trunk: storage patch from dan.

2009-03-05 15:49:41 +00:00 · 2009-03-05 15:49:41 +00:00 · 2c664e7fb8
parent 7b76207e37
commit 2c664e7fb8
2 changed files with 4 additions and 1 deletions
--- a/policy/modules/kernel/storage.fc
+++ b/policy/modules/kernel/storage.fc
@ -36,7 +36,7 @@
 /dev/pg[0-3]		-c	gen_context(system_u:object_r:removable_device_t,s0)
 /dev/ps3d.*		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
 /dev/ram.*		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
-/dev/rawctl		-c	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+/dev/(raw/)?rawctl	-c	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
 /dev/rd.*		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
 ifdef(`distro_redhat', `
 /dev/root		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
@ -67,6 +67,8 @@ ifdef(`distro_redhat', `
 /dev/md/.*		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
 /dev/mapper/.*		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)

+/dev/device-mapper	-c	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+
 /dev/raw/raw[0-9]+	-c	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)

 /dev/scramdisk/.*	-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
--- a/policy/modules/kernel/storage.if
+++ b/policy/modules/kernel/storage.if
@ -207,6 +207,7 @@ interface(`storage_manage_fixed_disk',`
 	dev_list_all_dev_nodes($1)
 	allow $1 self:capability mknod;
 	allow $1 fixed_disk_device_t:blk_file manage_blk_file_perms;
+	allow $1 fixed_disk_device_t:chr_file manage_chr_file_perms;
 	typeattribute $1 fixed_disk_raw_read, fixed_disk_raw_write;
 ')