From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Thu, 23 Aug 2012 09:39:30 -0400 Subject: [refpolicy] =?iso-8859-1?q?=5BPATCH=5D_Intel=AE_Active_Management?= =?iso-8859-1?q?_Technology?= In-Reply-To: <1345641713-15107-1-git-send-email-dominick.grift@gmail.com> References: <1345641713-15107-1-git-send-email-dominick.grift@gmail.com> Message-ID: <50363292.6050508@tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 08/22/12 09:21, Dominick Grift wrote: > Intel?? AMT Linux support includes two components that allow interaction > between the Intel?? AMT FW and the Linux OS: Intel?? MEI (Intel?? Management Engine Interface) > driver and LMS (Local Management Service) driver. Intel?? MEI driver > allows application to communicate with the FW using host interface, > and LMS driver allows applications to access the Intel?? AMT FW via the > local Intel?? Management Engine Interface (Intel?? MEI). > > In addition, Intel has validated a kernel patch to enable > IDE-redirection. This is a community maintained patch, but Intel is > distributing the version used in the validation of the other Intel?? AMT > components released here: > > http://software.intel.com/en-us/articles/download-the-latest-intel-amt-open-source-drivers/ > > Declare a mei_device_t device node tyoe and label /dev/mei accordingly. > > Signed-off-by: Dominick Grift > diff --git a/policy/modules/kernel/devices.fc b/policy/modules/kernel/devices.fc > index 06a0e93..84e7337 100644 > --- a/policy/modules/kernel/devices.fc > +++ b/policy/modules/kernel/devices.fc > @@ -59,6 +59,7 @@ > /dev/logibm -c gen_context(system_u:object_r:mouse_device_t,s0) > /dev/lp.* -c gen_context(system_u:object_r:printer_device_t,s0) > /dev/mcelog -c gen_context(system_u:object_r:kmsg_device_t,mls_systemhigh) > +/dev/mei -c gen_context(system_u:object_r:mei_device_t,s0) > /dev/mem -c gen_context(system_u:object_r:memory_device_t,mls_systemhigh) > /dev/mergemem -c gen_context(system_u:object_r:memory_device_t,mls_systemhigh) > /dev/mga_vid.* -c gen_context(system_u:object_r:xserver_misc_device_t,s0) > diff --git a/policy/modules/kernel/devices.te b/policy/modules/kernel/devices.te > index 9d4f26c..d7d5091 100644 > --- a/policy/modules/kernel/devices.te > +++ b/policy/modules/kernel/devices.te > @@ -121,6 +121,9 @@ > type lvm_control_t; > dev_node(lvm_control_t) > > +type mei_device_t; > +dev_node(mei_device_t) > + > # > # memory_device_t is the type of /dev/kmem, > # /dev/mem and /dev/port. Merged. -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com