vhost: Add /dev/vhost-scsi device of type vhost_device_t.

Signed-off-by: Jagannathan Raman <jag.raman@oracle.com>

3 files changed, 4 insertions, 2 deletions

diff --git a/policy/modules/kernel/devices.fc b/policy/modules/kernel/devices.fc
index e206720be..5ec14acfd 100644
--- a/policy/modules/kernel/devices.fc
+++ b/policy/modules/kernel/devices.fc
@@ -120,6 +120,7 @@ ifdef(`distro_suse', `
 ')
 /dev/vfio/.+		-c      gen_context(system_u:object_r:vfio_device_t,s0)
 /dev/vhost-net		-c	gen_context(system_u:object_r:vhost_device_t,s0)
+/dev/vhost-scsi		-c	gen_context(system_u:object_r:vhost_device_t,s0)
 /dev/vbi.*		-c	gen_context(system_u:object_r:v4l_device_t,s0)
 /dev/vbox.*		-c	gen_context(system_u:object_r:xserver_misc_device_t,s0)
 /dev/vga_arbiter	-c	gen_context(system_u:object_r:xserver_misc_device_t,s0)
diff --git a/policy/modules/kernel/devices.if b/policy/modules/kernel/devices.if
index f68d60ab0..0966a468d 100644
--- a/policy/modules/kernel/devices.if
+++ b/policy/modules/kernel/devices.if
@@ -4839,7 +4839,7 @@ interface(`dev_relabelfrom_vfio_dev',`
 
 ############################
 ## <summary>
-##	Allow read/write the vhost net device
+##	Allow read/write the vhost devices
 ## </summary>
 ## <param name="domain">
 ##	<summary>
diff --git a/policy/modules/kernel/devices.te b/policy/modules/kernel/devices.te
index 4ce5fecf7..79b9c8da0 100644
--- a/policy/modules/kernel/devices.te
+++ b/policy/modules/kernel/devices.te
@@ -286,7 +286,8 @@ type v4l_device_t;
 dev_node(v4l_device_t)
 
 #
-# vhost_device_t is the type for /dev/vhost-net
+# vhost_device_t is the type for vhost devices like
+# /dev/vhost-net and /dev/vhost-scsi
 #
 type vhost_device_t;
 dev_node(vhost_device_t)