initial commit
This commit is contained in:
Chris PeBenito
parent
6f50b57665
commit
0f3be6dbbb
19
refpolicy/policy/modules/kernel/bootloader.fc
Normal file
19
refpolicy/policy/modules/kernel/bootloader.fc
Normal file
@ -0,0 +1,19 @@
|
||||
# Copyright (C) 2005 Tresys Technology, LLC
|
||||
|
||||
/vmlinuz.* -l system_u:object_r:boot_t
|
||||
/initrd\.img.* -l system_u:object_r:boot_t
|
||||
|
||||
/boot(/.*)? system_u:object_r:boot_t
|
||||
/boot/System\.map-.* -- system_u:object_r:system_map_t
|
||||
|
||||
/etc/lilo\.conf.* -- system_u:object_r:bootloader_etc_t
|
||||
/etc/yaboot\.conf.* -- system_u:object_r:bootloader_etc_t
|
||||
|
||||
/etc/mkinitrd/scripts/.* -- system_u:object_r:bootloader_exec_t
|
||||
|
||||
/usr/sbin/mkinitrd -- system_u:object_r:bootloader_exec_t
|
||||
|
||||
/sbin/grub.* -- system_u:object_r:bootloader_exec_t
|
||||
/sbin/lilo.* -- system_u:object_r:bootloader_exec_t
|
||||
/sbin/mkinitrd -- system_u:object_r:bootloader_exec_t
|
||||
/sbin/ybin.* -- system_u:object_r:bootloader_exec_t
|
||||
7
refpolicy/policy/modules/kernel/corenetwork.fc
Normal file
7
refpolicy/policy/modules/kernel/corenetwork.fc
Normal file
@ -0,0 +1,7 @@
|
||||
# Copyright (C) 2005 Tresys Technology, LLC
|
||||
|
||||
/dev/ippp.* -c system_u:object_r:ppp_device_t
|
||||
/dev/ppp -c system_u:object_r:ppp_device_t
|
||||
/dev/pppox.* -c system_u:object_r:ppp_device_t
|
||||
|
||||
/dev/net/.* -c system_u:object_r:tun_tap_device_t
|
||||
78
refpolicy/policy/modules/kernel/devices.fc
Normal file
78
refpolicy/policy/modules/kernel/devices.fc
Normal file
@ -0,0 +1,78 @@
|
||||
# Copyright (C) 2005 Tresys Technology, LLC
|
||||
|
||||
/dev(/.*)? system_u:object_r:device_t
|
||||
|
||||
/dev/.*mouse.* -c system_u:object_r:mouse_device_t
|
||||
/dev/adsp -c system_u:object_r:sound_device_t
|
||||
/dev/agpgart -c system_u:object_r:agp_device_t
|
||||
/dev/aload.* -c system_u:object_r:sound_device_t
|
||||
/dev/amidi.* -c system_u:object_r:sound_device_t
|
||||
/dev/amixer.* -c system_u:object_r:sound_device_t
|
||||
/dev/apm_bios -c system_u:object_r:apm_bios_t
|
||||
/dev/atibm -c system_u:object_r:mouse_device_t
|
||||
/dev/audio.* -c system_u:object_r:sound_device_t
|
||||
/dev/beep -c system_u:object_r:sound_device_t
|
||||
/dev/console -c system_u:object_r:console_device_t
|
||||
/dev/dsp.* -c system_u:object_r:sound_device_t
|
||||
/dev/fb[0-9]* -c system_u:object_r:framebuf_device_t
|
||||
/dev/full -c system_u:object_r:null_device_t
|
||||
/dev/irlpt[0-9]+ -c system_u:object_r:printer_device_t
|
||||
/dev/js.* -c system_u:object_r:mouse_device_t
|
||||
/dev/kmem -c system_u:object_r:memory_device_t
|
||||
/dev/logibm -c system_u:object_r:mouse_device_t
|
||||
/dev/lp.* -c system_u:object_r:printer_device_t
|
||||
/dev/mem -c system_u:object_r:memory_device_t
|
||||
/dev/microcode -c system_u:object_r:cpu_device_t
|
||||
/dev/midi.* -c system_u:object_r:sound_device_t
|
||||
/dev/mixer.* -c system_u:object_r:sound_device_t
|
||||
/dev/mmetfgrab -c system_u:object_r:scanner_device_t
|
||||
/dev/mpu401.* -c system_u:object_r:sound_device_t
|
||||
/dev/null -c system_u:object_r:null_device_t
|
||||
/dev/nvidia.* -c system_u:object_r:xserver_misc_device_t
|
||||
