Blame strict/domains/program/cpucontrol.te
|
Chris PeBenito |
0fbfa5 |
#DESC cpucontrol - domain for microcode_ctl and other programs to control CPU
|
|
Chris PeBenito |
0fbfa5 |
#
|
|
Chris PeBenito |
0fbfa5 |
# Author: Russell Coker <russell@coker.com.au>
|
|
Chris PeBenito |
0fbfa5 |
#
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
type cpucontrol_conf_t, file_type, sysadmfile;
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
daemon_base_domain(cpucontrol)
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
# Access cpu devices.
|
|
Chris PeBenito |
0fbfa5 |
allow cpucontrol_t cpu_device_t:chr_file rw_file_perms;
|
|
Chris PeBenito |
0fbfa5 |
allow cpucontrol_t device_t:lnk_file { getattr read };
|
|
Chris PeBenito |
0fbfa5 |
allow initrc_t cpu_device_t:chr_file getattr;
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
allow cpucontrol_t self:capability sys_rawio;
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
r_dir_file(cpucontrol_t, cpucontrol_conf_t)
|