|
Chris PeBenito |
3b857e |
## <module name="devices" layer="kernel">
|
|
Chris PeBenito |
3b857e |
## <summary>
|
|
Chris PeBenito |
3b857e |
## Policy for all devices except mass storage and terminal devices.
|
|
Chris PeBenito |
3b857e |
## </summary>
|
|
Chris PeBenito |
e181fe |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
bd202f |
# devices_make_device_node(type)
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
b4cd15 |
define(`devices_make_device_node',`
|
|
Chris PeBenito |
419699 |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
419699 |
|
|
Chris PeBenito |
419699 |
typeattribute $1 device_node;
|
|
Chris PeBenito |
419699 |
|
|
Chris PeBenito |
419699 |
filesystem_associate($1)
|
|
Chris PeBenito |
419699 |
|
|
Chris PeBenito |
419699 |
optional_policy(`distro_redhat',`
|
|
Chris PeBenito |
419699 |
filesystem_tmpfs_associate($1)
|
|
Chris PeBenito |
419699 |
')
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
define(`devices_make_device_node_depend',`
|
|
Chris PeBenito |
419699 |
attribute device_node;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
bd202f |
# devices_manage_all_devices_labels(domain)
|
|
Chris PeBenito |
ee5772 |
#
|
|
Chris PeBenito |
ee5772 |
define(`devices_manage_all_devices_labels',`
|
|
Chris PeBenito |
419699 |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
419699 |
|
|
Chris PeBenito |
419699 |
allow $1 device_node:dir { getattr relabelfrom };
|
|
Chris PeBenito |
419699 |
allow $1 device_node:file { getattr relabelfrom };
|
|
Chris PeBenito |
419699 |
allow $1 device_node:lnk_file { getattr relabelfrom };
|
|
Chris PeBenito |
419699 |
allow $1 device_node:fifo_file { getattr relabelfrom };
|
|
Chris PeBenito |
419699 |
allow $1 device_node:sock_file { getattr relabelfrom };
|
|
Chris PeBenito |
419699 |
allow $1 { device_t device_node }:blk_file { getattr relabelfrom relabelto };
|
|
Chris PeBenito |
419699 |
allow $1 { device_t device_node }:chr_file { getattr relabelfrom relabelto };
|
|
Chris PeBenito |
ee5772 |
')
|
|
Chris PeBenito |
ee5772 |
|
|
Chris PeBenito |
ee5772 |
define(`devices_manage_all_devices_labels_depend',`
|
|
Chris PeBenito |
419699 |
attribute device_node;
|
|
Chris PeBenito |
419699 |
|
|
Chris PeBenito |
419699 |
type device_t;
|
|
Chris PeBenito |
419699 |
|
|
Chris PeBenito |
419699 |
class dir { getattr relabelfrom };
|
|
Chris PeBenito |
419699 |
class file { getattr relabelfrom };
|
|
Chris PeBenito |
419699 |
class lnk_file { getattr relabelfrom };
|
|
Chris PeBenito |
419699 |
class fifo_file { getattr relabelfrom };
|
|
Chris PeBenito |
419699 |
class sock_file { getattr relabelfrom };
|
|
Chris PeBenito |
419699 |
class blk_file { getattr relabelfrom relabelto };
|
|
Chris PeBenito |
419699 |
class chr_file { getattr relabelfrom relabelto };
|
|
Chris PeBenito |
ee5772 |
')
|
|
Chris PeBenito |
ee5772 |
|
|
Chris PeBenito |
ee5772 |
########################################
|
|
Chris PeBenito |
ee5772 |
#
|
|
Chris PeBenito |
bd202f |
# devices_list_device_nodes(domain)
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
b4cd15 |
define(`devices_list_device_nodes',`
|
|
Chris PeBenito |
419699 |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
419699 |
|
|
Chris PeBenito |
419699 |
allow $1 device_t:dir r_dir_perms;
|
|
Chris PeBenito |
419699 |
allow $1 device_t:lnk_file { getattr read };
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
define(`devices_list_device_nodes_depend',`
|
|
Chris PeBenito |
419699 |
type device_t;
|
|
Chris PeBenito |
419699 |
|
|
Chris PeBenito |
419699 |
class dir r_dir_perms;
|
|
Chris PeBenito |
419699 |
class lnk_file { getattr read };
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
bd202f |
# devices_ignore_list_device_nodes(domain)
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
b4cd15 |
define(`devices_ignore_list_device_nodes',`
|
|
Chris PeBenito |
419699 |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
419699 |
|
|
Chris PeBenito |
419699 |
dontaudit $1 device_t:dir r_dir_perms;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
define(`devices_ignore_list_device_nodes_depend',`
|
|
Chris PeBenito |
419699 |
type device_t;
|
|
Chris PeBenito |
419699 |
|
|
Chris PeBenito |
419699 |
class dir r_dir_perms;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
c3dff2 |
########################################
|
|
Chris PeBenito |
c3dff2 |
#
|
|
Chris PeBenito |
129318 |
# devices_add_dev_dir(domain)
|
|
Chris PeBenito |
129318 |
#
|
|
Chris PeBenito |
129318 |
define(`devices_add_dev_dir',`
|
|
Chris PeBenito |
419699 |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
419699 |
|
|
Chris PeBenito |
419699 |
allow $1 device_t:dir { ra_dir_perms create };
|
|
Chris PeBenito |
129318 |
')
|
|
Chris PeBenito |
129318 |
|
|
Chris PeBenito |
129318 |
define(`devices_add_dev_dir_depend',`
|
|
Chris PeBenito |
419699 |
type device_t;
|
|
Chris PeBenito |
419699 |
|
|
Chris PeBenito |
419699 |
class dir { ra_dir_perms create };
|
|
Chris PeBenito |
129318 |
')
|
|
Chris PeBenito |
129318 |
|
|
Chris PeBenito |
129318 |
########################################
|
|
Chris PeBenito |
129318 |
#
|
|
Chris PeBenito |
f5c42b |
# devices_ignore_get_generic_pipe_attributes(domain)
|
|
Chris PeBenito |
f5c42b |
#
|
|
Chris PeBenito |
f5c42b |
define(`devices_ignore_get_generic_pipe_attributes',`
|
|
Chris PeBenito |
419699 |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
419699 |
|
|
Chris PeBenito |
419699 |
dontaudit $1 device_t:fifo_file getattr;
|
|
Chris PeBenito |
f5c42b |
')
|
|
Chris PeBenito |
f5c42b |
|
|
Chris PeBenito |
f5c42b |
define(`devices_ignore_get_generic_pipe_attributes_depend',`
|
|
