selinux-policy/mls/types/device.te

#
# Authors:  Stephen Smalley <sds@epoch.ncsc.mil> and Timothy Fraser  
#

############################################
#
# Device types
#

#
# device_t is the type of /dev.
#
type device_t, file_type, mount_point, dev_fs;

#
# null_device_t is the type of /dev/null.
#
type null_device_t, device_type, dev_fs, mlstrustedobject;

#
# zero_device_t is the type of /dev/zero.
#
type zero_device_t, device_type, dev_fs, mlstrustedobject;

#
# console_device_t is the type of /dev/console.
#
type console_device_t, device_type, dev_fs;

#
# xconsole_device_t is the type of /dev/xconsole
type xconsole_device_t, file_type, dev_fs;

#
# memory_device_t is the type of /dev/kmem,
# /dev/mem, and /dev/port.
#
type memory_device_t, device_type, dev_fs;

#
# random_device_t is the type of /dev/random
# urandom_device_t is the type of /dev/urandom
#
type random_device_t, device_type, dev_fs;
type urandom_device_t, device_type, dev_fs;

#
# devtty_t is the type of /dev/tty.
#
type devtty_t, device_type, dev_fs, mlstrustedobject;

#
# tty_device_t is the type of /dev/*tty*
#
type tty_device_t, serial_device, device_type, dev_fs;

#
# bsdpty_device_t is the type of /dev/[tp]ty[abcdepqrstuvwxyz][0-9a-f]
type bsdpty_device_t, device_type, dev_fs;

#
# usbtty_device_t is the type of /dev/usr/tty*
#
type usbtty_device_t, serial_device, device_type, dev_fs;

#
# printer_device_t is the type for printer devices
#
type printer_device_t, device_type, dev_fs;

#
# fixed_disk_device_t is the type of 
# /dev/hd* and /dev/sd*.
#
type fixed_disk_device_t, device_type, dev_fs;

#
# scsi_generic_device_t is the type of /dev/sg*
# it gives access to ALL SCSI devices (both fixed and removable)
#
type scsi_generic_device_t, device_type, dev_fs;

#
# removable_device_t is the type of
# /dev/scd* and /dev/fd*.
#
type removable_device_t, device_type, dev_fs;

#
# clock_device_t is the type of
# /dev/rtc.
#
type clock_device_t, device_type, dev_fs;

#
# tun_tap_device_t is the type of /dev/net/tun/* and /dev/net/tap/*
#
type tun_tap_device_t, device_type, dev_fs;

#
# misc_device_t is the type of miscellaneous devices.
# XXX:  FIXME!  Appropriate access to these devices need to be identified.
#
type misc_device_t, device_type, dev_fs;

#
# A more general type for mouse devices.
#
type mouse_device_t, device_type, dev_fs;

#
# For generic /dev/input/event* event devices
#
type event_device_t, device_type, dev_fs;

#
# Not sure what these devices are for, but X wants access to them.
#
type agp_device_t, device_type, dev_fs;
type dri_device_t, device_type, dev_fs;

# Type for sound devices.
type sound_device_t, device_type, dev_fs;

# Type for /dev/ppp.
type ppp_device_t, device_type, dev_fs;

# Type for frame buffer /dev/fb/*
type framebuf_device_t, device_type, dev_fs;

# Type for /dev/.devfsd
type devfs_control_t, device_type, dev_fs;

# Type for /dev/cpu/mtrr and /proc/mtrr
type mtrr_device_t, device_type, dev_fs, proc_fs;

# Type for /dev/pmu 
type power_device_t, device_type, dev_fs;

# Type for /dev/apm_bios
type apm_bios_t, device_type, dev_fs;

# Type for v4l
type v4l_device_t, device_type, dev_fs;

# tape drives
type tape_device_t, device_type, dev_fs;

# scanners
type scanner_device_t, device_type, dev_fs;

# cpu control devices /dev/cpu/0/*
type cpu_device_t, device_type, dev_fs;

# for other device nodes such as the NVidia binary-only driver
type xserver_misc_device_t, device_type, dev_fs;

# for the IBM zSeries z90crypt hardware ssl accelorator
type crypt_device_t, device_type, dev_fs;
add fc mls policy 2005-11-22 19:28:03 +00:00			`#`
			`# Authors: Stephen Smalley <sds@epoch.ncsc.mil> and Timothy Fraser`
			`#`

			`############################################`
			`#`
			`# Device types`
			`#`

			`#`
			`# device_t is the type of /dev.`
			`#`
			`type device_t, file_type, mount_point, dev_fs;`

			`#`
			`# null_device_t is the type of /dev/null.`
			`#`
			`type null_device_t, device_type, dev_fs, mlstrustedobject;`

