Chris PeBenito 3b857e
## <module name="devices" layer="kernel">
Karl MacMillan 870049
## <summary>
Karl MacMillan 870049
##	Device nodes and interfaces for many basic system devices.
Karl MacMillan 870049
## </summary>
Karl MacMillan f0c985
## <description>
Karl MacMillan f0c985
##	

Karl MacMillan f0c985
##	This module creates the device node concept and provides
Karl MacMillan f0c985
##	the policy for many of the device files. Notable exceptions are
Karl MacMillan f0c985
##	the mass storage and terminal devices that are covered by other
Karl MacMillan f0c985
##	modules.
Karl MacMillan f0c985
##	

Karl MacMillan f0c985
##	

Karl MacMillan f0c985
##	This module creates the concept of a device node. That is a
Karl MacMillan f0c985
##	char or block device file, usually in /dev. All types that
Karl MacMillan f0c985
##	are used to label device nodes should use the dev_node macro.
Karl MacMillan f0c985
##	

Karl MacMillan f0c985
##	

Karl MacMillan f0c985
##	Additionally, this module controls access to three things:
Karl MacMillan f0c985
##		
    Karl MacMillan f0c985
    ##			
  • the device directories containing device nodes
  • Karl MacMillan f0c985
    ##			
  • device nodes as a group
  • Karl MacMillan f0c985
    ##			
  • individual access to specific device nodes covered by
  • Karl MacMillan f0c985
    ##		  	this module.
    Karl MacMillan f0c985
    ##		
    Karl MacMillan f0c985
    ##	

    Karl MacMillan f0c985
    ## </description>
    Karl MacMillan f0c985
    Karl MacMillan f0c985
    ########################################
    Karl MacMillan f0c985
    ## <interface name="dev_node">
    Karl MacMillan 870049
    ##	<summary>
    Karl MacMillan f0c985
    ##		Make the passed in type a type appropriate for
    Karl MacMillan f0c985
    ##		use on device nodes (usually files in /dev).
    Karl MacMillan 870049
    ##	</summary>
    Karl MacMillan f0c985
    ##	<parameter name="object_type">
    Karl MacMillan f0c985
    ##		The object type that will be used on device nodes.
    Karl MacMillan f0c985
    ##	</parameter>
    Karl MacMillan f0c985
    ## </interface>
    Chris PeBenito b4cd15
    #
    Karl MacMillan f0c985
    define(`dev_node',`
    Chris PeBenito fa7bea
    	gen_require(`$0'_depend)
    Chris PeBenito 419699
    Chris PeBenito 419699
    	typeattribute $1 device_node;
    Chris PeBenito 419699
    Chris PeBenito 763c44
    	fs_associate($1)
    Chris PeBenito 419699
    Chris PeBenito 419699
    	optional_policy(`distro_redhat',`
    Chris PeBenito b57dd1
    		fs_associate_tmpfs($1)
    Chris PeBenito 419699
    	')
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Karl MacMillan f0c985
    define(`dev_node_depend',`
    Chris PeBenito 419699
    	attribute device_node;
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Chris PeBenito b4cd15
    ########################################
    Karl MacMillan f0c985
    ## <interface name="dev_relabel_all_dev_nodes">
    Karl MacMillan 870049
    ##	<summary>
    Karl MacMillan f0c985
    ##		Allow full relabeling (to and from) of all device nodes.
    Karl MacMillan 870049
    ##	</summary>
    Karl MacMillan f0c985
    ##	<parameter name="domain">
    Karl MacMillan f0c985
    ##		Domain allowed to relabel.
    Karl MacMillan f0c985
    ##	</parameter>
    Karl MacMillan f0c985
    ## </interface>
    Chris PeBenito b4cd15
    #
    Karl MacMillan f0c985
    define(`dev_relabel_all_dev_nodes',`
    Chris PeBenito fa7bea
    	gen_require(`$0'_depend)
    Chris PeBenito 419699
    Chris PeBenito 419699
    	allow $1 device_node:dir { getattr relabelfrom };
    Chris PeBenito 419699
    	allow $1 device_node:file { getattr relabelfrom };
    Chris PeBenito 419699
    	allow $1 device_node:lnk_file { getattr relabelfrom };
    Chris PeBenito 419699
    	allow $1 device_node:fifo_file { getattr relabelfrom };
    Chris PeBenito 419699
    	allow $1 device_node:sock_file { getattr relabelfrom };
    Chris PeBenito 419699
    	allow $1 { device_t device_node }:blk_file { getattr relabelfrom relabelto };
    Chris PeBenito 419699
    	allow $1 { device_t device_node }:chr_file { getattr relabelfrom relabelto };
    Chris PeBenito ee5772
    ')
    Chris PeBenito ee5772
    Karl MacMillan f0c985
    define(`dev_relabel_all_dev_nodes_depend',`
    Chris PeBenito 419699
    	attribute device_node;
    Chris PeBenito 419699
    Chris PeBenito 419699
    	type device_t;
    Chris PeBenito 419699
    Chris PeBenito 419699
    	class dir { getattr relabelfrom };
    Chris PeBenito 419699
    	class file { getattr relabelfrom };
    Chris PeBenito 419699
    	class lnk_file { getattr relabelfrom };
    Chris PeBenito 419699
    	class fifo_file { getattr relabelfrom };
    Chris PeBenito 419699
    	class sock_file { getattr relabelfrom };
    Chris PeBenito 419699
    	class blk_file { getattr relabelfrom relabelto };
    Chris PeBenito 419699
    	class chr_file { getattr relabelfrom relabelto };
    Chris PeBenito ee5772
    ')
    Chris PeBenito ee5772
    Chris PeBenito ee5772
    ########################################
    Karl MacMillan f0c985
    ## <interface name="dev_list_all_dev_nodes">
    Karl MacMillan 870049
    ##	<summary>
    Karl MacMillan f0c985
    ##		List all of the device nodes in a device directory.
    Karl MacMillan 870049
    ##	</summary>
    Karl MacMillan f0c985
    ##	<parameter name="domain">
    Karl MacMillan f0c985
    ##		Domain allowed to list device nodes.
    Karl MacMillan f0c985
    ##	</parameter>
    Karl MacMillan f0c985
    ## </interface>
    Chris PeBenito ee5772
    #
    Karl MacMillan f0c985
    define(`dev_list_all_dev_nodes',`
    Chris PeBenito fa7bea
    	gen_require(`$0'_depend)
    Chris PeBenito 419699
    Chris PeBenito 419699
    	allow $1 device_t:dir r_dir_perms;
    Karl MacMillan f0c985
    	allow $1 device_t:lnk_file { getattr read };
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Karl MacMillan f0c985
    define(`dev_list_all_dev_nodes_depend',`
    Chris PeBenito 419699
    	type device_t;
    Chris PeBenito 419699
    Chris PeBenito 419699
    	class dir r_dir_perms;
    Karl MacMillan f0c985
    	class lnk_file { getattr read };
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Chris PeBenito b4cd15
    ########################################
    Karl MacMillan f0c985
    ## <interface name="dev_dontaudit_list_all_dev_nodes">
    Karl MacMillan 870049
    ##	<summary>
    Karl MacMillan f0c985
    ##		Dontaudit attempts to list all device nodes.
    Karl MacMillan 870049
    ##	</summary>
    Karl MacMillan f0c985
    ##	<parameter name="domain">
    Karl MacMillan f0c985
    ##		Domain to dontaudit listing of device nodes.
    Karl MacMillan f0c985
    ##	</parameter>
    Karl MacMillan f0c985
    ## </interface>
    Chris PeBenito b4cd15
    #
    Karl MacMillan f0c985
    define(`dev_dontaudit_list_all_dev_nodes',`
    Chris PeBenito fa7bea
    	gen_require(`$0'_depend)
    Chris PeBenito 419699
    Chris PeBenito 419699
    	dontaudit $1 device_t:dir r_dir_perms;
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Karl MacMillan f0c985
    define(`dev_dontaudit_list_all_dev_nodes_depend',`
    Chris PeBenito 419699
    	type device_t;
    Chris PeBenito 419699
    Chris PeBenito 419699
    	class dir r_dir_perms;
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Chris PeBenito c3dff2
    ########################################
    Karl MacMillan f0c985
    ## <interface name="dev_create_dir">
    Karl MacMillan 870049
    ##	<summary>
    Karl MacMillan f0c985
    ##		Create a directory in the device directory.
    Karl MacMillan 870049
    ##	</summary>
    Karl MacMillan f0c985
    ##	<parameter name="domain">
    Karl MacMillan f0c985
    ##		Domain allowed to create the directory.
    Karl MacMillan f0c985
    ##	</parameter>
    Karl MacMillan f0c985
    ## </interface>
    Chris PeBenito c3dff2
    #
    Karl MacMillan f0c985
    define(`dev_create_dir',`
    Chris PeBenito fa7bea
    	gen_require(`$0'_depend)
    Chris PeBenito 419699
    Chris PeBenito 419699
    	allow $1 device_t:dir { ra_dir_perms create };
    Chris PeBenito 129318
    ')
    Chris PeBenito 129318
    Karl MacMillan f0c985
    define(`dev_create_dir_depend',`
    Chris PeBenito 419699
    	type device_t;
    Chris PeBenito 419699
    Chris PeBenito 419699
    	class dir { ra_dir_perms create };
    Chris PeBenito 129318
    ')
    Chris PeBenito 129318
    Chris PeBenito 129318
    ########################################
    Chris PeBenito c9428d
    ## <interface name="dev_relabel_dev_dirs">
    Karl MacMillan 870049
    ##	<summary>
    Chris PeBenito c9428d
    ##		Allow full relabeling (to and from) of directories in /dev.
    Karl MacMillan 870049
    ##	</summary>
    Chris PeBenito c9428d
    ##	<parameter name="domain">
    Chris PeBenito c9428d
    ##		Domain allowed to relabel.
    Chris PeBenito c9428d
    ##	</parameter>
    Chris PeBenito c9428d
    ## </interface>
    Chris PeBenito c9428d
    #
    Chris PeBenito c9428d
    define(`dev_relabel_dev_dirs',`
    Chris PeBenito fa7bea
    	gen_require(`$0'_depend)
    Chris PeBenito c9428d
    Chris PeBenito c9428d
    	allow $1 device_t:dir { r_dir_perms relabelfrom relabelto };
    Chris PeBenito c9428d
    ')
    Chris PeBenito c9428d
    Chris PeBenito c9428d
    define(`dev_relabel_dev_dirs_depend',`
    Chris PeBenito c9428d
    	type device_t;
    Chris PeBenito c9428d
    Chris PeBenito c9428d
    	class dir { r_dir_perms relabelfrom relabelto };
    Chris PeBenito c9428d
    ')
    Chris PeBenito c9428d
    Chris PeBenito c9428d
    ########################################
    Karl MacMillan f0c985
    ## <interface name="dev_dontaudit_getattr_generic_pipe">
    Karl MacMillan 870049
    ##	<summary>
    Karl MacMillan f0c985
    ##		Dontaudit getattr on generic pipes.
    Karl MacMillan 870049
    ##	</summary>
    Karl MacMillan f0c985
    ##	<parameter name="domain">
    Karl MacMillan f0c985
    ##		Domain to dontaudit.
    Karl MacMillan f0c985
    ##	</parameter>
    Karl MacMillan f0c985
    ## </interface>
    Chris PeBenito 129318
    #
    Karl MacMillan f0c985
    define(`dev_dontaudit_getattr_generic_pipe',`
    Chris PeBenito fa7bea
    	gen_require(`$0'_depend)
    Chris PeBenito 419699
    Chris PeBenito 419699
    	dontaudit $1 device_t:fifo_file getattr;
    Chris PeBenito f5c42b
    ')
    Chris PeBenito f5c42b
    Karl MacMillan f0c985
    define(`dev_dontaudit_getattr_generic_pipe_depend',`
    Chris PeBenito 419699
    	type device_t;
    Chris PeBenito 419699
    Chris PeBenito 419699
    	class fifo_file getattr;
    Chris PeBenito f5c42b
    ')