Chris PeBenito |
419699 |
type device_t;
|
|
Chris PeBenito |
419699 |
|
|
Chris PeBenito |
419699 |
class fifo_file getattr;
|
|
Chris PeBenito |
f5c42b |
')
|
|
Chris PeBenito |
f5c42b |
|
|
Chris PeBenito |
f5c42b |
########################################
|
|
Chris PeBenito |
f5c42b |
#
|
|
Chris PeBenito |
c3dff2 |
# devices_get_generic_block_device_attributes(domain)
|
|
Chris PeBenito |
c3dff2 |
#
|
|
Chris PeBenito |
c3dff2 |
define(`devices_get_generic_block_device_attributes',`
|
|
Chris PeBenito |
419699 |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
419699 |
|
|
Chris PeBenito |
419699 |
allow $1 device_t:dir r_dir_perms;
|
|
Chris PeBenito |
419699 |
allow $1 device_t:blk_file getattr;
|
|
Chris PeBenito |
c3dff2 |
')
|
|
Chris PeBenito |
c3dff2 |
|
|
Chris PeBenito |
c3dff2 |
define(`devices_get_generic_block_device_attributes_depend',`
|
|
Chris PeBenito |
419699 |
type device_t;
|
|
Chris PeBenito |
419699 |
|
|
Chris PeBenito |
419699 |
class dir r_dir_perms;
|
|
Chris PeBenito |
419699 |
class blk_file getattr;
|
|
Chris PeBenito |
c3dff2 |
')
|
|
Chris PeBenito |
7bba9d |
|
|
Chris PeBenito |
7bba9d |
########################################
|
|
Chris PeBenito |
7bba9d |
#
|
|
Chris PeBenito |
7bba9d |
# devices_ignore_get_generic_block_device_attributes(domain)
|
|
Chris PeBenito |
7bba9d |
#
|
|
Chris PeBenito |
7bba9d |
define(`devices_ignore_get_generic_block_device_attributes',`
|
|
Chris PeBenito |
419699 |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
419699 |
|
|
Chris PeBenito |
419699 |
dontaudit $1 device_t:blk_file getattr;
|
|
Chris PeBenito |
7bba9d |
')
|
|
Chris PeBenito |
7bba9d |
|
|
Chris PeBenito |
7bba9d |
define(`devices_ignore_get_generic_block_device_attributes_depend',`
|
|
Chris PeBenito |
419699 |
type device_t;
|
|
Chris PeBenito |
419699 |
|
|
Chris PeBenito |
419699 |
class blk_file getattr;
|
|
Chris PeBenito |
7bba9d |
')
|
|
Chris PeBenito |
7bba9d |
|
|
Chris PeBenito |
7bba9d |
########################################
|
|
Chris PeBenito |
7bba9d |
#
|
|
Chris PeBenito |
d115b2 |
# devices_manage_generic_block_device(domain)
|
|
Chris PeBenito |
d115b2 |
#
|
|
Chris PeBenito |
d115b2 |
define(`devices_manage_generic_block_device',`
|
|
Chris PeBenito |
419699 |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
419699 |
|
|
Chris PeBenito |
419699 |
allow $1 device_t:dir rw_dir_perms;
|
|
Chris PeBenito |
419699 |
allow $1 device_t:blk_file create_file_perms;
|
|
Chris PeBenito |
d115b2 |
')
|
|
Chris PeBenito |
d115b2 |
|
|
Chris PeBenito |
d115b2 |
define(`devices_manage_generic_block_device_depend',`
|
|
Chris PeBenito |
419699 |
type device_t;
|
|
Chris PeBenito |
419699 |
|
|
Chris PeBenito |
419699 |
class blk_file create_file_perms;
|
|
Chris PeBenito |
d115b2 |
')
|
|
Chris PeBenito |
d115b2 |
|
|
Chris PeBenito |
d115b2 |
########################################
|
|
Chris PeBenito |
d115b2 |
#
|
|
Chris PeBenito |
f5c42b |
# devices_add_generic_character_device(domain)
|
|
Chris PeBenito |
f5c42b |
#
|
|
Chris PeBenito |
f5c42b |
define(`devices_add_generic_character_device',`
|
|
Chris PeBenito |
419699 |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
419699 |
|
|
Chris PeBenito |
419699 |
allow $1 device_t:dir { getattr search read write add_name };
|
|
Chris PeBenito |
419699 |
allow $1 device_t:chr_file create;
|
|
Chris PeBenito |
419699 |
|
|
Chris PeBenito |
419699 |
allow $1 self:capability mknod;
|
|
Chris PeBenito |
f5c42b |
')
|
|
Chris PeBenito |
f5c42b |
|
|
Chris PeBenito |
f5c42b |
define(`devices_add_generic_character_device_depend',`
|
|
Chris PeBenito |
419699 |
type device_t;
|
|
Chris PeBenito |
419699 |
|
|
Chris PeBenito |
419699 |
class dir { getattr search read write add_name };
|
|
Chris PeBenito |
419699 |
class chr_file create;
|
|
Chris PeBenito |
419699 |
class capability mknod;
|
|
Chris PeBenito |
f5c42b |
')
|
|
Chris PeBenito |
f5c42b |
|
|
Chris PeBenito |
f5c42b |
########################################
|
|
Chris PeBenito |
f5c42b |
#
|
|
Chris PeBenito |
c3dff2 |
# devices_get_generic_character_device_attributes(domain)
|
|
Chris PeBenito |
c3dff2 |
#
|
|
Chris PeBenito |
c3dff2 |
define(`devices_get_generic_character_device_attributes',`
|
|
Chris PeBenito |
419699 |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
419699 |
|
|
Chris PeBenito |
419699 |
allow $1 device_t:dir r_dir_perms;
|
|
Chris PeBenito |
419699 |
allow $1 device_t:chr_file getattr;
|
|
Chris PeBenito |
c3dff2 |
')
|
|
Chris PeBenito |
c3dff2 |
|
|
Chris PeBenito |
c3dff2 |
define(`devices_get_generic_character_device_attributes_depend',`
|
|
Chris PeBenito |
419699 |
type device_t;
|
|
Chris PeBenito |
419699 |
|
|
Chris PeBenito |
419699 |
class dir r_dir_perms;
|
|
Chris PeBenito |
419699 |
class chr_file getattr;
|
|
Chris PeBenito |
c3dff2 |
')
|
|
Chris PeBenito |
c3dff2 |
|
|
Chris PeBenito |
c3dff2 |
########################################
|
|
Chris PeBenito |
c3dff2 |
#
|
|
Chris PeBenito |
7bba9d |
# devices_ignore_get_generic_character_device_attributes(domain)
|
|
Chris PeBenito |
7bba9d |
#
|
|
Chris PeBenito |
7bba9d |
define(`devices_ignore_get_generic_character_device_attributes',`
|
|
Chris PeBenito |
419699 |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
419699 |
|
|
Chris PeBenito |
419699 |
dontaudit $1 device_t:chr_file getattr;
|
|
Chris PeBenito |
7bba9d |
')
|
|
Chris PeBenito |
7bba9d |
|
|
Chris PeBenito |
7bba9d |
define(`devices_ignore_get_generic_character_device_attributes_depend',`
|
|
Chris PeBenito |
419699 |
type device_t;
|
|
Chris PeBenito |
419699 |
|
|
Chris PeBenito |
419699 |
class chr_file getattr;
|
|
Chris PeBenito |
7bba9d |
')
