Changeset 98 for trunk/montavista

Timestamp:

10/01/07 10:48:57 (1 year ago)

Author:

pebenito

Message:

montavista: work around non-selinux-enabled udev.

Files:

• trunk/montavista/refpolicy/policy/modules/kernel/corecommands.fc (modified) (1 diff)
• trunk/montavista/refpolicy/policy/modules/kernel/corenetwork.fc (modified) (1 diff)
• trunk/montavista/refpolicy/policy/modules/kernel/devices.fc (modified) (2 diffs)
• trunk/montavista/refpolicy/policy/modules/kernel/storage.fc (modified) (1 diff)
• trunk/montavista/refpolicy/policy/modules/kernel/terminal.fc (modified) (1 diff)
• trunk/montavista/refpolicy/policy/modules/services/gpm.fc (modified) (1 diff)
• trunk/montavista/refpolicy/policy/modules/services/lpd.fc (modified) (1 diff)
• trunk/montavista/refpolicy/policy/modules/services/xserver.fc (modified) (1 diff)
• trunk/montavista/refpolicy/policy/modules/system/init.fc (modified) (1 diff)
• trunk/montavista/refpolicy/policy/modules/system/logging.fc (modified) (1 diff)
• trunk/montavista/refpolicy/policy/modules/system/udev.fc (modified) (1 diff)
• trunk/montavista/refpolicy/policy/modules/system/xen.fc (modified) (1 diff)

trunk/montavista/refpolicy/policy/modules/kernel/corecommands.fc

@@ -21 +21 @@
-#
-/dev/MAKEDEV                    --      gen_context(system_u:object_r:bin_t,s0)
+
+ifdef(`distro_montavista',`
+/dev/\.static/dev/MAKEDEV       --      gen_context(system_u:object_r:bin_t,s0)
+')
-
-#

trunk/montavista/refpolicy/policy/modules/kernel/corenetwork.fc

@@ -6 +6 @@
-
-/dev/net/.*     -c      gen_context(system_u:object_r:tun_tap_device_t,s0)
+
+ifdef(`distro_montavista',`
+/dev/\.static/dev/ippp.*        -c      gen_context(system_u:object_r:ppp_device_t,s0)
+/dev/\.static/dev/ppp   -c      gen_context(system_u:object_r:ppp_device_t,s0)
+/dev/\.static/dev/pppox.* -c    gen_context(system_u:object_r:ppp_device_t,s0)
+/dev/\.static/dev/tap.* -c      gen_context(system_u:object_r:tun_tap_device_t,s0)
+/dev/\.static/dev/net/.*        -c      gen_context(system_u:object_r:tun_tap_device_t,s0)
+')

