| 1 |
commit: 63ab6a3846fefa9040bd9a3b21bdfa8c84b5dc31 |
| 2 |
Author: Jason Zaman <jason <AT> perfinion <DOT> com> |
| 3 |
AuthorDate: Sat Jan 12 08:03:40 2019 +0000 |
| 4 |
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Sun Feb 10 04:11:25 2019 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=63ab6a38 |
| 7 |
|
| 8 |
devices: introduce dev_dontaudit_read_sysfs |
| 9 |
|
| 10 |
Signed-off-by: Jason Zaman <jason <AT> perfinion.com> |
| 11 |
|
| 12 |
policy/modules/kernel/devices.if | 20 ++++++++++++++++++++ |
| 13 |
1 file changed, 20 insertions(+) |
| 14 |
|
| 15 |
diff --git a/policy/modules/kernel/devices.if b/policy/modules/kernel/devices.if |
| 16 |
index 0966a468..84b9d8fb 100644 |
| 17 |
--- a/policy/modules/kernel/devices.if |
| 18 |
+++ b/policy/modules/kernel/devices.if |
| 19 |
@@ -4043,6 +4043,26 @@ interface(`dev_dontaudit_getattr_sysfs',` |
| 20 |
dontaudit $1 sysfs_t:filesystem getattr; |
| 21 |
') |
| 22 |
|
| 23 |
+######################################## |
| 24 |
+## <summary> |
| 25 |
+## Dont audit attempts to read hardware state information |
| 26 |
+## </summary> |
| 27 |
+## <param name="domain"> |
| 28 |
+## <summary> |
| 29 |
+## Domain for which the attempts do not need to be audited |
| 30 |
+## </summary> |
| 31 |
+## </param> |
| 32 |
+# |
| 33 |
+interface(`dev_dontaudit_read_sysfs',` |
| 34 |
+ gen_require(` |
| 35 |
+ type sysfs_t; |
| 36 |
+ ') |
| 37 |
+ |
| 38 |
+ dontaudit $1 sysfs_t:file read_file_perms; |
| 39 |
+ dontaudit $1 sysfs_t:dir list_dir_perms; |
| 40 |
+ dontaudit $1 sysfs_t:lnk_file read_lnk_file_perms; |
| 41 |
+') |
| 42 |
+ |
| 43 |
######################################## |
| 44 |
## <summary> |
| 45 |
## mounton sysfs directories. |
Archives