|
|
Chris PeBenito |
7bba9d |
|
|
Chris PeBenito |
7bba9d |
########################################
|
|
Chris PeBenito |
dc771f |
## <interface name="devices_remove_dev_symbolic_links">
|
|
Chris PeBenito |
dc771f |
## <description>
|
|
Chris PeBenito |
dc771f |
## Delete symbolic links in /dev.
|
|
Chris PeBenito |
dc771f |
## </description>
|
|
Chris PeBenito |
dc771f |
## <parameter name="domain">
|
|
Chris PeBenito |
dc771f |
## The type of the process performing this action.
|
|
Chris PeBenito |
dc771f |
## </parameter>
|
|
Chris PeBenito |
dc771f |
## <infoflow type="write" weight="1"/>
|
|
Chris PeBenito |
dc771f |
## </interface>
|
|
Chris PeBenito |
dc771f |
#
|
|
Chris PeBenito |
dc771f |
define(`devices_remove_dev_symbolic_links',`
|
|
Chris PeBenito |
419699 |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
419699 |
|
|
Chris PeBenito |
419699 |
allow $1 device_t:dir { getattr read write remove_name };
|
|
Chris PeBenito |
419699 |
allow $1 device_t:lnk_file unlink;
|
|
Chris PeBenito |
dc771f |
')
|
|
Chris PeBenito |
dc771f |
|
|
Chris PeBenito |
dc771f |
define(`devices_remove_dev_symbolic_links_depend',`
|
|
Chris PeBenito |
419699 |
attribute device_node, memory_raw_read, memory_raw_write;
|
|
Chris PeBenito |
419699 |
|
|
Chris PeBenito |
419699 |
type device_t;
|
|
Chris PeBenito |
419699 |
|
|
Chris PeBenito |
419699 |
class dir { getattr read write remove_name };
|
|
Chris PeBenito |
419699 |
class lnk_file unlink;
|
|
Chris PeBenito |
dc771f |
')
|
|
Chris PeBenito |
dc771f |
|
|
Chris PeBenito |
dc771f |
########################################
|
|
Chris PeBenito |
7bba9d |
#
|
|
Chris PeBenito |
7bba9d |
# devices_manage_dev_symbolic_links(domain)
|
|
Chris PeBenito |
7bba9d |
#
|
|
Chris PeBenito |
7bba9d |
define(`devices_manage_dev_symbolic_links',`
|
|
Chris PeBenito |
419699 |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
419699 |
|
|
Chris PeBenito |
419699 |
allow $1 device_t:dir { create read getattr lock setattr ioctl link unlink rename search add_name remove_name reparent write rmdir relabelfrom relabelto };
|
|
Chris PeBenito |
419699 |
allow $1 device_t:lnk_file { create read getattr setattr link unlink rename };
|
|
Chris PeBenito |
7bba9d |
')
|
|
Chris PeBenito |
7bba9d |
|
|
Chris PeBenito |
7bba9d |
define(`devices_manage_dev_symbolic_links_depend',`
|
|
Chris PeBenito |
419699 |
type device_t;
|
|
Chris PeBenito |
419699 |
|
|
Chris PeBenito |
419699 |
class dir { create read getattr lock setattr ioctl link unlink rename search add_name remove_name reparent write rmdir relabelfrom relabelto };
|
|
Chris PeBenito |
419699 |
class lnk_file { create read getattr setattr link unlink rename };
|
|
Chris PeBenito |
7bba9d |
')
|
|
Chris PeBenito |
7bba9d |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
bd202f |
# devices_manage_device_nodes(domain)
|
|
Chris PeBenito |
07d6e3 |
#
|
|
Chris PeBenito |
07d6e3 |
define(`devices_manage_device_nodes',`
|
|
Chris PeBenito |
0c73cd |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 device_t:dir { create read getattr lock setattr ioctl link unlink rename search add_name remove_name reparent write rmdir relabelfrom relabelto };
|
|
Chris PeBenito |
0c73cd |
allow $1 device_t:sock_file { create ioctl read getattr lock write setattr append link unlink rename };
|
|
Chris PeBenito |
0c73cd |
allow $1 device_t:lnk_file { create read getattr setattr link unlink rename };
|
|
Chris PeBenito |
0c73cd |
allow $1 device_t:{ chr_file blk_file } { create ioctl read getattr lock write setattr append link unlink rename relabelfrom relabelto };
|
|
Chris PeBenito |
0c73cd |
allow $1 device_node:{ chr_file blk_file } { create ioctl read getattr lock write setattr append link unlink rename relabelfrom relabelto };
