From f9d5e9260de7ec704109c473f7e71b19c628ae72 Mon Sep 17 00:00:00 2001 From: Zdenek Pytela Date: Fri, 1 Dec 2023 17:23:33 +0100 Subject: [PATCH] Label /dev/vas with vas_device_t Power9 processor introduced Virtual Accelerator Switchboard (VAS) which allows both userspace and kernel communicate to co-processor (hardware accelerator) referred to as the Nest Accelerator (NX). The NX unit comprises of one or more hardware engines or co-processor types such as 842 compression, GZIP compression and encryption. On power9, userspace applications will have access to only GZIP Compression engine which supports ZLIB and GZIP compression algorithms in the hardware. https://docs.kernel.org/arch/powerpc/vas-api.html --- policy/modules/kernel/devices.fc | 1 + policy/modules/kernel/devices.te | 3 +++ 2 files changed, 4 insertions(+) diff --git a/policy/modules/kernel/devices.fc b/policy/modules/kernel/devices.fc index e9831f2615..2ab822c42d 100644 --- a/policy/modules/kernel/devices.fc +++ b/policy/modules/kernel/devices.fc @@ -152,6 +152,7 @@ ifdef(`distro_suse', ` /dev/usbscanner -c gen_context(system_u:object_r:scanner_device_t,s0) ') +/dev/vas -c gen_context(system_u:object_r:vas_device_t,s0) /dev/vmci -c gen_context(system_u:object_r:vmci_device_t,s0) /dev/vsock -c gen_context(system_u:object_r:vsock_device_t,s0) /dev/vhci -c gen_context(system_u:object_r:vhost_device_t,s0) diff --git a/policy/modules/kernel/devices.te b/policy/modules/kernel/devices.te index d7a3587096..9153cb4ec5 100644 --- a/policy/modules/kernel/devices.te +++ b/policy/modules/kernel/devices.te @@ -402,6 +402,9 @@ dev_node(userio_device_t) type uhid_device_t; dev_node(uhid_device_t) +type vas_device_t; +dev_node(vas_device_t) + type vfio_device_t; dev_node(vfio_device_t)