From: dac.override@gmail.com (Dominick Grift)
Date: Wed, 27 Apr 2016 12:36:12 +0200
Subject: [refpolicy] [PATCH] Add support for hwloc
In-Reply-To: <1461745535-6857-1-git-send-email-grzegorz.andrejczuk@intel.com>
References: <1461745535-6857-1-git-send-email-grzegorz.andrejczuk@intel.com>
Message-ID: <1461753372-10137-1-git-send-email-dac.override@gmail.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Signed-off-by: Dominick Grift <dac.override@gmail.com>
---
 policy/modules/kernel/files.if      | 19 +++++++++++++++++++
 policy/modules/roles/sysadm.te      |  5 +++++
 policy/modules/system/userdomain.if |  5 +++++
 3 files changed, 29 insertions(+)

diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
index fc007b4..d942d8a 100644
--- a/policy/modules/kernel/files.if
+++ b/policy/modules/kernel/files.if
@@ -6077,6 +6077,25 @@ interface(`files_dontaudit_getattr_pid_dirs',`
 
 ########################################
 ## <summary>
+##	Read and write generic runtime directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`files_rw_pid_dirs',`
+	gen_require(`
+		type var_run_t;
+	')
+
+	files_search_var($1)
+	rw_dirs_pattern($1, var_run_t, var_run_t)
+')
+
+########################################
+## <summary>
 ##	Set the attributes of the /var/run directory.
 ## </summary>
 ## <param name="domain">
diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
index ceaa4cb..265beb6 100644
--- a/policy/modules/roles/sysadm.te
+++ b/policy/modules/roles/sysadm.te
@@ -462,6 +462,11 @@ optional_policy(`
 ')
 
 optional_policy(`
+	hwloc_manage_runtime(sysadm_t)
+	hwloc_run_hwloc_dhwd(sysadm_t, sysadm_r)
+')
+
+optional_policy(`
 	hypervkvp_admin(sysadm_t, sysadm_r)
 ')
 
diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
index cbb6e09..0a46fda 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -619,6 +619,11 @@ template(`userdom_common_user_template',`
 	')
 
 	optional_policy(`
+		hwloc_exec_hwloc_dhwd($1_t)
+		hwloc_read_runtime_files($1_t)
+	')
+
+	optional_policy(`
 		inetd_use_fds($1_t)
 		inetd_rw_tcp_sockets($1_t)
 	')
-- 
2.5.5