </param>
    Chris PeBenito 6c6399
    #
    Chris PeBenito 6c6399
    interface(`dev_dontaudit_getattr_nvram_dev',`
    Chris PeBenito 6c6399
    	gen_require(`
    Chris PeBenito 6c6399
    		type nvram_device_t;
    Chris PeBenito 6c6399
    	')
    Chris PeBenito 6c6399
    Chris PeBenito 6c6399
    	dontaudit $1 nvram_device_t:chr_file getattr;
    Chris PeBenito 6c6399
    ')
    Chris PeBenito 6c6399
    Chris PeBenito 6c6399
    ########################################
    Chris PeBenito 6c6399
    ## <summary>
    Chris PeBenito a5e213
    ##	Read and write BIOS non-volatile RAM.
    Chris PeBenito a5e213
    ## </summary>
    Chris PeBenito a5e213
    ## <param name="domain">
    Chris PeBenito a5e213
    ##	<summary>
    Chris PeBenito a5e213
    ##	Domain allowed access.
    Chris PeBenito a5e213
    ##	</summary>
    Chris PeBenito a5e213
    ## </param>
    Chris PeBenito a5e213
    #
    Chris PeBenito a5e213
    interface(`dev_rw_nvram',`
    Chris PeBenito a5e213
    	gen_require(`
    Chris PeBenito a5e213
    		type nvram_device_t;
    Chris PeBenito a5e213
    	')
    Chris PeBenito a5e213
    Chris PeBenito c0868a
    	rw_chr_files_pattern($1,device_t,nvram_device_t)
    Chris PeBenito a5e213
    ')
    Chris PeBenito a5e213
    Chris PeBenito a5e213
    ########################################
    Chris PeBenito a5e213
    ## <summary>
    Chris PeBenito 9c1c08
    ##	Get the attributes of the printer device nodes.
    Chris PeBenito 9c1c08
    ## </summary>
    Chris PeBenito 9c1c08
    ## <param name="domain">
    Chris PeBenito 9c1c08
    ##	<summary>
    Chris PeBenito 9c1c08
    ##	Domain allowed access.
    Chris PeBenito 9c1c08
    ##	</summary>
    Chris PeBenito 9c1c08
    ## </param>
    Chris PeBenito 9c1c08
    #
    Chris PeBenito 9c1c08
    interface(`dev_getattr_printer_dev',`
    Chris PeBenito 9c1c08
    	gen_require(`
    Chris PeBenito 9c1c08
    		type device_t, printer_device_t;
    Chris PeBenito 9c1c08
    	')
    Chris PeBenito 9c1c08
    Chris PeBenito c0868a
    	getattr_chr_files_pattern($1,device_t,printer_device_t)
    Chris PeBenito 9c1c08
    ')
    Chris PeBenito 9c1c08
    Chris PeBenito 9c1c08
    ########################################
    Chris PeBenito 9c1c08
    ## <summary>
    Chris PeBenito f136a9
    ##	Set the attributes of the printer device nodes.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito 7a2f20
    #
    Chris PeBenito 207c47
    interface(`dev_setattr_printer_dev',`
    Chris PeBenito 7a2f20
    	gen_require(`
    Chris PeBenito f136a9
    		type device_t, printer_device_t;
    Chris PeBenito 7a2f20
    	')
    Chris PeBenito 7a2f20
    Chris PeBenito c0868a
    	setattr_chr_files_pattern($1,device_t,printer_device_t)
    Chris PeBenito 7a2f20
    ')
    Chris PeBenito 7a2f20
    Chris PeBenito 7a2f20
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito ad3b9d
    ##	Append the printer device.
    Chris PeBenito ad3b9d
    ## </summary>
    Chris PeBenito ad3b9d
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito ad3b9d
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito ad3b9d
    ## </param>
    Chris PeBenito ad3b9d
    #
    Chris PeBenito ad3b9d
    # cjp: added for lpd/checkpc_t
    Chris PeBenito ad3b9d
    interface(`dev_append_printer',`
    Chris PeBenito ad3b9d
    	gen_require(`
    Chris PeBenito ad3b9d
    		type device_t, printer_device_t;
    Chris PeBenito ad3b9d
    	')
    Chris PeBenito ad3b9d
    Chris PeBenito c0868a
    	append_chr_files_pattern($1,device_t,printer_device_t)
    Chris PeBenito ad3b9d
    ')
    Chris PeBenito ad3b9d
    Chris PeBenito ad3b9d
    ########################################
    Chris PeBenito ad3b9d
    ## <summary>
    Chris PeBenito fdae8e
    ##	Read and write the printer device.
    Chris PeBenito fdae8e
    ## </summary>
    Chris PeBenito fdae8e
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito fdae8e
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito fdae8e
    ## </param>
    Chris PeBenito fdae8e
    #
    Chris PeBenito fdae8e
    interface(`dev_rw_printer',`
    Chris PeBenito fdae8e
    	gen_require(`
    Chris PeBenito fdae8e
    		type device_t, printer_device_t;
    Chris PeBenito fdae8e
    	')
    Chris PeBenito fdae8e
    Chris PeBenito c0868a
    	rw_chr_files_pattern($1,device_t,printer_device_t)
    Chris PeBenito fdae8e
    ')
    Chris PeBenito fdae8e
    Chris PeBenito fdae8e
    ########################################
    Chris PeBenito fdae8e
    ## <summary>
    Chris PeBenito e1c414
    ##	Read from random number generator
    Chris PeBenito e1c414
    ##	devices (e.g., /dev/random)
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito 7a2f20
    #
    Chris PeBenito f136a9
    interface(`dev_read_rand',`
    Chris PeBenito 7a2f20
    	gen_require(`
    Chris PeBenito f136a9
    		type device_t, random_device_t;
    Chris PeBenito 7a2f20
    	')
    Chris PeBenito 7a2f20
    Chris PeBenito c0868a
    	read_chr_files_pattern($1,device_t,random_device_t)
    Chris PeBenito 7a2f20
    ')
    Chris PeBenito 7a2f20
    Chris PeBenito 7a2f20
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito e1c414
    ##	Do not audit attempts to read from random
    Chris PeBenito e1c414
    ##	number generator devices (e.g., /dev/random)
    Chris PeBenito e1c414
    ## </summary>
    Chris PeBenito e1c414
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito e1c414
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito e1c414
    ## </param>
    Chris PeBenito e1c414
    #
    Chris PeBenito e1c414
    interface(`dev_dontaudit_read_rand',`
    Chris PeBenito e1c414
    	gen_require(`
    Chris PeBenito e1c414
    		type random_device_t;
    Chris PeBenito e1c414
    	')
    Chris PeBenito e1c414
    Chris PeBenito e1c414
    	dontaudit $1 random_device_t:chr_file { getattr read };
    Chris PeBenito e1c414
    ')
    Chris PeBenito e1c414
    Chris PeBenito e1c414
    ########################################
    Chris PeBenito e1c414
    ## <summary>
    Chris PeBenito f136a9
    ##	Write to the random device (e.g., /dev/random). This adds
    Chris PeBenito f136a9
    ##	entropy used to generate the random data read from the
    Chris PeBenito f136a9
    ##	random device.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito 7a2f20
    #
    Chris PeBenito f136a9
    interface(`dev_write_rand',`
    Chris PeBenito 7a2f20
    	gen_require(`
    Chris PeBenito f136a9
    		type device_t, random_device_t;
    Chris PeBenito 7a2f20
    	')
    Chris PeBenito 7a2f20
    Chris PeBenito c0868a
    	write_chr_files_pattern($1,device_t,random_device_t)
    Chris PeBenito 7a2f20
    ')