trunk/montavista/refpolicy/policy/modules/kernel/devices.fc

@@ -118 +118 @@
-/lib/udev/devices -d    gen_context(system_u:object_r:device_t,s0)
-
-ifdef(`distro_debian',`
-# used by udev init script as temporary mount point
-/lib/udev/devices       -d      gen_context(system_u:object_r:device_t,s0)
-')
-
-ifdef(`distro_gentoo',`
-# used by init scripts to initally populate udev /dev
-/lib/udev/devices/null  -c      gen_context(system_u:object_r:null_device_t,s0)
-/lib/udev/devices/zero  -c      gen_context(system_u:object_r:zero_device_t,s0)
-')
-
-ifdef(`distro_montavista',`
-# used by udev init script as temporary mount point
-/lib/udev/devices       -d      gen_context(system_u:object_r:device_t,s0)
-')
-
@@ -140 +130 @@
-/var/named/chroot/dev/zero -c   gen_context(system_u:object_r:zero_device_t,s0)
-')
+
+ifdef(`distro_montavista',`
+/dev/\.static/dev                       -d      gen_context(system_u:object_r:device_t,s0)
+/dev/\.static/dev/.*                            gen_context(system_u:object_r:device_t,s0)
+/dev/\.static/dev/.*mouse.*             -c      gen_context(system_u:object_r:mouse_device_t,s0)
+/dev/\.static/dev/adsp.*                -c      gen_context(system_u:object_r:sound_device_t,s0)
+/dev/\.static/dev/(misc/)?agpgart       -c      gen_context(system_u:object_r:agp_device_t,s0)
+/dev/\.static/dev/aload.*               -c      gen_context(system_u:object_r:sound_device_t,s0)
+/dev/\.static/dev/amidi.*               -c      gen_context(system_u:object_r:sound_device_t,s0)
+/dev/\.static/dev/amixer.*              -c      gen_context(system_u:object_r:sound_device_t,s0)
+/dev/\.static/dev/apm_bios              -c      gen_context(system_u:object_r:apm_bios_t,s0)
+/dev/\.static/dev/atibm         -c      gen_context(system_u:object_r:mouse_device_t,s0)
+/dev/\.static/dev/audio.*               -c      gen_context(system_u:object_r:sound_device_t,s0)
+/dev/\.static/dev/beep          -c      gen_context(system_u:object_r:sound_device_t,s0)
+/dev/\.static/dev/dmfm          -c      gen_context(system_u:object_r:sound_device_t,s0)
+/dev/\.static/dev/dsp.*         -c      gen_context(system_u:object_r:sound_device_t,s0)
+/dev/\.static/dev/efirtc                -c      gen_context(system_u:object_r:clock_device_t,s0)
+/dev/\.static/dev/em8300.*              -c      gen_context(system_u:object_r:v4l_device_t,s0)
+/dev/\.static/dev/event.*               -c      gen_context(system_u:object_r:event_device_t,s0)
+/dev/\.static/dev/evtchn                -c      gen_context(system_u:object_r:xen_device_t,s0)
+/dev/\.static/dev/fb[0-9]*              -c      gen_context(system_u:object_r:framebuf_device_t,s0)
+/dev/\.static/dev/full          -c      gen_context(system_u:object_r:null_device_t,s0)
+/dev/\.static/dev/fw.*          -c      gen_context(system_u:object_r:usb_device_t,s0)
+/dev/\.static/dev/hiddev.*              -c      gen_context(system_u:object_r:usb_device_t,s0)
+/dev/\.static/dev/hpet          -c      gen_context(system_u:object_r:clock_device_t,s0)
+/dev/\.static/dev/hw_random             -c      gen_context(system_u:object_r:random_device_t,s0)
+/dev/\.static/dev/hwrng         -c      gen_context(system_u:object_r:random_device_t,s0)
+/dev/\.static/dev/i915          -c      gen_context(system_u:object_r:dri_device_t,s0)
+/dev/\.static/dev/irlpt[0-9]+   -c      gen_context(system_u:object_r:printer_device_t,s0)
+/dev/\.static/dev/js.*          -c      gen_context(system_u:object_r:mouse_device_t,s0)
+/dev/\.static/dev/kmem          -c      gen_context(system_u:object_r:memory_device_t,mls_systemhigh)
+/dev/\.static/dev/kmsg          -c      gen_context(system_u:object_r:kmsg_device_t,mls_systemhigh)
+/dev/\.static/dev/logibm                -c      gen_context(system_u:object_r:mouse_device_t,s0)
+/dev/\.static/dev/lp.*          -c      gen_context(system_u:object_r:printer_device_t,s0)
+/dev/\.static/dev/mcelog                -c      gen_context(system_u:object_r:kmsg_device_t,mls_systemhigh)
+/dev/\.static/dev/mem           -c      gen_context(system_u:object_r:memory_device_t,mls_systemhigh)
+/dev/\.static/dev/mice          -c      gen_context(system_u:object_r:mouse_device_t,s0)
+/dev/\.static/dev/microcode             -c      gen_context(system_u:object_r:cpu_device_t,s0)
+/dev/\.static/dev/midi.*                -c      gen_context(system_u:object_r:sound_device_t,s0)
+/dev/\.static/dev/mixer.*               -c      gen_context(system_u:object_r:sound_device_t,s0)
+/dev/\.static/dev/mmetfgrab             -c      gen_context(system_u:object_r:scanner_device_t,s0)
+/dev/\.static/dev/mpu401.*              -c      gen_context(system_u:object_r:sound_device_t,s0)
+/dev/\.static/dev/null          -c      gen_context(system_u:object_r:null_device_t,s0)
+/dev/\.static/dev/nvidia.*              -c      gen_context(system_u:object_r:xserver_misc_device_t,s0)
+/dev/\.static/dev/nvram         -c      gen_context(system_u:object_r:nvram_device_t,mls_systemhigh)
+/dev/\.static/dev/oldmem                -c      gen_context(system_u:object_r:memory_device_t,mls_systemhigh)
