From: guido@trentalancia.net (Guido Trentalancia)
Date: Mon, 08 Aug 2016 18:59:05 +0200
Subject: [refpolicy] [PATCH] Cpucontrol should be able to search firmware
	directories
Message-ID: <1470675545.2909.3.camel@trentalancia.net>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

After the recent creation of the new "firmware_t" type, cpucontrol_t should
be able to search "firmware_t" directories in order to successfully load
the CPU microcode.
 
Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
---
 policy/modules/contrib/cpucontrol.te |    2 ++
 1 file changed, 2 insertions(+)

--- refpolicy-git-06082016-orig/policy/modules/contrib/cpucontrol.te	2016-08-06 21:56:16.079262965 +0200
+++ refpolicy-git-06082016/policy/modules/contrib/cpucontrol.te	2016-08-08 18:52:28.199349387 +0200
@@ -78,6 +78,8 @@ kernel_read_proc_symlinks(cpucontrol_t)
 dev_read_sysfs(cpucontrol_t)
 dev_rw_cpu_microcode(cpucontrol_t)
 
+files_search_firmware(cpucontrol_t)
+
 optional_policy(`
 	rhgb_use_ptys(cpucontrol_t)
 ')