From 0cad9a734eba3a9b6f619c0bf909d1b99c7e59dd Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Nov 25 2009 16:17:19 +0000
Subject: RAID patch from Dan Walsh.


---

diff --git a/policy/modules/system/raid.fc b/policy/modules/system/raid.fc
index 0709927..ed9c70d 100644
--- a/policy/modules/system/raid.fc
+++ b/policy/modules/system/raid.fc
@@ -1,3 +1,4 @@
+/dev/.mdadm.map		--	gen_context(system_u:object_r:mdadm_map_t,s0)
 
 /sbin/mdadm		--	gen_context(system_u:object_r:mdadm_exec_t,s0)
 /sbin/mdmpd		--	gen_context(system_u:object_r:mdadm_exec_t,s0)
diff --git a/policy/modules/system/raid.te b/policy/modules/system/raid.te
index 9814e67..7b23940 100644
--- a/policy/modules/system/raid.te
+++ b/policy/modules/system/raid.te
@@ -1,5 +1,5 @@
 
-policy_module(raid, 1.9.0)
+policy_module(raid, 1.9.1)
 
 ########################################
 #
@@ -11,6 +11,9 @@ type mdadm_exec_t;
 init_daemon_domain(mdadm_t, mdadm_exec_t)
 role system_r types mdadm_t;
 
+type mdadm_map_t;
+files_type(mdadm_map_t)
+
 type mdadm_var_run_t;
 files_pid_file(mdadm_var_run_t)
 
@@ -24,6 +27,10 @@ dontaudit mdadm_t self:capability sys_tty_config;
 allow mdadm_t self:process { sigchld sigkill sigstop signull signal };
 allow mdadm_t self:fifo_file rw_fifo_file_perms;
 
+# create .mdadm files in /dev
+allow mdadm_t mdadm_map_t:file manage_file_perms;
+dev_filetrans(mdadm_t, mdadm_map_t, file)
+
 manage_files_pattern(mdadm_t, mdadm_var_run_t, mdadm_var_run_t)
 files_pid_filetrans(mdadm_t, mdadm_var_run_t, file)