Date: Fri, 25 Feb 2005 14:47:21 GMT From: Kelly Djahandari <kelly@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 71823 for review Message-ID: <200502251447.j1PElLJJ070230@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=71823 Change 71823 by kelly@kelly_riveroaks2.earthlink.net on 2005/02/25 14:46:40 Added allow of usb devices to /var/run, removed poll since already included in rw_file_perms macro, added mouse_device_t access, and dontaudit file descriptor use from init. Affected files ... .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policy/domains/program/usbd.te#6 edit Differences ... ==== //depot/projects/trustedbsd/sebsd/contrib/sebsd/policy/domains/program/usbd.te#6 (text+ko) ==== @@ -17,8 +17,17 @@ allow usbd_t etc_t:file r_file_perms; allow usbd_t self:fd *; +dontaudit usbd_t init_t:fd use; + + uses_shlib(usbd_t) can_exec_any(usbd_t) # allow usb device access -allow usbd_t usbdevfs_device_t:chr_file { poll rw_file_perms }; +allow usbd_t usbdevfs_device_t:chr_file { rw_file_perms }; +allow usbd_t mouse_device_t:chr_file { rw_file_perms }; + +#allow usb devices /var access +allow usbd_t var_run_t:file { create write getattr }; +allow usbd_t var_run_t:dir { add_name }; +
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200502251447.j1PElLJJ070230>