From owner-p4-projects@FreeBSD.ORG  Tue Aug 22 11:53:47 2006
Return-Path: <owner-p4-projects@FreeBSD.ORG>
X-Original-To: p4-projects@freebsd.org
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 654E216A4DF; Tue, 22 Aug 2006 11:53:47 +0000 (UTC)
X-Original-To: perforce@FreeBSD.org
Delivered-To: perforce@FreeBSD.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2A84216A4DA
	for <perforce@FreeBSD.org>; Tue, 22 Aug 2006 11:53:47 +0000 (UTC)
	(envelope-from dongmei@FreeBSD.org)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5EE6C43D46
	for <perforce@FreeBSD.org>; Tue, 22 Aug 2006 11:53:46 +0000 (GMT)
	(envelope-from dongmei@FreeBSD.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id k7MBrk5V043804
	for <perforce@FreeBSD.org>; Tue, 22 Aug 2006 11:53:46 GMT
	(envelope-from dongmei@FreeBSD.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.13.6/8.13.4/Submit) id k7MBrh19043801
	for perforce@freebsd.org; Tue, 22 Aug 2006 11:53:43 GMT
	(envelope-from dongmei@FreeBSD.org)
Date: Tue, 22 Aug 2006 11:53:43 GMT
Message-Id: <200608221153.k7MBrh19043801@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	dongmei@FreeBSD.org using -f
From: dongmei <dongmei@FreeBSD.org>
To: Perforce Change Reviews <perforce@FreeBSD.org>
Cc: 
Subject: PERFORCE change 104768 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Aug 2006 11:53:47 -0000

http://perforce.freebsd.org/chv.cgi?CH=104768

Change 104768 by dongmei@soc-dongmei-sebsd on 2006/08/22 11:53:00

	Correct a part of booting error, as the error about swapon, fsck and hosstname. In addition, make the filesystem types that cannot support persistent label mapping such as devfs labeled correctly. 

Affected files ...

.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/corecommands.fc#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/corecommands.if#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/corecommands.te#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/corenetwork.fc#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/corenetwork.if#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/corenetwork.if.in#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/corenetwork.if.m4#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/corenetwork.te#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/corenetwork.te.in#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/corenetwork.te.m4#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/devices.fc#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/devices.if#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/devices.te#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/domain.fc#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/domain.if#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/domain.te#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/files.fc#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/files.if#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/files.te#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/filesystem.fc#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/filesystem.if#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/filesystem.te#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/kernel.fc#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/kernel.if#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/kernel.te#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/mcs.fc#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/mcs.if#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/mcs.te#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/metadata.xml#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/mls.fc#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/mls.if#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/mls.te#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/selinux.fc#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/selinux.if#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/selinux.te#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/storage.fc#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/storage.if#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/storage.te#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/terminal.fc#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/terminal.if#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/terminal.te#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/authlogin.fc#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/authlogin.if#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/authlogin.te#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/clock.fc#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/clock.if#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/clock.te#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/daemontools.fc#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/daemontools.if#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/daemontools.te#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/fstools.fc#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/fstools.if#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/fstools.te#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/getty.fc#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/getty.if#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/getty.te#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/hostname.fc#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/hostname.if#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/hostname.te#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/hotplug.fc#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/hotplug.if#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/hotplug.te#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/init.fc#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/init.if#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/init.te#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/ipsec.fc#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/ipsec.if#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/ipsec.te#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/iptables.fc#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/iptables.if#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/iptables.te#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/libraries.fc#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/libraries.if#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/libraries.te#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/locallogin.fc#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/locallogin.if#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/locallogin.te#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/logging.fc#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/logging.if#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/logging.te#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/lvm.fc#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/lvm.if#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/lvm.te#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/metadata.xml#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/miscfiles.fc#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/miscfiles.if#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/miscfiles.te#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/modutils.fc#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/modutils.if#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/modutils.te#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/mount.fc#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/mount.if#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/mount.te#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/pcmcia.fc#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/pcmcia.if#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/pcmcia.te#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/raid.fc#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/raid.if#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/raid.te#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/selinuxutil.fc#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/selinuxutil.if#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/selinuxutil.te#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/sysnetwork.fc#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/sysnetwork.if#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/sysnetwork.te#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/udev.fc#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/udev.if#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/udev.te#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/unconfined.fc#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/unconfined.if#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/unconfined.te#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/userdomain.fc#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/userdomain.if#2 edit
.. //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/userdomain.te#2 edit

Differences ...

