storage: Add fcontexts for NVMe disks

NVMe has several dev nodes for each device:
/dev/nvme0 is a char device for communicating with the controller
/dev/nvme0n1 is the block device that stores the data.
/dev/nvme0n1p1 is the first partition

1 files changed, 2 insertions, 0 deletions

diff --git a/policy/modules/kernel/storage.fc b/policy/modules/kernel/storage.fc
index 375b10bc..c7e3ac0d 100644
--- a/policy/modules/kernel/storage.fc
+++ b/policy/modules/kernel/storage.fc
@@ -33,6 +33,8 @@
 /dev/mspblk.*		-b	gen_context(system_u:object_r:removable_device_t,s0)
 /dev/mtd.*		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
 /dev/nb[^/]+		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+/dev/nvme[0-9]+		-c	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+/dev/nvme[0-9]n[^/]+	-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
 /dev/optcd		-b	gen_context(system_u:object_r:removable_device_t,s0)
 /dev/p[fg][0-3]		-b	gen_context(system_u:object_r:removable_device_t,s0)
 /dev/pcd[0-3]		-b	gen_context(system_u:object_r:removable_device_t,s0)