From: pebenito@ieee.org (Chris PeBenito)
Date: Sun, 18 Feb 2018 11:14:03 -0500
Subject: [refpolicy] [PATCH] udisks2 and /dev/mem version 2
In-Reply-To: <20180216100613.GA11494@xev>
References: <20180216100613.GA11494@xev>
Message-ID: <6a59420b-b108-40cd-d743-2ead121b9677@ieee.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 02/16/2018 05:06 AM, Russell Coker via refpolicy wrote:
> Second version of this patch, it doesn't need execute access.
> 
> Index: refpolicy-2.20180216/policy/modules/contrib/devicekit.te
> ===================================================================
> --- refpolicy-2.20180216.orig/policy/modules/contrib/devicekit.te
> +++ refpolicy-2.20180216/policy/modules/contrib/devicekit.te
> @@ -109,6 +109,8 @@ dev_getattr_usbfs_dirs(devicekit_disk_t)
>   dev_manage_generic_files(devicekit_disk_t)
>   dev_read_urand(devicekit_disk_t)
>   dev_rw_sysfs(devicekit_disk_t)
> +# /dev/mem is accessed by libparted to get EFI data
> +dev_read_raw_memory(devicekit_disk_t)
>   
>   domain_getattr_all_pipes(devicekit_disk_t)
>   domain_getattr_all_sockets(devicekit_disk_t)

Merged, though based on the discussion about the code, I moved it to a 
distro_debian block.

-- 
Chris PeBenito