RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #58 from pebenito/more-device-updates

This commit is contained in:
Chris PeBenito 2019-07-29 20:50:23 -04:00
parent f191b07166 a5db4b262d
commit 4ef04d8adb
3 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
policy/modules/kernel/devices.fc
View File

@ -77,6 +77,7 @@
/dev/modem -c gen_context(system_u:object_r:modem_device_t,s0)
/dev/mpu401.* -c gen_context(system_u:object_r:sound_device_t,s0)
/dev/msr.* -c gen_context(system_u:object_r:cpu_device_t,s0)
/dev/ndctl[0-9] -c gen_context(system_u:object_r:nvram_device_t,s0)
/dev/net/vhost -c gen_context(system_u:object_r:vhost_device_t,s0)
/dev/network_latency -c gen_context(system_u:object_r:pmqos_device_t,s0)
/dev/network_throughput -c gen_context(system_u:object_r:pmqos_device_t,s0)
@ -109,6 +110,8 @@
/dev/snapshot -c gen_context(system_u:object_r:acpi_bios_t,s0)
/dev/sndstat -c gen_context(system_u:object_r:sound_device_t,s0)
/dev/sonypi -c gen_context(system_u:object_r:v4l_device_t,s0)
/dev/tee[0-9] -c gen_context(system_u:object_r:tee_device_t,s0)
/dev/teepriv[0-9] -c gen_context(system_u:object_r:tee_priv_device_t,s0)
/dev/tlk[0-3] -c gen_context(system_u:object_r:v4l_device_t,s0)
/dev/tpm[0-9]* -c gen_context(system_u:object_r:tpm_device_t,s0)
/dev/tpmrm[0-9]* -c gen_context(system_u:object_r:tpm_device_t,s0)

9
policy/modules/kernel/devices.te
View File

@ -253,6 +253,15 @@ files_mountpoint(sysfs_t)
fs_xattr_type(sysfs_t)
genfscon sysfs / gen_context(system_u:object_r:sysfs_t,s0)
#
# Types for trusted execution environment interface
#
type tee_device_t;
dev_node(tee_device_t)
type tee_priv_device_t;
dev_node(tee_priv_device_t)
#
# Type for /dev/tpm
#

1
policy/modules/kernel/storage.fc
View File

@ -33,6 +33,7 @@
/dev/mmcblk.* -c gen_context(system_u:object_r:removable_device_t,s0)
/dev/mspblk.* -b gen_context(system_u:object_r:removable_device_t,s0)
/dev/mtd.* -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
/dev/mtd.* -c gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
/dev/nb[^/]+ -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
/dev/nvme[0-9]+ -c gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
/dev/nvme[0-9]n[^/]+ -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)