==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/corecommands.fc#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/corecommands.if#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/corecommands.te#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/corenetwork.fc#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/corenetwork.if#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/corenetwork.if.in#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/corenetwork.if.m4#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/corenetwork.te#2 (text+ko) ====

@@ -47,6 +47,7 @@
 
 type ppp_device_t;
 dev_node(ppp_device_t)
+genfscon devfs /ppp gen_context(system_u:object_r:ppp_device_t,s0)
 
 #
 # tun_tap_device_t is the type of /dev/net/tun/* and /dev/net/tap/*

==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/corenetwork.te.in#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/corenetwork.te.m4#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/devices.fc#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/devices.if#2 (text+ko) ====

@@ -2253,6 +2253,21 @@
 
 	allow $1 sysfs_t:dir search;
 ')
+############################################################
+## <summary>
+##	Get the attributes of devfs
+## </summary>
+## <param name="domain">
+##	<summary>
+##		The type of the process performing this action
+##	</summary>
+## </param>
+#
+interface(`dev_getattr_devfs',`
+		# TODO
+	allow $1 device_t:filesystem getattr;
+')
+
 
 ########################################
 ## <summary>
@@ -2271,7 +2286,24 @@
 
 	dontaudit $1 sysfs_t:dir search;
 ')
+############################################################
+## <summary>
+##	Search the devfs directories
+## </summary>
+## <param name="domain">
+##	<summary>
+##		The type of the process performing this action
+##	</summary>
+## </param>
+#
+interface(`dev_search_devfs',`
+	gen_require(`
+		type device_t;
+	')
+		allow $1 device_t:dir search;
+	')
 
+
 ########################################
 ## <summary>
 ##	List the contents of the sysfs directories.
@@ -2308,6 +2340,23 @@
 	allow $1 sysfs_t:dir r_dir_perms;
 	allow $1 sysfs_t:{ file lnk_file } r_file_perms;
 ')
+########################################
+## <summary>
+##	Allow caller to read /dev 
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The process type reading hardware state information.
+##	</summary>
+## </param>
+#
+interface(`dev_read_chr_file_devfs',`
+	gen_require(`
+		type device_t;
+	')
+
+	allow $1 device_t:chr_file r_file_perms;
+')
 
 ########################################
 ## <summary>

==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/devices.te#2 (text+ko) ====

@@ -158,7 +158,9 @@
 fs_noxattr_type(usbfs_t)
 genfscon usbfs / gen_context(system_u:object_r:usbfs_t,s0)
 genfscon usbdevfs / gen_context(system_u:object_r:usbfs_t,s0)
-
+#lll begin
+genfscon usbdevfs /0 --  gen_context(system_u:object_r:usbfs_t,s0)
+#lll end
 #
 # usb_device_t is the type for /dev/bus/usb/[0-9]+/[0-9]+
 #
@@ -167,7 +169,23 @@
 
 # SEBSD still uses devfs so we need to genfscon the usb entries
 genfscon devfs /usb gen_context(system_u:object_r:usb_device_t,s0)
+#lll begin
+genfscon devfs / gen_context(system_u:object_r:device_t,s0)
 
+genfscon devfs /acd -c  gen_context(system_u:object_r:fixed_disk_device_t,s0)
+genfscon devfs /fd -c  gen_context(system_u:object_r:fixed_disk_device_t,s0)
+genfscon devfs /initctl gen_context(system_u:object_r:initctl_t,s0)
+genfscon devfs /log gen_context(system_u:object_r:devlog_t,s0)
+genfscon devfs /misc/psaux gen_context(system_u:object_r:mouse_device_t,s0)
+genfscon devfs /input/mouse gen_context(system_u:object_r:mouse_device_t,s0)
+genfscon devfs /mse gen_context(system_u:object_r:mouse_device_t,s0)
+genfscon devfs /psm gen_context(system_u:object_r:mouse_device_t,s0)
+genfscon devfs /acpi gen_context(system_u:object_r:mouse_device_t,s0)
+genfscon devfs /sound -c gen_context(system_u:object_r:sound_device_t,s0)
+#genfscon devfs /usb gen_context(system_u:object_r:usbdevfs_device_t,s0)
+#genfscon devfs /bpf -c gen_context(system_u:object_r:bpf_device_t,s0)
+#genfscon devfs /klog  gen_context(system_u:object_r:klog_device_t,s0)
+#lll end
 type v4l_device_t;
 dev_node(v4l_device_t)
 

