devices: Change netcontrol devices to pmqos.
Devices with the netcontrol_device_t type are actually PM QoS devices. Rename the type and add labeling for /dev/memory_bandwidth. Signed-off-by: Chris PeBenito <Christopher.PeBenito@microsoft.com>
This commit is contained in:
parent
3b0d0ea330
commit
4bca3dade2
|
@ -64,6 +64,7 @@
|
||||||
/dev/mcelog -c gen_context(system_u:object_r:kmsg_device_t,mls_systemhigh)
|
/dev/mcelog -c gen_context(system_u:object_r:kmsg_device_t,mls_systemhigh)
|
||||||
/dev/mei -c gen_context(system_u:object_r:mei_device_t,s0)
|
/dev/mei -c gen_context(system_u:object_r:mei_device_t,s0)
|
||||||
/dev/mem -c gen_context(system_u:object_r:memory_device_t,mls_systemhigh)
|
/dev/mem -c gen_context(system_u:object_r:memory_device_t,mls_systemhigh)
|
||||||
|
/dev/memory_bandwidth -c gen_context(system_u:object_r:pmqos_device_t,s0)
|
||||||
/dev/mergemem -c gen_context(system_u:object_r:memory_device_t,mls_systemhigh)
|
/dev/mergemem -c gen_context(system_u:object_r:memory_device_t,mls_systemhigh)
|
||||||
/dev/mga_vid.* -c gen_context(system_u:object_r:xserver_misc_device_t,s0)
|
/dev/mga_vid.* -c gen_context(system_u:object_r:xserver_misc_device_t,s0)
|
||||||
/dev/mice -c gen_context(system_u:object_r:mouse_device_t,s0)
|
/dev/mice -c gen_context(system_u:object_r:mouse_device_t,s0)
|
||||||
|
@ -76,8 +77,8 @@
|
||||||
/dev/mpu401.* -c gen_context(system_u:object_r:sound_device_t,s0)
|
/dev/mpu401.* -c gen_context(system_u:object_r:sound_device_t,s0)
|
||||||
/dev/msr.* -c gen_context(system_u:object_r:cpu_device_t,s0)
|
/dev/msr.* -c gen_context(system_u:object_r:cpu_device_t,s0)
|
||||||
/dev/net/vhost -c gen_context(system_u:object_r:vhost_device_t,s0)
|
/dev/net/vhost -c gen_context(system_u:object_r:vhost_device_t,s0)
|
||||||
/dev/network_latency -c gen_context(system_u:object_r:netcontrol_device_t,s0)
|
/dev/network_latency -c gen_context(system_u:object_r:pmqos_device_t,s0)
|
||||||
/dev/network_throughput -c gen_context(system_u:object_r:netcontrol_device_t,s0)
|
/dev/network_throughput -c gen_context(system_u:object_r:pmqos_device_t,s0)
|
||||||
/dev/noz.* -c gen_context(system_u:object_r:modem_device_t,s0)
|
/dev/noz.* -c gen_context(system_u:object_r:modem_device_t,s0)
|
||||||
/dev/null -c gen_context(system_u:object_r:null_device_t,s0)
|
/dev/null -c gen_context(system_u:object_r:null_device_t,s0)
|
||||||
/dev/nvidia.* -c gen_context(system_u:object_r:xserver_misc_device_t,s0)
|
/dev/nvidia.* -c gen_context(system_u:object_r:xserver_misc_device_t,s0)
|
||||||
|
@ -142,7 +143,7 @@ ifdef(`distro_suse', `
|
||||||
/dev/card.* -c gen_context(system_u:object_r:xserver_misc_device_t,s0)
|
/dev/card.* -c gen_context(system_u:object_r:xserver_misc_device_t,s0)
|
||||||
/dev/cmx.* -c gen_context(system_u:object_r:smartcard_device_t,s0)
|
/dev/cmx.* -c gen_context(system_u:object_r:smartcard_device_t,s0)
|
||||||
|
|
||||||
/dev/cpu_dma_latency -c gen_context(system_u:object_r:netcontrol_device_t,s0)
|
/dev/cpu_dma_latency -c gen_context(system_u:object_r:pmqos_device_t,s0)
|
||||||
/dev/cpu.* -c gen_context(system_u:object_r:cpu_device_t,s0)
|
/dev/cpu.* -c gen_context(system_u:object_r:cpu_device_t,s0)
|
||||||
/dev/cpu/mtrr -c gen_context(system_u:object_r:mtrr_device_t,s0)
|
/dev/cpu/mtrr -c gen_context(system_u:object_r:mtrr_device_t,s0)
|
||||||
|
|
||||||
|
|
|
@ -3098,7 +3098,7 @@ interface(`dev_rw_mtrr',`
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Get the attributes of the network control device
|
## Get the attributes of the network control device (Deprecated)
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
|
@ -3107,16 +3107,13 @@ interface(`dev_rw_mtrr',`
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`dev_getattr_netcontrol_dev',`
|
interface(`dev_getattr_netcontrol_dev',`
|
||||||
gen_require(`
|
refpolicywarn(`$0() has been deprecated, use dev_getattr_pmqos_dev() instead.')
|
||||||
type device_t, netcontrol_device_t;
|
dev_getattr_pmqos_dev($1)
|
||||||
')
|
|
||||||
|
|
||||||
getattr_chr_files_pattern($1, device_t, netcontrol_device_t)
|
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Read the network control identity.
|
## Read the network control identity. (Deprecated)
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
|
@ -3125,16 +3122,13 @@ interface(`dev_getattr_netcontrol_dev',`
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`dev_read_netcontrol',`
|
interface(`dev_read_netcontrol',`
|
||||||
gen_require(`
|
refpolicywarn(`$0() has been deprecated, use dev_read_pmqos() instead.')
