From: mgrepl@redhat.com (Miroslav Grepl)
Date: Tue, 04 Sep 2012 12:28:32 +0200
Subject: [refpolicy] [PATCH 2/2] Declare a virtio port device type and
 label /dev/vport.* accordingly
In-Reply-To: <1346434702-30274-3-git-send-email-dominick.grift@gmail.com>
References: <1346434702-30274-1-git-send-email-dominick.grift@gmail.com>
	<1346434702-30274-3-git-send-email-dominick.grift@gmail.com>
Message-ID: <5045D7D0.9030502@redhat.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 08/31/2012 07:38 PM, Dominick Grift wrote:
> Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
> ---
>   policy/modules/kernel/devices.fc | 1 +
>   policy/modules/kernel/devices.te | 3 +++
>   2 files changed, 4 insertions(+)
>
> diff --git a/policy/modules/kernel/devices.fc b/policy/modules/kernel/devices.fc
> index 5214c08..94505c4 100644
> --- a/policy/modules/kernel/devices.fc
> +++ b/policy/modules/kernel/devices.fc
> @@ -124,6 +124,7 @@ ifdef(`distro_suse', `
>   /dev/vmmon		-c	gen_context(system_u:object_r:vmware_device_t,s0)
>   /dev/vmnet.*		-c	gen_context(system_u:object_r:vmware_device_t,s0)
>   /dev/video.*		-c	gen_context(system_u:object_r:v4l_device_t,s0)
> +/dev/vport.*		-c	gen_context(system_u:object_r:virtio_device_t,s0)
>   /dev/vrtpanel		-c	gen_context(system_u:object_r:mouse_device_t,s0)
>   /dev/vttuner		-c	gen_context(system_u:object_r:v4l_device_t,s0)
>   /dev/vtx.*		-c	gen_context(system_u:object_r:v4l_device_t,s0)
> diff --git a/policy/modules/kernel/devices.te b/policy/modules/kernel/devices.te
> index 99fe460..52c535d 100644
> --- a/policy/modules/kernel/devices.te
> +++ b/policy/modules/kernel/devices.te
> @@ -272,6 +272,9 @@ dev_node(v4l_device_t)
>   type vhost_device_t;
>   dev_node(vhost_device_t)
>   
> +type virtio_device_t;
> +dev_node(virtio_device_t)
> +
>   # Type for vmware devices.
>   type vmware_device_t;
>   dev_node(vmware_device_t)
We declare it in terminal.* policy files.

Also I think base access interfaces should be part of this patch?