    Chris PeBenito f5c42b
    Chris PeBenito f5c42b
    ########################################
    Karl MacMillan f0c985
    ## <interface name="dev_getattr_generic_blk_file">
    Karl MacMillan 870049
    ##	<summary>
    Karl MacMillan f0c985
    ##		Allow getattr on generic block devices.
    Karl MacMillan 870049
    ##	</summary>
    Karl MacMillan f0c985
    ##	<parameter name="domain">
    Karl MacMillan f0c985
    ##		Domain allowed access.
    Karl MacMillan f0c985
    ##	</parameter>
    Karl MacMillan f0c985
    ## </interface>
    Chris PeBenito f5c42b
    #
    Karl MacMillan f0c985
    define(`dev_getattr_generic_blk_file',`
    Chris PeBenito fa7bea
    	gen_require(`$0'_depend)
    Chris PeBenito 419699
    Chris PeBenito 419699
    	allow $1 device_t:dir r_dir_perms;
    Chris PeBenito 419699
    	allow $1 device_t:blk_file getattr;
    Chris PeBenito c3dff2
    ')
    Chris PeBenito c3dff2
    Karl MacMillan f0c985
    define(`ddev_getattr_generic_blk_file_depend',`
    Chris PeBenito 419699
    	type device_t;
    Chris PeBenito 419699
    Chris PeBenito 419699
    	class dir r_dir_perms;
    Chris PeBenito 419699
    	class blk_file getattr;
    Chris PeBenito c3dff2
    ')
    Chris PeBenito 7bba9d
    Chris PeBenito 7bba9d
    ########################################
    Karl MacMillan f0c985
    ## <interface name="dev_dontaudit_getattr_generic_blk_file">
    Karl MacMillan 870049
    ##	<summary>
    Karl MacMillan f0c985
    ##		Dontaudit getattr on generic block devices.
    Karl MacMillan 870049
    ##	</summary>
    Karl MacMillan f0c985
    ##	<parameter name="domain">
    Karl MacMillan f0c985
    ##		Domain to dontaudit access.
    Karl MacMillan f0c985
    ##	</parameter>
    Karl MacMillan f0c985
    ## </interface>
    Chris PeBenito 7bba9d
    #
    Chris PeBenito c9428d
    define(`dev_dontaudit_getattr_generic_blk_file',`
    Chris PeBenito fa7bea
    	gen_require(`$0'_depend)
    Chris PeBenito 419699
    Chris PeBenito 419699
    	dontaudit $1 device_t:blk_file getattr;
    Chris PeBenito 7bba9d
    ')
    Chris PeBenito 7bba9d
    Chris PeBenito c9428d
    define(`dev_dontaudit_getattr_generic_blk_file_depend',`
    Chris PeBenito 419699
    	type device_t;
    Chris PeBenito 419699
    Chris PeBenito 419699
    	class blk_file getattr;
    Chris PeBenito 7bba9d
    ')
    Chris PeBenito 7bba9d
    Chris PeBenito 7bba9d
    ########################################
    Karl MacMillan f0c985
    ## <interface name="dev_manage_generic_blk_file">
    Karl MacMillan 870049
    ##	<summary>
    Karl MacMillan f0c985
    ##		Allow read, write, create, and delete for generic
    Karl MacMillan f0c985
    ##		block files.
    Karl MacMillan 870049
    ##	</summary>
    Karl MacMillan f0c985
    ##	<parameter name="domain">
    Karl MacMillan f0c985
    ##		Domain allowed access.
    Karl MacMillan f0c985
    ##	</parameter>
    Karl MacMillan f0c985
    ## </interface>
    Chris PeBenito 7bba9d
    #
    Karl MacMillan f0c985
    define(`dev_manage_generic_blk_file',`
    Chris PeBenito fa7bea
    	gen_require(`$0'_depend)
    Chris PeBenito 419699
    Chris PeBenito 419699
    	allow $1 device_t:dir rw_dir_perms;
    Chris PeBenito 419699
    	allow $1 device_t:blk_file create_file_perms;
    Chris PeBenito d115b2
    ')
    Chris PeBenito d115b2
    Karl MacMillan f0c985
    define(`dev_manage_generic_blk_file_depend',`
    Chris PeBenito 419699
    	type device_t;
    Chris PeBenito 419699
    Chris PeBenito 419699
    	class blk_file create_file_perms;
    Chris PeBenito d115b2
    ')
    Chris PeBenito d115b2
    Chris PeBenito d115b2
    ########################################
    Karl MacMillan f0c985
    ## <interface name="dev_create_generic_chr_file">
    Karl MacMillan 870049
    ##	<summary>
    Karl MacMillan f0c985
    ##		Allow read, write, and create for generic character device files.
    Karl MacMillan 870049
    ##	</summary>
    Karl MacMillan f0c985
    ##	<parameter name="domain">
    Karl MacMillan f0c985
    ##		Domain allowed access.
    Karl MacMillan f0c985
    ##	</parameter>
    Karl MacMillan f0c985
    ## </interface>
    Chris PeBenito d115b2
    #
    Karl MacMillan f0c985
    define(`dev_create_generic_chr_file',`
    Chris PeBenito fa7bea
    	gen_require(`$0'_depend)
    Chris PeBenito 419699
    Chris PeBenito c9428d
    	allow $1 device_t:dir ra_dir_perms;
    Chris PeBenito 419699
    	allow $1 device_t:chr_file create;
    Chris PeBenito 419699
    Chris PeBenito 419699
    	allow $1 self:capability mknod;
    Chris PeBenito f5c42b
    ')
    Chris PeBenito f5c42b
    Karl MacMillan f0c985
    define(`dev_create_generic_chr_file_depend',`
    Chris PeBenito 419699
    	type device_t;
    Chris PeBenito 419699
    Chris PeBenito c9428d
    	class dir ra_dir_perms;
    Chris PeBenito 419699
    	class chr_file create;
    Chris PeBenito 419699
    	class capability mknod;
    Chris PeBenito f5c42b
    ')
    Chris PeBenito f5c42b
    Chris PeBenito f5c42b
    ########################################
    Karl MacMillan f0c985
    ## <interface name="dev_getattr_generic_chr_file">
    Karl MacMillan 870049
    ##	<summary>
    Karl MacMillan f0c985
    ##		Allow getattr for generic character device files.
    Karl MacMillan 870049
    ##	</summary>
    Karl MacMillan f0c985
    ##	<parameter name="domain">
    Karl MacMillan f0c985
    ##		Domain allowed access.
    Karl MacMillan f0c985
    ##	</parameter>
    Karl MacMillan f0c985
    ## </interface>
    Chris PeBenito f5c42b
    #
    Karl MacMillan f0c985
    define(`dev_getattr_generic_chr_file',`
    Chris PeBenito fa7bea
    	gen_require(`$0'_depend)
    Chris PeBenito 419699
    Chris PeBenito 419699
    	allow $1 device_t:dir r_dir_perms;
    Chris PeBenito 419699
    	allow $1 device_t:chr_file getattr;
    Chris PeBenito c3dff2
    ')
    Chris PeBenito c3dff2
    Karl MacMillan f0c985
    define(`dev_getattr_generic_chr_file_depend',`
    Chris PeBenito 419699
    	type device_t;
    Chris PeBenito 419699
    Chris PeBenito 419699
    	class dir r_dir_perms;
    Chris PeBenito 419699
    	class chr_file getattr;
    Chris PeBenito c3dff2
    ')
    Chris PeBenito c3dff2
    Chris PeBenito c3dff2
    ########################################
    Karl MacMillan f0c985
    ## <interface name="dev_dontaudit_getattr_generic_chr_file">
    Karl MacMillan 870049
    ##	<summary>
    Karl MacMillan f0c985
    ##		Dontaudit getattr for generic character device files.
    Karl MacMillan 870049
    ##	</summary>
    Karl MacMillan f0c985
    ##	<parameter name="domain">
    Karl MacMillan f0c985
    ##		Domain to dontaudit access.
    Karl MacMillan f0c985
    ##	</parameter>
    Karl MacMillan f0c985
    ## </interface>
    Chris PeBenito c3dff2
    #
    Karl MacMillan f0c985
    define(`dev_dontaudit_getattr_generic_chr_file',`
    Chris PeBenito fa7bea
    	gen_require(`$0'_depend)
    Chris PeBenito 419699
    Chris PeBenito 419699
    	dontaudit $1 device_t:chr_file getattr;
    Chris PeBenito 7bba9d
    ')
    Chris PeBenito 7bba9d
    Chris PeBenito c9428d
    define(`dev_dontaudit_getattr_generic_chr_file_depend',`
    Chris PeBenito 419699
    	type device_t;
    Chris PeBenito 419699
    Chris PeBenito 419699
    	class chr_file getattr;
    Chris PeBenito 7bba9d
    ')
    Chris PeBenito 7bba9d
    Chris PeBenito 7bba9d
    ########################################
    Karl MacMillan f0c985
    ## <interface name="dev_del_generic_symlinks">
    Karl MacMillan 870049
    ##	<summary>
    Karl MacMillan f0c985
    ##		Delete symbolic links in device directories.
    Karl MacMillan 870049
    ##	</summary>
    Chris PeBenito dc771f
    ##	<parameter name="domain">
    Karl MacMillan f0c985
    ##		Domain allowed access.
    Chris PeBenito dc771f
    ##	</parameter>
    Chris PeBenito dc771f
    ## </interface>
    Chris PeBenito dc771f
    #
    Karl MacMillan f0c985
    define(`dev_del_generic_symlinks',`
    Chris PeBenito fa7bea
    	gen_require(`$0'_depend)
    Chris PeBenito 419699
    Karl MacMillan f0c985
    	allow $1 device_t:dir { getattr read write remove_name };
    Chris PeBenito 419699
    	allow $1 device_t:lnk_file unlink;
    Chris PeBenito dc771f
    ')
    Chris PeBenito dc771f
    Karl MacMillan f0c985
    define(`dev_del_generic_symlinks_depend',`
    Chris PeBenito 419699
    	attribute device_node, memory_raw_read, memory_raw_write;
    Chris PeBenito 419699
    Chris PeBenito 419699
    	type device_t;
    Chris PeBenito 419699
    Karl MacMillan f0c985
    	class dir { getattr read write remove_name };
    Chris PeBenito 419699
    	class lnk_file unlink;
    Chris PeBenito dc771f
    ')
    Chris PeBenito dc771f
    Chris PeBenito dc771f
    ########################################
    Karl MacMillan f0c985
    ## <interface name="dev_manage_generic_symlinks">
    Karl MacMillan 870049
    ##	<summary>
    Karl MacMillan f0c985
    ##		Create, delete, read, and write symbolic links in device directories.
    Karl MacMillan 870049
    ##	</summary>
    Karl MacMillan f0c985
    ##	<parameter name="domain">
    Karl MacMillan f0c985
    ##		Domain allowed access.
    Karl MacMillan f0c985
    ##	</parameter>
    Karl MacMillan f0c985
    ## </interface>
    Chris PeBenito 7bba9d
    #
    Karl MacMillan f0c985
    define(`dev_manage_generic_symlinks',`
    Chris PeBenito fa7bea
    	gen_require(`$0'_depend)
    Chris PeBenito 419699
    Karl MacMillan f0c985
    	allow $1 device_t:dir { create read getattr lock setattr ioctl link unlink rename search add_name remove_name reparent write rmdir relabelfrom relabelto };
    Karl MacMillan f0c985
    	allow $1 device_t:lnk_file { create read getattr setattr link unlink rename };
    Chris PeBenito 7bba9d
    ')
    Chris PeBenito 7bba9d
    Karl MacMillan f0c985
    define(`dev_manage_generic_symlinks_depend',`
    Chris PeBenito 419699
    	type device_t;
    Chris PeBenito 419699
    Karl MacMillan f0c985
    	class dir { create read getattr lock setattr ioctl link unlink rename search add_name remove_name reparent write rmdir relabelfrom relabelto };
    Karl MacMillan f0c985
    	class lnk_file { create read getattr setattr link unlink rename };
    Chris PeBenito 7bba9d
    ')
    Chris PeBenito 7bba9d
    Chris PeBenito b4cd15
    ########################################
    Chris PeBenito c9428d
    ## <interface name="dev_manage_dev_nodes">
    Karl MacMillan 870049
    ##	<summary>
    Karl MacMillan f0c985
    ##		Create, delete, read, and write device nodes in device directories.
    Karl MacMillan 870049
    ##	</summary>
    Karl MacMillan f0c985
    ##	<parameter name="domain">
    Karl MacMillan f0c985
    ##		Domain allowed access.
    Karl MacMillan f0c985
    ##	</parameter>
    Karl MacMillan f0c985
    ## </interface>
    Chris PeBenito b4cd15
    #
    Chris PeBenito c9428d
    define(`dev_manage_dev_nodes',`
    Chris PeBenito fa7bea
    	gen_require(`$0'_depend)
    Chris PeBenito 0c73cd
    Karl MacMillan f0c985
    	allow $1 device_t:dir { create read getattr lock setattr ioctl link unlink rename search add_name remove_name reparent write rmdir relabelfrom relabelto };
    Karl MacMillan f0c985
    	allow $1 device_t:sock_file { create ioctl read getattr lock write setattr append link unlink rename };
    Karl MacMillan f0c985
    	allow $1 device_t:lnk_file { create read getattr setattr link unlink rename };
    Karl MacMillan f0c985
    	allow $1 device_t:{ chr_file blk_file } { create ioctl read getattr lock write setattr append link unlink rename relabelfrom relabelto };
    Karl MacMillan f0c985
    	allow $1 device_node:{ chr_file blk_file } { create ioctl read getattr lock write setattr append link unlink rename relabelfrom relabelto };
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	# these next rules are to satisfy assertions broken by the above lines.