==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/domain.fc#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/domain.if#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/domain.te#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/files.fc#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/files.if#2 (text+ko) ====

@@ -2773,7 +2773,24 @@
 	allow $1 usr_t:dir search;
 	allow $1 usr_t:file getattr;
 ')
+########################################
+## <summary>
+##	Get the attributes of files in /etc.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`files_getattr_etc_files',`
+	gen_require(`
+		type etc_t;
+	')
 
+	allow $1 etc_t:file getattr;
+')
+
 ########################################
 #
 # files_read_usr_files(domain)
@@ -3016,6 +3033,25 @@
 
 	dontaudit $1 var_t:dir write;
 ')
+############################################################
+## <summary>
+##	Search the contents of /
+## </summary>
+## <param name="domain">
+##	<summary>
+##		Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`files_search_root',`
+
+	gen_require(`
+		type root_t;
+	')
+
+	allow $1 root_t:dir search_dir_perms;
+')
+
 
 ########################################
 ## <summary>
@@ -3215,7 +3251,24 @@
 
 	allow $1 { var_t var_lib_t }:dir search_dir_perms;
 ')
+########################################
+## <summary>
+##	Search the /var/run directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`files_search_var_run',`
+	gen_require(`
+		type var_t, var_run_t;
+	')
 
+	allow $1 { var_t var_run_t }:dir search_dir_perms;
+')
+
 ########################################
 ## <summary>
 ##	List the contents of the /var/lib directory.
@@ -3283,6 +3336,24 @@
 	allow $1 { var_t var_lib_t }:dir search_dir_perms;
 	allow $1 var_lib_t:file r_file_perms;
 ')
+########################################
+## <summary>
+##	Read generic files in /var/run.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`files_read_var_run_files',`
+	gen_require(`
+		type var_t, var_run_t;
+	')
+
+	allow $1 { var_t var_run_t }:dir search_dir_perms;
+	allow $1 var_run_t:file r_file_perms;
+')
 
 ########################################
 ## <summary>

==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/files.te#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/filesystem.fc#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/filesystem.if#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/filesystem.te#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/kernel.fc#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/kernel.if#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/kernel.te#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/mcs.fc#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/mcs.if#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/mcs.te#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/metadata.xml#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/mls.fc#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/mls.if#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/mls.te#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/selinux.fc#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/selinux.if#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/selinux.te#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/storage.fc#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/storage.if#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/storage.te#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/terminal.fc#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/terminal.if#2 (text+ko) ====

@@ -532,6 +532,23 @@
 	allow $1 devpts_t:dir r_dir_perms;
 	dontaudit $1 ptynode:chr_file getattr;
 ')
+############################################################
+## <summary>
+##	Get the attributes of console device
+## </summary>
+## <param name="domain">
+##	<summary>
+##		Domain allowed access
+##	</summary>
+## </param>
+#
+interface(`term_getattr_console',`
+	gen_require(`
+		type console_device_t;
+	')
+	allow $1 console_device_t:chr_file getattr;
+')
+
 
 ########################################
 ## <summary>

==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/kernel/terminal.te#2 (text+ko) ====

