From fa05e07b359e76f7eefe98b9432a4a871ae2da9e Mon Sep 17 00:00:00 2001
From: Zdenek Pytela <zpytela@redhat.com>
Date: Mon, 2 Sep 2024 18:31:09 +0200
Subject: [PATCH] Update policy for rpc-virtstorage

In particular, domain transition on udev and parted execution and
r/w operations on fixed disk devices were allowed.

Resolves: rhbz#2305564
---
 policy/modules/contrib/virt.te | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/policy/modules/contrib/virt.te b/policy/modules/contrib/virt.te
index 504ec6eef6..b634ab90ac 100644
--- a/policy/modules/contrib/virt.te
+++ b/policy/modules/contrib/virt.te
@@ -2334,6 +2334,7 @@ manage_files_pattern(virtstoraged_t, virt_var_lib_t, virt_var_lib_t)
 
 manage_lnk_files_pattern(virtstoraged_t, virt_etc_rw_t, virt_etc_rw_t)
 
+kernel_get_sysvipc_info(virtstoraged_t)
 kernel_io_uring_use(virtstoraged_t)
 
 corecmd_exec_bin(virtstoraged_t)
@@ -2341,16 +2342,27 @@ corecmd_exec_bin(virtstoraged_t)
 fs_getattr_all_fs(virtstoraged_t)
 fs_getattr_configfs_dirs(virtstoraged_t)
 
+storage_raw_read_fixed_disk(virtstoraged_t)
+storage_raw_write_fixed_disk(virtstoraged_t)
+
 userdom_read_user_home_content_files(virtstoraged_t)
 
 optional_policy(`
 	dnsmasq_filetrans_named_content_fromdir(virtstoraged_t, virtstoraged_var_run_t)
 ')
 
+optional_policy(`
+	fstools_domtrans(virtstoraged_t)
+')
+
 optional_policy(`
 	lvm_domtrans(virtstoraged_t)
 ')
 
+optional_policy(`
+	udev_domtrans(virtstoraged_t)
+')
+
 #######################################
 #
 # virtvboxd local policy