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
# these next rules are to satisfy assertions broken by the above lines.
|
|
Chris PeBenito |
0c73cd |
# the permissions hopefully can be cut back a lot
|
|
Chris PeBenito |
0c73cd |
storage_raw_read_fixed_disk($1)
|
|
Chris PeBenito |
0c73cd |
storage_raw_write_fixed_disk($1)
|
|
Chris PeBenito |
0c73cd |
storage_read_scsi_generic($1)
|
|
Chris PeBenito |
0c73cd |
storage_write_scsi_generic($1)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
typeattribute $1 memory_raw_read;
|
|
Chris PeBenito |
0c73cd |
typeattribute $1 memory_raw_write;
|
|
Chris PeBenito |
07d6e3 |
')
|
|
Chris PeBenito |
07d6e3 |
|
|
Chris PeBenito |
07d6e3 |
define(`devices_manage_device_nodes_depend',`
|
|
Chris PeBenito |
0c73cd |
attribute device_node, memory_raw_read, memory_raw_write;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
type device_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class dir { create read getattr lock setattr ioctl link unlink rename search add_name remove_name reparent write rmdir relabelfrom relabelto };
|
|
Chris PeBenito |
0c73cd |
class sock_file { create ioctl read getattr lock write setattr append link unlink rename };
|
|
Chris PeBenito |
0c73cd |
class lnk_file { create read getattr setattr link unlink rename };
|
|
Chris PeBenito |
0c73cd |
class chr_file { create ioctl read getattr lock write setattr append link unlink rename relabelfrom relabelto };
|
|
Chris PeBenito |
0c73cd |
class blk_file { create ioctl read getattr lock write setattr append link unlink rename relabelfrom relabelto };
|
|
Chris PeBenito |
07d6e3 |
')
|
|
Chris PeBenito |
07d6e3 |
|
|
Chris PeBenito |
07d6e3 |
########################################
|
|
Chris PeBenito |
07d6e3 |
#
|
|
Chris PeBenito |
bd202f |
# devices_ignore_modify_generic_devices(domain)
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
b4cd15 |
define(`devices_ignore_modify_generic_devices',`
|
|
Chris PeBenito |
0c73cd |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
dontaudit $1 device_t:{ chr_file blk_file } { getattr read write ioctl };
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
define(`devices_ignore_modify_generic_devices_depend',`
|
|
Chris PeBenito |
0c73cd |
type device_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class chr_file { getattr read write ioctl };
|
|
Chris PeBenito |
0c73cd |
class blk_file { getattr read write ioctl };
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
32e53a |
# devices_manage_generic_block_devices(domain)
|
|
Chris PeBenito |
32e53a |
#
|
|
Chris PeBenito |
32e53a |
define(`devices_manage_generic_block_devices',`
|
|
Chris PeBenito |
0c73cd |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 device_t:dir rw_dir_perms;
|
|
Chris PeBenito |
0c73cd |
allow $1 device_t:blk_file create_file_perms;
|
|
Chris PeBenito |
32e53a |
')
|
|
Chris PeBenito |
32e53a |
|
|
Chris PeBenito |
32e53a |
define(`devices_manage_generic_block_devices_depend',`
|
|
Chris PeBenito |
0c73cd |
type device_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class dir rw_dir_perms;
|
|
Chris PeBenito |
0c73cd |
class blk_file create_file_perms;
|
|
Chris PeBenito |
32e53a |
')
|
|
Chris PeBenito |
32e53a |
|
|
Chris PeBenito |
32e53a |
########################################
|
|
Chris PeBenito |
32e53a |
#
|
|
Chris PeBenito |
32e53a |
# devices_manage_generic_character_devices(domain)
|
|
Chris PeBenito |
32e53a |
#
|
|
Chris PeBenito |
32e53a |
define(`devices_manage_generic_character_devices',`
|
|
Chris PeBenito |
0c73cd |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 device_t:dir rw_dir_perms;
|
|
Chris PeBenito |
0c73cd |
allow $1 device_t:chr_file create_file_perms;
|
|
Chris PeBenito |
32e53a |
')
|
|
Chris PeBenito |
32e53a |
|
|
Chris PeBenito |
32e53a |
define(`devices_manage_generic_character_devices_depend',`
|
|
Chris PeBenito |
0c73cd |
type device_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class dir rw_dir_perms;
|
|
Chris PeBenito |
0c73cd |
class chr_file create_file_perms;
|
|
Chris PeBenito |
32e53a |
')
|
|
Chris PeBenito |
32e53a |
|
|
Chris PeBenito |
32e53a |
########################################
|
|
Chris PeBenito |
32e53a |
#
|
|
Chris PeBenito |
bd202f |
# devices_create_dev_entry(domain,file,objectclass(es))
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
b4cd15 |
define(`devices_create_dev_entry',`
|
|
Chris PeBenito |
0c73cd |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 device_t:dir rw_dir_perms;
|
|
Chris PeBenito |
0c73cd |
type_transition $1 device_t:$3 $2;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
optional_policy(`distro_redhat',`
|
|
Chris PeBenito |
0c73cd |
filesystem_tmpfs_associate($2)
|
|
Chris PeBenito |
0c73cd |
')
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
define(`devices_set_dev_entry_depend',`
|
|
Chris PeBenito |
0c73cd |
type device_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class dir rw_dir_perms;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
bd202f |
# devices_get_all_block_device_attributes(domain)
|
|
Chris PeBenito |
8a0da1 |
#
|
|
Chris PeBenito |
8a0da1 |
define(`devices_get_all_block_device_attributes',`
|
|
Chris PeBenito |
0c73cd |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 device_t:dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
allow $1 device_node:blk_file getattr;
|
|
Chris PeBenito |
8a0da1 |
')
|
|
Chris PeBenito |
8a0da1 |
|
|
Chris PeBenito |
8a0da1 |
define(`devices_get_all_block_device_attributes_depend',`
|
|
Chris PeBenito |
0c73cd |
attribute device_node;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class blk_file getattr;
|
|
Chris PeBenito |
0c73cd |
class dir r_dir_perms;
|
|
Chris PeBenito |
7bba9d |
')
|
|
Chris PeBenito |
7bba9d |
|
|
Chris PeBenito |
7bba9d |
########################################
|
|
Chris PeBenito |
7bba9d |
#
|
|
Chris PeBenito |
7bba9d |
# devices_ignore_get_all_block_device_attributes(domain)
|
|
Chris PeBenito |
7bba9d |
#
|
|
Chris PeBenito |
7bba9d |
define(`devices_ignore_get_all_block_device_attributes',`
|
|
Chris PeBenito |
0c73cd |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 device_node:blk_file getattr;
|
|
Chris PeBenito |
7bba9d |
')
|
|
Chris PeBenito |
7bba9d |
|
|
Chris PeBenito |
7bba9d |
define(`devices_ignore_get_all_block_device_attributes_depend',`
|
|
Chris PeBenito |
0c73cd |
attribute device_node;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class blk_file getattr;
|
|
Chris PeBenito |
8a0da1 |
')
|
|
Chris PeBenito |
8a0da1 |
|
|
Chris PeBenito |
8a0da1 |
########################################
|
|
Chris PeBenito |
8a0da1 |
#
|
|
Chris PeBenito |
bd202f |
# devices_get_all_character_device_attributes(domain)
|
|
Chris PeBenito |
8a0da1 |
#
|
|
Chris PeBenito |
8a0da1 |
define(`devices_get_all_character_device_attributes',`
|
|
Chris PeBenito |
0c73cd |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 device_t:dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
allow $1 device_node:chr_file getattr;
|
|
Chris PeBenito |
8a0da1 |
')
|
|
Chris PeBenito |
8a0da1 |
|
|
Chris PeBenito |
8a0da1 |
define(`devices_get_all_character_device_attributes_depend',`
|
|
Chris PeBenito |
0c73cd |
attribute device_node;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class chr_file getattr;
|
|
Chris PeBenito |
0c73cd |
class dir r_dir_perms;
|
|
Chris PeBenito |
7bba9d |
')
|
|
Chris PeBenito |
7bba9d |
|
|
Chris PeBenito |
7bba9d |
########################################
|
|
Chris PeBenito |
7bba9d |
#
|
|
Chris PeBenito |
7bba9d |
# devices_ignore_get_all_character_device_attributes(domain)
|
|
Chris PeBenito |
7bba9d |
#
|
|
Chris PeBenito |
