From: pebenito@ieee.org (Chris PeBenito) Date: Sun, 18 Feb 2018 11:14:03 -0500 Subject: [refpolicy] [PATCH] udisks2 and /dev/mem version 2 In-Reply-To: <20180216100613.GA11494@xev> References: <20180216100613.GA11494@xev> Message-ID: <6a59420b-b108-40cd-d743-2ead121b9677@ieee.org> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 02/16/2018 05:06 AM, Russell Coker via refpolicy wrote: > Second version of this patch, it doesn't need execute access. > > Index: refpolicy-2.20180216/policy/modules/contrib/devicekit.te > =================================================================== > --- refpolicy-2.20180216.orig/policy/modules/contrib/devicekit.te > +++ refpolicy-2.20180216/policy/modules/contrib/devicekit.te > @@ -109,6 +109,8 @@ dev_getattr_usbfs_dirs(devicekit_disk_t) > dev_manage_generic_files(devicekit_disk_t) > dev_read_urand(devicekit_disk_t) > dev_rw_sysfs(devicekit_disk_t) > +# /dev/mem is accessed by libparted to get EFI data > +dev_read_raw_memory(devicekit_disk_t) > > domain_getattr_all_pipes(devicekit_disk_t) > domain_getattr_all_sockets(devicekit_disk_t) Merged, though based on the discussion about the code, I moved it to a distro_debian block. -- Chris PeBenito