diff --git a/policy/modules/kernel/devices.fc b/policy/modules/kernel/devices.fc index bdff6b1a4..0eac99140 100644 --- a/policy/modules/kernel/devices.fc +++ b/policy/modules/kernel/devices.fc @@ -77,6 +77,7 @@ /dev/modem -c gen_context(system_u:object_r:modem_device_t,s0) /dev/mpu401.* -c gen_context(system_u:object_r:sound_device_t,s0) /dev/msr.* -c gen_context(system_u:object_r:cpu_device_t,s0) +/dev/ndctl[0-9] -c gen_context(system_u:object_r:nvram_device_t,s0) /dev/net/vhost -c gen_context(system_u:object_r:vhost_device_t,s0) /dev/network_latency -c gen_context(system_u:object_r:pmqos_device_t,s0) /dev/network_throughput -c gen_context(system_u:object_r:pmqos_device_t,s0) diff --git a/policy/modules/kernel/storage.fc b/policy/modules/kernel/storage.fc index b6dfcd9fc..46395b8fc 100644 --- a/policy/modules/kernel/storage.fc +++ b/policy/modules/kernel/storage.fc @@ -33,6 +33,7 @@ /dev/mmcblk.* -c gen_context(system_u:object_r:removable_device_t,s0) /dev/mspblk.* -b gen_context(system_u:object_r:removable_device_t,s0) /dev/mtd.* -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh) +/dev/mtd.* -c gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh) /dev/nb[^/]+ -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh) /dev/nvme[0-9]+ -c gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh) /dev/nvme[0-9]n[^/]+ -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)