| 1 |
commit: fec9076c9737065e1086229ba4e5eac65a0458fd |
| 2 |
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be> |
| 3 |
AuthorDate: Fri Aug 24 16:34:30 2012 +0000 |
| 4 |
Commit: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be> |
| 5 |
CommitDate: Fri Aug 24 16:34:30 2012 +0000 |
| 6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=fec9076c |
| 7 |
|
| 8 |
Backport Intel Active Management Technology support |
| 9 |
|
| 10 |
Intel® Active Management Technology |
| 11 |
|
| 12 |
Intel® AMT Linux support includes two components that allow interaction |
| 13 |
between the Intel® AMT FW and the Linux OS: Intel® MEI (Intel® Management Engine Interface) |
| 14 |
driver and LMS (Local Management Service) driver. Intel® MEI driver |
| 15 |
allows application to communicate with the FW using host interface, |
| 16 |
and LMS driver allows applications to access the Intel® AMT FW via the |
| 17 |
local Intel® Management Engine Interface (Intel® MEI). |
| 18 |
|
| 19 |
In addition, Intel has validated a kernel patch to enable |
| 20 |
IDE-redirection. This is a community maintained patch, but Intel is |
| 21 |
distributing the version used in the validation of the other Intel® AMT |
| 22 |
components released here: |
| 23 |
|
| 24 |
http://software.intel.com/en-us/articles/download-the-latest-intel-amt-open-source-drivers/ |
| 25 |
|
| 26 |
Declare a mei_device_t device node tyoe and label /dev/mei accordingly. |
| 27 |
|
| 28 |
Signed-off-by: Dominick Grift <dominick.grift <AT> gmail.com> |
| 29 |
|
| 30 |
--- |
| 31 |
policy/modules/kernel/devices.fc | 1 + |
| 32 |
policy/modules/kernel/devices.te | 5 ++++- |
| 33 |
2 files changed, 5 insertions(+), 1 deletions(-) |
| 34 |
|
| 35 |
diff --git a/policy/modules/kernel/devices.fc b/policy/modules/kernel/devices.fc |
| 36 |
index 02b7ac1..297e250 100644 |
| 37 |
--- a/policy/modules/kernel/devices.fc |
| 38 |
+++ b/policy/modules/kernel/devices.fc |
| 39 |
@@ -59,6 +59,7 @@ |
| 40 |
/dev/logibm -c gen_context(system_u:object_r:mouse_device_t,s0) |
| 41 |
/dev/lp.* -c gen_context(system_u:object_r:printer_device_t,s0) |
| 42 |
/dev/mcelog -c gen_context(system_u:object_r:kmsg_device_t,mls_systemhigh) |
| 43 |
+/dev/mei -c gen_context(system_u:object_r:mei_device_t,s0) |
| 44 |
/dev/mem -c gen_context(system_u:object_r:memory_device_t,mls_systemhigh) |
| 45 |
/dev/mergemem -c gen_context(system_u:object_r:memory_device_t,mls_systemhigh) |
| 46 |
/dev/mga_vid.* -c gen_context(system_u:object_r:xserver_misc_device_t,s0) |
| 47 |
|
| 48 |
diff --git a/policy/modules/kernel/devices.te b/policy/modules/kernel/devices.te |
| 49 |
index 06eda45..17e0915 100644 |
| 50 |
--- a/policy/modules/kernel/devices.te |
| 51 |
+++ b/policy/modules/kernel/devices.te |
| 52 |
@@ -1,4 +1,4 @@ |
| 53 |
-policy_module(devices, 1.14.0) |
| 54 |
+policy_module(devices, 1.14.2) |
| 55 |
|
| 56 |
######################################## |
| 57 |
# |
| 58 |
@@ -121,6 +121,9 @@ dev_node(lirc_device_t) |
| 59 |
type lvm_control_t; |
| 60 |
dev_node(lvm_control_t) |
| 61 |
|
| 62 |
+type mei_device_t; |
| 63 |
+dev_node(mei_device_t) |
| 64 |
+ |
| 65 |
# |
| 66 |
# memory_device_t is the type of /dev/kmem, |
| 67 |
# /dev/mem and /dev/port. |
Archives