[selinux-policy: 2236/3172] split dev_manage_dri_dev() into a manage and a filetrans interface.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 22:18:28 UTC 2010
commit 69347451fdf8f887132225f89303bd021a5547a2
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Tue Aug 25 09:43:38 2009 -0400
split dev_manage_dri_dev() into a manage and a filetrans interface.
policy/modules/kernel/devices.if | 18 ++++++++++++++++++
policy/modules/kernel/devices.te | 2 +-
policy/modules/services/xserver.te | 1 +
3 files changed, 20 insertions(+), 1 deletions(-)
---
diff --git a/policy/modules/kernel/devices.if b/policy/modules/kernel/devices.if
index a4bb416..c1cf30b 100644
--- a/policy/modules/kernel/devices.if
+++ b/policy/modules/kernel/devices.if
@@ -1431,6 +1431,24 @@ interface(`dev_manage_dri_dev',`
')
manage_chr_files_pattern($1, device_t, dri_device_t)
+')
+
+########################################
+## <summary>
+## Automatic type transition to the type
+## for DRI device nodes when created in /dev.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`dev_filetrans_dri',`
+ gen_require(`
+ type device_t, dri_device_t;
+ ')
+
filetrans_pattern($1, device_t, dri_device_t, chr_file)
')
diff --git a/policy/modules/kernel/devices.te b/policy/modules/kernel/devices.te
index 782241b..6c2f05d 100644
--- a/policy/modules/kernel/devices.te
+++ b/policy/modules/kernel/devices.te
@@ -1,5 +1,5 @@
-policy_module(devices, 1.8.0)
+policy_module(devices, 1.8.1)
########################################
#
diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
index 976fb90..5462968 100644
--- a/policy/modules/services/xserver.te
+++ b/policy/modules/services/xserver.te
@@ -671,6 +671,7 @@ dev_rw_apm_bios(xserver_t)
dev_rw_agp(xserver_t)
dev_rw_framebuffer(xserver_t)
dev_manage_dri_dev(xserver_t)
+dev_filetrans_dri(xserver_t)
dev_create_generic_dirs(xserver_t)
dev_setattr_generic_dirs(xserver_t)
# raw memory access is needed if not using the frame buffer
More information about the scm-commits
mailing list