From f136c1a5e5ce82f05e91038bcebc62037efda12b Mon Sep 17 00:00:00 2001
From: Dominick Grift <dominick.grift@defensec.nl>
Date: Wed, 23 Aug 2023 11:17:01 +0200
Subject: Tree-wide: various fixes and clean-ups

Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
---
 src/dev/nodedev/fbnodedev.cil     | 4 +++-
 src/dev/nodedev/hidrawnodedev.cil | 4 +++-
 src/dev/nodedev/inputnodedev.cil  | 5 ++++-
 src/dev/nodedev/rfkillnodedev.cil | 4 +++-
 src/dev/nodedev/usbnodedev.cil    | 5 ++++-
 5 files changed, 17 insertions(+), 5 deletions(-)

(limited to 'src/dev/nodedev')

diff --git a/src/dev/nodedev/fbnodedev.cil b/src/dev/nodedev/fbnodedev.cil
index 47d670c..b722c33 100644
--- a/src/dev/nodedev/fbnodedev.cil
+++ b/src/dev/nodedev/fbnodedev.cil
@@ -5,4 +5,6 @@
 
   (filecon "/dev/fb([0-9]+)?" char nodedev_context)
 
-  (blockinherit .nodedev.template))
+  (blockinherit .nodedev.template)
+
+  (call .rbacsep.exempt.obj.type (nodedev)))
diff --git a/src/dev/nodedev/hidrawnodedev.cil b/src/dev/nodedev/hidrawnodedev.cil
index 3ca398f..5890de8 100644
--- a/src/dev/nodedev/hidrawnodedev.cil
+++ b/src/dev/nodedev/hidrawnodedev.cil
@@ -5,4 +5,6 @@
 
   (filecon "/dev/hidraw[0-9]+" char nodedev_context)
 
-  (blockinherit .nodedev.template))
+  (blockinherit .nodedev.template)
+
+  (call .rbacsep.exempt.obj.type (nodedev)))
diff --git a/src/dev/nodedev/inputnodedev.cil b/src/dev/nodedev/inputnodedev.cil
index c68115a..3d0572d 100644
--- a/src/dev/nodedev/inputnodedev.cil
+++ b/src/dev/nodedev/inputnodedev.cil
@@ -6,5 +6,8 @@
   (filecon "/dev/input/js([0-9]+)?" char nodedev_context)
   (filecon "/dev/input/mice" char nodedev_context)
   (filecon "/dev/input/mouse([0-9]+)?" char nodedev_context)
+  (filecon "/dev/psaux" char nodedev_context)
 
-  (blockinherit .nodedev.template))
+  (blockinherit .nodedev.template)
+
+  (call .rbacsep.exempt.obj.type (nodedev)))
diff --git a/src/dev/nodedev/rfkillnodedev.cil b/src/dev/nodedev/rfkillnodedev.cil
index 712cb21..4cd67b6 100644
--- a/src/dev/nodedev/rfkillnodedev.cil
+++ b/src/dev/nodedev/rfkillnodedev.cil
@@ -5,4 +5,6 @@
 
   (filecon "/dev/rfkill" char nodedev_context)
 
-  (blockinherit .nodedev.template))
+  (blockinherit .nodedev.template)
+
+  (call .rbacsep.exempt.obj.type (nodedev)))
diff --git a/src/dev/nodedev/usbnodedev.cil b/src/dev/nodedev/usbnodedev.cil
index 2432b6a..ce2c7ab 100644
--- a/src/dev/nodedev/usbnodedev.cil
+++ b/src/dev/nodedev/usbnodedev.cil
@@ -4,5 +4,8 @@
 (block usb
 
   (filecon "/dev/bus/usb/.+" char nodedev_context)
+  (filecon "/dev/usb.+" char nodedev_context)
 
-  (blockinherit .nodedev.template))
+  (blockinherit .nodedev.template)
+
+  (call .rbacsep.exempt.obj.type (nodedev)))
-- 
cgit v1.2.3