From 587f4b1ae4aaccd5519083833e5f65b106904f51 Mon Sep 17 00:00:00 2001
From: toni <matzeton@googlemail.com>
Date: Mon, 24 Nov 2014 19:05:36 +0100
Subject: - new selinux pols

---
 selinux_pols/hald.te | 24 ++++++++++++++++++++++--
 1 file changed, 22 insertions(+), 2 deletions(-)

(limited to 'selinux_pols/hald.te')

diff --git a/selinux_pols/hald.te b/selinux_pols/hald.te
index cff1057..6f40fad 100644
--- a/selinux_pols/hald.te
+++ b/selinux_pols/hald.te
@@ -1,5 +1,4 @@
-
-module hald-custom 1.0;
+module hald-custom 1.2;
 
 require {
 	type fixed_disk_device_t;
@@ -17,3 +16,24 @@ allow system_dbusd_t fixed_disk_device_t:blk_file { ioctl open };
 
 allow system_dbusd_t mnt_t:dir { write remove_name add_name };
 allow system_dbusd_t mnt_t:file { write rename create unlink };
+
+require {
+	type removable_device_t;
+	type event_device_t;
+	type system_dbusd_t;
+	class blk_file { read ioctl open };
+	class chr_file read;
+}
+
+#============= system_dbusd_t ==============
+allow system_dbusd_t event_device_t:chr_file read;
+allow system_dbusd_t removable_device_t:blk_file { read ioctl open };
+
+require {
+	type removable_device_t;
+	type system_dbusd_t;
+	class blk_file { read ioctl open };
+}
+
+#============= system_dbusd_t ==============
+allow system_dbusd_t removable_device_t:blk_file { read ioctl open };
-- 
cgit v1.2.3