Description of problem: /dev/media[0-9] are currently labeled device_t Version-Release number of selected component (if applicable): any From 083fd70a7a270511ffa625e9b8860885e8768bfd Mon, 26 Sep 2011 13:04:12 +0200 From: Dominick Grift <dominick.grift> Date: Mon, 26 Sep 2011 12:54:12 +0200 Subject: [PATCH] v4l2 media controller: http://linuxtv.org/downloads/presentations/summit_jun_2010/20100614-v4l2_summit-media.pdf Signed-off-by: Dominick Grift <dominick.grift> diff --git a/policy/modules/kernel/devices.fc b/policy/modules/kernel/devices.fc index a9038b9..def5425 100644 --- a/policy/modules/kernel/devices.fc +++ b/policy/modules/kernel/devices.fc @@ -61,6 +61,7 @@ /dev/loop-control -c gen_context(system_u:object_r:loop_control_device_t,s0) /dev/lp.* -c gen_context(system_u:object_r:printer_device_t,s0) /dev/mcelog -c gen_context(system_u:object_r:kmsg_device_t,mls_systemhigh) +/dev/media.* -c gen_context(system_u:object_r:v4l_device_t,s0) /dev/mem -c gen_context(system_u:object_r:memory_device_t,mls_systemhigh) /dev/mergemem -c gen_context(system_u:object_r:memory_device_t,mls_systemhigh) /dev/mga_vid.* -c gen_context(system_u:object_r:xserver_misc_device_t,s0) diff --git a/policy/modules/kernel/devices.if b/policy/modules/kernel/devices.if index 2429787..0d5528a 100644 --- a/policy/modules/kernel/devices.if +++ b/policy/modules/kernel/devices.if @@ -5701,6 +5701,16 @@ filetrans_pattern($1, device_t, vmware_device_t, chr_file, "vmnet7") filetrans_pattern($1, device_t, vmware_device_t, chr_file, "vmnet8") filetrans_pattern($1, device_t, vmware_device_t, chr_file, "vmnet9") + filetrans_pattern($1, device_t, v4l_device_t, chr_file, "media0") + filetrans_pattern($1, device_t, v4l_device_t, chr_file, "media1") + filetrans_pattern($1, device_t, v4l_device_t, chr_file, "media2") + filetrans_pattern($1, device_t, v4l_device_t, chr_file, "media3") + filetrans_pattern($1, device_t, v4l_device_t, chr_file, "media4") + filetrans_pattern($1, device_t, v4l_device_t, chr_file, "media5") + filetrans_pattern($1, device_t, v4l_device_t, chr_file, "media6") + filetrans_pattern($1, device_t, v4l_device_t, chr_file, "media7") + filetrans_pattern($1, device_t, v4l_device_t, chr_file, "media8") + filetrans_pattern($1, device_t, v4l_device_t, chr_file, "media9") filetrans_pattern($1, device_t, v4l_device_t, chr_file, "video0") filetrans_pattern($1, device_t, v4l_device_t, chr_file, "video1") filetrans_pattern($1, device_t, v4l_device_t, chr_file, "video2")
Could you push the patch?
http://git.fedorahosted.org/git/?p=selinux-policy.git;a=commitdiff;h=083fd70a7a270511ffa625e9b8860885e8768bfd