From: jason@perfinion.com (Jason Zaman)
Date: Thu, 14 Dec 2017 02:15:36 +0800
Subject: [refpolicy] [PATCH 2/2] storage: Add fcontexts for NVMe disks
In-Reply-To: <20171213181536.27030-1-jason@perfinion.com>
References: <20171213181536.27030-1-jason@perfinion.com>
Message-ID: <20171213181536.27030-2-jason@perfinion.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

NVMe has several dev nodes for each device:
/dev/nvme0 is a char device for communicating with the controller
/dev/nvme0n1 is the block device that stores the data.
/dev/nvme0n1p1 is the first partition
---
 policy/modules/kernel/storage.fc | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/policy/modules/kernel/storage.fc b/policy/modules/kernel/storage.fc
index 375b10bc..c7e3ac0d 100644
--- a/policy/modules/kernel/storage.fc
+++ b/policy/modules/kernel/storage.fc
@@ -33,6 +33,8 @@
 /dev/mspblk.*		-b	gen_context(system_u:object_r:removable_device_t,s0)
 /dev/mtd.*		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
 /dev/nb[^/]+		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+/dev/nvme[0-9]+		-c	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+/dev/nvme[0-9]n[^/]+	-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
 /dev/optcd		-b	gen_context(system_u:object_r:removable_device_t,s0)
 /dev/p[fg][0-3]		-b	gen_context(system_u:object_r:removable_device_t,s0)
 /dev/pcd[0-3]		-b	gen_context(system_u:object_r:removable_device_t,s0)
-- 
2.13.6