@@ -14,6 +14,25 @@
 # bsdpty_device_t is the type of /dev/[tp]ty[abcdepqrstuvwxyz][0-9a-f]
 type bsdpty_device_t;
 dev_node(bsdpty_device_t)
+genfscon devfs /null gen_context(system_u:object_r:null_device_t,s0)
+genfscon devfs /zero gen_context(system_u:object_r:zero_device_t,s0)
+genfscon devfs /console gen_context(system_u:object_r:console_device_t,s0)
+genfscon devfs /kmem gen_context(system_u:object_r:memory_device_t,s0)
+genfscon devfs /mem gen_context(system_u:object_r:memory_device_t,s0)
+genfscon devfs /random gen_context(system_u:object_r:random_device_t,s0)
+genfscon devfs /urandom gen_context(system_u:object_r:random_device_t,s0)
+genfscon devfs /tty gen_context(system_u:object_r:devtty_t,s0)
+genfscon devfs /ctty gen_context(system_u:object_r:devtty_t,s0)
+genfscon devfs /ttyv gen_context(system_u:object_r:tty_device_t,s0)
+genfscon devfs /pty gen_context(system_u:object_r:devpts_t,s0)
+genfscon devfs /ttyp gen_context(system_u:object_r:devpts_t,s0)
+genfscon devfs /ttyq gen_context(system_u:object_r:devpts_t,s0)
+genfscon devfs /ttyr gen_context(system_u:object_r:devpts_t,s0)
+genfscon devfs /ttys gen_context(system_u:object_r:devpts_t,s0)
+genfscon devfs /ttyP gen_context(system_u:object_r:devpts_t,s0)
+genfscon devfs /ttyQ gen_context(system_u:object_r:devpts_t,s0)
+genfscon devfs /ttyR gen_context(system_u:object_r:devpts_t,s0)
+genfscon devfs /ttyS gen_context(system_u:object_r:devpts_t,s0)
 
 #
 # console_device_t is the type of /dev/console.

==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/authlogin.fc#2 (text+ko) ====

@@ -1,5 +1,5 @@
 
-/bin/login		--	gen_context(system_u:object_r:login_exec_t,s0)
+/usr/bin/login		--	gen_context(system_u:object_r:login_exec_t,s0)
 
 /etc/\.pwd\.lock	--	gen_context(system_u:object_r:shadow_t,s0)
 /etc/group\.lock	--	gen_context(system_u:object_r:shadow_t,s0)

==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/authlogin.if#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/authlogin.te#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/clock.fc#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/clock.if#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/clock.te#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/daemontools.fc#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/daemontools.if#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/daemontools.te#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/fstools.fc#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/fstools.if#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/fstools.te#2 (text+ko) ====

@@ -73,7 +73,30 @@
 dev_getattr_usbfs_dirs(fsadm_t)
 # Access to /dev/mapper/control
 dev_rw_lvm_control(fsadm_t)
+#lll begin for swapon
+#Access /dev
+dev_search_devfs(fsadm_t)
+#Access /dev/console
+term_getattr_console(fsadm_t)
+#?for the avc error denied:fsadm_t init_t:fd {use}
+init_use_fds(fsadm_t)
+storage_getattr_fixed_disk_dev(fsadm_t)
+#for fsck
+#for fsck search /sbin directory
+corecmd_search_sbin(fsadm_t)
+#for  fsck_ufs,fsck_ffs,fsck_4.2bsd command
+can_exec(fsadm_t,fsadm_exec_t)
+#
+corecmd_search_bin(fsadm_t)
+#for /libexec/ld-elf.so.1
+libs_exec_ld_so(fsadm_t)
+#for fsck_ufs
+dev_getattr_devfs(fsadm_t)
+
+
+
 
+#lll end
 fs_search_auto_mountpoints(fsadm_t)
 fs_getattr_xattr_fs(fsadm_t)
 fs_rw_ramfs_pipes(fsadm_t)
@@ -167,3 +190,9 @@
 optional_policy(`nis',`
 	nis_use_ypbind(fsadm_t)
 ')
+#lll begin
+storage_raw_read_fixed_disk(fsadm_t)
+
+storage_raw_write_fixed_disk(fsadm_t)
+
+

==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/getty.fc#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/getty.if#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/getty.te#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/hostname.fc#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/hostname.if#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/hostname.te#2 (text+ko) ====

@@ -56,6 +56,27 @@
 sysnet_read_config(hostname_t)
 sysnet_dns_name_resolve(hostname_t)
 
+#begin lll
+allow hostname_t hostname_exec_t:file entrypoint;
+allow hostname_t hostname_t:fd create;
+allow hostname_t hostname_t:capability sys_resource;
+allow hostname_t hostname_t:fd use;
+
+files_search_root(hostname_t)
+files_search_etc(hostname_t)
+files_read_etc_files(hostname_t)
+files_getattr_etc_files(hostname_t)
+files_search_var(hostname_t)
+files_search_var_run(hostname_t)
+files_read_var_run_files(hostname_t)
+libs_search_lib(hostname_t)
+libs_read_shlib_files(hostname_t)
+files_getattr_shlib_files(hostname_t)
+libs_exec_shlib_files(hostname_t)
+userdom_rw_sysadm_pipes(hostname_t)
+userdom_getattr_sysadm_pipes(hostname_t)
+dev_read_chr_file_devfs(hostname_t)
+
 
