From 41e539010df1fa58abf6b57959ea30a05ff80102 Mon Sep 17 00:00:00 2001
From: rpcraig <rpcraig@tycho.ncsc.mil>
Date: Tue, 4 Dec 2012 06:45:21 -0500
Subject: [PATCH] New dev_types and other minor adjustments.

Add new dev_type:
- ump_device : Unified Memory Provider driver.
       The file_contexts entry should be
       described on a per device basis.

Minor adjustments:
- tee needs netlink socket access.
- ueventd needs to grant file operations.

Change-Id: I915304da687d3a2b9aa417e6f91ea915bd697676
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
---
 tee.te     | 1 +
 ueventd.te | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/tee.te b/tee.te
index ce4e2b6f7..d5e8ff7d4 100644
--- a/tee.te
+++ b/tee.te
@@ -11,3 +11,4 @@ allow tee self:capability { dac_override };
 allow tee tee_device:chr_file rw_file_perms;
 allow tee tee_data_file:dir { getattr write add_name };
 allow tee tee_data_file:file create_file_perms;
+allow tee self:netlink_socket { create bind read };
diff --git a/ueventd.te b/ueventd.te
index 81a660f89..1e5a79716 100644
--- a/ueventd.te
+++ b/ueventd.te
@@ -5,7 +5,7 @@ tmpfs_domain(ueventd)
 allow ueventd rootfs:file r_file_perms;
 allow ueventd rootfs:file entrypoint;
 allow ueventd init:process sigchld;
-allow ueventd self:capability { chown mknod net_admin setgid fsetid sys_rawio dac_override };
+allow ueventd self:capability { chown mknod net_admin setgid fsetid sys_rawio dac_override fowner };
 allow ueventd device:file create_file_perms;
 allow ueventd device:chr_file rw_file_perms;
 allow ueventd sysfs:file rw_file_perms;
-- 
GitLab