    Chris PeBenito 0c73cd
    	# the permissions hopefully can be cut back a lot
    Chris PeBenito 0c73cd
    	storage_raw_read_fixed_disk($1)
    Chris PeBenito 0c73cd
    	storage_raw_write_fixed_disk($1)
    Chris PeBenito 0c73cd
    	storage_read_scsi_generic($1)
    Chris PeBenito 0c73cd
    	storage_write_scsi_generic($1)
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	typeattribute $1 memory_raw_read;
    Chris PeBenito 0c73cd
    	typeattribute $1 memory_raw_write;
    Chris PeBenito 07d6e3
    ')
    Chris PeBenito 07d6e3
    Chris PeBenito c9428d
    define(`dev_manage_dev_nodes_depend',`
    Chris PeBenito 0c73cd
    	attribute device_node, memory_raw_read, memory_raw_write;
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	type device_t;
    Chris PeBenito 0c73cd
    Karl MacMillan f0c985
    	class dir { create read getattr lock setattr ioctl link unlink rename search add_name remove_name reparent write rmdir relabelfrom relabelto };
    Karl MacMillan f0c985
    	class sock_file { create ioctl read getattr lock write setattr append link unlink rename };
    Karl MacMillan f0c985
    	class lnk_file { create read getattr setattr link unlink rename };
    Karl MacMillan f0c985
    	class chr_file { create ioctl read getattr lock write setattr append link unlink rename relabelfrom relabelto };
    Karl MacMillan f0c985
    	class blk_file { create ioctl read getattr lock write setattr append link unlink rename relabelfrom relabelto };
    Chris PeBenito 07d6e3
    ')
    Chris PeBenito 07d6e3
    Chris PeBenito 07d6e3
    ########################################
    Karl MacMillan f0c985
    ## <interface name="dev_dontaudit_rw_generic_dev_nodes">
    Karl MacMillan 870049
    ##	<summary>
    Karl MacMillan f0c985
    ##		Dontaudit getattr for generic device files.
    Karl MacMillan 870049
    ##	</summary>
    Karl MacMillan f0c985
    ##	<parameter name="domain">
    Karl MacMillan f0c985
    ##		Domain to dontaudit access.
    Karl MacMillan f0c985
    ##	</parameter>
    Karl MacMillan f0c985
    ## </interface>
    Chris PeBenito 07d6e3
    #
    Karl MacMillan f0c985
    define(`dev_dontaudit_rw_generic_dev_nodes',`
    Chris PeBenito fa7bea
    	gen_require(`$0'_depend)
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	dontaudit $1 device_t:{ chr_file blk_file } { getattr read write ioctl };
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Karl MacMillan f0c985
    define(`dev_dontaudit_rw_generic_dev_nodes_depend',`
    Chris PeBenito 0c73cd
    	type device_t;
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	class chr_file { getattr read write ioctl };
    Chris PeBenito 0c73cd
    	class blk_file { getattr read write ioctl };
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Chris PeBenito b4cd15
    ########################################
    Karl MacMillan f0c985
    ## <interface name="dev_manage_generic_blk_file">
    Karl MacMillan 870049
    ##	<summary>
    Karl MacMillan f0c985
    ##		Create, delete, read, and write block device files.
    Karl MacMillan 870049
    ##	</summary>
    Karl MacMillan f0c985
    ##	<parameter name="domain">
    Karl MacMillan f0c985
    ##		Domain allowed access.
    Karl MacMillan f0c985
    ##	</parameter>
    Karl MacMillan f0c985
    ## </interface>
    Chris PeBenito b4cd15
    #
    Karl MacMillan f0c985
    define(`dev_manage_generic_blk_file',`
    Chris PeBenito fa7bea
    	gen_require(`$0'_depend)
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	allow $1 device_t:dir rw_dir_perms;
    Chris PeBenito 0c73cd
    	allow $1 device_t:blk_file create_file_perms;
    Chris PeBenito 32e53a
    ')
    Chris PeBenito 32e53a
    Karl MacMillan f0c985
    define(`dev_manage_generic_blk_file_depend',`
    Chris PeBenito 0c73cd
    	type device_t;
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	class dir rw_dir_perms;
    Chris PeBenito 0c73cd
    	class blk_file create_file_perms;
    Chris PeBenito 32e53a
    ')
    Chris PeBenito 32e53a
    Chris PeBenito 32e53a
    ########################################
    Karl MacMillan f0c985
    ## <interface name="dev_manage_generic_chr_file">
    Karl MacMillan 870049
    ##	<summary>
    Karl MacMillan f0c985
    ##		Create, delete, read, and write character device files.
    Karl MacMillan 870049
    ##	</summary>
    Karl MacMillan f0c985
    ##	<parameter name="domain">
    Karl MacMillan f0c985
    ##		Domain allowed access.
    Karl MacMillan f0c985
    ##	</parameter>
    Karl MacMillan f0c985
    ## </interface>
    Chris PeBenito 32e53a
    #
    Karl MacMillan f0c985
    define(`dev_manage_generic_chr_file',`
    Chris PeBenito fa7bea
    	gen_require(`$0'_depend)
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	allow $1 device_t:dir rw_dir_perms;
    Chris PeBenito 0c73cd
    	allow $1 device_t:chr_file create_file_perms;
    Chris PeBenito 32e53a
    ')
    Chris PeBenito 32e53a
    Karl MacMillan f0c985
    define(`dev_manage_generic_chr_file_depend',`
    Chris PeBenito 0c73cd
    	type device_t;
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	class dir rw_dir_perms;
    Chris PeBenito 0c73cd
    	class chr_file create_file_perms;
    Chris PeBenito 32e53a
    ')
    Chris PeBenito 32e53a
    Chris PeBenito 32e53a
    ########################################
    Karl MacMillan f0c985
    ## <interface name="dev_create_dev_node">
    Karl MacMillan 870049
    ##	<summary>
    Karl MacMillan f0c985
    ##		Create, read, and write device nodes. The node
    Karl MacMillan f0c985
    ##		will be transitioned to the type provided.
    Karl MacMillan 870049
    ##	</summary>
    Karl MacMillan f0c985
    ##	<parameter name="domain">
    Karl MacMillan f0c985
    ##		Domain allowed access.
    Karl MacMillan f0c985
    ##	</parameter>
    Karl MacMillan f0c985
    ##	<parameter name="file">
    Karl MacMillan f0c985
    ##		Type to which the created node will be transitioned.
    Karl MacMillan f0c985
    ##	</parameter>
    Karl MacMillan f0c985
    ##	<parameter name="objectclass(es)">
    Karl MacMillan f0c985
    ##		Object class(es) (single or set including {}) for which this
    Karl MacMillan f0c985
    ##		the transition will occur.
    Karl MacMillan f0c985
    ##	</parameter>
    Karl MacMillan f0c985
    ## </interface>
    Chris PeBenito 32e53a
    #
    Karl MacMillan f0c985
    define(`dev_create_dev_node',`
    Chris PeBenito fa7bea
    	gen_require(`$0'_depend)
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	allow $1 device_t:dir rw_dir_perms;
    Chris PeBenito 0c73cd
    	type_transition $1 device_t:$3 $2;
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	optional_policy(`distro_redhat',`
    Chris PeBenito b57dd1
    		fs_associate_tmpfs($2)
    Chris PeBenito 0c73cd
    	')
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Karl MacMillan f0c985
    define(`dev_create_dev_node_depend',`
    Chris PeBenito 0c73cd
    	type device_t;
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	class dir rw_dir_perms;
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Chris PeBenito b4cd15
    ########################################
    Karl MacMillan f0c985
    ## <interface name="dev_getattr_all_blk_files">
    Karl MacMillan 870049
    ##	<summary>
    Karl MacMillan f0c985
    ##		Getattr on all block file device nodes.
    Karl MacMillan 870049
    ##	</summary>
    Karl MacMillan f0c985
    ##	<parameter name="domain">
    Karl MacMillan f0c985
    ##		Domain allowed access.
    Karl MacMillan f0c985
    ##	</parameter>
    Karl MacMillan f0c985
    ## </interface>
    Chris PeBenito b4cd15
    #
    Karl MacMillan f0c985
    define(`dev_getattr_all_blk_files',`
    Chris PeBenito fa7bea
    	gen_require(`$0'_depend)
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	allow $1 device_t:dir r_dir_perms;
    Chris PeBenito 0c73cd
    	allow $1 device_node:blk_file getattr;
    Chris PeBenito 8a0da1
    ')
    Chris PeBenito 8a0da1
    Karl MacMillan f0c985
    define(`dev_getattr_all_blk_files_depend',`
    Chris PeBenito 0c73cd
    	attribute device_node;
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	class blk_file getattr;
    Chris PeBenito 0c73cd
    	class dir r_dir_perms;
    Chris PeBenito 7bba9d
    ')
    Chris PeBenito 7bba9d
    Chris PeBenito 7bba9d
    ########################################
    Karl MacMillan f0c985
    ## <interface name="dev_dontaudit_getattr_all_blk_files">
    Karl MacMillan 870049
    ##	<summary>
    Karl MacMillan f0c985
    ##		Dontaudit getattr on all block file device nodes.
    Karl MacMillan 870049
    ##	</summary>
    Karl MacMillan f0c985
    ##	<parameter name="domain">
    Karl MacMillan f0c985
    ##		Domain to dontaudit access.
    Karl MacMillan f0c985
    ##	</parameter>
    Karl MacMillan f0c985
    ## </interface>
    Chris PeBenito 7bba9d
    #
    Karl MacMillan f0c985
    define(`dev_dontaudit_getattr_all_blk_files',`
    Chris PeBenito fa7bea
    	gen_require(`$0'_depend)
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	allow $1 device_node:blk_file getattr;
    Chris PeBenito 7bba9d
    ')
    Chris PeBenito 7bba9d
    Karl MacMillan f0c985
    define(`dev_dontaudit_getattr_all_blk_files_depend',`
    Chris PeBenito 0c73cd
    	attribute device_node;
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	class blk_file getattr;
    Chris PeBenito 8a0da1
    ')
    Chris PeBenito 8a0da1
    Chris PeBenito 8a0da1
    ########################################
    Karl MacMillan f0c985
    ## <interface name="dev_getattr_all_chr_files">
    Karl MacMillan 870049
    ##	<summary>
    Karl MacMillan f0c985
    ##		Getattr on all character file device nodes.
    Karl MacMillan 870049
    ##	</summary>
    Karl MacMillan f0c985
    ##	<parameter name="domain">
    Karl MacMillan f0c985
    ##		Domain allowed access.
    Karl MacMillan f0c985
    ##	</parameter>
    Karl MacMillan f0c985
    ## </interface>
    Chris PeBenito 8a0da1
    #
    Karl MacMillan f0c985
    define(`dev_getattr_all_chr_files',`
    Chris PeBenito fa7bea
    	gen_require(`$0'_depend)
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	allow $1 device_t:dir r_dir_perms;
    Chris PeBenito 0c73cd
    	allow $1 device_node:chr_file getattr;
    Chris PeBenito 8a0da1
    ')
    Chris PeBenito 8a0da1
    Karl MacMillan f0c985
    define(`dev_getattr_all_chr_files_depend',`
    Chris PeBenito 0c73cd
    	attribute device_node;
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	class chr_file getattr;
    Chris PeBenito 0c73cd
    	class dir r_dir_perms;
    Chris PeBenito 7bba9d
    ')
    Chris PeBenito 7bba9d
    Chris PeBenito 7bba9d
    ########################################
    Karl MacMillan f0c985
    ## <interface name="dev_dontaudit_getattr_all_chr_files">
    Karl MacMillan 870049
    ##	<summary>
    Karl MacMillan f0c985
    ##		Dontaudit getattr on all character file device nodes.
    Karl MacMillan 870049
    ##	</summary>
    Karl MacMillan f0c985
    ##	<parameter name="domain">
    Karl MacMillan f0c985
    ##		Domain to dontaudit access.
    Karl MacMillan f0c985
    ##	</parameter>
    Karl MacMillan f0c985
    ## </interface>
    Chris PeBenito 7bba9d
    #
    Karl MacMillan f0c985
    define(`dev_dontaudit_getattr_all_chr_files',`
    Chris PeBenito fa7bea
    	gen_require(`$0'_depend)
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	dontaudit $1 device_node:chr_file getattr;
    Chris PeBenito 7bba9d
    ')
    Chris PeBenito 7bba9d
    Karl MacMillan f0c985
    define(`dev_dontaudit_getattr_all_chr_files_depend',`
    Chris PeBenito 0c73cd
    	attribute device_node;
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	class chr_file getattr;
    Chris PeBenito 8a0da1
    ')
