From: dominick.grift@gmail.com (Dominick Grift)
Date: Sat, 22 Sep 2012 12:57:14 +0200
Subject: [refpolicy] [PATCH 1/2] Declare a cachfiles device node type
In-Reply-To: <1348311435-6912-1-git-send-email-dominick.grift@gmail.com>
References: <1348311435-6912-1-git-send-email-dominick.grift@gmail.com>
Message-ID: <1348311435-6912-2-git-send-email-dominick.grift@gmail.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Used by kernel to communicate with user space (cachefilesd)
Label the character file accordingly

Create a dev_rw_cachefiles_dev() for cachefilesd

Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
---
 policy/modules/kernel/devices.fc |  1 +
 policy/modules/kernel/devices.if | 19 +++++++++++++++++++
 policy/modules/kernel/devices.te |  3 +++
 3 files changed, 23 insertions(+)

diff --git a/policy/modules/kernel/devices.fc b/policy/modules/kernel/devices.fc
index 5214c08..ddbfa12 100644
--- a/policy/modules/kernel/devices.fc
+++ b/policy/modules/kernel/devices.fc
@@ -17,6 +17,7 @@
 /dev/autofs.*		-c	gen_context(system_u:object_r:autofs_device_t,s0)
 /dev/beep		-c	gen_context(system_u:object_r:sound_device_t,s0)
 /dev/btrfs-control	-c	gen_context(system_u:object_r:lvm_control_t,s0)
+/dev/cachefiles	-c	gen_context(system_u:object_r:cachefiles_dev_t,s0)
 /dev/controlD64		-c	gen_context(system_u:object_r:xserver_misc_device_t,s0)
 /dev/crash		-c	gen_context(system_u:object_r:crash_device_t,mls_systemhigh)
 /dev/dahdi/.*		-c	gen_context(system_u:object_r:sound_device_t,s0)
diff --git a/policy/modules/kernel/devices.if b/policy/modules/kernel/devices.if
index d820975..266b8b5 100644
--- a/policy/modules/kernel/devices.if
+++ b/policy/modules/kernel/devices.if
@@ -1560,6 +1560,25 @@ interface(`dev_relabel_autofs_dev',`
 
 ########################################
 ## <summary>
+##	Read and write cachefiles character
+##	device nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`dev_rw_cachfiles',`
+	gen_require(`
+		type device_t, cachefiles_dev_t;
+	')
+
+	rw_chr_files_pattern($1, device_t, cachefiles_dev_t)
+')
+
+########################################
+## <summary>
 ##	Read and write the PCMCIA card manager device.
 ## </summary>
 ## <param name="domain">
diff --git a/policy/modules/kernel/devices.te b/policy/modules/kernel/devices.te
index 108b68b..52519e3 100644
--- a/policy/modules/kernel/devices.te
+++ b/policy/modules/kernel/devices.te
@@ -43,6 +43,9 @@ type cardmgr_dev_t;
 dev_node(cardmgr_dev_t)
 files_tmp_file(cardmgr_dev_t)
 
+type cachefiles_dev_t;
+dev_node(cachefiles_dev_t)
+
 #
 # clock_device_t is the type of
 # /dev/rtc.
-- 
1.7.11.4