getattr on unlabeled blk devs

The following has been in my tree for a few years. It allows initrc_t to stat devices early in the boot process. >From ad46ce856a1a780cf6c3a0bb741794019e03edc2 Mon Sep 17 00:00:00 2001 From: Dominick Grift <dominick.grift@gmail.com> Date: Sat, 9 Nov 2013 10:45:09 +0100 Subject: [PATCH] init: startpar (initrc_t) gets attributes of /dev/dm-0 (device_t) early on boot, soon later the node context is properly reset (debian only) init: startpar (initrc_t) gets attributes of /proc/kcore file Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
author: Russell Coker <russell@coker.com.au> 2016-08-03 15:48:19 +1000
committer: Jason Zaman <jason@perfinion.com> 2016-08-14 02:23:03 +0800
commit: ebae10c1795bdf42caa83f6daed9b0974c83146f (patch)
tree: 51db0deddb20002c6dbb20fd2d8992d1c5ab0f96
parent: libraries: Module version bump for libsystemd fc entry from Lukas Vrabec. (diff)
download: hardened-refpolicy-ebae10c1.tar.gz
hardened-refpolicy-ebae10c1.tar.bz2
hardened-refpolicy-ebae10c1.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index 8e8c1638..0d4f74af 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -568,6 +568,9 @@ userdom_read_user_home_content_files(initrc_t)
 userdom_use_user_terminals(initrc_t)
 
 ifdef(`distro_debian',`
+	kernel_getattr_core_if(initrc_t)
+
+	dev_getattr_generic_blk_files(initrc_t)
 	dev_setattr_generic_dirs(initrc_t)
 
 	fs_tmpfs_filetrans(initrc_t, initrc_var_run_t, dir)
author	Russell Coker <russell@coker.com.au>	2016-08-03 15:48:19 +1000
committer	Jason Zaman <jason@perfinion.com>	2016-08-14 02:23:03 +0800
commit	ebae10c1795bdf42caa83f6daed9b0974c83146f (patch)
tree	51db0deddb20002c6dbb20fd2d8992d1c5ab0f96
parent	libraries: Module version bump for libsystemd fc entry from Lukas Vrabec. (diff)
download	hardened-refpolicy-ebae10c1.tar.gz hardened-refpolicy-ebae10c1.tar.bz2 hardened-refpolicy-ebae10c1.zip