# Copyright (C) 2005 Tresys Technology, LLC

########################################

#

# devices_make_device_node(type,[`optional'])

#

define(`devices_make_device_node',`

requires_block_template(devices_make_device_node_depend,$2)

typeattribute $1 device_node;

filesystem_associate($1,optional)

filesystem_tmpfs_associate($1,optional)

')

define(`devices_make_device_node_depend',`

attribute device_node;

filesystem_associate_depend

filesystem_tmpfs_associate_depend

')

########################################

#

# devices_list_device_nodes(type,[`optional'])

#

define(`devices_list_device_nodes',`

requires_block_template(devices_list_device_nodes_depend,$2)

allow $1 device_t:dir { getattr read search };

allow $1 device_t:lnk_file { getattr read };

')

define(`devices_list_device_nodes_depend',`

type device_t;

class dir { getattr read search };

class lnk_file { getattr read };

')

########################################

#

# devices_ignore_list_device_nodes(type,[`optional'])

#

define(`devices_ignore_list_device_nodes',`

requires_block_template(devices_ignore_list_device_nodes_depend,$2)

dontaudit $1 device_t:dir { getattr read search };

')

define(`devices_ignore_list_device_nodes_depend',`

type device_t;

class dir { getattr read search };

')

########################################

#

# devices_ignore_modify_generic_devices(type,[`optional'])

#

define(`devices_ignore_modify_generic_devices',`

requires_block_template(devices_ignore_modify_generic_devices_depend,$2)

dontaudit $1 device_t:{ chr_file blk_file } { getattr read write ioctl };

')

define(`devices_ignore_modify_generic_devices_depend',`

type device_t;

class chr_file { getattr read write ioctl };

class blk_file { getattr read write ioctl };

')

########################################

#

# devices_create_dev_entry(domain,file,objectclass(es),[`optional'])

#

define(`devices_create_dev_entry',`

requires_block_template(devices_set_dev_entry_depend,$4)

allow $1 device_t:dir { getattr search read write add_name remove_name };

type_transition $1 device_t:$3 $2;

')

define(`devices_set_dev_entry_depend',`

type device_t;

class dir { getattr search read write add_name remove_name };

')

########################################

#

# devices_get_all_block_device_attributes(domain,[`optional'])

#

define(`devices_get_all_block_device_attributes',`

requires_block_template(devices_get_all_block_device_attributes_depend,$2)

allow $1 device_node:blk_file getattr;

')

define(`devices_get_all_block_device_attributes_depend',`

attribute device_node;

class blk_file getattr;

')

########################################

#

# devices_get_all_character_device_attributes(domain,[`optional'])

#

define(`devices_get_all_character_device_attributes',`

requires_block_template(devices_get_all_character_device_attributes_depend,$2)

allow $1 device_node:chr_file getattr;

')

define(`devices_get_all_character_device_attributes_depend',`

attribute device_node;

class chr_file getattr;

')

########################################

#

# devices_set_all_block_device_attributes(domain,[`optional'])

#

define(`devices_set_all_block_device_attributes',`

requires_block_template(devices_set_all_block_device_attributes_depend,$2)

allow $1 device_node:blk_file setattr;

')

define(`devices_set_all_block_device_attributes_depend',`

attribute device_node;

class blk_file setattr;

')

########################################

#

# devices_set_all_character_device_attributes(domain,[`optional'])

#

define(`devices_set_all_character_device_attributes',`

requires_block_template(devices_set_all_character_device_attributes_depend,$2)

allow $1 device_node:chr_file setattr;

')

define(`devices_set_all_character_device_attributes_depend',`

attribute device_node;

class chr_file setattr;

')

########################################

#

# devices_raw_read_memory(domain,[`optional'])

#

define(`devices_raw_read_memory',`

requires_block_template(devices_raw_read_memory_depend,$2)

typeattribute $1 memory_raw_read;

allow $1 device_t:dir { getattr read search };

allow $1 memory_device_t:chr_file { getattr read ioctl };

allow $1 self:capability sys_rawio;

