type set-usb-irq-sh, domain; | |
type set-usb-irq-sh_exec, vendor_file_type, exec_type, file_type; | |
init_daemon_domain(set-usb-irq-sh) | |
allow set-usb-irq-sh vendor_toolbox_exec:file execute_no_trans; | |
allow set-usb-irq-sh proc_irq:dir r_dir_perms; | |
allow set-usb-irq-sh proc_irq:file w_file_perms; | |
# AFAICT this happens if /proc/irq updates as we're running | |
# and we end up trying to write into non-existing file, | |
# which implies creation... | |
dontaudit set-usb-irq-sh self:capability dac_override; |