+/dev/\.static/dev/par.*         -c      gen_context(system_u:object_r:printer_device_t,s0)
+/dev/\.static/dev/patmgr[01]            -c      gen_context(system_u:object_r:sound_device_t,s0)
+/dev/\.static/dev/pmu           -c      gen_context(system_u:object_r:power_device_t,s0)
+/dev/\.static/dev/port          -c      gen_context(system_u:object_r:memory_device_t,mls_systemhigh)
+/dev/\.static/dev/(misc/)?psaux -c      gen_context(system_u:object_r:mouse_device_t,s0)
+/dev/\.static/dev/rmidi.*               -c      gen_context(system_u:object_r:sound_device_t,s0)
+/dev/\.static/dev/radeon                -c      gen_context(system_u:object_r:dri_device_t,s0)
+/dev/\.static/dev/radio.*               -c      gen_context(system_u:object_r:v4l_device_t,s0)
+/dev/\.static/dev/random                -c      gen_context(system_u:object_r:random_device_t,s0)
+/dev/\.static/dev/raw1394.*             -c      gen_context(system_u:object_r:v4l_device_t,s0)
+/dev/\.static/dev/(misc/)?rtc[0-9]*     -c      gen_context(system_u:object_r:clock_device_t,s0)
+/dev/\.static/dev/sequencer             -c      gen_context(system_u:object_r:sound_device_t,s0)
+/dev/\.static/dev/sequencer2            -c      gen_context(system_u:object_r:sound_device_t,s0)
+/dev/\.static/dev/smpte.*               -c      gen_context(system_u:object_r:sound_device_t,s0)
+/dev/\.static/dev/smu           -c      gen_context(system_u:object_r:power_device_t,s0)
+/dev/\.static/dev/srnd[0-7]             -c      gen_context(system_u:object_r:sound_device_t,s0)
+/dev/\.static/dev/snapshot              -c      gen_context(system_u:object_r:apm_bios_t,s0)
+/dev/\.static/dev/sndstat               -c      gen_context(system_u:object_r:sound_device_t,s0)
+/dev/\.static/dev/sonypi                -c      gen_context(system_u:object_r:v4l_device_t,s0)
+/dev/\.static/dev/tlk[0-3]              -c      gen_context(system_u:object_r:v4l_device_t,s0)
+/dev/\.static/dev/urandom               -c      gen_context(system_u:object_r:urandom_device_t,s0)
+/dev/\.static/dev/usbmon[0-9]+  -c      gen_context(system_u:object_r:usb_device_t,s0)
+/dev/\.static/dev/usbdev.*              -c      gen_context(system_u:object_r:usb_device_t,s0)
+/dev/\.static/dev/usb[0-9]+             -c      gen_context(system_u:object_r:usb_device_t,s0)
+/dev/\.static/dev/usblp.*               -c      gen_context(system_u:object_r:printer_device_t,s0)
+/dev/\.static/dev/vbi.*         -c      gen_context(system_u:object_r:v4l_device_t,s0)
+/dev/\.static/dev/vmmon         -c      gen_context(system_u:object_r:vmware_device_t,s0)
+/dev/\.static/dev/vmnet.*               -c      gen_context(system_u:object_r:vmware_device_t,s0)
+/dev/\.static/dev/video.*               -c      gen_context(system_u:object_r:v4l_device_t,s0)
+/dev/\.static/dev/vttuner               -c      gen_context(system_u:object_r:v4l_device_t,s0)
+/dev/\.static/dev/vtx.*         -c      gen_context(system_u:object_r:v4l_device_t,s0)
+/dev/\.static/dev/watchdog              -c      gen_context(system_u:object_r:watchdog_device_t,s0)
+/dev/\.static/dev/winradio.             -c      gen_context(system_u:object_r:v4l_device_t,s0)
+/dev/\.static/dev/z90crypt              -c      gen_context(system_u:object_r:crypt_device_t,s0)
+/dev/\.static/dev/zero          -c      gen_context(system_u:object_r:zero_device_t,s0)
+/dev/\.static/dev/bus/usb/.*/[0-9]+     -c      gen_context(system_u:object_r:usb_device_t,s0)
+/dev/\.static/dev/cmx.*         -c      gen_context(system_u:object_r:smartcard_device_t,s0)
+/dev/\.static/dev/cpu/.*                -c      gen_context(system_u:object_r:cpu_device_t,s0)
+/dev/\.static/dev/cpu/mtrr              -c      gen_context(system_u:object_r:mtrr_device_t,s0)
+/dev/\.static/dev/dri/.+                -c      gen_context(system_u:object_r:dri_device_t,s0)
+/dev/\.static/dev/dvb/.*                -c      gen_context(system_u:object_r:v4l_device_t,s0)
+/dev/\.static/dev/input/.*mouse.*       -c      gen_context(system_u:object_r:mouse_device_t,s0)
+/dev/\.static/dev/input/event.* -c      gen_context(system_u:object_r:event_device_t,s0)
+/dev/\.static/dev/input/mice            -c      gen_context(system_u:object_r:mouse_device_t,s0)
+/dev/\.static/dev/input/js.*            -c      gen_context(system_u:object_r:mouse_device_t,s0)
+/dev/\.static/dev/mapper/control        -c      gen_context(system_u:object_r:lvm_control_t,s0)
+/dev/\.static/dev/pts(/.*)?                     <<none>>
+/dev/\.static/dev/s(ou)?nd/.*   -c      gen_context(system_u:object_r:sound_device_t,s0)
+/dev/\.static/dev/usb/dc2xx.*   -c      gen_context(system_u:object_r:scanner_device_t,s0)
+/dev/\.static/dev/usb/lp.*              -c      gen_context(system_u:object_r:printer_device_t,s0)
+/dev/\.static/dev/usb/mdc800.*  -c      gen_context(system_u:object_r:scanner_device_t,s0)
+/dev/\.static/dev/usb/scanner.* -c      gen_context(system_u:object_r:scanner_device_t,s0)
+/dev/\.static/dev/xen/blktap.*  -c      gen_context(system_u:object_r:xen_device_t,s0)
+/dev/\.static/dev/xen/evtchn            -c      gen_context(system_u:object_r:xen_device_t,s0)
+')

