[selinux-policy: 2305/3172] Add storage patch, from Dan Walsh.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 22:24:39 UTC 2010
commit 53c73dc7852da8a8a46133ef433203adf489839d
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Thu Nov 19 09:03:36 2009 -0500
Add storage patch, from Dan Walsh.
policy/modules/kernel/storage.fc | 1 +
policy/modules/kernel/storage.if | 2 +-
policy/modules/kernel/storage.te | 2 +-
3 files changed, 3 insertions(+), 2 deletions(-)
---
diff --git a/policy/modules/kernel/storage.fc b/policy/modules/kernel/storage.fc
index 5afa664..d1719ca 100644
--- a/policy/modules/kernel/storage.fc
+++ b/policy/modules/kernel/storage.fc
@@ -28,6 +28,7 @@
/dev/megadev.* -c gen_context(system_u:object_r:removable_device_t,s0)
/dev/mmcblk.* -b gen_context(system_u:object_r:removable_device_t,s0)
/dev/mspblk.* -b gen_context(system_u:object_r:removable_device_t,s0)
+/dev/mtd.* -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
/dev/nb[^/]+ -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
/dev/optcd -b gen_context(system_u:object_r:removable_device_t,s0)
/dev/p[fg][0-3] -b gen_context(system_u:object_r:removable_device_t,s0)
diff --git a/policy/modules/kernel/storage.if b/policy/modules/kernel/storage.if
index 05d9923..a388e63 100644
--- a/policy/modules/kernel/storage.if
+++ b/policy/modules/kernel/storage.if
@@ -529,7 +529,7 @@ interface(`storage_dontaudit_read_removable_device',`
')
- dontaudit $1 removable_device_t:blk_file { getattr ioctl read };
+ dontaudit $1 removable_device_t:blk_file read_blk_file_perms;
')
########################################
diff --git a/policy/modules/kernel/storage.te b/policy/modules/kernel/storage.te
index 7a07c60..dab6e3e 100644
--- a/policy/modules/kernel/storage.te
+++ b/policy/modules/kernel/storage.te
@@ -1,5 +1,5 @@
-policy_module(storage, 1.7.0)
+policy_module(storage, 1.7.1)
########################################
#
More information about the scm-commits
mailing list