There is already a read and write interface to access fixed_disk_device_t but I also need a read/write interface. Attached patch should provide that.
--- /usr/src/refpolicy-20071214/policy/modules/kernel/storage.if 2007-10-29 19:35:32.000000000 +0100 +++ policy/modules/kernel/storage.if 2008-02-23 18:36:05.000000000 +0100 @@ -171,6 +171,37 @@ ######################################## ## <summary> +## Allow the caller to directly read and write to a fixed disk. +## This is extremly dangerous as it can bypass the +## SELinux protections for filesystem objects, and +## should only be used by trusted domains. +## </summary> +## <param name="domain"> +## <summary> +## The type of the process performing this action. +## </summary> +## </param> +# +interface(`storage_raw_rw_fixed_disk',` + gen_require(` + attribute fixed_disk_raw_read; + attribute fixed_disk_raw_write; + type fixed_disk_device_t; + ') + + dev_list_all_dev_nodes($1) + + allow $1 fixed_disk_device_t:blk_file read_blk_file_perms; + allow $1 fixed_disk_device_t:chr_file read_chr_file_perms; + typeattribute $1 fixed_disk_raw_read; + + allow $1 fixed_disk_device_t:blk_file write_blk_file_perms; + allow $1 fixed_disk_device_t:chr_file write_chr_file_perms; + typeattribute $1 fixed_disk_raw_write; +') + +######################################## +## <summary> ## Create, read, write, and delete fixed disk device nodes. ## </summary> ## <param name="domain">