7bba9d |
define(`devices_ignore_get_all_character_device_attributes',`
|
|
Chris PeBenito |
0c73cd |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
dontaudit $1 device_node:chr_file getattr;
|
|
Chris PeBenito |
7bba9d |
')
|
|
Chris PeBenito |
7bba9d |
|
|
Chris PeBenito |
7bba9d |
define(`devices_ignore_get_all_character_device_attributes_depend',`
|
|
Chris PeBenito |
0c73cd |
attribute device_node;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class chr_file getattr;
|
|
Chris PeBenito |
8a0da1 |
')
|
|
Chris PeBenito |
8a0da1 |
|
|
Chris PeBenito |
8a0da1 |
########################################
|
|
Chris PeBenito |
8a0da1 |
#
|
|
Chris PeBenito |
bd202f |
# devices_set_all_block_device_attributes(domain)
|
|
Chris PeBenito |
8a0da1 |
#
|
|
Chris PeBenito |
8a0da1 |
define(`devices_set_all_block_device_attributes',`
|
|
Chris PeBenito |
0c73cd |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 device_t:dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
allow $1 device_node:blk_file setattr;
|
|
Chris PeBenito |
8a0da1 |
')
|
|
Chris PeBenito |
8a0da1 |
|
|
Chris PeBenito |
8a0da1 |
define(`devices_set_all_block_device_attributes_depend',`
|
|
Chris PeBenito |
0c73cd |
attribute device_node;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
class blk_file setattr;
|
|
Chris PeBenito |
8a0da1 |
')
|
|
Chris PeBenito |
8a0da1 |
|
|
Chris PeBenito |
8a0da1 |
########################################
|
|
Chris PeBenito |
8a0da1 |
#
|
|
Chris PeBenito |
bd202f |
# devices_set_all_character_device_attributes(domain)
|
|
Chris PeBenito |
8a0da1 |
#
|
|
Chris PeBenito |
8a0da1 |
define(`devices_set_all_character_device_attributes',`
|
|
Chris PeBenito |
0c73cd |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 device_t:dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
allow $1 device_node:chr_file setattr;
|
|
Chris PeBenito |
8a0da1 |
')
|
|
Chris PeBenito |
8a0da1 |
|
|
Chris PeBenito |
8a0da1 |
define(`devices_set_all_character_device_attributes_depend',`
|
|
Chris PeBenito |
0c73cd |
attribute device_node;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
class chr_file setattr;
|
|
Chris PeBenito |
8a0da1 |
')
|
|
Chris PeBenito |
8a0da1 |
|
|
Chris PeBenito |
8a0da1 |
########################################
|
|
Chris PeBenito |
8a0da1 |
#
|
|
Chris PeBenito |
32e53a |
# devices_manage_all_block_devices(domain)
|
|
Chris PeBenito |
32e53a |
#
|
|
Chris PeBenito |
32e53a |
define(`devices_manage_all_block_devices',`
|
|
Chris PeBenito |
0c73cd |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 device_t:dir rw_dir_perms;
|
|
Chris PeBenito |
0c73cd |
allow $1 device_node:blk_file create_file_perms;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
# these next rules are to satisfy assertions broken by the above lines.
|
|
Chris PeBenito |
0c73cd |
storage_raw_read_fixed_disk($1)
|
|
Chris PeBenito |
0c73cd |
storage_raw_write_fixed_disk($1)
|
|
Chris PeBenito |
0c73cd |
storage_read_scsi_generic($1)
|
|
Chris PeBenito |
0c73cd |
storage_write_scsi_generic($1)
|
|
Chris PeBenito |
32e53a |
')
|
|
Chris PeBenito |
32e53a |
|
|
Chris PeBenito |
32e53a |
define(`devices_manage_generic_block_devices_depend',`
|
|
Chris PeBenito |
0c73cd |
attribute device_node;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class dir rw_dir_perms;
|
|
Chris PeBenito |
0c73cd |
class blk_file create_file_perms;
|
|
Chris PeBenito |
32e53a |
')
|
|
Chris PeBenito |
32e53a |
|
|
Chris PeBenito |
32e53a |
########################################
|
|
Chris PeBenito |
32e53a |
#
|
|
Chris PeBenito |
32e53a |
# devices_manage_all_character_devices(domain)
|
|
Chris PeBenito |
32e53a |
#
|
|
Chris PeBenito |
32e53a |
define(`devices_manage_all_character_devices',`
|
|
Chris PeBenito |
0c73cd |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 device_t:dir rw_dir_perms;
|
|
Chris PeBenito |
0c73cd |
allow $1 device_node:chr_file create_file_perms;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
typeattribute $1 memory_raw_read, memory_raw_write;
|
|
Chris PeBenito |
32e53a |
')
|
|
Chris PeBenito |
32e53a |
|
|
Chris PeBenito |
32e53a |
define(`devices_manage_all_character_devices_depend',`
|
|
Chris PeBenito |
0c73cd |
attribute device_node, memory_raw_read, memory_raw_write;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class dir rw_dir_perms;
|
|
Chris PeBenito |
0c73cd |
class chr_file create_file_perms;
|
|
Chris PeBenito |
32e53a |
')
|
|
Chris PeBenito |
32e53a |
|
|
Chris PeBenito |
32e53a |
########################################
|
|
Chris PeBenito |
32e53a |
#
|
|
Chris PeBenito |
bd202f |
# devices_raw_read_memory(domain)
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
b4cd15 |
define(`devices_raw_read_memory',`
|
|
Chris PeBenito |
0c73cd |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 device_t:dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
allow $1 memory_device_t:chr_file r_file_perms;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 self:capability sys_rawio;
|
|
Chris PeBenito |
0c73cd |
typeattribute $1 memory_raw_read;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
define(`devices_raw_read_memory_depend',`
|
|
Chris PeBenito |
b4cd15 |
type device_t, memory_device_t;
|
|
Chris PeBenito |
b4cd15 |
attribute memory_raw_read;
|
|
Chris PeBenito |
4bf4ed |
class dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
class chr_file r_file_perms;
|
|
Chris PeBenito |
f0872d |
class capability sys_rawio;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
bd202f |
# devices_raw_write_memory(domain)
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
b4cd15 |
define(`devices_raw_write_memory',`
|
|
Chris PeBenito |
0c73cd |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 device_t:dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
allow $1 memory_device_t:chr_file write;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 self:capability sys_rawio;
|
|
Chris PeBenito |
0c73cd |
typeattribute $1 memory_raw_write;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
define(`devices_raw_write_memory_depend',`
|
|
Chris PeBenito |
b4cd15 |
type device_t, memory_device_t;
|
|
Chris PeBenito |
b4cd15 |
attribute memory_raw_write;
|
|
Chris PeBenito |
4bf4ed |
class dir r_dir_perms;
|
|
Chris PeBenito |
b4cd15 |
class chr_file write;
|
|
Chris PeBenito |
f0872d |
class capability sys_rawio;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
f5c42b |
# devices_legacy_raw_read_memory(domain)
|
|
Chris PeBenito |
f5c42b |
#
|
|
Chris PeBenito |
f5c42b |
define(`devices_legacy_raw_read_memory',`
|
|
Chris PeBenito |
0c73cd |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
devices_raw_read_memory($1)
|
|
Chris PeBenito |
0c73cd |
allow $1 memory_device_t:chr_file execute;
|
|
Chris PeBenito |
f5c42b |
')
|
|
Chris PeBenito |
f5c42b |
|
|
Chris PeBenito |
f5c42b |
define(`devices_legacy_raw_read_memory_depend',`
|
|
Chris PeBenito |
0c73cd |
type device_t, memory_device_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class chr_file execute;
|
|
Chris PeBenito |
f5c42b |
')
|
|
Chris PeBenito |
f5c42b |
|
|
Chris PeBenito |
f5c42b |
########################################
|
|
Chris PeBenito |
f5c42b |
#
|
|
Chris PeBenito |
f5c42b |
# devices_legacy_raw_write_memory(domain)
|
|
Chris PeBenito |
f5c42b |
#
|
|
Chris PeBenito |
f5c42b |
define(`devices_legacy_raw_write_memory',`
|
|
Chris PeBenito |
0c73cd |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
devices_raw_write_memory($1)
|
|
Chris PeBenito |
0c73cd |
allow $1 memory_device_t:chr_file execute;
|
|
Chris PeBenito |
f5c42b |
')
|
|
Chris PeBenito |
f5c42b |
|
|
Chris PeBenito |
f5c42b |