    Chris PeBenito 7a2f20
    Chris PeBenito 7a2f20
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito f136a9
    ##	Read the realtime clock (/dev/rtc).
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito d490eb
    #
    Chris PeBenito f136a9
    interface(`dev_read_realtime_clock',`
    Chris PeBenito 7a2f20
    	gen_require(`
    Chris PeBenito f136a9
    		type device_t, clock_device_t;
    Chris PeBenito 7a2f20
    	')
    Chris PeBenito 0c73cd
    Chris PeBenito c0868a
    	read_chr_files_pattern($1,device_t,clock_device_t)
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Chris PeBenito b4cd15
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito f136a9
    ##	Set the realtime clock (/dev/rtc).
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito b4cd15
    #
    Chris PeBenito f136a9
    interface(`dev_write_realtime_clock',`
    Chris PeBenito 7a2f20
    	gen_require(`
    Chris PeBenito f136a9
    		type device_t, clock_device_t;
    Chris PeBenito 7a2f20
    	')
    Chris PeBenito 0c73cd
    Chris PeBenito c0868a
    	write_chr_files_pattern($1,device_t,clock_device_t)
    Chris PeBenito c0868a
    Chris PeBenito c0868a
    	allow $1 clock_device_t:chr_file setattr;
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Chris PeBenito 7a2f20
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito f136a9
    ##	Read and set the realtime clock (/dev/rtc).
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito 7a2f20
    #
    Chris PeBenito f136a9
    interface(`dev_rw_realtime_clock',`
    Chris PeBenito f136a9
    	dev_read_realtime_clock($1)
    Chris PeBenito f136a9
    	dev_write_realtime_clock($1)
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Chris PeBenito b4cd15
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito f136a9
    ##	Get the attributes of the scanner device.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito b4cd15
    #
    Chris PeBenito 207c47
    interface(`dev_getattr_scanner_dev',`
    Chris PeBenito 7a2f20
    	gen_require(`
    Chris PeBenito f136a9
    		type device_t, scanner_device_t;
    Chris PeBenito 7a2f20
    	')
    Chris PeBenito 0c73cd
    Chris PeBenito c0868a
    	getattr_chr_files_pattern($1,device_t,scanner_device_t)
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Chris PeBenito 7a2f20
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito f136a9
    ##	Do not audit attempts to get the attributes of
    Chris PeBenito f136a9
    ##	the scanner device.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito f136a9
    ##	Domain to not audit.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito 7a2f20
    #
    Chris PeBenito 207c47
    interface(`dev_dontaudit_getattr_scanner_dev',`
    Chris PeBenito 7a2f20
    	gen_require(`
    Chris PeBenito f136a9
    		type scanner_device_t;
    Chris PeBenito 7a2f20
    	')
    Chris PeBenito 0c73cd
    Chris PeBenito f136a9
    	dontaudit $1 scanner_device_t:chr_file getattr;
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Chris PeBenito b4cd15
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito f136a9
    ##	Set the attributes of the scanner device.
    Chris PeBenito a42ca7
    ## </summary>
    Chris PeBenito a42ca7
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito a42ca7
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito a42ca7
    ## </param>
    Chris PeBenito a42ca7
    #
    Chris PeBenito 207c47
    interface(`dev_setattr_scanner_dev',`
    Chris PeBenito a42ca7
    	gen_require(`
    Chris PeBenito f136a9
    		type device_t, scanner_device_t;
    Chris PeBenito a42ca7
    	')
    Chris PeBenito a42ca7
    Chris PeBenito c0868a
    	setattr_chr_files_pattern($1,device_t,scanner_device_t)
    Chris PeBenito a42ca7
    ')
    Chris PeBenito a42ca7
    Chris PeBenito a42ca7
    ########################################
    Chris PeBenito a42ca7
    ## <summary>
    Chris PeBenito f136a9
    ##	Do not audit attempts to set the attributes of
    Chris PeBenito f136a9
    ##	the scanner device.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito f136a9
    ##	Domain to not audit.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito b4cd15
    #
    Chris PeBenito 207c47
    interface(`dev_dontaudit_setattr_scanner_dev',`
    Chris PeBenito cbc9d6
    	gen_require(`
    Chris PeBenito f136a9
    		type scanner_device_t;
    Chris PeBenito cbc9d6
    	')
    Chris PeBenito 0c73cd
    Chris PeBenito f136a9
    	dontaudit $1 scanner_device_t:chr_file setattr;
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Chris PeBenito b4cd15
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito f136a9
    ##	Read and write the scanner device.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito b4cd15
    #
    Chris PeBenito f136a9
    interface(`dev_rw_scanner',`
    Chris PeBenito cbc9d6
    	gen_require(`
    Chris PeBenito f136a9
    		type device_t, scanner_device_t;
    Chris PeBenito cbc9d6
    	')
    Chris PeBenito 0c73cd
    Chris PeBenito c0868a
    	rw_chr_files_pattern($1,device_t,scanner_device_t)
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Chris PeBenito b4cd15
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito f136a9
    ##	Get the attributes of the sound devices.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito b4cd15
    #
    Chris PeBenito 207c47
    interface(`dev_getattr_sound_dev',`
    Chris PeBenito 7a2f20
    	gen_require(`
    Chris PeBenito f136a9
    		type device_t, sound_device_t;
    Chris PeBenito 7a2f20
    	')
    Chris PeBenito 0c73cd
    Chris PeBenito c0868a
    	getattr_chr_files_pattern($1,device_t,sound_device_t)
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Chris PeBenito 7a2f20
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito f136a9
    ##	Set the attributes of the sound devices.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito 7a2f20
    #
    Chris PeBenito 207c47
    interface(`dev_setattr_sound_dev',`
    Chris PeBenito 7a2f20
    	gen_require(`
    Chris PeBenito f136a9
    		type device_t, sound_device_t;
    Chris PeBenito 7a2f20
    	')
    Chris PeBenito 0c73cd
    Chris PeBenito c0868a
    	setattr_chr_files_pattern($1,device_t,sound_device_t)
    Chris PeBenito 7a2f20
    ')
    Chris PeBenito 7a2f20
    Chris PeBenito 7a2f20
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito f136a9
    ##	Read the sound devices.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito f136a9
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito 7a2f20
    #
    Chris PeBenito 207c47
    interface(`dev_read_sound',`
    Chris PeBenito 7a2f20
    	gen_require(`
    Chris PeBenito f136a9
    		type device_t, sound_device_t;
    Chris PeBenito 7a2f20
    	')
    Chris PeBenito 7a2f20
    Chris PeBenito c0868a
    	read_chr_files_pattern($1,device_t,sound_device_t)
    Chris PeBenito 7a2f20
    ')
    Chris PeBenito 7a2f20
    Chris PeBenito 7a2f20
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito f136a9
    ##	Write the sound devices.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito 7a2f20
    #
    Chris PeBenito 207c47
    interface(`dev_write_sound',`
    Chris PeBenito 7a2f20
    	gen_require(`
    Chris PeBenito f136a9
    		type device_t, sound_device_t;
    Chris PeBenito 7a2f20
    	')
    Chris PeBenito 7a2f20
    Chris PeBenito c0868a
    	write_chr_files_pattern($1,device_t,sound_device_t)
    Chris PeBenito 7a2f20
    ')
    Chris PeBenito 7a2f20
    Chris PeBenito 7a2f20
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito f136a9
    ##	Read the sound mixer devices.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito f136a9
