Add an interface to allow watch permission on generic
device directories. Signed-off-by: Guido Trentalancia <guido@trentalancia.com> -- policy/modules/kernel/devices.if | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+)
This commit is contained in:
parent
3415d17e7f
commit
e3dc006c41
|
@ -108,6 +108,24 @@ interface(`dev_getattr_fs',`
|
||||||
allow $1 device_t:filesystem getattr;
|
allow $1 device_t:filesystem getattr;
|
||||||
')
|
')
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
## Watch the directories in /dev.
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain allowed access.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`dev_watch_dev_dirs',`
|
||||||
|
gen_require(`
|
||||||
|
type device_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
allow $1 device_t:dir watch;
|
||||||
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Mount a filesystem on /dev
|
## Mount a filesystem on /dev
|
||||||
|
|
Loading…
Reference in New Issue