    Chris PeBenito 8a0da1
    Chris PeBenito 8a0da1
    ########################################
    Karl MacMillan f0c985
    ## <interface name="dev_setattr_all_blk_files">
    Karl MacMillan 870049
    ##	<summary>
    Karl MacMillan f0c985
    ##		Setattr on all block file device nodes.
    Karl MacMillan 870049
    ##	</summary>
    Karl MacMillan f0c985
    ##	<parameter name="domain">
    Karl MacMillan f0c985
    ##		Domain allowed access.
    Karl MacMillan f0c985
    ##	</parameter>
    Karl MacMillan f0c985
    ## </interface>
    Chris PeBenito 8a0da1
    #
    Karl MacMillan f0c985
    define(`dev_setattr_all_blk_files',`
    Chris PeBenito fa7bea
    	gen_require(`$0'_depend)
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	allow $1 device_t:dir r_dir_perms;
    Chris PeBenito 0c73cd
    	allow $1 device_node:blk_file setattr;
    Chris PeBenito 8a0da1
    ')
    Chris PeBenito 8a0da1
    Karl MacMillan f0c985
    define(`dev_setattr_all_blk_files_depend',`
    Chris PeBenito 0c73cd
    	attribute device_node;
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	class dir r_dir_perms;
    Chris PeBenito 0c73cd
    	class blk_file setattr;
    Chris PeBenito 8a0da1
    ')
    Chris PeBenito 8a0da1
    Chris PeBenito 8a0da1
    ########################################
    Karl MacMillan f0c985
    ## <interface name="dev_setattr_all_chr_files">
    Karl MacMillan 870049
    ##	<summary>
    Karl MacMillan f0c985
    ##		Setattr on all character file device nodes.
    Karl MacMillan 870049
    ##	</summary>
    Karl MacMillan f0c985
    ##	<parameter name="domain">
    Karl MacMillan f0c985
    ##		Domain allowed access.
    Karl MacMillan f0c985
    ##	</parameter>
    Karl MacMillan f0c985
    ## </interface>
    Chris PeBenito 8a0da1
    #
    Karl MacMillan f0c985
    define(`dev_setattr_all_chr_files',`
    Chris PeBenito fa7bea
    	gen_require(`$0'_depend)
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	allow $1 device_t:dir r_dir_perms;
    Chris PeBenito 0c73cd
    	allow $1 device_node:chr_file setattr;
    Chris PeBenito 8a0da1
    ')
    Chris PeBenito 8a0da1
    Karl MacMillan f0c985
    define(`dev_setattr_all_chr_files_depend',`
    Chris PeBenito 0c73cd
    	attribute device_node;
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	class dir r_dir_perms;
    Chris PeBenito 0c73cd
    	class chr_file setattr;
    Chris PeBenito 8a0da1
    ')
    Chris PeBenito 8a0da1
    Chris PeBenito 8a0da1
    ########################################
    Karl MacMillan f0c985
    ## <interface name="dev_manage_all_blk_files">
    Karl MacMillan 870049
    ##	<summary>
    Karl MacMillan f0c985
    ##		Read, write, create, and delete all block device files.
    Karl MacMillan 870049
    ##	</summary>
    Karl MacMillan f0c985
    ##	<parameter name="domain">
    Karl MacMillan f0c985
    ##		Domain allowed access.
    Karl MacMillan f0c985
    ##	</parameter>
    Karl MacMillan f0c985
    ## </interface>
    Chris PeBenito 8a0da1
    #
    Karl MacMillan f0c985
    define(`dev_manage_all_blk_files',`
    Chris PeBenito fa7bea
    	gen_require(`$0'_depend)
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	allow $1 device_t:dir rw_dir_perms;
    Chris PeBenito 0c73cd
    	allow $1 device_node:blk_file create_file_perms;
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	# these next rules are to satisfy assertions broken by the above lines.
    Chris PeBenito 0c73cd
    	storage_raw_read_fixed_disk($1)
    Chris PeBenito 0c73cd
    	storage_raw_write_fixed_disk($1)
    Chris PeBenito 0c73cd
    	storage_read_scsi_generic($1)
    Chris PeBenito 0c73cd
    	storage_write_scsi_generic($1)
    Chris PeBenito 32e53a
    ')
    Chris PeBenito 32e53a
    Karl MacMillan f0c985
    define(`dev_manage_all_blk_files_depend',`
    Chris PeBenito 0c73cd
    	attribute device_node;
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	class dir rw_dir_perms;
    Chris PeBenito 0c73cd
    	class blk_file create_file_perms;
    Chris PeBenito 32e53a
    ')
    Chris PeBenito 32e53a
    Chris PeBenito 32e53a
    ########################################
    Karl MacMillan f0c985
    ## <interface name="dev_manage_all_chr_files">
    Karl MacMillan 870049
    ##	<summary>
    Karl MacMillan f0c985
    ##		Read, write, create, and delete all character device files.
    Karl MacMillan 870049
    ##	</summary>
    Karl MacMillan f0c985
    ##	<parameter name="domain">
    Karl MacMillan f0c985
    ##		Domain allowed access.
    Karl MacMillan f0c985
    ##	</parameter>
    Karl MacMillan f0c985
    ## </interface>
    Chris PeBenito 32e53a
    #
    Karl MacMillan f0c985
    define(`dev_manage_all_chr_files',`
    Chris PeBenito fa7bea
    	gen_require(`$0'_depend)
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	allow $1 device_t:dir rw_dir_perms;
    Chris PeBenito 0c73cd
    	allow $1 device_node:chr_file create_file_perms;
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	typeattribute $1 memory_raw_read, memory_raw_write;
    Chris PeBenito 32e53a
    ')
    Chris PeBenito 32e53a
    Karl MacMillan f0c985
    define(`dev_manage_all_chr_files_depend',`
    Chris PeBenito 0c73cd
    	attribute device_node, memory_raw_read, memory_raw_write;
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	class dir rw_dir_perms;
    Chris PeBenito 0c73cd
    	class chr_file create_file_perms;
    Chris PeBenito 32e53a
    ')
    Chris PeBenito 32e53a
    Chris PeBenito 32e53a
    ########################################
    Karl MacMillan f0c985
    ## <interface name="dev_read_raw_memory">
    Karl MacMillan 870049
    ##	<summary>
    Karl MacMillan f0c985
    ##		Read raw memory devices (e.g. /dev/mem).
    Karl MacMillan 870049
    ##	</summary>
    Karl MacMillan f0c985
    ##	<parameter name="domain">
    Karl MacMillan f0c985
    ##		Domain allowed access.
    Karl MacMillan f0c985
    ##	</parameter>
    Karl MacMillan f0c985
    ## </interface>
    Chris PeBenito 32e53a
    #
    Karl MacMillan f0c985
    define(`dev_read_raw_memory',`
    Chris PeBenito fa7bea
    	gen_require(`$0'_depend)
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	allow $1 device_t:dir r_dir_perms;
    Chris PeBenito 0c73cd
    	allow $1 memory_device_t:chr_file r_file_perms;
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	allow $1 self:capability sys_rawio;
    Chris PeBenito 0c73cd
    	typeattribute $1 memory_raw_read;
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Karl MacMillan f0c985
    define(`dev_read_raw_memory_depend',`
    Karl MacMillan f0c985
    	type device_t, memory_device_t;
    Karl MacMillan f0c985
    	attribute memory_raw_read;
    Karl MacMillan f0c985
    	class dir r_dir_perms;
    Karl MacMillan f0c985
    	class chr_file r_file_perms;
    Karl MacMillan f0c985
    	class capability sys_rawio;
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Chris PeBenito b4cd15
    ########################################
    Karl MacMillan f0c985
    ## <interface name="dev_write_raw_memory">
    Karl MacMillan 870049
    ##	<summary>
    Karl MacMillan f0c985
    ##		Write raw memory devices (e.g. /dev/mem).
    Karl MacMillan 870049
    ##	</summary>
    Karl MacMillan f0c985
    ##	<parameter name="domain">
    Karl MacMillan f0c985
    ##		Domain allowed access.
    Karl MacMillan f0c985
    ##	</parameter>
    Karl MacMillan f0c985
    ## </interface>
    Chris PeBenito b4cd15
    #
    Karl MacMillan f0c985
    define(`dev_write_raw_memory',`
    Chris PeBenito fa7bea
    	gen_require(`$0'_depend)
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	allow $1 device_t:dir r_dir_perms;
    Chris PeBenito 0c73cd
    	allow $1 memory_device_t:chr_file write;
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	allow $1 self:capability sys_rawio;
    Chris PeBenito 0c73cd
    	typeattribute $1 memory_raw_write;
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Karl MacMillan f0c985
    define(`dev_write_raw_memory_depend',`
    Karl MacMillan f0c985
    	type device_t, memory_device_t;
    Karl MacMillan f0c985
    	attribute memory_raw_write;
    Karl MacMillan f0c985
    	class dir r_dir_perms;
    Karl MacMillan f0c985
    	class chr_file write;
    Karl MacMillan f0c985
    	class capability sys_rawio;
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Chris PeBenito b4cd15
    ########################################
    Karl MacMillan f0c985
    ## <interface name="dev_rx_raw_memory">
    Karl MacMillan 870049
    ##	<summary>
    Karl MacMillan f0c985
    ##		Read and execute raw memory devices (e.g. /dev/mem).
    Karl MacMillan 870049
    ##	</summary>
    Karl MacMillan f0c985
    ##	<parameter name="domain">
    Karl MacMillan f0c985
    ##		Domain allowed access.
    Karl MacMillan f0c985
    ##	</parameter>
    Karl MacMillan f0c985
    ## </interface>
    Chris PeBenito b4cd15
    #
    Karl MacMillan f0c985
    define(`dev_rx_raw_memory',`
    Chris PeBenito fa7bea
    	gen_require(`$0'_depend)
    Chris PeBenito 0c73cd
    Karl MacMillan f0c985
    	dev_read_raw_memory($1)
    Chris PeBenito 0c73cd
    	allow $1 memory_device_t:chr_file execute;
    Chris PeBenito f5c42b
    ')
    Chris PeBenito f5c42b
    Karl MacMillan f0c985
    define(`dev_rx_raw_memory_depend',`
    Chris PeBenito 0c73cd
    	type device_t, memory_device_t;
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	class chr_file execute;
    Chris PeBenito f5c42b
    ')
    Chris PeBenito f5c42b
    Chris PeBenito f5c42b
    ########################################
    Karl MacMillan f0c985
    ## <interface name="dev_wx_raw_memory">
    Karl MacMillan 870049
    ##	<summary>
    Karl MacMillan f0c985
    ##		Write and execute raw memory devices (e.g. /dev/mem).
    Karl MacMillan 870049
    ##	</summary>
    Karl MacMillan f0c985
    ##	<parameter name="domain">
    Karl MacMillan f0c985
    ##		Domain allowed access.
    Karl MacMillan f0c985
    ##	</parameter>
    Karl MacMillan f0c985
    ## </interface>
    Chris PeBenito f5c42b
    #
    Karl MacMillan f0c985
    define(`dev_wx_raw_memory',`
    Chris PeBenito fa7bea
    	gen_require(`$0'_depend)
    Chris PeBenito 0c73cd
    Karl MacMillan f0c985
    	dev_write_raw_memory($1)
    Chris PeBenito 0c73cd
    	allow $1 memory_device_t:chr_file execute;
    Chris PeBenito f5c42b
    ')
    Chris PeBenito f5c42b
    Karl MacMillan f0c985
    define(`dev_wx_raw_memory_depend',`
    Chris PeBenito 0c73cd
    	type device_t, memory_device_t;
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	class chr_file execute;
    Chris PeBenito f5c42b
    ')