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito 7a2f20
    #
    Chris PeBenito 207c47
    interface(`dev_read_sound_mixer',`
    Chris PeBenito 7a2f20
    	gen_require(`
    Chris PeBenito f136a9
    		type device_t, sound_device_t;
    Chris PeBenito 7a2f20
    	')
    Chris PeBenito 7a2f20
    Chris PeBenito c0868a
    	read_chr_files_pattern($1,device_t,sound_device_t)
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Chris PeBenito b4cd15
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito f136a9
    ##	Write the sound mixer devices.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito b4cd15
    #
    Chris PeBenito 207c47
    interface(`dev_write_sound_mixer',`
    Chris PeBenito 7a2f20
    	gen_require(`
    Chris PeBenito f136a9
    		type device_t, sound_device_t;
    Chris PeBenito 7a2f20
    	')
    Chris PeBenito 0c73cd
    Chris PeBenito c0868a
    	write_chr_files_pattern($1,device_t,sound_device_t)
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Chris PeBenito 7a2f20
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito 414e41
    ##	Get the attributes of the the power management device.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito 7a2f20
    #
    Chris PeBenito 207c47
    interface(`dev_getattr_power_mgmt_dev',`
    Chris PeBenito 7a2f20
    	gen_require(`
    Chris PeBenito 7a2f20
    		type device_t, power_device_t;
    Chris PeBenito 7a2f20
    	')
    Chris PeBenito 0c73cd
    Chris PeBenito c0868a
    	getattr_chr_files_pattern($1,device_t,power_device_t)
    Chris PeBenito 7a2f20
    ')
    Chris PeBenito 7a2f20
    Chris PeBenito 7a2f20
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito 414e41
    ##	Set the attributes of the the power management device.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito 7a2f20
    #
    Chris PeBenito 207c47
    interface(`dev_setattr_power_mgmt_dev',`
    Chris PeBenito 7a2f20
    	gen_require(`
    Chris PeBenito 7a2f20
    		type device_t, power_device_t;
    Chris PeBenito 7a2f20
    	')
    Chris PeBenito 7a2f20
    Chris PeBenito c0868a
    	setattr_chr_files_pattern($1,device_t,power_device_t)
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Chris PeBenito b4cd15
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito 414e41
    ##	Read and write the the power management device.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito b4cd15
    #
    Chris PeBenito 199895
    interface(`dev_rw_power_management',`
    Chris PeBenito 7a2f20
    	gen_require(`
    Chris PeBenito 7a2f20
    		type device_t, power_device_t;
    Chris PeBenito 7a2f20
    	')
    Chris PeBenito 0c73cd
    Chris PeBenito c0868a
    	rw_chr_files_pattern($1,device_t,power_device_t)
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Chris PeBenito 7a2f20
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito d534d3
    ##	Getattr on smartcard devices
    Chris PeBenito d534d3
    ## </summary>
    Chris PeBenito d534d3
    ## <param name="domain">
    Chris PeBenito d534d3
    ##	<summary>
    Chris PeBenito d534d3
    ##	Domain allowed access.
    Chris PeBenito d534d3
    ##	</summary>
    Chris PeBenito d534d3
    ## </param>
    Chris PeBenito d534d3
    #
    Chris PeBenito d534d3
    interface(`dev_getattr_smartcard_dev',`
    Chris PeBenito d534d3
    	gen_require(`
    Chris PeBenito d534d3
    		type smartcard_device_t;
    Chris PeBenito d534d3
    	')
    Chris PeBenito d534d3
    Chris PeBenito d534d3
    	allow $1 smartcard_device_t:chr_file getattr;
    Chris PeBenito d534d3
    Chris PeBenito d534d3
    ')
    Chris PeBenito d534d3
    Chris PeBenito d534d3
    ########################################
    Chris PeBenito d534d3
    ## <summary>
    Chris PeBenito d534d3
    ##	dontaudit getattr on smartcard devices
    Chris PeBenito d534d3
    ## </summary>
    Chris PeBenito d534d3
    ## <param name="domain">
    Chris PeBenito d534d3
    ##	<summary>
    Chris PeBenito d534d3
    ##	Domain allowed access.
    Chris PeBenito d534d3
    ##	</summary>
    Chris PeBenito d534d3
    ## </param>
    Chris PeBenito d534d3
    #
    Chris PeBenito d534d3
    interface(`dev_dontaudit_getattr_smartcard_dev',`
    Chris PeBenito d534d3
    	gen_require(`
    Chris PeBenito d534d3
    		type smartcard_device_t;
    Chris PeBenito d534d3
    	')
    Chris PeBenito d534d3
    Chris PeBenito d534d3
    	dontaudit $1 smartcard_device_t:chr_file getattr;
    Chris PeBenito d534d3
    Chris PeBenito d534d3
    ')
    Chris PeBenito d534d3
    Chris PeBenito d534d3
    ########################################
    Chris PeBenito d534d3
    ## <summary>
    Chris PeBenito d534d3
    ##	Read and write smartcard devices.
    Chris PeBenito d534d3
    ## </summary>
    Chris PeBenito d534d3
    ## <param name="domain">
    Chris PeBenito d534d3
    ##	<summary>
    Chris PeBenito d534d3
    ##	Domain allowed access.
    Chris PeBenito d534d3
    ##	</summary>
    Chris PeBenito d534d3
    ## </param>
    Chris PeBenito d534d3
    #
    Chris PeBenito d534d3
    interface(`dev_rw_smartcard',`
    Chris PeBenito d534d3
    	gen_require(`
    Chris PeBenito d534d3
    		type device_t, smartcard_device_t;
    Chris PeBenito d534d3
    	')
    Chris PeBenito d534d3
    Chris PeBenito d534d3
    	rw_chr_files_pattern($1,device_t,smartcard_device_t)
    Chris PeBenito d534d3
    ')
    Chris PeBenito d534d3
    Chris PeBenito d534d3
    ########################################
    Chris PeBenito d534d3
    ## <summary>
    Chris PeBenito d534d3
    ##	Create, read, write, and delete smartcard devices.
    Chris PeBenito d534d3
    ## </summary>
    Chris PeBenito d534d3
    ## <param name="domain">
    Chris PeBenito d534d3
    ##	<summary>
    Chris PeBenito d534d3
    ##	Domain allowed access.
    Chris PeBenito d534d3
    ##	</summary>
    Chris PeBenito d534d3
    ## </param>
    Chris PeBenito d534d3
    #
    Chris PeBenito d534d3
    interface(`dev_manage_smartcard',`
    Chris PeBenito d534d3
    	gen_require(`
    Chris PeBenito d534d3
    		type device_t, smartcard_device_t;
    Chris PeBenito d534d3
    	')
    Chris PeBenito d534d3
    Chris PeBenito d534d3
    	manage_chr_files_pattern($1,device_t,smartcard_device_t)
    Chris PeBenito d534d3
    ')
    Chris PeBenito d534d3
    Chris PeBenito d534d3
    ########################################
    Chris PeBenito d534d3
    ## <summary>
    Chris PeBenito 414e41
    ##	Get the attributes of sysfs directories.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	The type of the process performing this action.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito 7a2f20
    #
    Chris PeBenito 207c47
    interface(`dev_getattr_sysfs_dirs',`
    Chris PeBenito 7a2f20
    	gen_require(`
    Chris PeBenito 7a2f20
    		type sysfs_t;
    Chris PeBenito 7a2f20
    	')
    Chris PeBenito 0c73cd
    Chris PeBenito c0868a
    	allow $1 sysfs_t:dir getattr_dir_perms;
    Chris PeBenito b4cd15
    ')
    Chris PeBenito 3b857e
    Chris PeBenito 8bd678
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito b24f35
    ##	Search the sysfs directories.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	The type of the process performing this action.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito 8bd678
    #
    Chris PeBenito 199895
    interface(`dev_search_sysfs',`
    Chris PeBenito 7a2f20
    	gen_require(`
    Chris PeBenito 7a2f20
    		type sysfs_t;
    Chris PeBenito 7a2f20
    	')
    Chris PeBenito 8bd678
    Chris PeBenito c0868a
    	search_dirs_pattern($1,sysfs_t,sysfs_t)
    Chris PeBenito 8bd678
    ')
