RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #177 from pdmorrow/sysfs

This commit is contained in:
Chris PeBenito 2020-02-08 09:34:25 -05:00
parent 9e4d323462 8872d607b7
commit 1b778c17c2
2 changed files with 21 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
policy/modules/kernel/devices.if
View File

@ -4413,6 +4413,26 @@ interface(`dev_relabel_all_sysfs',`
allow $1 sysfs_types:lnk_file relabel_lnk_file_perms; allow $1 sysfs_types:lnk_file relabel_lnk_file_perms;
') ')
########################################
## <summary>
## Set the attributes of sysfs files, directories and symlinks.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_setattr_all_sysfs',`
gen_require(`
attribute sysfs_types;
')
allow $1 sysfs_types:dir { search_dir_perms setattr };
allow $1 sysfs_types:file setattr;
allow $1 sysfs_types:lnk_file { read_lnk_file_perms setattr };
')
######################################## ########################################
## <summary> ## <summary>
## Read and write the TPM device. ## Read and write the TPM device.

1
policy/modules/system/systemd.te
View File

@ -1087,6 +1087,7 @@ dev_manage_all_dev_nodes(systemd_tmpfiles_t)
dev_read_urand(systemd_tmpfiles_t) dev_read_urand(systemd_tmpfiles_t)
dev_relabel_all_sysfs(systemd_tmpfiles_t) dev_relabel_all_sysfs(systemd_tmpfiles_t)
dev_read_urand(systemd_tmpfiles_t) dev_read_urand(systemd_tmpfiles_t)
dev_setattr_all_sysfs(systemd_tmpfiles_t)
dev_manage_all_dev_nodes(systemd_tmpfiles_t) dev_manage_all_dev_nodes(systemd_tmpfiles_t)
files_create_lock_dirs(systemd_tmpfiles_t) files_create_lock_dirs(systemd_tmpfiles_t)