trunk/montavista/refpolicy/policy/modules/kernel/storage.fc

@@ -68 +68 @@
-
-/dev/usb/rio500         -c      gen_context(system_u:object_r:removable_device_t,s0)
+
+ifdef(`distro_montavista',`
+/dev/\.static/dev/n?(raw)?[qr]ft[0-3] -c        gen_context(system_u:object_r:tape_device_t,s0)
+/dev/\.static/dev/n?[hs]t[0-9].*        -c      gen_context(system_u:object_r:tape_device_t,s0)
+/dev/\.static/dev/n?z?qft[0-3]  -c      gen_context(system_u:object_r:tape_device_t,s0)
+/dev/\.static/dev/n?osst[0-3].* -c      gen_context(system_u:object_r:tape_device_t,s0)
+/dev/\.static/dev/n?pt[0-9]+            -c      gen_context(system_u:object_r:tape_device_t,s0)
+/dev/\.static/dev/n?tpqic[12].* -c      gen_context(system_u:object_r:tape_device_t,s0)
+/dev/\.static/dev/[shmx]d[^/]*  -b      gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+/dev/\.static/dev/aztcd         -b      gen_context(system_u:object_r:removable_device_t,s0)
+/dev/\.static/dev/bpcd          -b      gen_context(system_u:object_r:removable_device_t,s0)
+/dev/\.static/dev/cdu.*         -b      gen_context(system_u:object_r:removable_device_t,s0)
+/dev/\.static/dev/cm20.*                -b      gen_context(system_u:object_r:removable_device_t,s0)
+/dev/\.static/dev/dasd[^/]*             -b      gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+/dev/\.static/dev/dm-[0-9]+             -b      gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+/dev/\.static/dev/fd[^/]+               -b      gen_context(system_u:object_r:removable_device_t,s0)
+/dev/\.static/dev/flash[^/]*            -b      gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+/dev/\.static/dev/gscd          -b      gen_context(system_u:object_r:removable_device_t,s0)
+/dev/\.static/dev/hitcd         -b      gen_context(system_u:object_r:removable_device_t,s0)
+/dev/\.static/dev/ht[0-1]               -b      gen_context(system_u:object_r:tape_device_t,s0)
+/dev/\.static/dev/initrd                -b      gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+/dev/\.static/dev/jsfd          -b      gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+/dev/\.static/dev/jsflash               -c      gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+/dev/\.static/dev/loop.*                -b      gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+/dev/\.static/dev/lvm           -c      gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+/dev/\.static/dev/mcdx?         -b      gen_context(system_u:object_r:removable_device_t,s0)
+/dev/\.static/dev/megadev.*             -c      gen_context(system_u:object_r:removable_device_t,s0)
+/dev/\.static/dev/mmcblk.*              -b      gen_context(system_u:object_r:removable_device_t,s0)
+/dev/\.static/dev/nb[^/]+               -b      gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+/dev/\.static/dev/optcd         -b      gen_context(system_u:object_r:removable_device_t,s0)
+/dev/\.static/dev/p[fg][0-3]            -b      gen_context(system_u:object_r:removable_device_t,s0)
+/dev/\.static/dev/pcd[0-3]              -b      gen_context(system_u:object_r:removable_device_t,s0)
+/dev/\.static/dev/pd[a-d][^/]*  -b      gen_context(system_u:object_r:removable_device_t,s0)
+/dev/\.static/dev/pg[0-3]               -c      gen_context(system_u:object_r:removable_device_t,s0)
+/dev/\.static/dev/ram.*         -b      gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+/dev/\.static/dev/rawctl                -c      gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+/dev/\.static/dev/rd.*          -b      gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+/dev/\.static/dev/s(cd|r)[^/]*  -b      gen_context(system_u:object_r:removable_device_t,s0)
+/dev/\.static/dev/sbpcd.*               -b      gen_context(system_u:object_r:removable_device_t,s0)
+/dev/\.static/dev/sg[0-9]+              -c      gen_context(system_u:object_r:scsi_generic_device_t,s0)
+/dev/\.static/dev/sjcd          -b      gen_context(system_u:object_r:removable_device_t,s0)
+/dev/\.static/dev/sonycd                -b      gen_context(system_u:object_r:removable_device_t,s0)
+/dev/\.static/dev/tape.*                -c      gen_context(system_u:object_r:tape_device_t,s0)
+/dev/\.static/dev/tw[a-z][^/]+  -c      gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+/dev/\.static/dev/ub[a-z][^/]+  -b      gen_context(system_u:object_r:removable_device_t,mls_systemhigh)
+/dev/\.static/dev/ubd[^/]*              -b      gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+/dev/\.static/dev/xvd[^/]*              -b      gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+/dev/\.static/dev/ataraid/.*            -b      gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+/dev/\.static/dev/cciss/[^/]*   -b      gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+/dev/\.static/dev/fuse          -c      gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+/dev/\.static/dev/floppy/[^/]*  -b      gen_context(system_u:object_r:removable_device_t,s0)
+/dev/\.static/dev/i2o/hd[^/]*   -b      gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+/dev/\.static/dev/ida/[^/]*             -b      gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+/dev/\.static/dev/md/.*         -b      gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+/dev/\.static/dev/mapper/.*             -b      gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+/dev/\.static/dev/raw/raw[0-9]+ -c      gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+/dev/\.static/dev/scramdisk/.*  -b      gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+/dev/\.static/dev/usb/rio500            -c      gen_context(system_u:object_r:removable_device_t,s0)
+')

