From 0d619d29dae3f5b554bb8d2ddb67af9e890c3ac6 Mon Sep 17 00:00:00 2001
From: Werner Sembach <werner.sembach@fau.de>
Date: Fri, 7 Sep 2018 19:38:32 +0200
Subject: [PATCH] Add policy to allow shell user access to KList

Change-Id: I0032c19e4297fb148dd1924295cdc4b4f3643ab8
---
 file_contexts | 1 +
 klist.te      | 4 ++++
 2 files changed, 5 insertions(+)
 create mode 100644 klist.te

diff --git a/file_contexts b/file_contexts
index 085a57bb6..d45d8f6f8 100644
--- a/file_contexts
+++ b/file_contexts
@@ -76,6 +76,7 @@
 /dev/input(/.*)		u:object_r:input_device:s0
 /dev/iio:device[0-9]+   u:object_r:iio_device:s0
 /dev/ion		u:object_r:ion_device:s0
+/dev/klist		u:object_r:klist_device:s0
 /dev/kmem		u:object_r:kmem_device:s0
 /dev/log(/.*)?		u:object_r:log_device:s0
 /dev/mem		u:object_r:kmem_device:s0
diff --git a/klist.te b/klist.te
new file mode 100644
index 000000000..a7931eed4
--- /dev/null
+++ b/klist.te
@@ -0,0 +1,4 @@
+type klist_device, dev_type;
+
+# Allow shell user access to KList.
+allow shell klist_device:chr_file { read write open ioctl };
-- 
GitLab