/dev/nvram -c system_u:object_r:memory_device_t
|
||||
/dev/par.* -c system_u:object_r:printer_device_t
|
||||
/dev/patmgr[01] -c system_u:object_r:sound_device_t
|
||||
/dev/pmu -c system_u:object_r:power_device_t
|
||||
/dev/port -c system_u:object_r:memory_device_t
|
||||
/dev/psaux -c system_u:object_r:mouse_device_t
|
||||
/dev/rmidi.* -c system_u:object_r:sound_device_t
|
||||
/dev/radeon -c system_u:object_r:dri_device_t
|
||||
/dev/radio.* -c system_u:object_r:v4l_device_t
|
||||
/dev/random -c system_u:object_r:random_device_t
|
||||
/dev/rtc -c system_u:object_r:clock_device_t
|
||||
/dev/sequencer -c system_u:object_r:sound_device_t
|
||||
/dev/sequencer2 -c system_u:object_r:sound_device_t
|
||||
/dev/smpte.* -c system_u:object_r:sound_device_t
|
||||
/dev/srnd[0-7] -c system_u:object_r:sound_device_t
|
||||
/dev/sndstat -c system_u:object_r:sound_device_t
|
||||
/dev/tlk[0-3] -c system_u:object_r:v4l_device_t
|
||||
/dev/urandom -c system_u:object_r:urandom_device_t
|
||||
/dev/usblp.* -c system_u:object_r:printer_device_t
|
||||
ifdef(`distro_suse', `
|
||||
/dev/usbscanner -c system_u:object_r:scanner_device_t
|
||||
')
|
||||
/dev/vbi.* -c system_u:object_r:v4l_device_t
|
||||
/dev/video.* -c system_u:object_r:v4l_device_t
|
||||
/dev/vttuner -c system_u:object_r:v4l_device_t
|
||||
/dev/vtx.* -c system_u:object_r:v4l_device_t
|
||||
/dev/winradio. -c system_u:object_r:v4l_device_t
|
||||
/dev/zero -c system_u:object_r:zero_device_t
|
||||
|
||||
/dev/cpu/.* -c system_u:object_r:cpu_device_t
|
||||
/dev/cpu/mtrr -c system_u:object_r:mtrr_device_t
|
||||
|
||||
/dev/dri/.+ -c system_u:object_r:dri_device_t
|
||||
|
||||
/dev/input/.*mouse.* -c system_u:object_r:mouse_device_t
|
||||
/dev/input/event.* -c system_u:object_r:event_device_t
|
||||
/dev/input/mice -c system_u:object_r:mouse_device_t
|
||||
/dev/input/js.* -c system_u:object_r:mouse_device_t
|
||||
|
||||
/dev/pts(/.*)? <<none>>
|
||||
|
||||
/dev/snd/.* -c system_u:object_r:sound_device_t
|
||||
|
||||
/dev/usb/dc2xx.* -c system_u:object_r:scanner_device_t
|
||||
/dev/usb/lp.* -c system_u:object_r:printer_device_t
|
||||
/dev/usb/mdc800.* -c system_u:object_r:scanner_device_t
|
||||
/dev/usb/scanner.* -c system_u:object_r:scanner_device_t
|
||||
58
refpolicy/policy/modules/kernel/storage.fc
Normal file
58
refpolicy/policy/modules/kernel/storage.fc
Normal file
@ -0,0 +1,58 @@
|
||||
# Copyright (C) 2005 Tresys Technology, LLC
|
||||
|
||||
/dev/n?(raw)?[qr]ft[0-3] -c system_u:object_r:tape_device_t
|
||||
/dev/n?[hs]t[0-9].* -c system_u:object_r:tape_device_t
|
||||
/dev/n?z?qft[0-3] -c system_u:object_r:tape_device_t
|
||||
/dev/n?osst[0-3].* -c system_u:object_r:tape_device_t
|
||||
/dev/n?pt[0-9]+ -c system_u:object_r:tape_device_t
|
||||
/dev/n?tpqic[12].* -c system_u:object_r:tape_device_t
|
||||
/dev/[shmx]d[^/]* -b system_u:object_r:fixed_disk_device_t
|
||||
/dev/aztcd -b system_u:object_r:removable_device_t
|
||||
/dev/bpcd -b system_u:object_r:removable_device_t
|
||||
/dev/cdu.* -b system_u:object_r:removable_device_t
|
||||
/dev/cm20.* -b system_u:object_r:removable_device_t
|
||||
/dev/dasd[^/]* -b system_u:object_r:fixed_disk_device_t
|
||||
/dev/dm-[0-9]+ -b system_u:object_r:fixed_disk_device_t
|
||||
