diff --git a/refpolicy/policy/modules/kernel/devices.if b/refpolicy/policy/modules/kernel/devices.if index b93c642f1..5a7713ca7 100644 --- a/refpolicy/policy/modules/kernel/devices.if +++ b/refpolicy/policy/modules/kernel/devices.if @@ -343,6 +343,31 @@ class dir { getattr read search }; class chr_file { getattr read ioctl }; ') +######################################## +# +# devices_write_realtime_clock(domain) +# +define(`devices_write_realtime_clock',` +requires_block_template(`$0'_depend) +allow $1 device_t:dir { getattr read search }; +allow $1 clock_device_t:chr_file { setattr lock write append ioctl }; +') + +define(`devices_write_realtime_clock_depend',` +type device_t, clock_device_t; +class dir { getattr read search }; +class chr_file { setattr lock write append ioctl }; +') + +######################################## +# +# devices_modify_realtime_clock(domain) +# +define(`devices_modify_realtime_clock',` +devices_read_realtime_clock($1) +devices_write_realtime_clock($1) +') + ######################################## # # devices_record_sound_input(domain)