Allow mounting of usbfs. Addresses denials such as: avc: denied { mount } for pid=5 comm="kworker/u:0" name="/" dev=usbfs ino=3234 scontext=u:r:kernel:s0 tcontext=u:object_r:usbfs:s0 tclass=filesystem Change-Id: I1db52193e6a2548c37a7809ef44cf7fd3357326d Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

commit: 718bf84b85f0b834552e0a0f694d39d821f2a93d [log] [tgz]
author: Stephen Smalley <sds@tycho.nsa.gov> Wed Jun 18 10:31:27 2014 -0400
committer: Stephen Smalley <sds@tycho.nsa.gov> Wed Jun 18 10:31:27 2014 -0400
tree: a28db6cd84bb04bfa3d340a9bb967c5d16b8a8cc
parent: 80b1b43ac228424a6dcdec0cfd5740265d5cd635 [diff]
diff --git a/kernel.te b/kernel.te
index 1faa9db..0de0ab8 100644
--- a/kernel.te
+++ b/kernel.te

@@ -11,6 +11,9 @@
 # cgroup filesystem initialization prior to setting the cgroup root directory label.
 allow kernel unlabeled:dir search;
 
+# Mount usbfs.
+allow kernel usbfs:filesystem mount;
+
 # init direct restorecon calls prior to switching to init domain
 # /dev and /dev/socket
 allow kernel { device socket_device }:dir relabelto;
commit	718bf84b85f0b834552e0a0f694d39d821f2a93d	[log] [tgz]
author	Stephen Smalley <sds@tycho.nsa.gov>	Wed Jun 18 10:31:27 2014 -0400
committer	Stephen Smalley <sds@tycho.nsa.gov>	Wed Jun 18 10:31:27 2014 -0400
tree	a28db6cd84bb04bfa3d340a9bb967c5d16b8a8cc
parent	80b1b43ac228424a6dcdec0cfd5740265d5cd635 [diff]