diff options
Diffstat (limited to 'policy/modules/kernel/devices.if')
| -rw-r--r-- | policy/modules/kernel/devices.if | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/policy/modules/kernel/devices.if b/policy/modules/kernel/devices.if index aabc1b8e..930f164e 100644 --- a/policy/modules/kernel/devices.if +++ b/policy/modules/kernel/devices.if @@ -5558,6 +5558,60 @@ interface(`dev_rwx_vmware',` ######################################## ## <summary> +## Read the vsock device. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`dev_read_vsock',` + gen_require(` + type device_t, vsock_device_t; + ') + + read_chr_files_pattern($1, device_t, vsock_device_t) +') + +######################################## +## <summary> +## Write the vsock device. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`dev_write_vsock',` + gen_require(` + type device_t, vsock_device_t; + ') + + write_chr_files_pattern($1, device_t, vsock_device_t) +') + +######################################## +## <summary> +## Read and write the vsock device. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`dev_rw_vsock',` + gen_require(` + type device_t, vsock_device_t; + ') + + rw_chr_files_pattern($1, device_t, vsock_device_t) +') + +######################################## +## <summary> ## Read from watchdog devices. ## </summary> ## <param name="domain"> |