From: russell@coker.com.au (Russell Coker)
Date: Fri, 16 Feb 2018 21:06:13 +1100
Subject: [refpolicy] [PATCH] udisks2 and /dev/mem version 2
Message-ID: <20180216100613.GA11494@xev>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Second version of this patch, it doesn't need execute access.

Index: refpolicy-2.20180216/policy/modules/contrib/devicekit.te
===================================================================
--- refpolicy-2.20180216.orig/policy/modules/contrib/devicekit.te
+++ refpolicy-2.20180216/policy/modules/contrib/devicekit.te
@@ -109,6 +109,8 @@ dev_getattr_usbfs_dirs(devicekit_disk_t)
 dev_manage_generic_files(devicekit_disk_t)
 dev_read_urand(devicekit_disk_t)
 dev_rw_sysfs(devicekit_disk_t)
+# /dev/mem is accessed by libparted to get EFI data
+dev_read_raw_memory(devicekit_disk_t)
 
 domain_getattr_all_pipes(devicekit_disk_t)
 domain_getattr_all_sockets(devicekit_disk_t)