Signed-off-by: Dave Sugar <dsugar@xxxxxxxxxx> --- policy/modules/system/udev.if | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/policy/modules/system/udev.if b/policy/modules/system/udev.if index fee55852..335adb6a 100644 --- a/policy/modules/system/udev.if +++ b/policy/modules/system/udev.if @@ -36,6 +36,32 @@ interface(`udev_domtrans',` domtrans_pattern($1, udev_exec_t, udev_t) ') +######################################## +## <summary> +## Execute udev in the udev domain, and +## allow the specified role the udev domain. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed to transition. +## </summary> +## </param> +## <param name="role"> +## <summary> +## Role allowed access. +## </summary> +## </param> +## <rolecap/> +# +interface(`udev_run',` + gen_require(` + type udev_t; + ') + + udev_domtrans($1) + role $2 types udev_t; +') + ######################################## ## <summary> ## Allow udev to execute the specified program in -- 2.20.1
