From 53c73dc7852da8a8a46133ef433203adf489839d Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Nov 19 2009 14:03:36 +0000 Subject: Add storage patch, from Dan Walsh. --- diff --git a/policy/modules/kernel/storage.fc b/policy/modules/kernel/storage.fc index 5afa664..d1719ca 100644 --- a/policy/modules/kernel/storage.fc +++ b/policy/modules/kernel/storage.fc @@ -28,6 +28,7 @@ /dev/megadev.* -c gen_context(system_u:object_r:removable_device_t,s0) /dev/mmcblk.* -b gen_context(system_u:object_r:removable_device_t,s0) /dev/mspblk.* -b gen_context(system_u:object_r:removable_device_t,s0) +/dev/mtd.* -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh) /dev/nb[^/]+ -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh) /dev/optcd -b gen_context(system_u:object_r:removable_device_t,s0) /dev/p[fg][0-3] -b gen_context(system_u:object_r:removable_device_t,s0) diff --git a/policy/modules/kernel/storage.if b/policy/modules/kernel/storage.if index 05d9923..a388e63 100644 --- a/policy/modules/kernel/storage.if +++ b/policy/modules/kernel/storage.if @@ -529,7 +529,7 @@ interface(`storage_dontaudit_read_removable_device',` ') - dontaudit $1 removable_device_t:blk_file { getattr ioctl read }; + dontaudit $1 removable_device_t:blk_file read_blk_file_perms; ') ######################################## diff --git a/policy/modules/kernel/storage.te b/policy/modules/kernel/storage.te index 7a07c60..dab6e3e 100644 --- a/policy/modules/kernel/storage.te +++ b/policy/modules/kernel/storage.te @@ -1,5 +1,5 @@ -policy_module(storage, 1.7.0) +policy_module(storage, 1.7.1) ######################################## #