')

define(`devices_raw_read_memory_depend',`

type device_t, memory_device_t;

attribute memory_raw_read;

class dir { getattr read search };

class chr_file { getattr read ioctl };

class capability sys_rawio;

')

########################################

#

# devices_raw_write_memory(domain,[`optional'])

#

define(`devices_raw_write_memory',`

requires_block_template(devices_raw_write_memory_depend,$2)

typeattribute $1 memory_raw_write

allow $1 device_t:dir { getattr read search };

allow $1 memory_device_t:chr_file write;

allow $1 self:capability sys_rawio;

')

define(`devices_raw_write_memory_depend',`

type device_t, memory_device_t;

attribute memory_raw_write;

class dir { getattr read search };

class chr_file write;

class capability sys_rawio;

')

########################################

#

# devices_get_random_data(domain,[`optional'])

#

define(`devices_get_random_data',`

requires_block_template(devices_get_random_data_depend,$2)

allow $1 device_t:dir { getattr read search };

allow $1 random_device_t:chr_file { getattr read ioctl };

')

define(`devices_get_random_data_depend',`

type device_t, random_device_t;

class dir { getattr read search };

class chr_file { getattr read ioctl };

')

########################################

#

# devices_get_pseudorandom_data(domain,[`optional'])

#

define(`devices_get_pseudorandom_data',`

requires_block_template(devices_get_pseudorandom_data_depend,$2)

allow $1 device_t:dir { getattr read search };

allow $1 urandom_device_t:chr_file { getattr read ioctl };

')

define(`devices_get_pseudorandom_data_depend',`

type device_t, urandom_device_t;

class dir { getattr read search };

class chr_file { getattr read ioctl };

')

########################################

#

# devices_add_entropy(domain,[`optional'])

#

define(`devices_add_entropy',`

requires_block_template(devices_add_entropy_depend,$2)

allow $1 device_t:dir { getattr read search };

allow $1 random_device_t:chr_file { getattr write ioctl };

')

define(`devices_add_entropy_depend',`

type device_t, random_device_t;

class dir { getattr read search };

class chr_file { getattr write ioctl };

')

########################################

#

# devices_set_pseudorandom_seed(domain,[`optional'])

#

define(`devices_set_pseudorandom_seed',`

requires_block_template(devices_set_pseudorandom_seed_depend,$2)

allow $1 device_t:dir { getattr read search };

allow $1 urandom_device_t:chr_file { getattr write ioctl };

')

define(`devices_set_pseudorandom_seed_depend',`

type device_t, urandom_device_t;

class dir { getattr read search };

class chr_file { getattr write ioctl };

')

########################################

#

# devices_discard_data_stream(domain,[`optional'])

#

define(`devices_discard_data_stream',`

requires_block_template(devices_discard_data_stream_depend,$2)

allow $1 device_t:dir { getattr read search };

allow $1 null_device_t:chr_file { getattr write };

')

define(`devices_discard_data_stream_depend',`

type device_t, null_device_t;

class device_t:dir { getattr read search };

class chr_file { getattr write };

')

########################################

#

# devices_get_zeros(domain,[`optional'])

#

define(`devices_get_zeros',`

requires_block_template(devices_get_zeros_depend,$2)

allow $1 device_t:dir { getattr read search };

allow $1 zero_device_t:chr_file { getattr read };

')

define(`devices_get_zeros_depend',`

type device_t, zero_device_t;

class device_t:dir { getattr read search };

class chr_file { getattr read };

')

########################################

#

# devices_read_realtime_clock(domain,[`optional'])

#

define(`devices_read_realtime_clock',`

requires_block_template(devices_read_realtime_clock_depend,$2)

allow $1 device_t:dir { getattr read search };

allow $1 clock_device_t:chr_file { getattr read ioctl };

')

define(`devices_read_realtime_clock_depend',`

type device_t, clock_device_t;

class dir { getattr read search };

class chr_file { getattr read ioctl };

')