			`#`
			`# zero_device_t is the type of /dev/zero.`
			`#`
			`type zero_device_t, device_type, dev_fs, mlstrustedobject;`

			`#`
			`# console_device_t is the type of /dev/console.`
			`#`
			`type console_device_t, device_type, dev_fs;`

			`#`
			`# xconsole_device_t is the type of /dev/xconsole`
			`type xconsole_device_t, file_type, dev_fs;`

			`#`
			`# memory_device_t is the type of /dev/kmem,`
			`# /dev/mem, and /dev/port.`
			`#`
			`type memory_device_t, device_type, dev_fs;`

			`#`
			`# random_device_t is the type of /dev/random`
			`# urandom_device_t is the type of /dev/urandom`
			`#`
			`type random_device_t, device_type, dev_fs;`
			`type urandom_device_t, device_type, dev_fs;`

			`#`
			`# devtty_t is the type of /dev/tty.`
			`#`
			`type devtty_t, device_type, dev_fs, mlstrustedobject;`

			`#`
			`# tty_device_t is the type of /dev/tty`
			`#`
			`type tty_device_t, serial_device, device_type, dev_fs;`

			`#`
			`# bsdpty_device_t is the type of /dev/[tp]ty[abcdepqrstuvwxyz][0-9a-f]`
			`type bsdpty_device_t, device_type, dev_fs;`

			`#`
			`# usbtty_device_t is the type of /dev/usr/tty*`
			`#`
			`type usbtty_device_t, serial_device, device_type, dev_fs;`

			`#`
			`# printer_device_t is the type for printer devices`
			`#`
			`type printer_device_t, device_type, dev_fs;`

			`#`
			`# fixed_disk_device_t is the type of`
			`# /dev/hd* and /dev/sd*.`
			`#`
			`type fixed_disk_device_t, device_type, dev_fs;`

			`#`
			`# scsi_generic_device_t is the type of /dev/sg*`
			`# it gives access to ALL SCSI devices (both fixed and removable)`
			`#`
			`type scsi_generic_device_t, device_type, dev_fs;`

			`#`
			`# removable_device_t is the type of`
			`# /dev/scd* and /dev/fd*.`
			`#`
			`type removable_device_t, device_type, dev_fs;`

			`#`
			`# clock_device_t is the type of`
			`# /dev/rtc.`
			`#`
			`type clock_device_t, device_type, dev_fs;`

			`#`
			`# tun_tap_device_t is the type of /dev/net/tun/* and /dev/net/tap/*`
			`#`
			`type tun_tap_device_t, device_type, dev_fs;`

			`#`
			`# misc_device_t is the type of miscellaneous devices.`
			`# XXX: FIXME! Appropriate access to these devices need to be identified.`
			`#`
			`type misc_device_t, device_type, dev_fs;`

			`#`
			`# A more general type for mouse devices.`
			`#`
			`type mouse_device_t, device_type, dev_fs;`

			`#`
			`# For generic /dev/input/event* event devices`
			`#`
			`type event_device_t, device_type, dev_fs;`

			`#`
			`# Not sure what these devices are for, but X wants access to them.`
			`#`
			`type agp_device_t, device_type, dev_fs;`
			`type dri_device_t, device_type, dev_fs;`

			`# Type for sound devices.`
			`type sound_device_t, device_type, dev_fs;`

			`# Type for /dev/ppp.`
			`type ppp_device_t, device_type, dev_fs;`

			`# Type for frame buffer /dev/fb/*`
			`type framebuf_device_t, device_type, dev_fs;`

			`# Type for /dev/.devfsd`
			`type devfs_control_t, device_type, dev_fs;`

			`# Type for /dev/cpu/mtrr and /proc/mtrr`
			`type mtrr_device_t, device_type, dev_fs, proc_fs;`

			`# Type for /dev/pmu`
			`type power_device_t, device_type, dev_fs;`

			`# Type for /dev/apm_bios`
			`type apm_bios_t, device_type, dev_fs;`

			`# Type for v4l`
			`type v4l_device_t, device_type, dev_fs;`

			`# tape drives`
			`type tape_device_t, device_type, dev_fs;`

			`# scanners`
			`type scanner_device_t, device_type, dev_fs;`

			`# cpu control devices /dev/cpu/0/*`
			`type cpu_device_t, device_type, dev_fs;`

			`# for other device nodes such as the NVidia binary-only driver`
			`type xserver_misc_device_t, device_type, dev_fs;`

			`# for the IBM zSeries z90crypt hardware ssl accelorator`
			`type crypt_device_t, device_type, dev_fs;`