define(`devices_legacy_raw_write_memory_depend',`
|
|
Chris PeBenito |
0c73cd |
type device_t, memory_device_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class chr_file execute;
|
|
Chris PeBenito |
f5c42b |
')
|
|
Chris PeBenito |
f5c42b |
|
|
Chris PeBenito |
f5c42b |
########################################
|
|
Chris PeBenito |
f5c42b |
#
|
|
Chris PeBenito |
bd202f |
# devices_get_random_data(domain)
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
b4cd15 |
define(`devices_get_random_data',`
|
|
Chris PeBenito |
0c73cd |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 device_t:dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
allow $1 random_device_t:chr_file r_file_perms;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
define(`devices_get_random_data_depend',`
|
|
Chris PeBenito |
0c73cd |
type device_t, random_device_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
class chr_file r_file_perms;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
bd202f |
# devices_get_pseudorandom_data(domain)
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
b4cd15 |
define(`devices_get_pseudorandom_data',`
|
|
Chris PeBenito |
0c73cd |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 device_t:dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
allow $1 urandom_device_t:chr_file r_file_perms;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
define(`devices_get_pseudorandom_data_depend',`
|
|
Chris PeBenito |
0c73cd |
type device_t, urandom_device_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
class chr_file r_file_perms;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
bd202f |
# devices_add_entropy(domain)
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
b4cd15 |
define(`devices_add_entropy',`
|
|
Chris PeBenito |
0c73cd |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 device_t:dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
allow $1 random_device_t:chr_file { getattr write ioctl };
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
define(`devices_add_entropy_depend',`
|
|
Chris PeBenito |
0c73cd |
type device_t, random_device_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
class chr_file { getattr write ioctl };
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
bd202f |
# devices_set_pseudorandom_seed(domain)
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
b4cd15 |
define(`devices_set_pseudorandom_seed',`
|
|
Chris PeBenito |
0c73cd |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 device_t:dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
allow $1 urandom_device_t:chr_file { getattr write ioctl };
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
define(`devices_set_pseudorandom_seed_depend',`
|
|
Chris PeBenito |
0c73cd |
type device_t, urandom_device_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
class chr_file { getattr write ioctl };
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
a9a20d |
# devices_use_dev_null(domain)
|
|
Chris PeBenito |
a9a20d |
#
|
|
Chris PeBenito |
a9a20d |
define(`devices_use_dev_null',`
|
|
Chris PeBenito |
0c73cd |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 device_t:dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
allow $1 null_device_t:chr_file rw_file_perms;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
efd8ed |
define(`devices_use_dev_null_depend',`
|
|
Chris PeBenito |
0c73cd |
type device_t, null_device_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class device_t:dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
class chr_file rw_file_perms;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
efd8ed |
# devices_use_dev_zero(domain)
|
|
Chris PeBenito |
a9a20d |
#
|
|
Chris PeBenito |
efd8ed |
define(`devices_use_dev_zero',`
|
|
Chris PeBenito |
0c73cd |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 device_t:dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
allow $1 zero_device_t:chr_file rw_file_perms;
|
|
Chris PeBenito |
a9a20d |
')
|
|
Chris PeBenito |
a9a20d |
|
|
Chris PeBenito |
efd8ed |
define(`devices_use_dev_zero_depend',`
|
|
Chris PeBenito |
0c73cd |
type device_t, zero_device_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class device_t:dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
class chr_file r_file_perms;
|
|
Chris PeBenito |
a9a20d |
')
|
|
Chris PeBenito |
a9a20d |
|
|
Chris PeBenito |
a9a20d |
########################################
|
|
Chris PeBenito |
a9a20d |
#
|
|
Chris PeBenito |
f5c42b |
# devices_legacy_use_dev_zero(domain)
|
|
Chris PeBenito |
f5c42b |
#
|
|
Chris PeBenito |
f5c42b |
define(`devices_legacy_use_dev_zero',`
|
|
Chris PeBenito |
0c73cd |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
devices_use_dev_zero($1)
|
|
Chris PeBenito |
0c73cd |
allow $1 zero_device_t:chr_file execute;
|
|
Chris PeBenito |
f5c42b |
')
|
|
Chris PeBenito |
f5c42b |
|
|
Chris PeBenito |
f5c42b |
define(`devices_legacy_use_dev_zero_depend',`
|
|
Chris PeBenito |
0c73cd |
type zero_device_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class chr_file execute;
|
|
Chris PeBenito |
f5c42b |
')
|
|
Chris PeBenito |
f5c42b |
|
|
Chris PeBenito |
f5c42b |
########################################
|
|
Chris PeBenito |
f5c42b |
#
|
|
Chris PeBenito |
bd202f |
# devices_read_realtime_clock(domain)
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
b4cd15 |
define(`devices_read_realtime_clock',`
|
|
Chris PeBenito |
0c73cd |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 device_t:dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
allow $1 clock_device_t:chr_file r_file_perms;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
define(`devices_read_realtime_clock_depend',`
|
|
Chris PeBenito |
b4cd15 |
type device_t, clock_device_t;
|
|
Chris PeBenito |
4bf4ed |
class dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
class chr_file r_file_perms;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
44a43b |
# devices_write_realtime_clock(domain)
|
|
Chris PeBenito |
44a43b |
#
|
|
Chris PeBenito |
44a43b |
define(`devices_write_realtime_clock',`
|
|
Chris PeBenito |
0c73cd |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 device_t:dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
allow $1 clock_device_t:chr_file { setattr lock write append ioctl };
|
|
Chris PeBenito |
44a43b |
')
|
|
Chris PeBenito |
44a43b |
|
|
Chris PeBenito |
44a43b |
define(`devices_write_realtime_clock_depend',`
|
|
Chris PeBenito |
0c73cd |
type device_t, clock_device_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
class chr_file { setattr lock write append ioctl };
|
|
Chris PeBenito |
44a43b |
')
|
|
Chris PeBenito |
44a43b |
|
|
Chris PeBenito |
44a43b |
########################################
|
|
Chris PeBenito |
44a43b |
#
|
|
Chris PeBenito |
44a43b |
# devices_modify_realtime_clock(domain)
|
|
Chris PeBenito |
44a43b |
#
|
|
Chris PeBenito |
44a43b |
define(`devices_modify_realtime_clock',`
|
|
Chris PeBenito |
0c73cd |
devices_read_realtime_clock($1)
|
|
Chris PeBenito |
0c73cd |
devices_write_realtime_clock($1)
|
|
Chris PeBenito |
44a43b |
')
|
|
Chris PeBenito |
44a43b |
|
|
Chris PeBenito |
44a43b |
########################################
|
|
Chris PeBenito |
44a43b |
#
|
|
Chris PeBenito |
bd202f |
# devices_record_sound_input(domain)
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
b4cd15 |
define(`devices_record_sound_input',`
|
|
Chris PeBenito |
0c73cd |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 device_t:dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
allow $1 sound_device_t:chr_file r_file_perms;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
define(`devices_record_sound_input_depend',`