########################################

#

# devices_record_sound_input(domain,[`optional'])

#

define(`devices_record_sound_input',`

requires_block_template(devices_record_sound_input_depend,$2)

allow $1 device_t:dir { getattr read search };

allow $1 sound_device_t:chr_file { getattr read ioctl };

')

define(`devices_record_sound_input_depend',`

type device_t, sound_device_t;

class dir { getattr read search };

class chr_file { getattr read ioctl };

')

########################################

#

# devices_play_sound(domain,[`optional'])

#

define(`devices_play_sound',`

requires_block_template(devices_play_sound_depend,$2)

allow $1 device_t:dir { getattr read search };

allow $1 sound_device_t:chr_file { getattr write ioctl };

')

define(`devices_play_sound_depend',`

type device_t, sound_device_t;

class dir { getattr read search };

class chr_file { getattr write ioctl };

')

########################################

#

# devices_read_sound_mixer_levels(domain,[`optional'])

#

define(`devices_read_sound_mixer_levels',`

requires_block_template(devices_read_sound_mixer_levels_depend,$2)

allow $1 device_t:dir { getattr read search };

allow $1 sound_device_t:chr_file { getattr read ioctl };

')

define(`devices_read_sound_mixer_levels_depend',`

type device_t, sound_device_t;

class dir { getattr read search };

class chr_file { getattr read ioctl };

')

########################################

#

# devices_write_sound_mixer_levels(domain,[`optional'])

#

define(`devices_write_sound_mixer_levels',`

requires_block_template(devices_write_sound_mixer_levels_depend,$2)

allow $1 device_t:dir { getattr read search };

allow $1 sound_device_t:chr_file { getattr write ioctl };

')

define(`devices_write_sound_mixer_levels_depend',`

type device_t, sound_device_t;

class dir { getattr read search };

class chr_file { getattr write ioctl };

')

########################################

#

# devices_direct_agp_access(domain,[`optional'])

#

define(`devices_direct_agp_access',`

requires_block_template(devices_direct_agp_access_depend,$2)

allow $1 device_t:dir { getattr read search };

allow $1 agp_device_t:chr_file { getattr read write ioctl };

')

define(`devices_direct_agp_access_depend',`

type device_t, agp_device_t;

class dir { getattr read search };

class chr_file { getattr read write ioctl };

')

########################################

#

# devices_use_direct_rendering_interface(domain,[`optional'])

#

define(`devices_use_direct_rendering_interface',`

requires_block_template(devices_use_direct_rendering_interface_depend,$2)

allow $1 device_t:dir { getattr read search };

allow $1 dri_device_t:chr_file { getattr read ioctl };

')

define(`devices_use_direct_rendering_interface_depend',`

type device_t, dri_device_t;

class dir { getattr read search };

class chr_file { getattr read write ioctl };

')

########################################

#

# devices_read_mtrr(domain,[`optional'])

#

define(`devices_read_mtrr',`

requires_block_template(devices_read_mtrr_depend,$2)

allow $1 device_t:dir { getattr read search };

allow $1 mtrr_device_t:chr_file { getattr read ioctl };

')

define(`devices_read_mtrr_depend',`

type device_t, mtrr_device_t;

class dir { getattr read search };

class chr_file { getattr read ioctl };

')

########################################

#

# devices_write_mtrr(domain,[`optional'])

#

define(`devices_write_mtrr',`

requires_block_template(devices_write_mtrr_depend,$2)

allow $1 device_t:dir { getattr read search };

allow $1 mtrr_device_t:chr_file { getattr write ioctl };

')

define(`devices_write_mtrr_depend',`

type device_t, mtrr_device_t;

class chr_file { getattr write ioctl };

')

########################################

#

# devices_read_framebuffer(domain,[`optional'])

#

define(`devices_read_framebuffer',`

requires_block_template(devices_read_framebuffer_depend,$2)

allow $1 device_t:dir { getattr read search };

allow $1 framebuf_device_t:chr_file { getattr read ioctl };

')

define(`devices_read_framebuffer_depend',`

type framebuf_device_t;

class dir { getattr read search };

class chr_file { getattr read ioctl };

')