    Chris PeBenito f5c42b
    Chris PeBenito f5c42b
    ########################################
    Karl MacMillan f0c985
    ## <interface name="dev_read_rand">
    Karl MacMillan 870049
    ##	<summary>
    Karl MacMillan f0c985
    ##		Read from random devices (e.g., /dev/random)
    Karl MacMillan 870049
    ##	</summary>
    Karl MacMillan f0c985
    ##	<parameter name="domain">
    Karl MacMillan f0c985
    ##		Domain allowed access.
    Karl MacMillan f0c985
    ##	</parameter>
    Karl MacMillan f0c985
    ## </interface>
    Chris PeBenito f5c42b
    #
    Karl MacMillan f0c985
    define(`dev_read_rand',`
    Chris PeBenito fa7bea
    	gen_require(`$0'_depend)
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	allow $1 device_t:dir r_dir_perms;
    Chris PeBenito 0c73cd
    	allow $1 random_device_t:chr_file r_file_perms;
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Karl MacMillan f0c985
    define(`dev_read_rand_depend',`
    Chris PeBenito 0c73cd
    	type device_t, random_device_t;
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	class dir r_dir_perms;
    Chris PeBenito 0c73cd
    	class chr_file r_file_perms;
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Chris PeBenito b4cd15
    ########################################
    Karl MacMillan f0c985
    ## <interface name="dev_read_urand">
    Karl MacMillan 870049
    ##	<summary>
    Karl MacMillan f0c985
    ##		Read from pseudo random devices (e.g., /dev/urandom)
    Karl MacMillan 870049
    ##	</summary>
    Karl MacMillan f0c985
    ##	<parameter name="domain">
    Karl MacMillan f0c985
    ##		Domain allowed access.
    Karl MacMillan f0c985
    ##	</parameter>
    Karl MacMillan f0c985
    ## </interface>
    Chris PeBenito b4cd15
    #
    Karl MacMillan f0c985
    define(`dev_read_urand',`
    Chris PeBenito fa7bea
    	gen_require(`$0'_depend)
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	allow $1 device_t:dir r_dir_perms;
    Chris PeBenito 0c73cd
    	allow $1 urandom_device_t:chr_file r_file_perms;
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Karl MacMillan f0c985
    define(`dev_read_urand_depend',`
    Chris PeBenito 0c73cd
    	type device_t, urandom_device_t;
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	class dir r_dir_perms;
    Chris PeBenito 0c73cd
    	class chr_file r_file_perms;
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Chris PeBenito b4cd15
    ########################################
    Karl MacMillan f0c985
    ## <interface name="dev_write_rand">
    Karl MacMillan 870049
    ##	<summary>
    Karl MacMillan f0c985
    ##		Write to the random device (e.g., /dev/random). This adds
    Karl MacMillan f0c985
    ##		entropy used to generate the random data read from the
    Karl MacMillan f0c985
    ##		random device.
    Karl MacMillan 870049
    ##	</summary>
    Karl MacMillan f0c985
    ##	<parameter name="domain">
    Karl MacMillan f0c985
    ##		Domain allowed access.
    Karl MacMillan f0c985
    ##	</parameter>
    Karl MacMillan f0c985
    ## </interface>
    Chris PeBenito b4cd15
    #
    Karl MacMillan f0c985
    define(`dev_write_rand',`
    Chris PeBenito fa7bea
    	gen_require(`$0'_depend)
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	allow $1 device_t:dir r_dir_perms;
    Chris PeBenito 0c73cd
    	allow $1 random_device_t:chr_file { getattr write ioctl };
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Karl MacMillan f0c985
    define(`dev_write_rand_depend',`
    Chris PeBenito 0c73cd
    	type device_t, random_device_t;
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	class dir r_dir_perms;
    Chris PeBenito 0c73cd
    	class chr_file { getattr write ioctl };
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Chris PeBenito b4cd15
    ########################################
    Karl MacMillan f0c985
    ## <interface name="dev_write_urand">
    Karl MacMillan 870049
    ##	<summary>
    Karl MacMillan f0c985
    ##		Write to the pseudo random device (e.g., /dev/urandom). This
    Karl MacMillan f0c985
    ##		sets the random number generator seed.
    Karl MacMillan 870049
    ##	</summary>
    Karl MacMillan f0c985
    ##	<parameter name="domain">
    Karl MacMillan f0c985
    ##		Domain allowed access.
    Karl MacMillan f0c985
    ##	</parameter>
    Karl MacMillan f0c985
    ## </interface>
    Chris PeBenito b4cd15
    #
    Karl MacMillan f0c985
    define(`dev_write_urand',`
    Chris PeBenito fa7bea
    	gen_require(`$0'_depend)
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	allow $1 device_t:dir r_dir_perms;
    Chris PeBenito 0c73cd
    	allow $1 urandom_device_t:chr_file { getattr write ioctl };
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Karl MacMillan f0c985
    define(`dev_write_urand_depend',`
    Chris PeBenito 0c73cd
    	type device_t, urandom_device_t;
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	class dir r_dir_perms;
    Chris PeBenito 0c73cd
    	class chr_file { getattr write ioctl };
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Chris PeBenito b4cd15
    ########################################
    Karl MacMillan f0c985
    ## <interface name="dev_rw_null_dev">
    Karl MacMillan 870049
    ##	<summary>
    Karl MacMillan f0c985
    ##		Read and write to the null device (/dev/null).
    Karl MacMillan 870049
    ##	</summary>
    Karl MacMillan f0c985
    ##	<parameter name="domain">
    Karl MacMillan f0c985
    ##		Domain allowed access.
    Karl MacMillan f0c985
    ##	</parameter>
    Karl MacMillan f0c985
    ## </interface>
    Chris PeBenito b4cd15
    #
    Karl MacMillan f0c985
    define(`dev_rw_null_dev',`
    Chris PeBenito fa7bea
    	gen_require(`$0'_depend)
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	allow $1 device_t:dir r_dir_perms;
    Chris PeBenito 0c73cd
    	allow $1 null_device_t:chr_file rw_file_perms;
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Karl MacMillan f0c985
    define(`dev_rw_null_dev_depend',`
    Chris PeBenito 0c73cd
    	type device_t, null_device_t;
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	class device_t:dir r_dir_perms;
    Chris PeBenito 0c73cd
    	class chr_file rw_file_perms;
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Chris PeBenito b4cd15
    ########################################
    Karl MacMillan f0c985
    ## <interface name="dev_rw_zero_dev">
    Karl MacMillan 870049
    ##	<summary>
    Karl MacMillan f0c985
    ##		Read and write to the zero device (/dev/zero).
    Karl MacMillan 870049
    ##	</summary>
    Karl MacMillan f0c985
    ##	<parameter name="domain">
    Karl MacMillan f0c985
    ##		Domain allowed access.
    Karl MacMillan f0c985
    ##	</parameter>
    Karl MacMillan f0c985
    ## </interface>
    Chris PeBenito b4cd15
    #
    Karl MacMillan f0c985
    define(`dev_rw_zero_dev',`
    Chris PeBenito fa7bea
    	gen_require(`$0'_depend)
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	allow $1 device_t:dir r_dir_perms;
    Chris PeBenito 0c73cd
    	allow $1 zero_device_t:chr_file rw_file_perms;
    Chris PeBenito a9a20d
    ')
    Chris PeBenito a9a20d
    Karl MacMillan f0c985
    define(`dev_rw_zero_dev_depend',`
    Chris PeBenito 0c73cd
    	type device_t, zero_device_t;
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	class device_t:dir r_dir_perms;
    Chris PeBenito 0c73cd
    	class chr_file r_file_perms;
    Chris PeBenito a9a20d
    ')
    Chris PeBenito a9a20d
    Chris PeBenito a9a20d
    ########################################
    Karl MacMillan f0c985
    ## <interface name="dev_rwx_zero_dev">
    Karl MacMillan 870049
    ##	<summary>
    Karl MacMillan f0c985
    ##		Read, write, and execute the zero device (/dev/zero).
    Karl MacMillan 870049
    ##	</summary>
    Karl MacMillan f0c985
    ##	<parameter name="domain">
    Karl MacMillan f0c985
    ##		Domain allowed access.
    Karl MacMillan f0c985
    ##	</parameter>
    Karl MacMillan f0c985
    ## </interface>
    Chris PeBenito a9a20d
    #
    Karl MacMillan f0c985
    define(`dev_rwx_zero_dev',`
    Chris PeBenito fa7bea
    	gen_require(`$0'_depend)
    Chris PeBenito 0c73cd
    Karl MacMillan f0c985
    	dev_rw_zero_dev($1)
    Chris PeBenito 0c73cd
    	allow $1 zero_device_t:chr_file execute;
    Chris PeBenito f5c42b
    ')
    Chris PeBenito f5c42b
    Karl MacMillan f0c985
    define(`dev_rwx_zero_dev_depend',`
    Chris PeBenito 0c73cd
    	type zero_device_t;
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	class chr_file execute;
    Chris PeBenito f5c42b
    ')
    Chris PeBenito f5c42b
    Chris PeBenito f5c42b
    ########################################
    Karl MacMillan f0c985
    ## <interface name="dev_read_realtime_clock">
    Karl MacMillan 870049
    ##	<summary>
    Karl MacMillan f0c985
    ##		Read the realtime clock (/dev/rtc).
    Karl MacMillan 870049
    ##	</summary>
    Karl MacMillan f0c985
    ##	<parameter name="domain">
    Karl MacMillan f0c985
    ##		Domain allowed access.
    Karl MacMillan f0c985
    ##	</parameter>
    Karl MacMillan f0c985
    ## </interface>
    Chris PeBenito f5c42b
    #
    Karl MacMillan f0c985
    define(`dev_read_realtime_clock',`
    Chris PeBenito fa7bea
    	gen_require(`$0'_depend)
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	allow $1 device_t:dir r_dir_perms;
    Chris PeBenito 0c73cd
    	allow $1 clock_device_t:chr_file r_file_perms;
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Karl MacMillan f0c985
    define(`dev_read_realtime_clock_depend',`
    Chris PeBenito b4cd15
    type device_t, clock_device_t;
    Chris PeBenito 4bf4ed
    class dir r_dir_perms;
    Chris PeBenito 0c73cd
    class chr_file r_file_perms;
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Chris PeBenito b4cd15
    ########################################
    Karl MacMillan f0c985
    ## <interface name="dev_write_realtime_clock">
    Karl MacMillan 870049
    ##	<summary>
    Karl MacMillan f0c985
    ##		Read the realtime clock (/dev/rtc).
    Karl MacMillan 870049
    ##	</summary>
    Karl MacMillan f0c985
    ##	<parameter name="domain">
    Karl MacMillan f0c985
    ##		Domain allowed access.
    Karl MacMillan f0c985
    ##	</parameter>
    Karl MacMillan f0c985
    ## </interface>
    Chris PeBenito b4cd15
    #
    Karl MacMillan f0c985
    define(`dev_write_realtime_clock',`
    Chris PeBenito fa7bea
    	gen_require(`$0'_depend)
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	allow $1 device_t:dir r_dir_perms;
    Chris PeBenito 0c73cd
    	allow $1 clock_device_t:chr_file { setattr lock write append ioctl };
    Chris PeBenito 44a43b
    ')
    Chris PeBenito 44a43b
    Karl MacMillan f0c985
    define(`dev_write_realtime_clock_depend',`
    Chris PeBenito 0c73cd
    	type device_t, clock_device_t;
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	class dir r_dir_perms;
    Chris PeBenito 0c73cd
    	class chr_file { setattr lock write append ioctl };
    Chris PeBenito 44a43b
    ')
    Chris PeBenito 44a43b
    Chris PeBenito 44a43b
    ########################################
    Karl MacMillan f0c985
    ## <interface name="dev_rw_realtime_clock">
    Karl MacMillan 870049
    ##	<summary>
    Karl MacMillan f0c985
    ##		Read the realtime clock (/dev/rtc).
    Karl MacMillan 870049
    ##	</summary>
    Karl MacMillan f0c985
    ##	<parameter name="domain">
    Karl MacMillan f0c985
    ##		Domain allowed access.
    Karl MacMillan f0c985
    ##	</parameter>
    Karl MacMillan f0c985
    ## </interface>
    Chris PeBenito 44a43b
    #
    Karl MacMillan f0c985
    define(`dev_rw_realtime_clock',`
    Karl MacMillan f0c985
    	dev_read_realtime_clock($1)
    Karl MacMillan f0c985
    	dev_write_realtime_clock($1)
    Chris PeBenito 44a43b
    ')
    Chris PeBenito 44a43b
    Chris PeBenito 44a43b
    ########################################
    Karl MacMillan f0c985
    ## <interface name="dev_read_snd_dev">
    Karl MacMillan 870049
    ##	<summary>
    Karl MacMillan f0c985
    ##		Read the sound devices.
    Karl MacMillan 870049
    ##	</summary>
    Karl MacMillan f0c985
    ##	<parameter name="domain">
    Karl MacMillan f0c985
    ##		Domain allowed access.
    Karl MacMillan f0c985
    ##	</parameter>
    Karl MacMillan f0c985
    ## </interface>
    Chris PeBenito 44a43b
    #
    Karl MacMillan f0c985
    define(`dev_read_snd_dev',`
    Chris PeBenito fa7bea
    	gen_require(`$0'_depend)
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	allow $1 device_t:dir r_dir_perms;
    Chris PeBenito 0c73cd
    	allow $1 sound_device_t:chr_file r_file_perms;
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Karl MacMillan f0c985
    define(`dev_read_snd_dev_depend',`
    Karl MacMillan f0c985
    	type device_t, sound_device_t;
    Karl MacMillan f0c985
    	class dir r_dir_perms;
    Karl MacMillan f0c985
    	class chr_file r_file_perms;
