From: russell@coker.com.au (Russell Coker)
Date: Fri, 16 Feb 2018 17:12:12 +1100
Subject: [refpolicy] [PATCH] allow udisksd rx access to /dev/mem for EFI data
Message-ID: <20180216061211.GA7266@xev>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Please merge this

Index: refpolicy-2.20180216/policy/modules/contrib/devicekit.te
===================================================================
--- refpolicy-2.20180216.orig/policy/modules/contrib/devicekit.te
+++ refpolicy-2.20180216/policy/modules/contrib/devicekit.te
@@ -109,6 +109,8 @@ dev_getattr_usbfs_dirs(devicekit_disk_t)
 dev_manage_generic_files(devicekit_disk_t)
 dev_read_urand(devicekit_disk_t)
 dev_rw_sysfs(devicekit_disk_t)
+# /dev/mem is accessed by libparted to get EFI data
+dev_rx_raw_memory(devicekit_disk_t)
 
 domain_getattr_all_pipes(devicekit_disk_t)
 domain_getattr_all_sockets(devicekit_disk_t)