    Chris PeBenito 8bd678
    Chris PeBenito 8bd678
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito ebdc3b
    ##	Do not audit attempts to search sysfs.
    Chris PeBenito ebdc3b
    ## </summary>
    Chris PeBenito ebdc3b
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito ebdc3b
    ##	The type of the process performing this action.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito ebdc3b
    ## </param>
    Chris PeBenito ebdc3b
    #
    Chris PeBenito ebdc3b
    interface(`dev_dontaudit_search_sysfs',`
    Chris PeBenito ebdc3b
    	gen_require(`
    Chris PeBenito ebdc3b
    		type sysfs_t;
    Chris PeBenito ebdc3b
    	')
    Chris PeBenito ebdc3b
    Chris PeBenito c0868a
    	dontaudit $1 sysfs_t:dir search_dir_perms;
    Chris PeBenito ebdc3b
    ')
    Chris PeBenito ebdc3b
    Chris PeBenito ebdc3b
    ########################################
    Chris PeBenito ebdc3b
    ## <summary>
    Chris PeBenito b24f35
    ##	List the contents of the sysfs directories.
    Chris PeBenito b24f35
    ## </summary>
    Chris PeBenito b24f35
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito b24f35
    ##	The type of the process performing this action.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito b24f35
    ## </param>
    Chris PeBenito b24f35
    #
    Chris PeBenito b24f35
    interface(`dev_list_sysfs',`
    Chris PeBenito b24f35
    	gen_require(`
    Chris PeBenito b24f35
    		type sysfs_t;
    Chris PeBenito b24f35
    	')
    Chris PeBenito b24f35
    Chris PeBenito c0868a
    	list_dirs_pattern($1,sysfs_t,sysfs_t)
    Chris PeBenito b24f35
    ')
    Chris PeBenito b24f35
    Chris PeBenito b24f35
    ########################################
    Chris PeBenito b24f35
    ## <summary>
    Chris PeBenito 9e8f65
    ##	Write in a sysfs directories.
    Chris PeBenito 9e8f65
    ## </summary>
    Chris PeBenito 9e8f65
    ## <param name="domain">
    Chris PeBenito 9e8f65
    ##	<summary>
    Chris PeBenito 9e8f65
    ##	The type of the process performing this action.
    Chris PeBenito 9e8f65
    ##	</summary>
    Chris PeBenito 9e8f65
    ## </param>
    Chris PeBenito 9e8f65
    #
    Chris PeBenito 9e8f65
    # cjp: added for cpuspeed
    Chris PeBenito 9e8f65
    interface(`dev_write_sysfs_dirs',`
    Chris PeBenito 9e8f65
    	gen_require(`
    Chris PeBenito 9e8f65
    		type sysfs_t;
    Chris PeBenito 9e8f65
    	')
    Chris PeBenito 9e8f65
    Chris PeBenito 9e8f65
    	allow $1 sysfs_t:dir write;
    Chris PeBenito 9e8f65
    ')
    Chris PeBenito 9e8f65
    Chris PeBenito 9e8f65
    ########################################
    Chris PeBenito 9e8f65
    ## <summary>
    Chris PeBenito 414e41
    ##	Allow caller to read hardware state information.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	The process type reading hardware state information.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito 8bd678
    #
    Chris PeBenito 199895
    interface(`dev_read_sysfs',`
    Chris PeBenito 7a2f20
    	gen_require(`
    Chris PeBenito 7a2f20
    		type sysfs_t;
    Chris PeBenito 7a2f20
    	')
    Chris PeBenito 8bd678
    Chris PeBenito c0868a
    	read_files_pattern($1,sysfs_t,sysfs_t)
    Chris PeBenito c0868a
    	read_lnk_files_pattern($1,sysfs_t,sysfs_t)
    Chris PeBenito c0868a
    Chris PeBenito c0868a
    	list_dirs_pattern($1,sysfs_t,sysfs_t)
    Chris PeBenito 8bd678
    ')
    Chris PeBenito 8bd678
    Chris PeBenito 8bd678
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito 414e41
    ##	Allow caller to modify hardware state information.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	The process type modifying hardware state information.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito 8bd678
    #
    Chris PeBenito 199895
    interface(`dev_rw_sysfs',`
    Chris PeBenito 7a2f20
    	gen_require(`
    Chris PeBenito 7a2f20
    		type sysfs_t;
    Chris PeBenito 7a2f20
    	')
    Chris PeBenito 8bd678
    Chris PeBenito c0868a
    Chris PeBenito c0868a
    	rw_files_pattern($1,sysfs_t,sysfs_t)
    Chris PeBenito c0868a
    	read_lnk_files_pattern($1,sysfs_t,sysfs_t)
    Chris PeBenito c0868a
    Chris PeBenito c0868a
    	list_dirs_pattern($1,sysfs_t,sysfs_t)
    Chris PeBenito 8bd678
    ')
    Chris PeBenito 8bd678
    Chris PeBenito 8bd678
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito f136a9
    ##	Read from pseudo random devices (e.g., /dev/urandom)
    Chris PeBenito f136a9
    ## </summary>
    Chris PeBenito f136a9
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito f136a9
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito f136a9
    ## </param>
    Chris PeBenito f136a9
    #
    Chris PeBenito f136a9
    interface(`dev_read_urand',`
    Chris PeBenito f136a9
    	gen_require(`
    Chris PeBenito f136a9
    		type device_t, urandom_device_t;
    Chris PeBenito f136a9
    	')
    Chris PeBenito f136a9
    Chris PeBenito c0868a
    	read_chr_files_pattern($1,device_t,urandom_device_t)
    Chris PeBenito f136a9
    ')
    Chris PeBenito f136a9
    Chris PeBenito f136a9
    ########################################
    Chris PeBenito f136a9
    ## <summary>
    Chris PeBenito d592b6
    ##	Do not audit attempts to read from pseudo
    Chris PeBenito d592b6
    ##	random devices (e.g., /dev/urandom)
    Chris PeBenito d592b6
    ## </summary>
    Chris PeBenito d592b6
    ## <param name="domain">
    Chris PeBenito d592b6
    ##	<summary>
    Chris PeBenito d592b6
    ##	Domain to not audit.
    Chris PeBenito d592b6
    ##	</summary>
    Chris PeBenito d592b6
    ## </param>
    Chris PeBenito d592b6
    #
    Chris PeBenito d592b6
    interface(`dev_dontaudit_read_urand',`
    Chris PeBenito d592b6
    	gen_require(`
    Chris PeBenito d592b6
    		type urandom_device_t;
    Chris PeBenito d592b6
    	')
    Chris PeBenito d592b6
    Chris PeBenito d592b6
    	dontaudit $1 urandom_device_t:chr_file { getattr read };
    Chris PeBenito d592b6
    ')
    Chris PeBenito d592b6
    Chris PeBenito d592b6
    ########################################
    Chris PeBenito d592b6
    ## <summary>
    Chris PeBenito f136a9
    ##	Write to the pseudo random device (e.g., /dev/urandom). This
    Chris PeBenito f136a9
    ##	sets the random number generator seed.
    Chris PeBenito f136a9
    ## </summary>
    Chris PeBenito f136a9
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito f136a9
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito f136a9
    ## </param>
    Chris PeBenito f136a9
    #
    Chris PeBenito f136a9
    interface(`dev_write_urand',`
    Chris PeBenito f136a9
    	gen_require(`
    Chris PeBenito f136a9
    		type device_t, urandom_device_t;
    Chris PeBenito f136a9
    	')
    Chris PeBenito f136a9
    Chris PeBenito c0868a
    	write_chr_files_pattern($1,device_t,urandom_device_t)
    Chris PeBenito f136a9
    ')
