commit: c6a0130e91531f40f79fb38cf2f7fd1d829d7565
Author: Vit Mojzis <vmojzis <AT> redhat <DOT> com>
AuthorDate: Thu Oct 1 08:20:01 2015 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Fri Feb 12 03:15:07 2016 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=c6a0130e
Add interface to allow reading files in efivarfs - contains Linux Kernel
configuration options for UEFI systems (UEFI Runtime Variables)
policy/modules/kernel/filesystem.if | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/policy/modules/kernel/filesystem.if
b/policy/modules/kernel/filesystem.if
index c5a1ad1..11fff8d 100644
--- a/policy/modules/kernel/filesystem.if
+++ b/policy/modules/kernel/filesystem.if
@@ -1846,6 +1846,26 @@ interface(`fs_manage_dos_files',`
manage_files_pattern($1, dosfs_t, dosfs_t)
')
+#######################################
+## <summary>
+## Read files in efivarfs
+## - contains Linux Kernel configuration options for UEFI systems
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+## <rolecap/>
+#
+interface(`fs_read_efivarfs_files',`
+ gen_require(`
+ type efivarfs_t;
+ ')
+
+ read_files_pattern($1, efivarfs_t, efivarfs_t)
+')
+
########################################
## <summary>
## Read eventpollfs files.