|
|
Chris PeBenito |
b4cd15 |
type device_t, sound_device_t;
|
|
Chris PeBenito |
4bf4ed |
class dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
class chr_file r_file_perms;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
bd202f |
# devices_play_sound(domain)
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
b4cd15 |
define(`devices_play_sound',`
|
|
Chris PeBenito |
0c73cd |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 device_t:dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
allow $1 sound_device_t:chr_file { getattr write ioctl };
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
define(`devices_play_sound_depend',`
|
|
Chris PeBenito |
0c73cd |
type device_t, sound_device_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
class chr_file { getattr write ioctl };
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
bd202f |
# devices_read_sound_mixer_levels(domain)
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
b4cd15 |
define(`devices_read_sound_mixer_levels',`
|
|
Chris PeBenito |
0c73cd |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 device_t:dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
allow $1 sound_device_t:chr_file { getattr read ioctl };
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
define(`devices_read_sound_mixer_levels_depend',`
|
|
Chris PeBenito |
0c73cd |
type device_t, sound_device_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
class chr_file { getattr read ioctl };
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
bd202f |
# devices_write_sound_mixer_levels(domain)
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
b4cd15 |
define(`devices_write_sound_mixer_levels',`
|
|
Chris PeBenito |
0c73cd |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 device_t:dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
allow $1 sound_device_t:chr_file { getattr write ioctl };
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
define(`devices_write_sound_mixer_levels_depend',`
|
|
Chris PeBenito |
0c73cd |
type device_t, sound_device_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
class chr_file { getattr write ioctl };
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
bd202f |
# devices_direct_agp_access(domain)
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
b4cd15 |
define(`devices_direct_agp_access',`
|
|
Chris PeBenito |
0c73cd |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 device_t:dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
allow $1 agp_device_t:chr_file rw_file_perms;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
define(`devices_direct_agp_access_depend',`
|
|
Chris PeBenito |
0c73cd |
type device_t, agp_device_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
class chr_file rw_file_perms;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
b16c6b |
# devices_get_direct_rendering_interface_attributes(domain)
|
|
Chris PeBenito |
b16c6b |
#
|
|
Chris PeBenito |
b16c6b |
define(`devices_get_direct_rendering_interface_attributes',`
|
|
Chris PeBenito |
0c73cd |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 device_t:dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
allow $1 dri_device_t:chr_file getattr;
|
|
Chris PeBenito |
b16c6b |
')
|
|
Chris PeBenito |
b16c6b |
|
|
Chris PeBenito |
b16c6b |
define(`devices_get_direct_rendering_interface_attributes_depend',`
|
|
Chris PeBenito |
0c73cd |
type device_t, dri_device_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
class chr_file getattr;
|
|
Chris PeBenito |
b16c6b |
')
|
|
Chris PeBenito |
b16c6b |
|
|
Chris PeBenito |
b16c6b |
########################################
|
|
Chris PeBenito |
b16c6b |
#
|
|
Chris PeBenito |
bd202f |
# devices_use_direct_rendering_interface(domain)
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
b4cd15 |
define(`devices_use_direct_rendering_interface',`
|
|
Chris PeBenito |
0c73cd |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 device_t:dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
allow $1 dri_device_t:chr_file rw_file_perms;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
define(`devices_use_direct_rendering_interface_depend',`
|
|
Chris PeBenito |
0c73cd |
type device_t, dri_device_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
class chr_file rw_file_perms;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
b16c6b |
# devices_ignore_use_direct_rendering_interface(domain)
|
|
Chris PeBenito |
b16c6b |
#
|
|
Chris PeBenito |
b16c6b |
define(`devices_ignore_use_direct_rendering_interface',`
|
|
Chris PeBenito |
0c73cd |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
dontaudit $1 dri_device_t:chr_file { getattr read write ioctl };
|
|
Chris PeBenito |
b16c6b |
')
|
|
Chris PeBenito |
b16c6b |
|
|
Chris PeBenito |
b16c6b |
define(`devices_ignore_use_direct_rendering_interface_depend',`
|
|
Chris PeBenito |
0c73cd |
type dri_device_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class chr_file { getattr read write ioctl };
|
|
Chris PeBenito |
b16c6b |
')
|
|
Chris PeBenito |
b16c6b |
|
|
Chris PeBenito |
b16c6b |
########################################
|
|
Chris PeBenito |
b16c6b |
#
|
|
Chris PeBenito |
bd202f |
# devices_read_mtrr(domain)
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
b4cd15 |
define(`devices_read_mtrr',`
|
|
Chris PeBenito |
0c73cd |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 device_t:dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
allow $1 mtrr_device_t:chr_file r_file_perms;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
define(`devices_read_mtrr_depend',`
|
|
Chris PeBenito |
0c73cd |
type device_t, mtrr_device_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
class chr_file r_file_perms;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
bd202f |
# devices_write_mtrr(domain)
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
b4cd15 |
define(`devices_write_mtrr',`
|
|
Chris PeBenito |
0c73cd |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 device_t:dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
allow $1 mtrr_device_t:chr_file { getattr write ioctl };
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
define(`devices_write_mtrr_depend',`
|
|
Chris PeBenito |
0c73cd |
type device_t, mtrr_device_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
class chr_file { getattr write ioctl };
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
bd202f |
# devices_read_framebuffer(domain)
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
b4cd15 |
define(`devices_read_framebuffer',`
|
|
Chris PeBenito |
0c73cd |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 device_t:dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
allow $1 framebuf_device_t:chr_file r_file_perms;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
define(`devices_read_framebuffer_depend',`
|
|
Chris PeBenito |
0c73cd |
type framebuf_device_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
class chr_file r_file_perms;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
bd202f |
# devices_write_framebuffer(domain)
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
b4cd15 |
define(`devices_write_framebuffer',`
|
|
Chris PeBenito |
0c73cd |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 device_t:dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
allow $1 framebuf_device_t:chr_file { getattr write ioctl };
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
define(`devices_write_framebuffer_depend',`
|
|
Chris PeBenito |
0c73cd |
type device_t, framebuf_device_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
class chr_file { getattr write ioctl };
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
