From f0872d22b4d91fbd6951b2290cee3f02bf5a00bf Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Apr 19 2005 20:47:29 +0000
Subject: add cap sys_rawio to raw memory access interfaces



---

diff --git a/refpolicy/policy/modules/kernel/devices.if b/refpolicy/policy/modules/kernel/devices.if
index 18c5bf2..413db0f 100644
--- a/refpolicy/policy/modules/kernel/devices.if
+++ b/refpolicy/policy/modules/kernel/devices.if
@@ -82,6 +82,7 @@ requires_block_template(devices_raw_read_memory_depend,$2)
 typeattribute $1 memory_raw_read;
 allow $1 device_t:dir { getattr read search };
 allow $1 memory_device_t:chr_file { getattr read ioctl };
+allow $1 self:capability sys_rawio;
 ')
 
 define(`devices_raw_read_memory_depend',`
@@ -89,6 +90,7 @@ type device_t, memory_device_t;
 attribute memory_raw_read;
 class dir { getattr read search };
 class chr_file { getattr read ioctl };
+class capability sys_rawio;
 ')
 
 ########################################
@@ -100,6 +102,7 @@ requires_block_template(devices_raw_write_memory_depend,$2)
 typeattribute $1 memory_raw_write
 allow $1 device_t:dir { getattr read search };
 allow $1 memory_device_t:chr_file write;
+allow $1 self:capability sys_rawio;
 ')
 
 define(`devices_raw_write_memory_depend',`
@@ -107,6 +110,7 @@ type device_t, memory_device_t;
 attribute memory_raw_write;
 class dir { getattr read search };
 class chr_file write;
+class capability sys_rawio;
 ')
 
 ########################################