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Chris PeBenito b4cd15
    ########################################
    Karl MacMillan f0c985
    ## <interface name="dev_write_snd_dev">
    Karl MacMillan 870049
    ##	<summary>
    Karl MacMillan f0c985
    ##		Write the sound devices.
    Karl MacMillan 870049
    ##	</summary>
    Karl MacMillan f0c985
    ##	<parameter name="domain">
    Karl MacMillan f0c985
    ##		Domain allowed access.
    Karl MacMillan f0c985
    ##	</parameter>
    Karl MacMillan f0c985
    ## </interface>
    Chris PeBenito b4cd15
    #
    Karl MacMillan f0c985
    define(`dev_write_snd_dev',`
    Chris PeBenito fa7bea
    	gen_require(`$0'_depend)
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	allow $1 device_t:dir r_dir_perms;
    Chris PeBenito 0c73cd
    	allow $1 sound_device_t:chr_file { getattr write ioctl };
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Karl MacMillan f0c985
    define(`dev_write_snd_dev_depend',`
    Chris PeBenito 0c73cd
    	type device_t, sound_device_t;
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	class dir r_dir_perms;
    Chris PeBenito 0c73cd
    	class chr_file { getattr write ioctl };
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Chris PeBenito b4cd15
    ########################################
    Karl MacMillan f0c985
    ## <interface name="dev_read_snd_mixer_dev">
    Karl MacMillan 870049
    ##	<summary>
    Karl MacMillan f0c985
    ##		Read the sound mixer devices.
    Karl MacMillan 870049
    ##	</summary>
    Karl MacMillan f0c985
    ##	<parameter name="domain">
    Karl MacMillan f0c985
    ##		Domain allowed access.
    Karl MacMillan f0c985
    ##	</parameter>
    Karl MacMillan f0c985
    ## </interface>
    Chris PeBenito b4cd15
    #
    Karl MacMillan f0c985
    define(`dev_read_snd_mixer_dev',`
    Chris PeBenito fa7bea
    	gen_require(`$0'_depend)
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	allow $1 device_t:dir r_dir_perms;
    Karl MacMillan f0c985
    	allow $1 sound_device_t:chr_file { getattr read ioctl };
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Karl MacMillan f0c985
    define(`dev_read_snd_mixer_dev_depend',`
    Chris PeBenito 0c73cd
    	type device_t, sound_device_t;
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	class dir r_dir_perms;
    Karl MacMillan f0c985
    	class chr_file { getattr read ioctl };
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Chris PeBenito b4cd15
    ########################################
    Karl MacMillan f0c985
    ## <interface name="dev_write_snd_mixer_dev">
    Karl MacMillan 870049
    ##	<summary>
    Karl MacMillan f0c985
    ##		Write the sound mixer devices.
    Karl MacMillan 870049
    ##	</summary>
    Karl MacMillan f0c985
    ##	<parameter name="domain">
    Karl MacMillan f0c985
    ##		Domain allowed access.
    Karl MacMillan f0c985
    ##	</parameter>
    Karl MacMillan f0c985
    ## </interface>
    Chris PeBenito b4cd15
    #
    Karl MacMillan f0c985
    define(`dev_write_snd_mixer_dev',`
    Chris PeBenito fa7bea
    	gen_require(`$0'_depend)
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	allow $1 device_t:dir r_dir_perms;
    Chris PeBenito 0c73cd
    	allow $1 sound_device_t:chr_file { getattr write ioctl };
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Karl MacMillan f0c985
    define(`dev_write_snd_mixer_dev_depend',`
    Chris PeBenito 0c73cd
    	type device_t, sound_device_t;
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	class dir r_dir_perms;
    Chris PeBenito 0c73cd
    	class chr_file { getattr write ioctl };
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Chris PeBenito b4cd15
    ########################################
    Karl MacMillan f0c985
    ## <interface name="dev_rw_agp_dev">
    Karl MacMillan 870049
    ##	<summary>
    Karl MacMillan f0c985
    ##		Read and write the agp devices.
    Karl MacMillan 870049
    ##	</summary>
    Karl MacMillan f0c985
    ##	<parameter name="domain">
    Karl MacMillan f0c985
    ##		Domain allowed access.
    Karl MacMillan f0c985
    ##	</parameter>
    Karl MacMillan f0c985
    ## </interface>
    Chris PeBenito b4cd15
    #
    Karl MacMillan f0c985
    define(`dev_rw_agp_dev',`
    Chris PeBenito fa7bea
    	gen_require(`$0'_depend)
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	allow $1 device_t:dir r_dir_perms;
    Chris PeBenito 0c73cd
    	allow $1 agp_device_t:chr_file rw_file_perms;
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Karl MacMillan f0c985
    define(`dev_rw_agp_dev_depend',`
    Chris PeBenito 0c73cd
    	type device_t, agp_device_t;
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	class dir r_dir_perms;
    Chris PeBenito 0c73cd
    	class chr_file rw_file_perms;
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Chris PeBenito b4cd15
    ########################################
    Karl MacMillan f0c985
    ## <interface name="dev_getattr_agp_dev">
    Karl MacMillan 870049
    ##	<summary>
    Karl MacMillan f0c985
    ##		Getattr the agp devices.
    Karl MacMillan 870049
    ##	</summary>
    Karl MacMillan f0c985
    ##	<parameter name="domain">
    Karl MacMillan f0c985
    ##		Domain allowed access.
    Karl MacMillan f0c985
    ##	</parameter>
    Karl MacMillan f0c985
    ## </interface>
    Chris PeBenito b4cd15
    #
    Karl MacMillan f0c985
    define(`dev_getattr_agp_dev',`
    Chris PeBenito fa7bea
    	gen_require(`$0'_depend)
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	allow $1 device_t:dir r_dir_perms;
    Chris PeBenito 0c73cd
    	allow $1 dri_device_t:chr_file getattr;
    Chris PeBenito b16c6b
    ')
    Chris PeBenito b16c6b
    Karl MacMillan f0c985
    define(`dev_getattr_agp_dev_depend',`
    Chris PeBenito 0c73cd
    	type device_t, dri_device_t;
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	class dir r_dir_perms;
    Chris PeBenito 0c73cd
    	class chr_file getattr;
    Chris PeBenito b16c6b
    ')
    Chris PeBenito b16c6b
    Chris PeBenito b16c6b
    ########################################
    Karl MacMillan f0c985
    ## <interface name="dev_rw_dri_dev">
    Karl MacMillan 870049
    ##	<summary>
    Karl MacMillan f0c985
    ##		Read and write the dri devices.
    Karl MacMillan 870049
    ##	</summary>
    Karl MacMillan f0c985
    ##	<parameter name="domain">
    Karl MacMillan f0c985
    ##		Domain allowed access.
    Karl MacMillan f0c985
    ##	</parameter>
    Karl MacMillan f0c985
    ## </interface>
    Chris PeBenito b16c6b
    #
    Karl MacMillan f0c985
    define(`dev_rw_dri_dev',`
    Chris PeBenito fa7bea
    	gen_require(`$0'_depend)
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	allow $1 device_t:dir r_dir_perms;
    Chris PeBenito 0c73cd
    	allow $1 dri_device_t:chr_file rw_file_perms;
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Karl MacMillan f0c985
    define(`dev_rw_dri_dev_depend',`
    Chris PeBenito 0c73cd
    	type device_t, dri_device_t;
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	class dir r_dir_perms;
    Chris PeBenito 0c73cd
    	class chr_file rw_file_perms;
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Chris PeBenito b4cd15
    ########################################
    Karl MacMillan f0c985
    ## <interface name="dev_dontaudit_rw_dri_dev">
    Karl MacMillan 870049
    ##	<summary>
    Karl MacMillan f0c985
    ##		Dontaudit read and write on the dri devices.
    Karl MacMillan 870049
    ##	</summary>
    Karl MacMillan f0c985
    ##	<parameter name="domain">
    Karl MacMillan f0c985
    ##		Domain to dontaudit access.
    Karl MacMillan f0c985
    ##	</parameter>
    Karl MacMillan f0c985
    ## </interface>
    Chris PeBenito b4cd15
    #
    Karl MacMillan f0c985
    define(`dev_dontaudit_rw_dri_dev',`
    Chris PeBenito fa7bea
    	gen_require(`$0'_depend)
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	dontaudit $1 dri_device_t:chr_file { getattr read write ioctl };
    Chris PeBenito b16c6b
    ')
    Chris PeBenito b16c6b
    Karl MacMillan f0c985
    define(`dev_dontaudit_rw_dri_dev_depend',`
    Chris PeBenito 0c73cd
    	type dri_device_t;
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	class chr_file { getattr read write ioctl };
    Chris PeBenito b16c6b
    ')
    Chris PeBenito b16c6b
    Chris PeBenito b16c6b
    ########################################
    Karl MacMillan f0c985
    ## <interface name="dev_read_mtrr">
    Karl MacMillan 870049
    ##	<summary>
    Karl MacMillan f0c985
    ##		Read the mtrr device.
    Karl MacMillan 870049
    ##	</summary>
    Karl MacMillan f0c985
    ##	<parameter name="domain">
    Karl MacMillan f0c985
    ##		Domain allowed access.
    Karl MacMillan f0c985
    ##	</parameter>
    Karl MacMillan f0c985
    ## </interface>
    Chris PeBenito b16c6b
    #
    Karl MacMillan f0c985
    define(`dev_read_mtrr',`
    Chris PeBenito fa7bea
    	gen_require(`$0'_depend)
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	allow $1 device_t:dir r_dir_perms;
    Chris PeBenito 0c73cd
    	allow $1 mtrr_device_t:chr_file r_file_perms;
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Karl MacMillan f0c985
    define(`dev_read_mtrr_depend',`
    Chris PeBenito 0c73cd
    	type device_t, mtrr_device_t;
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	class dir r_dir_perms;
    Chris PeBenito 0c73cd
    	class chr_file r_file_perms;
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Chris PeBenito b4cd15
    ########################################
    Karl MacMillan f0c985
    ## <interface name="dev_write_mtrr">
    Karl MacMillan 870049
    ##	<summary>
    Karl MacMillan f0c985
    ##		Write the mtrr device.
    Karl MacMillan 870049
    ##	</summary>
    Karl MacMillan f0c985
    ##	<parameter name="domain">
    Karl MacMillan f0c985
    ##		Domain allowed access.
    Karl MacMillan f0c985
    ##	</parameter>
    Karl MacMillan f0c985
    ## </interface>
    Chris PeBenito b4cd15
    #
    Karl MacMillan f0c985
    define(`dev_write_mtrr',`
    Chris PeBenito fa7bea
    	gen_require(`$0'_depend)
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	allow $1 device_t:dir r_dir_perms;
    Chris PeBenito 0c73cd
    	allow $1 mtrr_device_t:chr_file { getattr write ioctl };
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Karl MacMillan f0c985
    define(`dev_write_mtrr_depend',`
    Chris PeBenito 0c73cd
    	type device_t, mtrr_device_t;
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	class dir r_dir_perms;
    Chris PeBenito 0c73cd
    	class chr_file { getattr write ioctl };
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Chris PeBenito b4cd15
    ########################################
    Karl MacMillan f0c985
    ## <interface name="dev_read_framebuffer">
    Karl MacMillan 870049
    ##	<summary>
    Karl MacMillan f0c985
    ##		Read the framebuffer device.
    Karl MacMillan 870049
    ##	</summary>
    Karl MacMillan f0c985
    ##	<parameter name="domain">
    Karl MacMillan f0c985
    ##		Domain allowed access.
    Karl MacMillan f0c985
    ##	</parameter>
    Karl MacMillan f0c985
    ## </interface>
    Chris PeBenito b4cd15
    #
    Karl MacMillan f0c985
    define(`dev_read_framebuffer',`
    Chris PeBenito fa7bea
    	gen_require(`$0'_depend)
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	allow $1 device_t:dir r_dir_perms;
    Chris PeBenito 0c73cd
    	allow $1 framebuf_device_t:chr_file r_file_perms;
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Karl MacMillan f0c985
    define(`dev_read_framebuffer_depend',`
    Chris PeBenito 0c73cd
    	type framebuf_device_t;
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	class dir r_dir_perms;
    Chris PeBenito 0c73cd
    	class chr_file r_file_perms;
