From 17bd45dab9cbf2fffd4a42836a61b576fba565a6 Mon Sep 17 00:00:00 2001
From: Vit Mojzis <vmojzis@redhat.com>
Date: Thu, 1 Oct 2015 10:20:01 +0200
Subject: [PATCH] Add interface to allow reading files in efivarfs - contains
 Linux Kernel configuration options for UEFI systems (UEFI Runtime Variables)

---
 policy/modules/kernel/filesystem.if | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/policy/modules/kernel/filesystem.if b/policy/modules/kernel/filesystem.if
index 618e39612..7f9cf0f7e 100644
--- a/policy/modules/kernel/filesystem.if
+++ b/policy/modules/kernel/filesystem.if
@@ -1846,6 +1846,26 @@ interface(`fs_manage_dos_files',`
 	manage_files_pattern($1, dosfs_t, dosfs_t)
 ')
 
+#######################################
+## <summary>
+##      Read files in efivarfs
+##      - contains Linux Kernel configuration options for UEFI systems
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+## <rolecap/>
+#
+interface(`fs_read_efivarfs_files',`
+        gen_require(`
+                type efivarfs_t;
+        ')
+
+        read_files_pattern($1, efivarfs_t, efivarfs_t)
+')
+
 ########################################
 ## <summary>
 ##	Read eventpollfs files.