    Chris PeBenito f136a9
    Chris PeBenito f136a9
    ########################################
    Chris PeBenito f136a9
    ## <summary>
    Chris PeBenito 724925
    ##	Getattr generic the USB devices.
    Chris PeBenito 724925
    ## </summary>
    Chris PeBenito 724925
    ## <param name="domain">
    Chris PeBenito 724925
    ##	<summary>
    Chris PeBenito 724925
    ##	Domain allowed access.
    Chris PeBenito 724925
    ##	</summary>
    Chris PeBenito 724925
    ## </param>
    Chris PeBenito 724925
    #
    Chris PeBenito 724925
    interface(`dev_getattr_generic_usb_dev',`
    Chris PeBenito 724925
    	gen_require(`
    Chris PeBenito 724925
    		type usb_device_t;
    Chris PeBenito 724925
    	')
    Chris PeBenito 724925
    Chris PeBenito c0868a
    	getattr_chr_files_pattern($1,device_t,usb_device_t)
    Chris PeBenito 724925
    ')
    Chris PeBenito 724925
    Chris PeBenito 724925
    ########################################
    Chris PeBenito 724925
    ## <summary>
    Chris PeBenito 724925
    ##	Setattr generic the USB devices.
    Chris PeBenito 724925
    ## </summary>
    Chris PeBenito 724925
    ## <param name="domain">
    Chris PeBenito 724925
    ##	<summary>
    Chris PeBenito 724925
    ##	Domain allowed access.
    Chris PeBenito 724925
    ##	</summary>
    Chris PeBenito 724925
    ## </param>
    Chris PeBenito 724925
    #
    Chris PeBenito 724925
    interface(`dev_setattr_generic_usb_dev',`
    Chris PeBenito 724925
    	gen_require(`
    Chris PeBenito 724925
    		type usb_device_t;
    Chris PeBenito 724925
    	')
    Chris PeBenito 724925
    Chris PeBenito c0868a
    	setattr_chr_files_pattern($1,device_t,usb_device_t)
    Chris PeBenito 724925
    ')
    Chris PeBenito 724925
    Chris PeBenito 724925
    ########################################
    Chris PeBenito 724925
    ## <summary>
    Chris PeBenito 8cf671
    ##	Read and write generic the USB devices.
    Chris PeBenito 8cf671
    ## </summary>
    Chris PeBenito 8cf671
    ## <param name="domain">
    Chris PeBenito 8cf671
    ##	<summary>
    Chris PeBenito 8cf671
    ##	Domain allowed access.
    Chris PeBenito 8cf671
    ##	</summary>
    Chris PeBenito 8cf671
    ## </param>
    Chris PeBenito 8cf671
    #
    Chris PeBenito 8cf671
    interface(`dev_rw_generic_usb_dev',`
    Chris PeBenito 8cf671
    	gen_require(`
    Chris PeBenito 8cf671
    		type usb_device_t;
    Chris PeBenito 8cf671
    	')
    Chris PeBenito 8cf671
    Chris PeBenito c0868a
    	rw_chr_files_pattern($1,device_t,usb_device_t)
    Chris PeBenito 8cf671
    ')
    Chris PeBenito 8cf671
    Chris PeBenito 8cf671
    ########################################
    Chris PeBenito 8cf671
    ## <summary>
    Chris PeBenito fd89e1
    ##	Mount a usbfs filesystem.
    Chris PeBenito fd89e1
    ## </summary>
    Chris PeBenito fd89e1
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito fd89e1
    ##	The type of the process performing this action.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito fd89e1
    ## </param>
    Chris PeBenito fd89e1
    #
    Chris PeBenito fd89e1
    interface(`dev_mount_usbfs',`
    Chris PeBenito fd89e1
    	gen_require(`
    Chris PeBenito fd89e1
    		type usbfs_t;
    Chris PeBenito fd89e1
    	')
    Chris PeBenito fd89e1
    Chris PeBenito fd89e1
    	allow $1 usbfs_t:filesystem mount;
    Chris PeBenito fd89e1
    ')
    Chris PeBenito fd89e1
    Chris PeBenito fd89e1
    ########################################
    Chris PeBenito fd89e1
    ## <summary>
    Chris PeBenito 157610
    ##	Associate a file to a usbfs filesystem.
    Chris PeBenito 60789e
    ## </summary>
    Chris PeBenito 157610
    ## <param name="file_type">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 157610
    ##	The type of the file to be associated to usbfs.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 60789e
    ## </param>
    Chris PeBenito 60789e
    #
    Chris PeBenito 60789e
    interface(`dev_associate_usbfs',`
    Chris PeBenito 60789e
    	gen_require(`
    Chris PeBenito 60789e
    		type usbfs_t;
    Chris PeBenito 60789e
    	')
    Chris PeBenito 60789e
    Chris PeBenito 60789e
    	allow $1 usbfs_t:filesystem associate;
    Chris PeBenito 60789e
    ')
    Chris PeBenito 60789e
    Chris PeBenito 60789e
    ########################################
    Chris PeBenito 60789e
    ## <summary>
    Chris PeBenito a42ca7
    ##	Get the attributes of a directory in the usb filesystem.
    Chris PeBenito a42ca7
    ## </summary>
    Chris PeBenito a42ca7
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito a42ca7
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito a42ca7
    ## </param>
    Chris PeBenito a42ca7
    #
    Chris PeBenito 207c47
    interface(`dev_getattr_usbfs_dirs',`
    Chris PeBenito a42ca7
    	gen_require(`
    Chris PeBenito a42ca7
    		type usbfs_t;
    Chris PeBenito a42ca7
    	')
    Chris PeBenito a42ca7
    Chris PeBenito c0868a
    	allow $1 usbfs_t:dir getattr_dir_perms;
    Chris PeBenito a42ca7
    ')
    Chris PeBenito a42ca7
    Chris PeBenito a42ca7
    ########################################
    Chris PeBenito a42ca7
    ## <summary>
    Chris PeBenito 725926
    ##	Do not audit attempts to get the attributes
    Chris PeBenito 725926
    ##	of a directory in the usb filesystem.
    Chris PeBenito 725926
    ## </summary>
    Chris PeBenito 725926
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 725926
    ##	Domain to not audit.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 725926
    ## </param>
    Chris PeBenito 725926
    #
    Chris PeBenito 207c47
    interface(`dev_dontaudit_getattr_usbfs_dirs',`
    Chris PeBenito 725926
    	gen_require(`
    Chris PeBenito 725926
    		type usbfs_t;
    Chris PeBenito 725926
    	')
    Chris PeBenito 725926
    Chris PeBenito c0868a
    	dontaudit $1 usbfs_t:dir getattr_dir_perms;
    Chris PeBenito 725926
    ')
    Chris PeBenito 725926
    Chris PeBenito 725926
    ########################################
    Chris PeBenito 725926
    ## <summary>
    Chris PeBenito 414e41
    ##	Search the directory containing USB hardware information.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	The type of the process performing this action.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito 8bd678
    #
    Chris PeBenito 199895
    interface(`dev_search_usbfs',`
    Chris PeBenito 7a2f20
    	gen_require(`
    Chris PeBenito 7a2f20
    		type usbfs_t;
    Chris PeBenito 7a2f20
    	')
    Chris PeBenito 8bd678
    Chris PeBenito c0868a
    	search_dirs_pattern($1,usbfs_t,usbfs_t)
    Chris PeBenito 8bd678
    ')
    Chris PeBenito 8bd678
    Chris PeBenito 8bd678
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito 414e41
    ##	Allow caller to get a list of usb hardware.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	The process type getting the list.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito 8bd678
    #
    Chris PeBenito 199895
    interface(`dev_list_usbfs',`
    Chris PeBenito 7a2f20
    	gen_require(`
    Chris PeBenito 7a2f20
    		type usbfs_t;
    Chris PeBenito 7a2f20
    	')
    Chris PeBenito 8bd678
    Chris PeBenito c0868a
    	read_lnk_files_pattern($1,usbfs_t,usbfs_t)
    Chris PeBenito c0868a
    	getattr_files_pattern($1,usbfs_t,usbfs_t)
    Chris PeBenito c0868a
    Chris PeBenito c0868a
    	list_dirs_pattern($1,usbfs_t,usbfs_t)
    Chris PeBenito 8bd678
    ')
