Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
path: root/policy/modules/kernel/storage.fc
diff options
context:
space:
mode:
Diffstat (limited to 'policy/modules/kernel/storage.fc')
-rw-r--r--policy/modules/kernel/storage.fc83
1 files changed, 83 insertions, 0 deletions
diff --git a/policy/modules/kernel/storage.fc b/policy/modules/kernel/storage.fc
new file mode 100644
index 00000000..5d19e5ba
--- /dev/null
+++ b/policy/modules/kernel/storage.fc
@@ -0,0 +1,83 @@
+/dev/\.tmp-block.* -c gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+/dev/n?(raw)?[qr]ft[0-3] -c gen_context(system_u:object_r:tape_device_t,s0)
+/dev/n?[hs]t[0-9].* -c gen_context(system_u:object_r:tape_device_t,s0)
+/dev/n?z?qft[0-3] -c gen_context(system_u:object_r:tape_device_t,s0)
+/dev/n?osst[0-3].* -c gen_context(system_u:object_r:tape_device_t,s0)
+/dev/n?pt[0-9]+ -c gen_context(system_u:object_r:tape_device_t,s0)
+/dev/n?tpqic[12].* -c gen_context(system_u:object_r:tape_device_t,s0)
+/dev/[shmxv]d[^/]* -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+/dev/aztcd -b gen_context(system_u:object_r:removable_device_t,s0)
+/dev/bpcd -b gen_context(system_u:object_r:removable_device_t,s0)
+/dev/bsg/.+ -c gen_context(system_u:object_r:scsi_generic_device_t,s0)
+/dev/cdu.* -b gen_context(system_u:object_r:removable_device_t,s0)
+/dev/cm20.* -b gen_context(system_u:object_r:removable_device_t,s0)
+/dev/dasd[^/]* -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+/dev/dasd[^/]* -c gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+/dev/dm-[0-9]+ -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+/dev/drbd[^/]* -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+/dev/etherd/.+ -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+/dev/fd[^/]+ -b gen_context(system_u:object_r:removable_device_t,s0)
+/dev/flash[^/]* -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+/dev/gscd -b gen_context(system_u:object_r:removable_device_t,s0)
+/dev/hitcd -b gen_context(system_u:object_r:removable_device_t,s0)
+/dev/ht[0-1] -b gen_context(system_u:object_r:tape_device_t,s0)
+/dev/hwcdrom -b gen_context(system_u:object_r:removable_device_t,s0)
+/dev/initrd -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+/dev/jsfd -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+/dev/jsflash -c gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+/dev/loop.* -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+/dev/lvm -c gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+/dev/mcdx? -b gen_context(system_u:object_r:removable_device_t,s0)
+/dev/megadev.* -c gen_context(system_u:object_r:removable_device_t,s0)
+/dev/mmcblk.* -b gen_context(system_u:object_r:removable_device_t,s0)
+/dev/mspblk.* -b gen_context(system_u:object_r:removable_device_t,s0)
+/dev/mtd.* -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+/dev/nb[^/]+ -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+/dev/optcd -b gen_context(system_u:object_r:removable_device_t,s0)
+/dev/p[fg][0-3] -b gen_context(system_u:object_r:removable_device_t,s0)
+/dev/pcd[0-3] -b gen_context(system_u:object_r:removable_device_t,s0)
+/dev/pd[a-d][^/]* -b gen_context(system_u:object_r:removable_device_t,s0)
+/dev/pg[0-3] -c gen_context(system_u:object_r:removable_device_t,s0)
+/dev/ps3d.* -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+/dev/ram.* -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+/dev/(raw/)?rawctl -c gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+/dev/rd.* -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+ifdef(`distro_redhat', `
+/dev/root -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+')
+/dev/s(cd|r)[^/]* -b gen_context(system_u:object_r:removable_device_t,s0)
+/dev/sbpcd.* -b gen_context(system_u:object_r:removable_device_t,s0)
+/dev/sg[0-9]+ -c gen_context(system_u:object_r:scsi_generic_device_t,s0)
+/dev/sjcd -b gen_context(system_u:object_r:removable_device_t,s0)
+/dev/sonycd -b gen_context(system_u:object_r:removable_device_t,s0)
+/dev/tape.* -c gen_context(system_u:object_r:tape_device_t,s0)
+/dev/tw[a-z][^/]+ -c gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+/dev/ub[a-z][^/]+ -b gen_context(system_u:object_r:removable_device_t,mls_systemhigh)
+/dev/ubd[^/]* -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+/dev/vd[^/]* -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+/dev/xvd[^/]* -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+
+/dev/ataraid/.* -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+
+/dev/cciss/[^/]* -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+
+/dev/fuse -c gen_context(system_u:object_r:fuse_device_t,s0)
+/dev/floppy/[^/]* -b gen_context(system_u:object_r:removable_device_t,s0)
+
+/dev/i2o/hd[^/]* -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+
+/dev/ida/[^/]* -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+
+/dev/md/.* -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+/dev/mapper/.* -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+
+/dev/device-mapper -c gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+
+/dev/raw/raw[0-9]+ -c gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+
+/dev/scramdisk/.* -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+
+/dev/usb/rio500 -c gen_context(system_u:object_r:removable_device_t,s0)
+
+/lib/udev/devices/loop.* -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+/lib/udev/devices/fuse -c gen_context(system_u:object_r:fuse_device_t,s0)