PERFORCE change 71823 for review
Kelly Djahandari
kelly at FreeBSD.org
Fri Feb 25 14:47:21 GMT 2005
http://perforce.freebsd.org/chv.cgi?CH=71823
Change 71823 by kelly at kelly_riveroaks2.earthlink.net on 2005/02/25 14:46:40
Added allow of usb devices to /var/run, removed poll since
already included in rw_file_perms macro, added mouse_device_t
access, and dontaudit file descriptor use from init.
Affected files ...
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policy/domains/program/usbd.te#6 edit
Differences ...
==== //depot/projects/trustedbsd/sebsd/contrib/sebsd/policy/domains/program/usbd.te#6 (text+ko) ====
@@ -17,8 +17,17 @@
allow usbd_t etc_t:file r_file_perms;
allow usbd_t self:fd *;
+dontaudit usbd_t init_t:fd use;
+
+
uses_shlib(usbd_t)
can_exec_any(usbd_t)
# allow usb device access
-allow usbd_t usbdevfs_device_t:chr_file { poll rw_file_perms };
+allow usbd_t usbdevfs_device_t:chr_file { rw_file_perms };
+allow usbd_t mouse_device_t:chr_file { rw_file_perms };
+
+#allow usb devices /var access
+allow usbd_t var_run_t:file { create write getattr };
+allow usbd_t var_run_t:dir { add_name };
+
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list