policy for the Reliability Availability servicability daemon (#690)

* policy for the Reliability Availability servicability daemon

Signed-off-by: Russell Coker <russell@coker.com.au>
Signed-off-by: Kenton Groombridge <concord@gentoo.org>

1 files changed, 37 insertions, 0 deletions

diff --git a/policy/modules/kernel/filesystem.if b/policy/modules/kernel/filesystem.if
index 5cdbc564..5213df5b 100644
--- a/policy/modules/kernel/filesystem.if
+++ b/policy/modules/kernel/filesystem.if
@@ -6156,6 +6156,43 @@ interface(`fs_getattr_tracefs_files',`
 
 ########################################
 ## <summary>
+##	Read/write trace filesystem files
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+interface(`fs_rw_tracefs_files',`
+	gen_require(`
+		type tracefs_t;
+	')
+
+	allow $1 tracefs_t:dir list_dir_perms;
+	allow $1 tracefs_t:file rw_file_perms;
+')
+
+########################################
+## <summary>
+##	create trace filesystem directories
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+interface(`fs_create_tracefs_dirs',`
+	gen_require(`
+		type tracefs_t;
+	')
+
+	allow $1 tracefs_t:dir { create rw_dir_perms };
+')
+
+########################################
+## <summary>
 ##	Mount a XENFS filesystem.
 ## </summary>
 ## <param name="domain">