From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Thu, 04 Mar 2010 10:53:24 -0500
Subject: [refpolicy] [ devices patch 1/1] Fix dev_list_sysfs interface
 to allow domains to read sysfs lnk_file.
In-Reply-To: <20100226103859.GA18885@localhost.localdomain>
References: <20100226103859.GA18885@localhost.localdomain>
Message-ID: <1267718004.11679.36.camel@gorn.columbia.tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Fri, 2010-02-26 at 11:39 +0100, Dominick Grift wrote:
> Signed-off-by: Dominick Grift <domg472@gmail.com>

I'm on the fence for this one.  Normally I think this is better suited
for dev_read_sysfs(), which has this perm already.  But since sysfs is
so highly linked, I suppose it could make sense.  What prompted this?

> ---
> :100644 100644 fe31e1f... 83c4a2a... M	policy/modules/kernel/devices.if
>  policy/modules/kernel/devices.if |    1 +
>  1 files changed, 1 insertions(+), 0 deletions(-)
> 
> diff --git a/policy/modules/kernel/devices.if b/policy/modules/kernel/devices.if
> index fe31e1f..83c4a2a 100644
> --- a/policy/modules/kernel/devices.if
> +++ b/policy/modules/kernel/devices.if
> @@ -3322,6 +3322,7 @@ interface(`dev_list_sysfs',`
>  	')
>  
>  	list_dirs_pattern($1, sysfs_t, sysfs_t)
> +	allow $1 sysfs_t:lnk_file read_lnk_file_perms;
>  ')
>  
>  ########################################
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150