trunk/montavista/refpolicy/policy/modules/kernel/terminal.fc

@@ -38 +38 @@
-/lib/udev/devices/console -c    gen_context(system_u:object_r:console_device_t,s0)
-')
+
+ifdef(`distro_montavista',`
+/dev/\.static/dev/.*tty[^/]*            -c      gen_context(system_u:object_r:tty_device_t,s0)
+/dev/\.static/dev/[pt]ty[a-ep-z][0-9a-f] -c     gen_context(system_u:object_r:bsdpty_device_t,s0)
+/dev/\.static/dev/adb.*         -c      gen_context(system_u:object_r:tty_device_t,s0)
+/dev/\.static/dev/capi.*                -c      gen_context(system_u:object_r:tty_device_t,s0)
+/dev/\.static/dev/console               -c      gen_context(system_u:object_r:console_device_t,s0)
+/dev/\.static/dev/cu.*          -c      gen_context(system_u:object_r:tty_device_t,s0)
+/dev/\.static/dev/dcbri[0-9]+   -c      gen_context(system_u:object_r:tty_device_t,s0)
+/dev/\.static/dev/hvc.*         -c      gen_context(system_u:object_r:tty_device_t,s0)
+/dev/\.static/dev/hvsi.*                -c      gen_context(system_u:object_r:tty_device_t,s0)
+/dev/\.static/dev/ircomm[0-9]+  -c      gen_context(system_u:object_r:tty_device_t,s0)
+/dev/\.static/dev/ip2[^/]*              -c      gen_context(system_u:object_r:tty_device_t,s0)
+/dev/\.static/dev/isdn.*                -c      gen_context(system_u:object_r:tty_device_t,s0)
+/dev/\.static/dev/ptmx          -c      gen_context(system_u:object_r:ptmx_t,s0)
+/dev/\.static/dev/rfcomm[0-9]+  -c      gen_context(system_u:object_r:tty_device_t,s0)
+/dev/\.static/dev/tty                   -c      gen_context(system_u:object_r:devtty_t,s0)
+/dev/\.static/dev/ttySG.*               -c      gen_context(system_u:object_r:tty_device_t,s0)
+/dev/\.static/dev/xvc[^/]*              -c      gen_context(system_u:object_r:tty_device_t,s0)
+/dev/\.static/dev/pty/.*                -c      gen_context(system_u:object_r:bsdpty_device_t,s0)
+/dev/\.static/dev/pts           -d      gen_context(system_u:object_r:devpts_t,s0-mls_systemhigh)
+/dev/\.static/dev/tts/[^/]*             -c      gen_context(system_u:object_r:tty_device_t,s0)
+/dev/\.static/dev/usb/tty.*             -c      gen_context(system_u:object_r:usbtty_device_t,s0)
+/dev/\.static/dev/vcc?/.*               -c      gen_context(system_u:object_r:tty_device_t,s0)
+/dev/\.static/dev/vcs[^/]*              -c      gen_context(system_u:object_r:tty_device_t,s0)
+/dev/\.static/dev/xvc[0-9]*             -c      gen_context(system_u:object_r:tty_device_t,s0)
+')

