commit: c6a0130e91531f40f79fb38cf2f7fd1d829d7565 Author: Vit Mojzis <vmojzis <AT> redhat <DOT> com> AuthorDate: Thu Oct 1 08:20:01 2015 +0000 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> CommitDate: Fri Feb 12 03:15:07 2016 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=c6a0130e
Add interface to allow reading files in efivarfs - contains Linux Kernel configuration options for UEFI systems (UEFI Runtime Variables) policy/modules/kernel/filesystem.if | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/policy/modules/kernel/filesystem.if b/policy/modules/kernel/filesystem.if index c5a1ad1..11fff8d 100644 --- a/policy/modules/kernel/filesystem.if +++ b/policy/modules/kernel/filesystem.if @@ -1846,6 +1846,26 @@ interface(`fs_manage_dos_files',` manage_files_pattern($1, dosfs_t, dosfs_t) ') +####################################### +## <summary> +## Read files in efivarfs +## - contains Linux Kernel configuration options for UEFI systems +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +## <rolecap/> +# +interface(`fs_read_efivarfs_files',` + gen_require(` + type efivarfs_t; + ') + + read_files_pattern($1, efivarfs_t, efivarfs_t) +') + ######################################## ## <summary> ## Read eventpollfs files.