d490eb |
# devices_read_lvm_control_channel(domain)
|
|
Chris PeBenito |
d490eb |
#
|
|
Chris PeBenito |
d490eb |
define(`devices_read_lvm_control_channel',`
|
|
Chris PeBenito |
0c73cd |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 device_t:dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
allow $1 lvm_control_t:chr_file r_file_perms;
|
|
Chris PeBenito |
d490eb |
')
|
|
Chris PeBenito |
d490eb |
|
|
Chris PeBenito |
d490eb |
define(`devices_read_lvm_control_channel_depend',`
|
|
Chris PeBenito |
0c73cd |
type device_t, lvm_control_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
class chr_file r_file_perms;
|
|
Chris PeBenito |
d490eb |
')
|
|
Chris PeBenito |
d490eb |
|
|
Chris PeBenito |
d490eb |
########################################
|
|
Chris PeBenito |
d490eb |
#
|
|
Chris PeBenito |
7bba9d |
# devices_use_lvm_control_channel(domain)
|
|
Chris PeBenito |
7bba9d |
#
|
|
Chris PeBenito |
7bba9d |
define(`devices_use_lvm_control_channel',`
|
|
Chris PeBenito |
0c73cd |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 device_t:dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
allow $1 lvm_control_t:chr_file rw_file_perms;
|
|
Chris PeBenito |
7bba9d |
')
|
|
Chris PeBenito |
7bba9d |
|
|
Chris PeBenito |
7bba9d |
define(`devices_use_lvm_control_channel_depend',`
|
|
Chris PeBenito |
0c73cd |
type device_t, lvm_control_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
class chr_file rw_file_perms;
|
|
Chris PeBenito |
7bba9d |
')
|
|
Chris PeBenito |
7bba9d |
|
|
Chris PeBenito |
7bba9d |
########################################
|
|
Chris PeBenito |
7bba9d |
#
|
|
Chris PeBenito |
d490eb |
# devices_remove_lvm_control_channel(domain)
|
|
Chris PeBenito |
d490eb |
#
|
|
Chris PeBenito |
d490eb |
define(`devices_remove_lvm_control_channel',`
|
|
Chris PeBenito |
0c73cd |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 device_t:dir { getattr search read write remove_name };
|
|
Chris PeBenito |
0c73cd |
allow $1 lvm_control_t:chr_file unlink;
|
|
Chris PeBenito |
d490eb |
')
|
|
Chris PeBenito |
d490eb |
|
|
Chris PeBenito |
d490eb |
define(`devices_remove_lvm_control_channel_depend',`
|
|
Chris PeBenito |
0c73cd |
type device_t, lvm_control_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class dir { getattr search read write remove_name };
|
|
Chris PeBenito |
0c73cd |
class chr_file unlink;
|
|
Chris PeBenito |
d490eb |
')
|
|
Chris PeBenito |
d490eb |
|
|
Chris PeBenito |
d490eb |
########################################
|
|
Chris PeBenito |
d490eb |
#
|
|
Chris PeBenito |
bd202f |
# devices_read_misc(domain)
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
b4cd15 |
define(`devices_read_misc',`
|
|
Chris PeBenito |
0c73cd |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 device_t:dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
allow $1 misc_device_t:chr_file r_file_perms;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
define(`devices_read_misc_depend',`
|
|
Chris PeBenito |
0c73cd |
type device_t, misc_device_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
class chr_file r_file_perms;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
bd202f |
# devices_write_misc(domain)
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
b4cd15 |
define(`devices_write_misc',`
|
|
Chris PeBenito |
0c73cd |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 device_t:dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
allow $1 misc_device_t:chr_file { getattr write ioctl };
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
define(`devices_write_misc_depend',`
|
|
Chris PeBenito |
0c73cd |
type device_t, misc_device_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
class chr_file { getattr write ioctl };
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
bd202f |
# devices_get_mouse_input(domain)
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
b4cd15 |
define(`devices_get_mouse_input',`
|
|
Chris PeBenito |
0c73cd |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 device_t:dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
allow $1 mouse_device_t:chr_file r_file_perms;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
define(`devices_get_mouse_input_depend',`
|
|
Chris PeBenito |
0c73cd |
type device_t, mouse_device_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 device_t:dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
class chr_file r_file_perms;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
bd202f |
# devices_get_input_event(domain)
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
b4cd15 |
define(`devices_get_input_event',`
|
|
Chris PeBenito |
0c73cd |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 device_t:dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
allow $1 event_device_t:chr_file r_file_perms;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
define(`devices_get_input_event_depend',`
|
|
Chris PeBenito |
0c73cd |
type device_t, event_device_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
class chr_file r_file_perms;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
bd202f |
# devices_get_cpuid(domain)
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
b4cd15 |
define(`devices_get_cpuid',`
|
|
Chris PeBenito |
0c73cd |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 device_t:dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
allow $1 cpu_device_t:chr_file r_file_perms;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
define(`devices_get_cpuid_depend',`
|
|
Chris PeBenito |
0c73cd |
type device_t, cpu_device_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
class chr_file r_file_perms;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
bd202f |
# devices_load_cpu_microcode(domain)
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
b4cd15 |
define(`devices_load_cpu_microcode',`
|
|
Chris PeBenito |
0c73cd |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 device_t:dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
allow $1 cpu_device_t:chr_file rw_file_perms;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
define(`devices_load_cpu_microcode_depend',`
|
|
Chris PeBenito |
0c73cd |
type device_t, cpu_device_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
class chr_file rw_file_perms;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
bd202f |
# devices_use_scanner(domain)
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
b4cd15 |
define(`devices_use_scanner',`
|
|
Chris PeBenito |
0c73cd |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 device_t:dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
allow $1 scanner_device_t:chr_file rw_file_perms;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
define(`devices_use_scanner_depend',`
|
|
Chris PeBenito |
0c73cd |
type device_t, scanner_device_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
class chr_file rw_file_perms;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
bd202f |
# devices_control_system_powermanagement(domain)
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
b4cd15 |
define(`devices_control_system_powermanagement',`
|
|
Chris PeBenito |
0c73cd |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 device_t:dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
allow $1 power_device_t:chr_file rw_file_perms;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
define(`devices_control_system_powermanagement_depend',`
|
|
Chris PeBenito |
0c73cd |
type device_t, power_device_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
class chr_file rw_file_perms;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
3b857e |
|
|
Chris PeBenito |
3b857e |
## </module>
|