1 files changed, 56 insertions, 0 deletions

diff --git a/policy/modules/kernel/devices.if b/policy/modules/kernel/devices.if
index 3f0541729..7d99b290d 100644
--- a/policy/modules/kernel/devices.if
+++ b/policy/modules/kernel/devices.if
@@ -480,6 +480,25 @@ interface(`dev_dontaudit_getattr_generic_blk_files',`
 
 ########################################
 ## <summary>
+##	Set the attributes on generic
+##	block devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`dev_setattr_generic_blk_files',`
+	gen_require(`
+		type device_t;
+	')
+
+	allow $1 device_t:blk_file setattr;
+')
+
+########################################
+## <summary>
 ##	Dontaudit setattr on generic block devices.
 ## </summary>
 ## <param name="domain">
@@ -570,6 +589,25 @@ interface(`dev_dontaudit_getattr_generic_chr_files',`
 
 ########################################
 ## <summary>
+##	Set the attributes for generic
+##	character device files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`dev_setattr_generic_chr_files',`
+	gen_require(`
+		type device_t;
+	')
+
+	allow $1 device_t:chr_file setattr;
+')
+
+########################################
+## <summary>
 ##	Dontaudit setattr for generic character device files.
 ## </summary>
 ## <param name="domain">
@@ -3897,6 +3935,24 @@ interface(`dev_manage_smartcard',`
 
 ########################################
 ## <summary>
+##	Mount a filesystem on sysfs.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allow access.
+##	</summary>
+## </param>
+#
+interface(`dev_mounton_sysfs',`
+	gen_require(`
+		type device_t;
+	')
+
+	allow $1 sysfs_t:dir mounton;
+')
+
+########################################
+## <summary>
 ##	Associate a file to a sysfs filesystem.
 ## </summary>
 ## <param name="file_type">