trunk/montavista/refpolicy/policy/modules/services/gpm.fc

@@ -6 +6 @@
-
-/usr/sbin/gpm           --      gen_context(system_u:object_r:gpm_exec_t,s0)
+
+ifdef(`distro_montavista',`
+/dev/\.static/dev/gpmctl                -s      gen_context(system_u:object_r:gpmctl_t,s0)
+/dev/\.static/dev/gpmdata               -p      gen_context(system_u:object_r:gpmctl_t,s0)
+')

trunk/montavista/refpolicy/policy/modules/services/lpd.fc

@@ -3 +3 @@
-#
-/dev/printer            -s      gen_context(system_u:object_r:printer_t,s0)
+
+ifdef(`distro_montavista',`
+/dev/\.static/dev/printer               -s      gen_context(system_u:object_r:printer_t,s0)
+')
-
-#

trunk/montavista/refpolicy/policy/modules/services/xserver.fc

@@ -16 +16 @@
-#
-/dev/xconsole           -p      gen_context(system_u:object_r:xconsole_device_t,s0)
+
+ifdef(`distro_montavista',`
+/dev/\.static/dev/xconsole              -p      gen_context(system_u:object_r:xconsole_device_t,s0)
+')
-
-#

trunk/montavista/refpolicy/policy/modules/system/init.fc

@@ -23 +23 @@
-#
-/dev/initctl            -p      gen_context(system_u:object_r:initctl_t,s0)
+
+ifdef(`distro_montavista',`
+/dev/\.static/dev/initctl               -p      gen_context(system_u:object_r:initctl_t,s0)
+')
-
-#

trunk/montavista/refpolicy/policy/modules/system/logging.fc

@@ -1 +1 @@
-/dev/log                -s      gen_context(system_u:object_r:devlog_t,s0)
+
+ifdef(`distro_montavista',`
+/dev/\.static/dev/log           -s      gen_context(system_u:object_r:devlog_t,s0)
+')
-
-/etc/audit(/.*)?                gen_context(system_u:object_r:auditd_etc_t,mls_systemhigh)

trunk/montavista/refpolicy/policy/modules/system/udev.fc

@@ -4 +4 @@
-/dev/\.udevdb   --      gen_context(system_u:object_r:udev_tbl_t,s0)
-/dev/udev\.tbl  --      gen_context(system_u:object_r:udev_tbl_t,s0)
+
+ifdef(`distro_montavista',`
+/dev/\.static/dev/\.udev(/.*)? --       gen_context(system_u:object_r:udev_tbl_t,s0)
+/dev/\.static/dev/\.udevdb      --      gen_context(system_u:object_r:udev_tbl_t,s0)
+/dev/\.static/dev/udev\.tbl     --      gen_context(system_u:object_r:udev_tbl_t,s0)
+')
-
-/etc/dev\.d/.+  --      gen_context(system_u:object_r:udev_helper_exec_t,s0)

trunk/montavista/refpolicy/policy/modules/system/xen.fc

@@ -1 +1 @@
-/dev/xen/tapctrl.*      -p      gen_context(system_u:object_r:xenctl_t,s0)
+
+ifdef(`distro_montavista',`
+/dev/\.static/dev/xen/tapctrl.* -p      gen_context(system_u:object_r:xenctl_t,s0)
+')
-
-/usr/bin/virsh          --      gen_context(system_u:object_r:xm_exec_t,s0)