From 2c664e7fb89ef329163a8e86585204a4e223c7b6 Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Thu, 5 Mar 2009 15:49:41 +0000
Subject: [PATCH] trunk: storage patch from dan.

---
 policy/modules/kernel/storage.fc | 4 +++-
 policy/modules/kernel/storage.if | 1 +
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/policy/modules/kernel/storage.fc b/policy/modules/kernel/storage.fc
index bba1939b3..688548e11 100644
--- a/policy/modules/kernel/storage.fc
+++ b/policy/modules/kernel/storage.fc
@@ -36,7 +36,7 @@
 /dev/pg[0-3]		-c	gen_context(system_u:object_r:removable_device_t,s0)
 /dev/ps3d.*		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
 /dev/ram.*		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
-/dev/rawctl		-c	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+/dev/(raw/)?rawctl	-c	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
 /dev/rd.*		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
 ifdef(`distro_redhat', `
 /dev/root		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
@@ -67,6 +67,8 @@ ifdef(`distro_redhat', `
 /dev/md/.*		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
 /dev/mapper/.*		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
 
+/dev/device-mapper	-c	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+
 /dev/raw/raw[0-9]+	-c	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
 
 /dev/scramdisk/.*	-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
diff --git a/policy/modules/kernel/storage.if b/policy/modules/kernel/storage.if
index ca956ac4d..05d99232d 100644
--- a/policy/modules/kernel/storage.if
+++ b/policy/modules/kernel/storage.if
@@ -207,6 +207,7 @@ interface(`storage_manage_fixed_disk',`
 	dev_list_all_dev_nodes($1)
 	allow $1 self:capability mknod;
 	allow $1 fixed_disk_device_t:blk_file manage_blk_file_perms;
+	allow $1 fixed_disk_device_t:chr_file manage_chr_file_perms;
 	typeattribute $1 fixed_disk_raw_read, fixed_disk_raw_write;
 ')