 
 

==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/hotplug.fc#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/hotplug.if#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/hotplug.te#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/init.fc#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/init.if#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/init.te#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/ipsec.fc#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/ipsec.if#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/ipsec.te#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/iptables.fc#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/iptables.if#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/iptables.te#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/libraries.fc#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/libraries.if#2 (text+ko) ====

@@ -220,7 +220,25 @@
 	allow $1 lib_t:dir r_dir_perms;
 	allow $1 lib_t:{ file lnk_file } r_file_perms;
 ')
+########################################
+## <summary>
+##	Read files in the library directories, such
+##	as static libraries.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The type of the process performing this action.
+##	</summary>
+## </param>
+#
+interface(`libs_read_shlib_files',`
+	gen_require(`
+		type shlib_t;
+	')
 
+	allow $1 shlib_t:{ file lnk_file } r_file_perms;
+')
+
 ########################################
 ## <summary>
 ##	Execute library scripts in the caller domain.
@@ -241,6 +259,40 @@
 	allow $1 lib_t:lnk_file r_file_perms;
 	can_exec($1,lib_t)
 ')
+########################################
+## <summary>
+##	Execute library scripts in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The type of the process performing this action.
+##	</summary>
+## </param>
+#
+interface(`libs_exec_shlib_files',`
+	gen_require(`
+		type shlib_t;
+	')
+
+	can_exec($1,shlib_t)
+')
+########################################
+## <summary>
+##	Get the attributes of files in /lib/*.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`files_getattr_shlib_files',`
+	gen_require(`
+		type shlib_t;
+	')
+
+	allow $1 shlib_t:file getattr;
+')
 
 ########################################
 ## <summary>

==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/libraries.te#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/locallogin.fc#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/locallogin.if#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/locallogin.te#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/logging.fc#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/logging.if#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/logging.te#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/lvm.fc#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/lvm.if#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/lvm.te#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/metadata.xml#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/miscfiles.fc#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/miscfiles.if#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/miscfiles.te#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/modutils.fc#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/modutils.if#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/modutils.te#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/mount.fc#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/mount.if#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/mount.te#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/pcmcia.fc#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/pcmcia.if#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/pcmcia.te#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/raid.fc#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/raid.if#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/raid.te#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/selinuxutil.fc#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/selinuxutil.if#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/selinuxutil.te#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/sysnetwork.fc#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/sysnetwork.if#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/sysnetwork.te#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/udev.fc#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/udev.if#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/udev.te#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/unconfined.fc#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/unconfined.if#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/unconfined.te#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/userdomain.fc#2 (text+ko) ====


==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/userdomain.if#2 (text+ko) ====

@@ -974,6 +974,17 @@
 	allow $1 removable_t:filesystem getattr;
 
 	') dnl endif TODO
+files_search_mnt($1_t)
+corecmd_exec_sbin($1_t)
+corecmd_exec_shell($1_t)
+files_search_boot($1_t)
+files_exec_etc_files($1_t)
+files_exec_usr_files($1_t)
+files_manage_var_dirs($1_t)
+logging_search_logs($1_t)
+
+
+
 ')
 
 ########################################
@@ -3411,6 +3422,23 @@
 
 	allow $1 sysadm_home_dir_t:dir getattr;
 ')
+########################################
+## <summary>
+##	Get the attributes of the sysadm pipes 
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`userdom_getattr_sysadm_pipes',`
+	gen_require(`
+		type sysadm_t;
+	')
+
+	allow $1 sysadm_t:fifo_file getattr;
+')
 
 ########################################
 ## <summary>
@@ -4432,3 +4460,5 @@
 	allow $1 user_home_dir_t:dir create_dir_perms;
 	files_home_filetrans($1,user_home_dir_t,dir)
 ')
+
+

==== //depot/projects/soc2006/dongmei_sebsd/contrib/sebsd/refpolicy/policy/modules/system/userdomain.te#2 (text+ko) ====