[selinux-policy: 2713/3172] Storage patch from Dan Walsh.

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 23:01:23 UTC 2010 

commit 8f0de5df684fadd8c71b657a490090a409c8e2eb
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Fri Jun 4 09:47:45 2010 -0400

    Storage patch from Dan Walsh.
    
    Add /dev/hwcdrom

 policy/modules/kernel/storage.fc |    1 +
 policy/modules/kernel/storage.if |   19 +++++++++++++++++++
 policy/modules/kernel/storage.te |    2 +-
 3 files changed, 21 insertions(+), 1 deletions(-)
---
diff --git a/policy/modules/kernel/storage.fc b/policy/modules/kernel/storage.fc
index 63e86d1..d819311 100644
--- a/policy/modules/kernel/storage.fc
+++ b/policy/modules/kernel/storage.fc
@@ -20,6 +20,7 @@
 /dev/gscd		-b	gen_context(system_u:object_r:removable_device_t,s0)
 /dev/hitcd		-b	gen_context(system_u:object_r:removable_device_t,s0)
 /dev/ht[0-1]		-b	gen_context(system_u:object_r:tape_device_t,s0)
+/dev/hwcdrom		-b	gen_context(system_u:object_r:removable_device_t,s0)
 /dev/initrd		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
 /dev/jsfd		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
 /dev/jsflash		-c	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
diff --git a/policy/modules/kernel/storage.if b/policy/modules/kernel/storage.if
index f37c658..bb0effd 100644
--- a/policy/modules/kernel/storage.if
+++ b/policy/modules/kernel/storage.if
@@ -572,6 +572,25 @@ interface(`storage_dontaudit_read_removable_device',`
 
 ########################################
 ## <summary>
+##	Do not audit attempts made by the caller to write
+##	removable devices device nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The type of the process to not audit.
+##	</summary>
+## </param>
+#
+interface(`storage_dontaudit_write_removable_device',`
+	gen_require(`
+		type removable_device_t;
+	')
+
+	dontaudit $1 removable_device_t:blk_file write_blk_file_perms;
+')
+
+########################################
+## <summary>
 ##	Allow the caller to set the attributes of removable
 ##	devices device nodes.
 ## </summary>
diff --git a/policy/modules/kernel/storage.te b/policy/modules/kernel/storage.te
index 43635dd..bbe024e 100644
--- a/policy/modules/kernel/storage.te
+++ b/policy/modules/kernel/storage.te
@@ -1,5 +1,5 @@
 
-policy_module(storage, 1.8.0)
+policy_module(storage, 1.8.1)
 
 ########################################
 #

More information about the scm-commits mailing list