Signed-off-by: Jason Zaman <jason@xxxxxxxxxxxxx> --- policy/modules/kernel/devices.if | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/policy/modules/kernel/devices.if b/policy/modules/kernel/devices.if index 65bfcb63..78a95ce8 100644 --- a/policy/modules/kernel/devices.if +++ b/policy/modules/kernel/devices.if @@ -4043,6 +4043,26 @@ interface(`dev_dontaudit_getattr_sysfs',` dontaudit $1 sysfs_t:filesystem getattr; ') +######################################## +## <summary> +## Dont audit attempts to read hardware state information +## </summary> +## <param name="domain"> +## <summary> +## Domain for which the attempts do not need to be audited +## </summary> +## </param> +# +interface(`dev_dontaudit_read_sysfs',` + gen_require(` + type sysfs_t; + ') + + dontaudit $1 sysfs_t:file read_file_perms; + dontaudit $1 sysfs_t:dir list_dir_perms; + dontaudit $1 sysfs_t:lnk_file read_lnk_file_perms; +') + ######################################## ## <summary> ## mounton sysfs directories. -- 2.19.2