    Chris PeBenito 8bd678
    Chris PeBenito 8bd678
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito c655ec
    ##	Set the attributes of usbfs filesystem.
    Chris PeBenito c655ec
    ## </summary>
    Chris PeBenito c655ec
    ## <param name="domain">
    Chris PeBenito c655ec
    ##	<summary>
    Chris PeBenito c655ec
    ##	Domain allowed access.
    Chris PeBenito c655ec
    ##	</summary>
    Chris PeBenito c655ec
    ## </param>
    Chris PeBenito c655ec
    #
    Chris PeBenito c655ec
    interface(`dev_setattr_usbfs_files',`
    Chris PeBenito c655ec
    	gen_require(`
    Chris PeBenito c655ec
    		type usbfs_t;
    Chris PeBenito c655ec
    	')
    Chris PeBenito c655ec
    Chris PeBenito c0868a
    	setattr_files_pattern($1,usbfs_t,usbfs_t)
    Chris PeBenito c0868a
    	list_dirs_pattern($1,usbfs_t,usbfs_t)
    Chris PeBenito c655ec
    ')
    Chris PeBenito c655ec
    Chris PeBenito c655ec
    ########################################
    Chris PeBenito c655ec
    ## <summary>
    Chris PeBenito 414e41
    ##	Read USB hardware information using
    Chris PeBenito 414e41
    ##	the usbfs filesystem interface.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	The type of the process performing this action.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito 8bd678
    #
    Chris PeBenito 199895
    interface(`dev_read_usbfs',`
    Chris PeBenito 7a2f20
    	gen_require(`
    Chris PeBenito 7a2f20
    		type usbfs_t;
    Chris PeBenito 7a2f20
    	')
    Chris PeBenito 8bd678
    Chris PeBenito c0868a
    	read_files_pattern($1,usbfs_t,usbfs_t)
    Chris PeBenito c0868a
    	read_lnk_files_pattern($1,usbfs_t,usbfs_t)
    Chris PeBenito c0868a
    	list_dirs_pattern($1,usbfs_t,usbfs_t)
    Chris PeBenito 8bd678
    ')
    Chris PeBenito 8bd678
    Chris PeBenito 8bd678
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito 414e41
    ##	Allow caller to modify usb hardware configuration files.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 414e41
    ##	The process type modifying the options.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito 8bd678
    #
    Chris PeBenito 199895
    interface(`dev_rw_usbfs',`
    Chris PeBenito 7a2f20
    	gen_require(`
    Chris PeBenito 7a2f20
    		type usbfs_t;
    Chris PeBenito 7a2f20
    	')
    Chris PeBenito 8bd678
    Chris PeBenito c0868a
    	list_dirs_pattern($1,usbfs_t,usbfs_t)
    Chris PeBenito c0868a
    	rw_files_pattern($1,usbfs_t,usbfs_t)
    Chris PeBenito c0868a
    	read_lnk_files_pattern($1,usbfs_t,usbfs_t)
    Chris PeBenito 8bd678
    ')
    Chris PeBenito 8bd678
    Chris PeBenito 7a2f20
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito 414e41
    ##	Get the attributes of video4linux devices.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito fd89e1
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito 7a2f20
    #
    Chris PeBenito 199895
    interface(`dev_getattr_video_dev',`
    Chris PeBenito 7a2f20
    	gen_require(`
    Chris PeBenito 7a2f20
    		type device_t, v4l_device_t;
    Chris PeBenito 7a2f20
    	')
    Chris PeBenito 8bd678
    Chris PeBenito c0868a
    	getattr_chr_files_pattern($1,device_t,v4l_device_t)
    Chris PeBenito 7a2f20
    ')
    Chris PeBenito 7a2f20
    Chris PeBenito 7a2f20
    ########################################
    Chris PeBenito 414e41
    ## <summary>
    Chris PeBenito fd89e1
    ##	Do not audit attempts to get the attributes
    Chris PeBenito fd89e1
    ##	of video4linux device nodes.
    Chris PeBenito 414e41
    ## </summary>
    Chris PeBenito 414e41
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito fd89e1
    ##	Domain to not audit.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito fd89e1
    ## </param>
    Chris PeBenito fd89e1
    #
    Chris PeBenito fd89e1
    interface(`dev_dontaudit_getattr_video_dev',`
    Chris PeBenito fd89e1
    	gen_require(`
    Chris PeBenito fd89e1
    		type v4l_device_t;
    Chris PeBenito fd89e1
    	')
    Chris PeBenito fd89e1
    Chris PeBenito fd89e1
    	dontaudit $1 v4l_device_t:chr_file getattr;
    Chris PeBenito fd89e1
    ')
    Chris PeBenito fd89e1
    Chris PeBenito fd89e1
    ########################################
    Chris PeBenito fd89e1
    ## <summary>
    Chris PeBenito fd89e1
    ##	Set the attributes of video4linux device nodes.
    Chris PeBenito fd89e1
    ## </summary>
    Chris PeBenito fd89e1
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito fd89e1
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 414e41
    ## </param>
    Chris PeBenito 7a2f20
    #
    Chris PeBenito 199895
    interface(`dev_setattr_video_dev',`
    Chris PeBenito 7a2f20
    	gen_require(`
    Chris PeBenito 7a2f20
    		type device_t, v4l_device_t;
    Chris PeBenito 7a2f20
    	')
    Chris PeBenito 7a2f20
    Chris PeBenito c0868a
    	setattr_chr_files_pattern($1,device_t,v4l_device_t)
    Chris PeBenito 8bd678
    ')
    Chris PeBenito 8bd678
    Chris PeBenito fd89e1
    ########################################
    Chris PeBenito fd89e1
    ## <summary>
    Chris PeBenito fd89e1
    ##	Do not audit attempts to set the attributes
    Chris PeBenito fd89e1
    ##	of video4linux device nodes.
    Chris PeBenito fd89e1
    ## </summary>
    Chris PeBenito fd89e1
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito fd89e1
    ##	Domain to not audit.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito fd89e1
    ## </param>
    Chris PeBenito fd89e1
    #
    Chris PeBenito fd89e1
    interface(`dev_dontaudit_setattr_video_dev',`
    Chris PeBenito fd89e1
    	gen_require(`
    Chris PeBenito fd89e1
    		type v4l_device_t;
    Chris PeBenito fd89e1
    	')
    Chris PeBenito fd89e1
    Chris PeBenito fd89e1
    	dontaudit $1 v4l_device_t:chr_file setattr;
    Chris PeBenito fd89e1
    ')