/dev/fd[^/]+ -b system_u:object_r:removable_device_t
|
||||
/dev/flash[^/]* -b system_u:object_r:fixed_disk_device_t
|
||||
/dev/gscd -b system_u:object_r:removable_device_t
|
||||
/dev/hitcd -b system_u:object_r:removable_device_t
|
||||
/dev/ht[0-1] -b system_u:object_r:tape_device_t
|
||||
/dev/initrd -b system_u:object_r:fixed_disk_device_t
|
||||
/dev/jsfd -b system_u:object_r:fixed_disk_device_t
|
||||
/dev/jsflash -c system_u:object_r:fixed_disk_device_t
|
||||
/dev/loop.* -b system_u:object_r:fixed_disk_device_t
|
||||
/dev/mcdx? -b system_u:object_r:removable_device_t
|
||||
/dev/nb[^/]+ -b system_u:object_r:fixed_disk_device_t
|
||||
/dev/optcd -b system_u:object_r:removable_device_t
|
||||
/dev/p[fg][0-3] -b system_u:object_r:removable_device_t
|
||||
/dev/pcd[0-3] -b system_u:object_r:removable_device_t
|
||||
/dev/pd[a-d][^/]* -b system_u:object_r:removable_device_t
|
||||
/dev/pg[0-3] -c system_u:object_r:removable_device_t
|
||||
/dev/ram.* -b system_u:object_r:fixed_disk_device_t
|
||||
/dev/rawctl -c system_u:object_r:fixed_disk_device_t
|
||||
/dev/rd.* -b system_u:object_r:fixed_disk_device_t
|
||||
ifdef(`distro_redhat', `
|
||||
/dev/root -b system_u:object_r:fixed_disk_device_t
|
||||
')
|
||||
/dev/s(cd|r)[^/]* -b system_u:object_r:removable_device_t
|
||||
/dev/sbpcd.* -b system_u:object_r:removable_device_t
|
||||
/dev/sg[0-9]+ -c system_u:object_r:scsi_generic_device_t
|
||||
/dev/sjcd -b system_u:object_r:removable_device_t
|
||||
/dev/sonycd -b system_u:object_r:removable_device_t
|
||||
/dev/tape.* -c system_u:object_r:tape_device_t
|
||||
/dev/ubd[^/]* -b system_u:object_r:fixed_disk_device_t
|
||||
|
||||
/dev/ataraid/.* -b system_u:object_r:fixed_disk_device_t
|
||||
|
||||
/dev/cciss/[^/]* -b system_u:object_r:fixed_disk_device_t
|
||||
|
||||
/dev/i2o/hd[^/]* -b system_u:object_r:fixed_disk_device_t
|
||||
|
||||
/dev/ida/[^/]* -b system_u:object_r:fixed_disk_device_t
|
||||
|
||||
/dev/raw/raw[0-9]+ -c system_u:object_r:fixed_disk_device_t
|
||||
|
||||
/dev/scramdisk/.* -b system_u:object_r:fixed_disk_device_t
|
||||
|
||||
/dev/usb/rio500 -c system_u:object_r:removable_device_t
|
||||
18
refpolicy/policy/modules/kernel/terminal.fc
Normal file
18
refpolicy/policy/modules/kernel/terminal.fc
Normal file
@ -0,0 +1,18 @@
|
||||
# Copyright (C) 2005 Tresys Technology, LLC
|
||||
|
||||
/dev/.*tty[^/]* -c system_u:object_r:tty_device_t
|
||||
/dev/[pt]ty[abcdepqrstuvwxyz][0-9a-f] -c system_u:object_r:bsdpty_device_t
|
||||
/dev/capi.* -c system_u:object_r:tty_device_t
|
||||
/dev/cu.* -c system_u:object_r:tty_device_t
|
||||
/dev/dcbri[0-9]+ -c system_u:object_r:tty_device_t
|
||||
/dev/hvc.* -c system_u:object_r:tty_device_t
|
||||
/dev/hvsi.* -c system_u:object_r:tty_device_t
|
||||
/dev/ircomm[0-9]+ -c system_u:object_r:tty_device_t
|
||||
/dev/ip2[^/]* -c system_u:object_r:tty_device_t
|
||||
/dev/isdn.* -c system_u:object_r:tty_device_t
|
||||
/dev/ptmx -c system_u:object_r:ptmx_t
|
||||
/dev/tty -c system_u:object_r:devtty_t
|
||||
/dev/ttySG.* -c system_u:object_r:tty_device_t
|
||||
/dev/vcs[^/]* -c system_u:object_r:tty_device_t
|
||||
|
||||
/dev/usb/tty.* -c system_u:object_r:usbtty_device_t
|
||||
Loading…
Reference in New Issue
Block a user