diff options
| author |   Sven Vermeulen <sven.vermeulen@siphos.be> | 2012-06-25 20:19:22 +0200 |
|---|---|---|
| committer | Sven Vermeulen <sven.vermeulen@siphos.be> | 2012-06-25 20:19:22 +0200 |
| commit | 2a3789fcb7b26f16e4595ab4520a925af9dcabb3 (patch) | |
| tree | 797dba59c9996a37c16034a7bd8434e2a3e02320 /policy/modules/system/udev.if | |
| parent | Improve coding style (diff) | |
| download | hardened-refpolicy-2a3789fcb7b26f16e4595ab4520a925af9dcabb3.tar.gz hardened-refpolicy-2a3789fcb7b26f16e4595ab4520a925af9dcabb3.tar.bz2 hardened-refpolicy-2a3789fcb7b26f16e4595ab4520a925af9dcabb3.zip | |
Support for udev in /run (using /run/udev)
Diffstat (limited to 'policy/modules/system/udev.if')
| -rw-r--r-- | policy/modules/system/udev.if | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/policy/modules/system/udev.if b/policy/modules/system/udev.if index c98bcec84..46c8e827f 100644 --- a/policy/modules/system/udev.if +++ b/policy/modules/system/udev.if @@ -249,6 +249,8 @@ interface(`udev_read_db',` allow $1 udev_tbl_t:dir list_dir_perms; read_files_pattern($1, udev_tbl_t, udev_tbl_t) read_lnk_files_pattern($1, udev_tbl_t, udev_tbl_t) + # Device table files are beneith /run/udev + udev_search_pids($1) ') ######################################## @@ -295,6 +297,26 @@ interface(`udev_pid_filetrans_run_dirs',` ######################################## ## <summary> +## Search through udev pid files and directories +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`udev_search_pids',` + gen_require(` + type udev_var_run_t; + ') + + files_search_var_lib($1) + search_dirs_pattern($1, udev_var_run_t, udev_var_run_t) +') + + +######################################## +## <summary> ## Create, read, write, and delete ## udev pid files. ## </summary> |