    Chris PeBenito 9726b3
    Chris PeBenito 9726b3
    ########################################
    Chris PeBenito 9726b3
    ## <summary>
    Chris PeBenito 77b81c
    ##	Read the video4linux devices.
    Chris PeBenito 77b81c
    ## </summary>
    Chris PeBenito 77b81c
    ## <param name="domain">
    Chris PeBenito 77b81c
    ##	<summary>
    Chris PeBenito 77b81c
    ##	Domain allowed access.
    Chris PeBenito 77b81c
    ##	</summary>
    Chris PeBenito 77b81c
    ## </param>
    Chris PeBenito 77b81c
    #
    Chris PeBenito 77b81c
    interface(`dev_read_video_dev',`
    Chris PeBenito 77b81c
    	gen_require(`
    Chris PeBenito 77b81c
    		type device_t, v4l_device_t;
    Chris PeBenito 77b81c
    	')
    Chris PeBenito 77b81c
    Chris PeBenito c0868a
    	read_chr_files_pattern($1,device_t,v4l_device_t)
    Chris PeBenito 77b81c
    ')
    Chris PeBenito 77b81c
    Chris PeBenito 77b81c
    ########################################
    Chris PeBenito 77b81c
    ## <summary>
    Chris PeBenito 12217c
    ##	Write the video4linux devices.
    Chris PeBenito 12217c
    ## </summary>
    Chris PeBenito 12217c
    ## <param name="domain">
    Chris PeBenito 12217c
    ##	<summary>
    Chris PeBenito 12217c
    ##	Domain allowed access.
    Chris PeBenito 12217c
    ##	</summary>
    Chris PeBenito 12217c
    ## </param>
    Chris PeBenito 12217c
    #
    Chris PeBenito 12217c
    interface(`dev_write_video_dev',`
    Chris PeBenito 12217c
    	gen_require(`
    Chris PeBenito 12217c
    		type device_t, v4l_device_t;
    Chris PeBenito 12217c
    	')
    Chris PeBenito 12217c
    Chris PeBenito 12217c
    	write_chr_files_pattern($1,device_t,v4l_device_t)
    Chris PeBenito 12217c
    ')
    Chris PeBenito 12217c
    Chris PeBenito 12217c
    ########################################
    Chris PeBenito 12217c
    ## <summary>
    Chris PeBenito a6a638
    ##	Read and write VMWare devices.
    Chris PeBenito a6a638
    ## </summary>
    Chris PeBenito a6a638
    ## <param name="domain">
    Chris PeBenito a6a638
    ##	<summary>
    Chris PeBenito a6a638
    ##	Domain allowed access.
    Chris PeBenito a6a638
    ##	</summary>
    Chris PeBenito a6a638
    ## </param>
    Chris PeBenito a6a638
    #
    Chris PeBenito a6a638
    interface(`dev_rw_vmware',`
    Chris PeBenito a6a638
    	gen_require(`
    Chris PeBenito a6a638
    		type device_t, vmware_device_t;
    Chris PeBenito a6a638
    	')
    Chris PeBenito a6a638
    Chris PeBenito c0868a
    	rw_chr_files_pattern($1,device_t,vmware_device_t)
    Chris PeBenito a6a638
    ')
    Chris PeBenito a6a638
    Chris PeBenito a6a638
    ########################################
    Chris PeBenito a6a638
    ## <summary>
    Chris PeBenito 03d797
    ##	Read, write, and mmap VMWare devices.
    Chris PeBenito 03d797
    ## </summary>
    Chris PeBenito 03d797
    ## <param name="domain">
    Chris PeBenito 03d797
    ##	<summary>
    Chris PeBenito 03d797
    ##	Domain allowed access.
    Chris PeBenito 03d797
    ##	</summary>
    Chris PeBenito 03d797
    ## </param>
    Chris PeBenito 03d797
    #
    Chris PeBenito 03d797
    interface(`dev_rwx_vmware',`
    Chris PeBenito 03d797
    	gen_require(`
    Chris PeBenito 03d797
    		type device_t, vmware_device_t;
    Chris PeBenito 03d797
    	')
    Chris PeBenito 03d797
    Chris PeBenito c0868a
    	dev_rw_vmware($1)
    Chris PeBenito c0868a
    	allow $1 vmware_device_t:chr_file execute;
    Chris PeBenito 03d797
    ')
    Chris PeBenito 03d797
    Chris PeBenito 03d797
    ########################################
    Chris PeBenito 03d797
    ## <summary>
    Chris PeBenito d592b6
    ##	Write to watchdog devices.
    Chris PeBenito d592b6
    ## </summary>
    Chris PeBenito d592b6
    ## <param name="domain">
    Chris PeBenito d592b6
    ##	<summary>
    Chris PeBenito d592b6
    ##	Domain allowed access.
    Chris PeBenito d592b6
    ##	</summary>
    Chris PeBenito d592b6
    ## </param>
    Chris PeBenito d592b6
    #
    Chris PeBenito d592b6
    interface(`dev_write_watchdog',`
    Chris PeBenito d592b6
    	gen_require(`
    Chris PeBenito d592b6
    		type device_t, watchdog_device_t;
    Chris PeBenito d592b6
    	')
    Chris PeBenito d592b6
    Chris PeBenito c0868a
    	write_chr_files_pattern($1,device_t,watchdog_device_t)
    Chris PeBenito d592b6
    ')
    Chris PeBenito d592b6
    Chris PeBenito d592b6
    ########################################
    Chris PeBenito d592b6
    ## <summary>
    Chris PeBenito a3cf80
    ##	Read and write Xen devices.
    Chris PeBenito a3cf80
    ## </summary>
    Chris PeBenito a3cf80
    ## <param name="domain">
    Chris PeBenito a3cf80
    ##	<summary>
    Chris PeBenito a3cf80
    ##	Domain allowed access.
    Chris PeBenito a3cf80
    ##	</summary>
    Chris PeBenito a3cf80
    ## </param>
    Chris PeBenito a3cf80
    #
    Chris PeBenito a3cf80
    interface(`dev_rw_xen',`
    Chris PeBenito a3cf80
    	gen_require(`
    Chris PeBenito a3cf80
    		type device_t, xen_device_t;
    Chris PeBenito a3cf80
    	')
    Chris PeBenito a3cf80
    Chris PeBenito c0868a
    	rw_chr_files_pattern($1,device_t,xen_device_t)
    Chris PeBenito a3cf80
    ')
    Chris PeBenito a3cf80
    Chris PeBenito a3cf80
    ########################################
    Chris PeBenito a3cf80
    ## <summary>
    Chris PeBenito a3cf80
    ##	Create, read, write, and delete Xen devices.
    Chris PeBenito a3cf80
    ## </summary>
    Chris PeBenito a3cf80
    ## <param name="domain">
    Chris PeBenito a3cf80
    ##	<summary>
    Chris PeBenito a3cf80
    ##	Domain allowed access.
    Chris PeBenito a3cf80
    ##	</summary>
    Chris PeBenito a3cf80
    ## </param>
    Chris PeBenito a3cf80
    #
    Chris PeBenito a3cf80
    interface(`dev_manage_xen',`
    Chris PeBenito a3cf80
    	gen_require(`
    Chris PeBenito a3cf80
    		type device_t, xen_device_t;
    Chris PeBenito a3cf80
    	')
    Chris PeBenito a3cf80
    Chris PeBenito c0868a
    	manage_chr_files_pattern($1,device_t,xen_device_t)
    Chris PeBenito a3cf80
    ')
    Chris PeBenito a3cf80
    Chris PeBenito a3cf80
    ########################################
    Chris PeBenito a3cf80
    ## <summary>
    Chris PeBenito a3cf80
    ##	Automatic type transition to the type
    Chris PeBenito a3cf80
    ##	for xen device nodes when created in /dev.
    Chris PeBenito a3cf80
    ## </summary>
    Chris PeBenito a3cf80
    ## <param name="domain">
    Chris PeBenito a3cf80
    ##	<summary>
    Chris PeBenito a3cf80
    ##	Domain allowed access.
    Chris PeBenito a3cf80
    ##	</summary>
    Chris PeBenito a3cf80
    ## </param>
    Chris PeBenito a3cf80
    #
    Chris PeBenito a3cf80
    interface(`dev_filetrans_xen',`
    Chris PeBenito a3cf80
    	gen_require(`
    Chris PeBenito a3cf80
    		type device_t, xen_device_t;
    Chris PeBenito a3cf80
    	')
    Chris PeBenito a3cf80
    Chris PeBenito c0868a
    	filetrans_pattern($1,device_t,xen_device_t,chr_file)
    Chris PeBenito a3cf80
    ')
