From 190c704db815229dd6dfd1ef174cb4433c07d956 Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Wed, 22 Jan 2014 13:23:02 -0500
Subject: [PATCH] Allow healthd to read/write /dev/__null_.

init creates a private /dev/null instance named /dev/__null__
that is inherited by healthd.  Since it is created prior to
initial policy load, it is left in the tmpfs type.
Allow healthd to inherit and use the open fd.

Change-Id: I525fb4527766d0780457642ebcc19c0fcfd1778c
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 healthd.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/healthd.te b/healthd.te
index 9d2357132..b5ba6b97a 100644
--- a/healthd.te
+++ b/healthd.te
@@ -6,6 +6,9 @@ type healthd_exec, exec_type, file_type;
 init_daemon_domain(healthd)
 allow healthd rootfs:file { read entrypoint };
 write_klog(healthd)
+# /dev/__null__ created by init prior to policy load,
+# open fd inherited by healthd.
+allow healthd tmpfs:chr_file { read write };
 
 allow healthd self:capability { net_admin mknod };
 allow healthd self:capability2 block_suspend;
-- 
GitLab