selinux-policy/policy/modules/kernel/terminal.te


policy_module(terminal, 1.8.0)

########################################
#
# Declarations
#
attribute ttynode;
attribute ptynode;
attribute server_ptynode;
attribute serial_device;

#
# bsdpty_device_t is the type of /dev/[tp]ty[abcdepqrstuvwxyz][0-9a-f]
type bsdpty_device_t;
dev_node(bsdpty_device_t)

#
# console_device_t is the type of /dev/console.
#
type console_device_t;
dev_node(console_device_t)

#
# devpts_t is the type of the devpts file system and
# the type of the root directory of the file system.
#
type devpts_t;
files_mountpoint(devpts_t)
fs_associate_tmpfs(devpts_t)
fs_type(devpts_t)
fs_use_trans devpts gen_context(system_u:object_r:devpts_t,s0);

#
# devtty_t is the type of /dev/tty.
#
type devtty_t;
dev_node(devtty_t)
mls_trusted_object(devtty_t)

#
# ptmx_t is the type for /dev/ptmx.
#
type ptmx_t;
dev_node(ptmx_t)
mls_trusted_object(ptmx_t)
allow ptmx_t devpts_t:filesystem associate;

#
# tty_device_t is the type of /dev/*tty*
#
type tty_device_t, serial_device;
dev_node(tty_device_t)

#
# usbtty_device_t is the type of /dev/usr/tty*
#
type usbtty_device_t, serial_device;
dev_node(usbtty_device_t)
add copyright statement 2005-04-20 19:07:16 +00:00
Bump module versions for release. 2010-05-24 19:32:01 +00:00			`policy_module(terminal, 1.8.0)`
add module statement macro and entrypoint executable attribute to replicate can_exec($1,exec_type) 2005-04-26 17:00:25 +00:00
more work on current modules 2005-06-30 18:54:08 +00:00			`########################################`
			`#`
			`# Declarations`
			`#`
initial commit 2005-04-14 20:18:17 +00:00			`attribute ttynode;`
			`attribute ptynode;`
start adding user domains. fix ttynode and ptynode handling, as they're more then user terminals (at least ptynode is). start adding XML comments 2005-05-16 21:10:33 +00:00			`attribute server_ptynode;`
add cups 2005-10-23 22:10:59 +00:00			`attribute serial_device;`
initial commit 2005-04-14 20:18:17 +00:00
make mountpoints work, plus misc 2005-04-28 21:41:09 +00:00			`#`
			`# bsdpty_device_t is the type of /dev/[tp]ty[abcdepqrstuvwxyz][0-9a-f]`
			`type bsdpty_device_t;`
Devices rename. 2005-06-13 16:22:32 +00:00			`dev_node(bsdpty_device_t)`
make mountpoints work, plus misc 2005-04-28 21:41:09 +00:00
initial commit 2005-04-14 20:18:17 +00:00			`#`
			`# console_device_t is the type of /dev/console.`
			`#`
			`type console_device_t;`
Devices rename. 2005-06-13 16:22:32 +00:00			`dev_node(console_device_t)`
initial commit 2005-04-14 20:18:17 +00:00
make mountpoints work, plus misc 2005-04-28 21:41:09 +00:00			`#`
Whitespace cleanup. 2009-11-24 16:11:38 +00:00			`# devpts_t is the type of the devpts file system and`
make mountpoints work, plus misc 2005-04-28 21:41:09 +00:00			`# the type of the root directory of the file system.`
			`#`
			`type devpts_t;`
renaming insanity 2005-06-13 17:35:46 +00:00			`files_mountpoint(devpts_t)`
pile o fixes 2005-10-26 16:00:13 +00:00			`fs_associate_tmpfs(devpts_t)`
add lost_found_t manage, rename fs_type attribute to filesystem_type and rename fs_make_fs to fs_type 2005-06-28 17:48:59 +00:00			`fs_type(devpts_t)`
rename context_template() to gen_context() 2005-10-06 19:33:06 +00:00			`fs_use_trans devpts gen_context(system_u:object_r:devpts_t,s0);`
make mountpoints work, plus misc 2005-04-28 21:41:09 +00:00
initial commit 2005-04-14 20:18:17 +00:00			`#`
			`# devtty_t is the type of /dev/tty.`
			`#`
			`type devtty_t;`
Devices rename. 2005-06-13 16:22:32 +00:00			`dev_node(devtty_t)`
add mls privileges 2005-09-26 20:26:32 +00:00			`mls_trusted_object(devtty_t)`
initial commit 2005-04-14 20:18:17 +00:00
			`#`
make mountpoints work, plus misc 2005-04-28 21:41:09 +00:00			`# ptmx_t is the type for /dev/ptmx.`
initial commit 2005-04-14 20:18:17 +00:00			`#`
add mls privileges 2005-09-26 20:26:32 +00:00			`type ptmx_t;`
Devices rename. 2005-06-13 16:22:32 +00:00			`dev_node(ptmx_t)`
add mls privileges 2005-09-26 20:26:32 +00:00			`mls_trusted_object(ptmx_t)`
Add terminal patch from Dan Walsh. 2009-11-19 19:57:49 +00:00			`allow ptmx_t devpts_t:filesystem associate;`
initial commit 2005-04-14 20:18:17 +00:00
			`#`
make mountpoints work, plus misc 2005-04-28 21:41:09 +00:00			`# tty_device_t is the type of /dev/tty`
			`#`
add cups 2005-10-23 22:10:59 +00:00			`type tty_device_t, serial_device;`
Devices rename. 2005-06-13 16:22:32 +00:00			`dev_node(tty_device_t)`
initial commit 2005-04-14 20:18:17 +00:00
clean up some filesystem assoc 2005-04-21 22:46:49 +00:00			`#`
			`# usbtty_device_t is the type of /dev/usr/tty*`
			`#`
add cups 2005-10-23 22:10:59 +00:00			`type usbtty_device_t, serial_device;`
Devices rename. 2005-06-13 16:22:32 +00:00			`dev_node(usbtty_device_t)`