    Chris PeBenito a3cf80
    Chris PeBenito a3cf80
    ########################################
    Chris PeBenito a3cf80
    ## <summary>
    Chris PeBenito cf6a7d
    ##	Get the attributes of X server miscellaneous devices.
    Chris PeBenito cf6a7d
    ## </summary>
    Chris PeBenito cf6a7d
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito cf6a7d
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito cf6a7d
    ## </param>
    Chris PeBenito cf6a7d
    #
    Chris PeBenito cf6a7d
    interface(`dev_getattr_xserver_misc_dev',`
    Chris PeBenito cf6a7d
    	gen_require(`
    Chris PeBenito cf6a7d
    		type device_t, xserver_misc_device_t;
    Chris PeBenito cf6a7d
    	')
    Chris PeBenito cf6a7d
    Chris PeBenito c0868a
    	getattr_chr_files_pattern($1,device_t,xserver_misc_device_t)
    Chris PeBenito cf6a7d
    ')
    Chris PeBenito cf6a7d
    Chris PeBenito cf6a7d
    ########################################
    Chris PeBenito cf6a7d
    ## <summary>
    Chris PeBenito cf6a7d
    ##	Set the attributes of X server miscellaneous devices.
    Chris PeBenito cf6a7d
    ## </summary>
    Chris PeBenito cf6a7d
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito cf6a7d
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito cf6a7d
    ## </param>
    Chris PeBenito cf6a7d
    #
    Chris PeBenito cf6a7d
    interface(`dev_setattr_xserver_misc_dev',`
    Chris PeBenito cf6a7d
    	gen_require(`
    Chris PeBenito cf6a7d
    		type device_t, xserver_misc_device_t;
    Chris PeBenito cf6a7d
    	')
    Chris PeBenito cf6a7d
    Chris PeBenito c0868a
    	setattr_chr_files_pattern($1,device_t,xserver_misc_device_t)
    Chris PeBenito cf6a7d
    ')
    Chris PeBenito cf6a7d
    Chris PeBenito cf6a7d
    ########################################
    Chris PeBenito cf6a7d
    ## <summary>
    Chris PeBenito 2ce6b0
    ##	Read and write X server miscellaneous devices.
    Chris PeBenito 2ce6b0
    ## </summary>
    Chris PeBenito 2ce6b0
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 2ce6b0
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 2ce6b0
    ## </param>
    Chris PeBenito 2ce6b0
    #
    Chris PeBenito 207c47
    interface(`dev_rw_xserver_misc',`
    Chris PeBenito 2ce6b0
    	gen_require(`
    Chris PeBenito 2ce6b0
    		type device_t, xserver_misc_device_t;
    Chris PeBenito 2ce6b0
    	')
    Chris PeBenito 2ce6b0
    Chris PeBenito c0868a
    	rw_chr_files_pattern($1,device_t,xserver_misc_device_t)
    Chris PeBenito 2ce6b0
    ')
    Chris PeBenito 2ce6b0
    Chris PeBenito 2ce6b0
    ########################################
    Chris PeBenito 2ce6b0
    ## <summary>
    Chris PeBenito f136a9
    ##	Read and write to the zero device (/dev/zero).
    Chris PeBenito f136a9
    ## </summary>
    Chris PeBenito f136a9
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito f136a9
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito f136a9
    ## </param>
    Chris PeBenito f136a9
    #
    Chris PeBenito 207c47
    interface(`dev_rw_zero',`
    Chris PeBenito f136a9
    	gen_require(`
    Chris PeBenito f136a9
    		type device_t, zero_device_t;
    Chris PeBenito f136a9
    	')
    Chris PeBenito f136a9
    Chris PeBenito c0868a
    	rw_chr_files_pattern($1,device_t,zero_device_t)
    Chris PeBenito f136a9
    ')
    Chris PeBenito f136a9
    Chris PeBenito f136a9
    ########################################
    Chris PeBenito f136a9
    ## <summary>
    Chris PeBenito f136a9
    ##	Read, write, and execute the zero device (/dev/zero).
    Chris PeBenito f136a9
    ## </summary>
    Chris PeBenito f136a9
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito f136a9
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito f136a9
    ## </param>
    Chris PeBenito f136a9
    #
    Chris PeBenito 207c47
    interface(`dev_rwx_zero',`
    Chris PeBenito f136a9
    	gen_require(`
    Chris PeBenito f136a9
    		type zero_device_t;
    Chris PeBenito f136a9
    	')
    Chris PeBenito f136a9
    Chris PeBenito 207c47
    	dev_rw_zero($1)
    Chris PeBenito f136a9
    	allow $1 zero_device_t:chr_file execute;
    Chris PeBenito f136a9
    ')
    Chris PeBenito f136a9
    Chris PeBenito f136a9
    ########################################
    Chris PeBenito f136a9
    ## <summary>
    Chris PeBenito 77b81c
    ##	Execmod the zero device (/dev/zero).
    Chris PeBenito 77b81c
    ## </summary>
    Chris PeBenito 77b81c
    ## <param name="domain">
    Chris PeBenito 77b81c
    ##	<summary>
    Chris PeBenito 77b81c
    ##	Domain allowed access.
    Chris PeBenito 77b81c
    ##	</summary>
    Chris PeBenito 77b81c
    ## </param>
    Chris PeBenito 77b81c
    #
    Chris PeBenito 77b81c
    interface(`dev_execmod_zero',`
    Chris PeBenito 77b81c
    	gen_require(`
    Chris PeBenito 77b81c
    		type zero_device_t;
    Chris PeBenito 77b81c
    	')
    Chris PeBenito 77b81c
    Chris PeBenito 77b81c
    	dev_rw_zero($1)
    Chris PeBenito 77b81c
    	allow $1 zero_device_t:chr_file execmod;
    Chris PeBenito 77b81c
    ')
    Chris PeBenito 77b81c
    Chris PeBenito 77b81c
    ########################################
    Chris PeBenito 77b81c
    ## <summary>
    Chris PeBenito d15dd5
    ##	Create the zero device (/dev/zero).
    Chris PeBenito d15dd5
    ## </summary>
    Chris PeBenito d15dd5
    ## <param name="domain">
    Chris PeBenito d15dd5
    ##	<summary>
    Chris PeBenito d15dd5
    ##	Domain allowed access.
    Chris PeBenito d15dd5
    ##	</summary>
    Chris PeBenito d15dd5
    ## </param>
    Chris PeBenito d15dd5
    #
    Chris PeBenito d15dd5
    interface(`dev_create_zero_dev',`
    Chris PeBenito d15dd5
    	gen_require(`
    Chris PeBenito d15dd5
    		type device_t, zero_device_t;
    Chris PeBenito d15dd5
    	')
    Chris PeBenito d15dd5
    Chris PeBenito c0868a
    	create_chr_files_pattern($1,device_t,zero_device_t)
    Chris PeBenito d15dd5
    ')
    Chris PeBenito d15dd5
    Chris PeBenito d15dd5
    ########################################
    Chris PeBenito d15dd5
    ## <summary>
    Chris PeBenito 9726b3
    ##	Unconfined access to devices.
    Chris PeBenito 9726b3
    ## </summary>
    Chris PeBenito 9726b3
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 9726b3
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 9726b3
    ## </param>
    Chris PeBenito 9726b3
    #
    Chris PeBenito 9726b3
    interface(`dev_unconfined',`
    Chris PeBenito 9726b3
    	gen_require(`
    Chris PeBenito b518fc
    		attribute devices_unconfined_type;
    Chris PeBenito 9726b3
    	')
    Chris PeBenito 9726b3
    Chris PeBenito b518fc
    	typeattribute $1 devices_unconfined_type;
    Chris PeBenito 9726b3
    ')