diff options
| author |   Guido Trentalancia <guido@trentalancia.com> | 2020-01-24 22:31:24 -0800 |
|---|---|---|
| committer |   Jason Zaman <perfinion@gentoo.org> | 2020-02-15 15:30:57 +0800 |
| commit | 55b197d931b228b0bd4b6f4397020de0b3d9207f (patch) | |
| tree | bc9c483bbffeedbe4329c02b23c42df003889d8b | |
| parent | Allow userdomain to read and write the wireless devices (for example for quer... (diff) | |
| download | hardened-refpolicy-55b197d931b228b0bd4b6f4397020de0b3d9207f.tar.gz hardened-refpolicy-55b197d931b228b0bd4b6f4397020de0b3d9207f.tar.bz2 hardened-refpolicy-55b197d931b228b0bd4b6f4397020de0b3d9207f.zip | |
Add an interface to allow watch permission on generic device directories.
Signed-off-by: Guido Trentalancia <guido@trentalancia.com>
--
policy/modules/kernel/devices.if | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
Signed-off-by: Jason Zaman <perfinion@gentoo.org>
| -rw-r--r-- | policy/modules/kernel/devices.if | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/policy/modules/kernel/devices.if b/policy/modules/kernel/devices.if index 7f5ecaf97..afbd6d4a0 100644 --- a/policy/modules/kernel/devices.if +++ b/policy/modules/kernel/devices.if @@ -110,6 +110,24 @@ interface(`dev_getattr_fs',` ######################################## ## <summary> +## Watch the directories in /dev. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`dev_watch_dev_dirs',` + gen_require(` + type device_t; + ') + + allow $1 device_t:dir watch; +') + +######################################## +## <summary> ## Mount a filesystem on /dev ## </summary> ## <param name="domain"> |