|
||||||
type device_t, netcontrol_device_t;
|
dev_read_pmqos($1)
|
||||||
')
|
|
||||||
|
|
||||||
read_chr_files_pattern($1, device_t, netcontrol_device_t)
|
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Read and write the the network control device.
|
## Read and write the the network control device. (Deprecated)
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
|
@ -3143,11 +3137,8 @@ interface(`dev_read_netcontrol',`
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`dev_rw_netcontrol',`
|
interface(`dev_rw_netcontrol',`
|
||||||
gen_require(`
|
refpolicywarn(`$0() has been deprecated, use dev_rw_pmqos() instead.')
|
||||||
type device_t, netcontrol_device_t;
|
dev_rw_pmqos($1)
|
||||||
')
|
|
||||||
|
|
||||||
rw_chr_files_pattern($1, device_t, netcontrol_device_t)
|
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
|
@ -3370,6 +3361,60 @@ interface(`dev_rw_printer',`
|
||||||
rw_chr_files_pattern($1, device_t, printer_device_t)
|
rw_chr_files_pattern($1, device_t, printer_device_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
## Get the attributes of PM QoS devices
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain allowed access.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`dev_getattr_pmqos_dev',`
|
||||||
|
gen_require(`
|
||||||
|
type device_t, pmqos_device_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
getattr_chr_files_pattern($1, device_t, pmqos_device_t)
|
||||||
|
')
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
## Read the PM QoS devices.
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain allowed access.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`dev_read_pmqos',`
|
||||||
|
gen_require(`
|
||||||
|
type device_t, pmqos_device_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
read_chr_files_pattern($1, device_t, pmqos_device_t)
|
||||||
|
')
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
## Read and write the the PM QoS devices.
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain allowed access.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`dev_rw_pmqos',`
|
||||||
|
gen_require(`
|
||||||
|
type device_t, pmqos_device_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
rw_chr_files_pattern($1, device_t, pmqos_device_t)
|
||||||
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Read printk devices (e.g., /dev/kmsg /dev/mcelog)
|
## Read printk devices (e.g., /dev/kmsg /dev/mcelog)
|
||||||
|
|
|
@ -181,12 +181,6 @@ type mtrr_device_t;
|
||||||
dev_node(mtrr_device_t)
|
dev_node(mtrr_device_t)
|
||||||
genfscon proc /mtrr gen_context(system_u:object_r:mtrr_device_t,s0)
|
genfscon proc /mtrr gen_context(system_u:object_r:mtrr_device_t,s0)
|
||||||
|
|
||||||
#
|
|
||||||
# network control devices
|
|
||||||
#
|
|
||||||
type netcontrol_device_t;
|
|
||||||
dev_node(netcontrol_device_t)
|
|
||||||
|
|
||||||
#
|
#
|
||||||
# null_device_t is the type of /dev/null.
|
# null_device_t is the type of /dev/null.
|
||||||
#
|
#
|
||||||
|
@ -207,6 +201,13 @@ dev_node(nvram_device_t)
|
||||||
type power_device_t;
|
type power_device_t;
|
||||||
dev_node(power_device_t)
|
dev_node(power_device_t)
|
||||||
|
|
||||||
|
#
|
||||||
|
# PM QoS Interface, /dev/cpu_dma_latency, network_latency,
|
||||||
|
# network_throughput, and memory_bandwidth
|
||||||
|
#
|
||||||
|
type pmqos_device_t alias netcontrol_device_t;
|
||||||
|
dev_node(pmqos_device_t)
|
||||||
|
|
||||||
type printer_device_t;
|
type printer_device_t;
|
||||||
dev_node(printer_device_t)
|
dev_node(printer_device_t)
|
||||||
mls_file_write_within_range(printer_device_t)
|
mls_file_write_within_range(printer_device_t)
|
||||||
|
|
|
@ -261,7 +261,7 @@ dev_read_input(devicekit_power_t)
|
||||||
dev_read_urand(devicekit_power_t)
|
dev_read_urand(devicekit_power_t)
|
||||||
dev_rw_generic_usb_dev(devicekit_power_t)
|
dev_rw_generic_usb_dev(devicekit_power_t)
|
||||||
dev_rw_generic_chr_files(devicekit_power_t)
|
dev_rw_generic_chr_files(devicekit_power_t)
|
||||||
dev_rw_netcontrol(devicekit_power_t)
|
dev_rw_pmqos(devicekit_power_t)
|
||||||
dev_rw_sysfs(devicekit_power_t)
|
dev_rw_sysfs(devicekit_power_t)
|
||||||
dev_read_rand(devicekit_power_t)
|
dev_read_rand(devicekit_power_t)
|
||||||
dev_getattr_all_blk_files(devicekit_power_t)
|
dev_getattr_all_blk_files(devicekit_power_t)
|
||||||
|
|
|
@ -65,7 +65,7 @@ dev_getattr_all_blk_files(tuned_t)
|
||||||
dev_getattr_all_chr_files(tuned_t)
|
dev_getattr_all_chr_files(tuned_t)
|
||||||
dev_read_urand(tuned_t)
|
dev_read_urand(tuned_t)
|
||||||
dev_rw_sysfs(tuned_t)
|
dev_rw_sysfs(tuned_t)
|
||||||
dev_rw_netcontrol(tuned_t)
|
dev_rw_pmqos(tuned_t)
|
||||||
|
|
||||||
files_read_usr_files(tuned_t)
|
files_read_usr_files(tuned_t)
|
||||||
files_dontaudit_search_home(tuned_t)
|
files_dontaudit_search_home(tuned_t)
|
||||||
|
|
Loading…
Reference in New Issue