From: russell@coker.com.au (Russell Coker) Date: Fri, 16 Feb 2018 21:06:13 +1100 Subject: [refpolicy] [PATCH] udisks2 and /dev/mem version 2 Message-ID: <20180216100613.GA11494@xev> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Second version of this patch, it doesn't need execute access. Index: refpolicy-2.20180216/policy/modules/contrib/devicekit.te =================================================================== --- refpolicy-2.20180216.orig/policy/modules/contrib/devicekit.te +++ refpolicy-2.20180216/policy/modules/contrib/devicekit.te @@ -109,6 +109,8 @@ dev_getattr_usbfs_dirs(devicekit_disk_t) dev_manage_generic_files(devicekit_disk_t) dev_read_urand(devicekit_disk_t) dev_rw_sysfs(devicekit_disk_t) +# /dev/mem is accessed by libparted to get EFI data +dev_read_raw_memory(devicekit_disk_t) domain_getattr_all_pipes(devicekit_disk_t) domain_getattr_all_sockets(devicekit_disk_t)