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Chris PeBenito b4cd15
    ########################################
    Karl MacMillan f0c985
    ## <interface name="dev_write_framebuffer">
    Karl MacMillan 870049
    ##	<summary>
    Karl MacMillan f0c985
    ##		Write the framebuffer device.
    Karl MacMillan 870049
    ##	</summary>
    Karl MacMillan f0c985
    ##	<parameter name="domain">
    Karl MacMillan f0c985
    ##		Domain allowed access.
    Karl MacMillan f0c985
    ##	</parameter>
    Karl MacMillan f0c985
    ## </interface>
    Chris PeBenito b4cd15
    #
    Karl MacMillan f0c985
    define(`dev_write_framebuffer',`
    Chris PeBenito fa7bea
    	gen_require(`$0'_depend)
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	allow $1 device_t:dir r_dir_perms;
    Chris PeBenito 0c73cd
    	allow $1 framebuf_device_t:chr_file { getattr write ioctl };
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Karl MacMillan f0c985
    define(`dev_write_framebuffer_depend',`
    Chris PeBenito 0c73cd
    	type device_t, framebuf_device_t;
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	class dir r_dir_perms;
    Chris PeBenito 0c73cd
    	class chr_file { getattr write ioctl };
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Chris PeBenito b4cd15
    ########################################
    Karl MacMillan f0c985
    ## <interface name="dev_read_lvm_control">
    Karl MacMillan 870049
    ##	<summary>
    Karl MacMillan f0c985
    ##		Read the lvm comtrol device.
    Karl MacMillan 870049
    ##	</summary>
    Karl MacMillan f0c985
    ##	<parameter name="domain">
    Karl MacMillan f0c985
    ##		Domain allowed access.
    Karl MacMillan f0c985
    ##	</parameter>
    Karl MacMillan f0c985
    ## </interface>
    Chris PeBenito b4cd15
    #
    Karl MacMillan f0c985
    define(`dev_read_lvm_control',`
    Chris PeBenito fa7bea
    	gen_require(`$0'_depend)
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	allow $1 device_t:dir r_dir_perms;
    Chris PeBenito 0c73cd
    	allow $1 lvm_control_t:chr_file r_file_perms;
    Chris PeBenito d490eb
    ')
    Chris PeBenito d490eb
    Karl MacMillan f0c985
    define(`dev_read_lvm_control_depend',`
    Chris PeBenito 0c73cd
    	type device_t, lvm_control_t;
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	class dir r_dir_perms;
    Chris PeBenito 0c73cd
    	class chr_file r_file_perms;
    Chris PeBenito d490eb
    ')
    Chris PeBenito d490eb
    Chris PeBenito d490eb
    ########################################
    Karl MacMillan f0c985
    ## <interface name="dev_rw_lvm_control">
    Karl MacMillan 870049
    ##	<summary>
    Karl MacMillan f0c985
    ##		Read and write the lvm control device.
    Karl MacMillan 870049
    ##	</summary>
    Karl MacMillan f0c985
    ##	<parameter name="domain">
    Karl MacMillan f0c985
    ##		Domain allowed access.
    Karl MacMillan f0c985
    ##	</parameter>
    Karl MacMillan f0c985
    ## </interface>
    Chris PeBenito d490eb
    #
    Karl MacMillan f0c985
    define(`dev_rw_lvm_control',`
    Chris PeBenito fa7bea
    	gen_require(`$0'_depend)
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	allow $1 device_t:dir r_dir_perms;
    Chris PeBenito 0c73cd
    	allow $1 lvm_control_t:chr_file rw_file_perms;
    Chris PeBenito 7bba9d
    ')
    Chris PeBenito 7bba9d
    Karl MacMillan f0c985
    define(`dev_rw_lvm_control_depend',`
    Chris PeBenito 0c73cd
    	type device_t, lvm_control_t;
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	class dir r_dir_perms;
    Chris PeBenito 0c73cd
    	class chr_file rw_file_perms;
    Chris PeBenito 7bba9d
    ')
    Chris PeBenito 7bba9d
    Chris PeBenito 7bba9d
    ########################################
    Karl MacMillan f0c985
    ## <interface name="dev_delete_lvm_control">
    Karl MacMillan 870049
    ##	<summary>
    Karl MacMillan f0c985
    ##		Delete the lvm control device.
    Karl MacMillan 870049
    ##	</summary>
    Karl MacMillan f0c985
    ##	<parameter name="domain">
    Karl MacMillan f0c985
    ##		Domain allowed access.
    Karl MacMillan f0c985
    ##	</parameter>
    Karl MacMillan f0c985
    ## </interface>
    Chris PeBenito 7bba9d
    #
    Karl MacMillan f0c985
    define(`dev_delete_lvm_control',`
    Chris PeBenito fa7bea
    	gen_require(`$0'_depend)
    Chris PeBenito 0c73cd
    Karl MacMillan f0c985
    	allow $1 device_t:dir { getattr search read write remove_name };
    Chris PeBenito 0c73cd
    	allow $1 lvm_control_t:chr_file unlink;
    Chris PeBenito d490eb
    ')
    Chris PeBenito d490eb
    Karl MacMillan f0c985
    define(`dev_delete_lvm_control_depend',`
    Chris PeBenito 0c73cd
    	type device_t, lvm_control_t;
    Chris PeBenito 0c73cd
    Karl MacMillan f0c985
    	class dir { getattr search read write remove_name };
    Chris PeBenito 0c73cd
    	class chr_file unlink;
    Chris PeBenito d490eb
    ')
    Chris PeBenito d490eb
    Chris PeBenito d490eb
    ########################################
    Karl MacMillan f0c985
    ## <interface name="dev_read_misc">
    Karl MacMillan 870049
    ##	<summary>
    Karl MacMillan f0c985
    ##		Read miscellaneous devices.
    Karl MacMillan 870049
    ##	</summary>
    Karl MacMillan f0c985
    ##	<parameter name="domain">
    Karl MacMillan f0c985
    ##		Domain allowed access.
    Karl MacMillan f0c985
    ##	</parameter>
    Karl MacMillan f0c985
    ## </interface>
    Chris PeBenito d490eb
    #
    Karl MacMillan f0c985
    define(`dev_read_misc',`
    Chris PeBenito fa7bea
    	gen_require(`$0'_depend)
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	allow $1 device_t:dir r_dir_perms;
    Chris PeBenito 0c73cd
    	allow $1 misc_device_t:chr_file r_file_perms;
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Karl MacMillan f0c985
    define(`dev_read_misc_depend',`
    Chris PeBenito 0c73cd
    	type device_t, misc_device_t;
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	class dir r_dir_perms;
    Chris PeBenito 0c73cd
    	class chr_file r_file_perms;
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Chris PeBenito b4cd15
    ########################################
    Karl MacMillan f0c985
    ## <interface name="dev_write_misc">
    Karl MacMillan 870049
    ##	<summary>
    Karl MacMillan f0c985
    ##		Write miscellaneous devices.
    Karl MacMillan 870049
    ##	</summary>
    Karl MacMillan f0c985
    ##	<parameter name="domain">
    Karl MacMillan f0c985
    ##		Domain allowed access.
    Karl MacMillan f0c985
    ##	</parameter>
    Karl MacMillan f0c985
    ## </interface>
    Chris PeBenito b4cd15
    #
    Karl MacMillan f0c985
    define(`dev_write_misc',`
    Chris PeBenito fa7bea
    	gen_require(`$0'_depend)
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	allow $1 device_t:dir r_dir_perms;
    Chris PeBenito 0c73cd
    	allow $1 misc_device_t:chr_file { getattr write ioctl };
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Karl MacMillan f0c985
    define(`dev_write_misc_depend',`
    Chris PeBenito 0c73cd
    	type device_t, misc_device_t;
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	class dir r_dir_perms;
    Chris PeBenito 0c73cd
    	class chr_file { getattr write ioctl };
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Chris PeBenito b4cd15
    ########################################
    Karl MacMillan f0c985
    ## <interface name="dev_read_mouse">
    Karl MacMillan 870049
    ##	<summary>
    Karl MacMillan f0c985
    ##		Read the mouse devices.
    Karl MacMillan 870049
    ##	</summary>
    Karl MacMillan f0c985
    ##	<parameter name="domain">
    Karl MacMillan f0c985
    ##		Domain allowed access.
    Karl MacMillan f0c985
    ##	</parameter>
    Karl MacMillan f0c985
    ## </interface>
    Chris PeBenito b4cd15
    #
    Karl MacMillan f0c985
    define(`dev_read_mouse',`
    Chris PeBenito fa7bea
    	gen_require(`$0'_depend)
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	allow $1 device_t:dir r_dir_perms;
    Chris PeBenito 0c73cd
    	allow $1 mouse_device_t:chr_file r_file_perms;
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Karl MacMillan f0c985
    define(`dev_read_mouse_depend',`
    Chris PeBenito 0c73cd
    	type device_t, mouse_device_t;
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	allow $1 device_t:dir r_dir_perms;
    Chris PeBenito 0c73cd
    	class chr_file r_file_perms;
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Chris PeBenito b4cd15
    ########################################
    Karl MacMillan f0c985
    ## <interface name="dev_read_input">
    Karl MacMillan 870049
    ##	<summary>
    Karl MacMillan f0c985
    ##		Read the multiplexed input device (/dev/input).
    Karl MacMillan 870049
    ##	</summary>
    Karl MacMillan f0c985
    ##	<parameter name="domain">
    Karl MacMillan f0c985
    ##		Domain allowed access.
    Karl MacMillan f0c985
    ##	</parameter>
    Karl MacMillan f0c985
    ## </interface>
    Chris PeBenito b4cd15
    #
    Karl MacMillan f0c985
    define(`dev_read_input',`
    Chris PeBenito fa7bea
    	gen_require(`$0'_depend)
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	allow $1 device_t:dir r_dir_perms;
    Chris PeBenito 0c73cd
    	allow $1 event_device_t:chr_file r_file_perms;
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Karl MacMillan f0c985
    define(`dev_read_input_depend',`
    Chris PeBenito 0c73cd
    	type device_t, event_device_t;
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	class dir r_dir_perms;
    Chris PeBenito 0c73cd
    	class chr_file r_file_perms;
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Chris PeBenito b4cd15
    ########################################
    Karl MacMillan f0c985
    ## <interface name="dev_read_cpuid">
    Karl MacMillan 870049
    ##	<summary>
    Karl MacMillan f0c985
    ##		Read the multiplexed input device (/dev/input).
    Karl MacMillan 870049
    ##	</summary>
    Karl MacMillan f0c985
    ##	<parameter name="domain">
    Karl MacMillan f0c985
    ##		Domain allowed access.
    Karl MacMillan f0c985
    ##	</parameter>
    Karl MacMillan f0c985
    ## </interface>
    Chris PeBenito b4cd15
    #
    Karl MacMillan f0c985
    define(`dev_read_cpuid',`
    Chris PeBenito fa7bea
    	gen_require(`$0'_depend)
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	allow $1 device_t:dir r_dir_perms;
    Chris PeBenito 0c73cd
    	allow $1 cpu_device_t:chr_file r_file_perms;
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Karl MacMillan f0c985
    define(`dev_read_cpuid_depend',`
    Chris PeBenito 0c73cd
    	type device_t, cpu_device_t;
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	class dir r_dir_perms;
    Chris PeBenito 0c73cd
    	class chr_file r_file_perms;
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Chris PeBenito b4cd15
    ########################################
    Karl MacMillan f0c985
    ## <interface name="dev_rw_cpu_microcode">
    Karl MacMillan 870049
    ##	<summary>
    Karl MacMillan f0c985
    ##		Read and write the the cpu microcode device. This
    Karl MacMillan f0c985
    ##		is required to load cpu microcode.
    Karl MacMillan 870049
    ##	</summary>
    Karl MacMillan f0c985
    ##	<parameter name="domain">
    Karl MacMillan f0c985
    ##		Domain allowed access.
    Karl MacMillan f0c985
    ##	</parameter>
    Karl MacMillan f0c985
    ## </interface>
    Chris PeBenito b4cd15
    #
    Karl MacMillan f0c985
    define(`dev_rw_cpu_microcode',`
    Chris PeBenito fa7bea
    	gen_require(`$0'_depend)
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	allow $1 device_t:dir r_dir_perms;
    Chris PeBenito 0c73cd
    	allow $1 cpu_device_t:chr_file rw_file_perms;
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Karl MacMillan f0c985
    define(`dev_rw_cpu_microcode_depend',`
    Chris PeBenito 0c73cd
    	type device_t, cpu_device_t;
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	class dir r_dir_perms;
    Chris PeBenito 0c73cd
    	class chr_file rw_file_perms;