########################################

#

# devices_write_framebuffer(domain,[`optional'])

#

define(`devices_write_framebuffer',`

requires_block_template(devices_write_framebuffer_depend,$2)

allow $1 device_t:dir { getattr read search };

allow $1 framebuf_device_t:chr_file { getattr write ioctl };

')

define(`devices_write_framebuffer_depend',`

type device_t, framebuf_device_t;

class dir { getattr read search };

class chr_file { getattr write ioctl };

')

########################################

#

# devices_read_misc(domain,[`optional'])

#

define(`devices_read_misc',`

requires_block_template(devices_read_misc_depend,$2)

allow $1 device_t:dir { getattr read search };

allow $1 misc_device_t:chr_file { getattr read ioctl };

')

define(`devices_read_misc_depend',`

type device_t, misc_device_t;

class dir { getattr read search };

class chr_file { getattr read ioctl };

')

########################################

#

# devices_write_misc(domain,[`optional'])

#

define(`devices_write_misc',`

requires_block_template(devices_write_misc_depend,$2)

allow $1 device_t:dir { getattr read search };

allow $1 misc_device_t:chr_file { getattr write ioctl };

')

define(`devices_write_misc_depend',`

type device_t, misc_device_t;

class dir { getattr read search };

class chr_file { getattr write ioctl };

')

########################################

#

# devices_get_mouse_input(domain,[`optional'])

#

define(`devices_get_mouse_input',`

requires_block_template(devices_get_mouse_input_depend,$2)

allow $1 device_t:dir { getattr read search };

allow $1 mouse_device_t:chr_file { getattr read ioctl };

')

define(`devices_get_mouse_input_depend',`

type device_t, mouse_device_t;

allow $1 device_t:dir { getattr read search };

class chr_file { getattr read ioctl };

')

########################################

#

# devices_get_input_event(domain,[`optional'])

#

define(`devices_get_input_event',`

requires_block_template(devices_get_input_event_depend,$2)

allow $1 device_t:dir { getattr read search };

allow $1 event_device_t:chr_file { getattr read ioctl };

')

define(`devices_get_input_event_depend',`

type device_t, event_device_t;

class dir { getattr read search };

class chr_file { getattr read ioctl };

')

########################################

#

# devices_get_cpuid(domain,[`optional'])

#

define(`devices_get_cpuid',`

requires_block_template(devices_get_cpuid_depend,$2)

allow $1 device_t:dir { getattr read search };

allow $1 cpu_device_t:chr_file { getattr read ioctl };

')

define(`devices_get_cpuid_depend',`

type device_t, cpu_device_t;

class dir { getattr read search };

class chr_file { getattr read ioctl };

')

########################################

#

# devices_load_cpu_microcode(domain,[`optional'])

#

define(`devices_load_cpu_microcode',`

requires_block_template(devices_load_cpu_microcode_depend,$2)

allow $1 device_t:dir { getattr read search };

allow $1 cpu_device_t:chr_file { getattr read write ioctl };

')

define(`devices_load_cpu_microcode_depend',`

type device_t, cpu_device_t;

class dir { getattr read search };

class chr_file { getattr read write ioctl };

')

########################################

#

# devices_use_scanner(domain,[`optional'])

#

define(`devices_use_scanner',`

requires_block_template(devices_use_scanner_depend,$2)

allow $1 device_t:dir { getattr read search };

allow $1 scanner_device_t:chr_file { getattr read write ioctl };

')

define(`devices_use_scanner_depend',`

type device_t, scanner_device_t;

class dir { getattr read search };

class chr_file { getattr read write ioctl };

')

########################################

#

# devices_control_system_powermanagement(domain,[`optional'])

#

define(`devices_control_system_powermanagement',`

requires_block_template(devices_control_system_powermanagement_depend,$2)

allow $1 device_t:dir { getattr read search };

allow $1 power_device_t:chr_file { getattr read write ioctl };

')

define(`devices_control_system_powermanagement_depend',`

type device_t, power_device_t;

class dir { getattr read search };

class chr_file { getattr read write ioctl };

')