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Chris PeBenito b4cd15
    ########################################
    Karl MacMillan f0c985
    ## <interface name="dev_rw_scanner">
    Karl MacMillan 870049
    ##	<summary>
    Karl MacMillan f0c985
    ##		Read and write the the scanner device.
    Karl MacMillan 870049
    ##	</summary>
    Karl MacMillan f0c985
    ##	<parameter name="domain">
    Karl MacMillan f0c985
    ##		Domain allowed access.
    Karl MacMillan f0c985
    ##	</parameter>
    Karl MacMillan f0c985
    ## </interface>
    Chris PeBenito b4cd15
    #
    Karl MacMillan f0c985
    define(`dev_rw_scanner',`
    Chris PeBenito fa7bea
    	gen_require(`$0'_depend)
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	allow $1 device_t:dir r_dir_perms;
    Chris PeBenito 0c73cd
    	allow $1 scanner_device_t:chr_file rw_file_perms;
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Karl MacMillan f0c985
    define(`dev_rw_scanner_depend',`
    Chris PeBenito 0c73cd
    	type device_t, scanner_device_t;
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	class dir r_dir_perms;
    Chris PeBenito 0c73cd
    	class chr_file rw_file_perms;
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Chris PeBenito b4cd15
    ########################################
    Karl MacMillan f0c985
    ## <interface name="dev_rw_power_management">
    Karl MacMillan 870049
    ##	<summary>
    Karl MacMillan f0c985
    ##		Read and write the the power management device.
    Karl MacMillan 870049
    ##	</summary>
    Karl MacMillan f0c985
    ##	<parameter name="domain">
    Karl MacMillan f0c985
    ##		Domain allowed access.
    Karl MacMillan f0c985
    ##	</parameter>
    Karl MacMillan f0c985
    ## </interface>
    Chris PeBenito b4cd15
    #
    Karl MacMillan f0c985
    define(`dev_rw_power_management',`
    Chris PeBenito fa7bea
    	gen_require(`$0'_depend)
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	allow $1 device_t:dir r_dir_perms;
    Chris PeBenito 0c73cd
    	allow $1 power_device_t:chr_file rw_file_perms;
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Karl MacMillan f0c985
    define(`dev_rw_power_management_depend',`
    Chris PeBenito 0c73cd
    	type device_t, power_device_t;
    Chris PeBenito 0c73cd
    Chris PeBenito 0c73cd
    	class dir r_dir_perms;
    Chris PeBenito 0c73cd
    	class chr_file rw_file_perms;
    Chris PeBenito b4cd15
    ')
    Chris PeBenito 3b857e
    Chris PeBenito 8bd678
    ########################################
    Chris PeBenito 8bd678
    ## <interface name="dev_search_sysfs">
    Chris PeBenito 8bd678
    ##	<description>
    Chris PeBenito 8bd678
    ##		Search the directory containing hardware information.
    Chris PeBenito 8bd678
    ##	</description>
    Chris PeBenito 8bd678
    ##	<parameter name="domain">
    Chris PeBenito 8bd678
    ##		The type of the process performing this action.
    Chris PeBenito 8bd678
    ##	</parameter>
    Chris PeBenito 8bd678
    ## </interface>
    Chris PeBenito 8bd678
    #
    Chris PeBenito 8bd678
    define(`dev_search_sysfs',`
    Chris PeBenito 8bd678
    	gen_require(`$0'_depend)
    Chris PeBenito 8bd678
    Chris PeBenito 8bd678
    	allow $1 sysfs_t:dir search;
    Chris PeBenito 8bd678
    ')
    Chris PeBenito 8bd678
    Chris PeBenito 8bd678
    define(`dev_search_sysfs_depend',`
    Chris PeBenito 8bd678
    	type sysfs_t;
    Chris PeBenito 8bd678
    Chris PeBenito 8bd678
    	class dir search;
    Chris PeBenito 8bd678
    ')
    Chris PeBenito 8bd678
    Chris PeBenito 8bd678
    ########################################
    Chris PeBenito 8bd678
    ## <interface name="dev_read_sysfs">
    Chris PeBenito 8bd678
    ##	<description>
    Chris PeBenito 8bd678
    ## 		Allow caller to read hardware state information.
    Chris PeBenito 8bd678
    ##	</description>
    Chris PeBenito 8bd678
    ##	<parameter name="domain">
    Chris PeBenito 8bd678
    ##		The process type reading hardware state information.
    Chris PeBenito 8bd678
    ##	</parameter>
    Chris PeBenito 8bd678
    ## </interface>
    Chris PeBenito 8bd678
    #
    Chris PeBenito 8bd678
    define(`dev_read_sysfs',`
    Chris PeBenito 8bd678
    	gen_require(`$0'_depend)
    Chris PeBenito 8bd678
    Chris PeBenito 8bd678
    	allow $1 sysfs_t:dir r_dir_perms;
    Chris PeBenito 8bd678
    	allow $1 sysfs_t:{ file lnk_file } r_file_perms;
    Chris PeBenito 8bd678
    ')
    Chris PeBenito 8bd678
    Chris PeBenito 8bd678
    define(`dev_read_sysfs_depend',`
    Chris PeBenito 8bd678
    	type sysfs_t;
    Chris PeBenito 8bd678
    Chris PeBenito 8bd678
    	class dir r_dir_perms;
    Chris PeBenito 8bd678
    	class file r_file_perms;
    Chris PeBenito 8bd678
    	class lnk_file r_file_perms;
    Chris PeBenito 8bd678
    ')
    Chris PeBenito 8bd678
    Chris PeBenito 8bd678
    ########################################
    Chris PeBenito 8bd678
    ## <interface name="dev_rw_sysfs">
    Chris PeBenito 8bd678
    ##	<description>
    Chris PeBenito 8bd678
    ## 		Allow caller to modify hardware state information.
    Chris PeBenito 8bd678
    ##	</description>
    Chris PeBenito 8bd678
    ##	<parameter name="domain">
    Chris PeBenito 8bd678
    ##		The process type modifying hardware state information.
    Chris PeBenito 8bd678
    ##	</parameter>
    Chris PeBenito 8bd678
    ## </interface>
    Chris PeBenito 8bd678
    #
    Chris PeBenito 8bd678
    define(`dev_rw_sysfs',`
    Chris PeBenito 8bd678
    	gen_require(`$0'_depend)
    Chris PeBenito 8bd678
    Chris PeBenito 8bd678
    	allow $1 sysfs_t:dir r_dir_perms;
    Chris PeBenito 8bd678
    	allow $1 sysfs_t:lnk_file r_file_perms;
    Chris PeBenito 8bd678
    	allow $1 sysfs_t:file rw_file_perms;
    Chris PeBenito 8bd678
    ')
    Chris PeBenito 8bd678
    Chris PeBenito 8bd678
    define(`dev_rw_sysfs_depend',`
    Chris PeBenito 8bd678
    	type sysfs_t;
    Chris PeBenito 8bd678
    Chris PeBenito 8bd678
    	class dir r_dir_perms;
    Chris PeBenito 8bd678
    	class file rw_file_perms;
    Chris PeBenito 8bd678
    	class lnk_file r_file_perms;
    Chris PeBenito 8bd678
    ')
    Chris PeBenito 8bd678
    Chris PeBenito 8bd678
    ########################################
    Chris PeBenito 8bd678
    ## <interface name="dev_search_usbfs">
    Chris PeBenito 8bd678
    ##	<description>
    Chris PeBenito 8bd678
    ##		Search the directory containing USB hardware information.
    Chris PeBenito 8bd678
    ##	</description>
    Chris PeBenito 8bd678
    ##	<parameter name="domain">
    Chris PeBenito 8bd678
    ##		The type of the process performing this action.
    Chris PeBenito 8bd678
    ##	</parameter>
    Chris PeBenito 8bd678
    ## </interface>
    Chris PeBenito 8bd678
    #
    Chris PeBenito 8bd678
    define(`dev_search_usbfs',`
    Chris PeBenito 8bd678
    	gen_require(`$0'_depend)
    Chris PeBenito 8bd678
    Chris PeBenito 8bd678
    	allow $1 usbfs_t:dir search;
    Chris PeBenito 8bd678
    ')
    Chris PeBenito 8bd678
    Chris PeBenito 8bd678
    define(`dev_search_usbfs_depend',`
    Chris PeBenito 8bd678
    	type usbfs_t;
    Chris PeBenito 8bd678
    Chris PeBenito 8bd678
    	class dir search;
    Chris PeBenito 8bd678
    ')
    Chris PeBenito 8bd678
    Chris PeBenito 8bd678
    ########################################
    Chris PeBenito 8bd678
    ## <interface name="dev_list_usbfs">
    Chris PeBenito 8bd678
    ##	<description>
    Chris PeBenito 8bd678
    ## 		Allow caller to get a list of usb hardware.
    Chris PeBenito 8bd678
    ##	</description>
    Chris PeBenito 8bd678
    ##	<parameter name="domain">
    Chris PeBenito 8bd678
    ##		The process type getting the list.
    Chris PeBenito 8bd678
    ##	</parameter>
    Chris PeBenito 8bd678
    ## </interface>
    Chris PeBenito 8bd678
    #
    Chris PeBenito 8bd678
    define(`dev_list_usbfs',`
    Chris PeBenito 8bd678
    	gen_require(`$0'_depend)
    Chris PeBenito 8bd678
    Chris PeBenito 8bd678
    	allow $1 usbfs_t:dir r_dir_perms;
    Chris PeBenito 8bd678
    	allow $1 usbfs_t:lnk_file r_file_perms;
    Chris PeBenito 8bd678
    	allow $1 usbfs_t:file getattr;
    Chris PeBenito 8bd678
    ')
    Chris PeBenito 8bd678
    Chris PeBenito 8bd678
    define(`dev_list_usbfs_depend',`
    Chris PeBenito 8bd678
    	type usbfs_t;
    Chris PeBenito 8bd678
    Chris PeBenito 8bd678
    	class dir r_dir_perms;
    Chris PeBenito 8bd678
    	class file getattr;
    Chris PeBenito 8bd678
    	class lnk_file r_file_perms;
    Chris PeBenito 8bd678
    ')
    Chris PeBenito 8bd678
    Chris PeBenito 8bd678
    ########################################
    Chris PeBenito 8bd678
    ## <interface name="dev_read_usbfs">
    Chris PeBenito 8bd678
    ##	<description>
    Chris PeBenito 8bd678
    ##		Read USB hardware information using
    Chris PeBenito 8bd678
    ##		the usbfs filesystem interface.
    Chris PeBenito 8bd678
    ##	</description>
    Chris PeBenito 8bd678
    ##	<parameter name="domain">
    Chris PeBenito 8bd678
    ##		The type of the process performing this action.
    Chris PeBenito 8bd678
    ##	</parameter>
    Chris PeBenito 8bd678
    ## </interface>
    Chris PeBenito 8bd678
    #
    Chris PeBenito 8bd678
    define(`dev_read_usbfs',`
    Chris PeBenito 8bd678
    	gen_require(`$0'_depend)
    Chris PeBenito 8bd678
    Chris PeBenito 8bd678
    	allow $1 usbfs_t:dir r_dir_perms;
    Chris PeBenito 8bd678
    	allow $1 usbfs_t:{ file lnk_file } r_file_perms;
    Chris PeBenito 8bd678
    ')
    Chris PeBenito 8bd678
    Chris PeBenito 8bd678
    define(`dev_read_usbfs_depend',`
    Chris PeBenito 8bd678
    	type usbfs_t;
    Chris PeBenito 8bd678
    Chris PeBenito 8bd678
    	class dir r_dir_perms;
    Chris PeBenito 8bd678
    	class file r_file_perms;
    Chris PeBenito 8bd678
    	class lnk_file r_file_perms;
    Chris PeBenito 8bd678
    ')
    Chris PeBenito 8bd678
    Chris PeBenito 8bd678
    ########################################
    Chris PeBenito 8bd678
    ## <interface name="dev_rw_usbfs">
    Chris PeBenito 8bd678
    ##	<description>
    Chris PeBenito 8bd678
    ## 		Allow caller to modify usb hardware configuration files.
    Chris PeBenito 8bd678
    ##	</description>
    Chris PeBenito 8bd678
    ##	<parameter name="domain">
    Chris PeBenito 8bd678
    ##		The process type modifying the options.
    Chris PeBenito 8bd678
    ##	</parameter>
    Chris PeBenito 8bd678
    ## </interface>
    Chris PeBenito 8bd678
    #
    Chris PeBenito 8bd678
    define(`dev_rw_usbfs',`
    Chris PeBenito 8bd678
    	gen_require(`$0'_depend)
    Chris PeBenito 8bd678
    Chris PeBenito 8bd678
    	allow $1 usbfs_t:dir r_dir_perms;
    Chris PeBenito 8bd678
    	allow $1 usbfs_t:lnk_file r_file_perms;
    Chris PeBenito 8bd678
    	allow $1 usbfs_t:file rw_file_perms;
    Chris PeBenito 8bd678
    ')
    Chris PeBenito 8bd678
    Chris PeBenito 8bd678
    define(`dev_rw_usbfs_depend',`
    Chris PeBenito 8bd678
    	type usbfs_t;
    Chris PeBenito 8bd678
    Chris PeBenito 8bd678
    	class dir r_dir_perms;
    Chris PeBenito 8bd678
    	class file rw_file_perms;
    Chris PeBenito 8bd678
    	class lnk_file r_file_perms;
    Chris PeBenito 8bd678
    ')
    Chris PeBenito 8bd678
    Chris PeBenito 3b857e
    ## </module>