From 0f3be6dbbb0daa64e2563faa9a39d8d01a854fbd Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Tue, 10 May 2005 15:31:48 +0000 Subject: [PATCH] initial commit --- refpolicy/policy/modules/kernel/bootloader.fc | 19 +++++ .../policy/modules/kernel/corenetwork.fc | 7 ++ refpolicy/policy/modules/kernel/devices.fc | 78 +++++++++++++++++++ refpolicy/policy/modules/kernel/storage.fc | 58 ++++++++++++++ refpolicy/policy/modules/kernel/terminal.fc | 18 +++++ 5 files changed, 180 insertions(+) create mode 100644 refpolicy/policy/modules/kernel/bootloader.fc create mode 100644 refpolicy/policy/modules/kernel/corenetwork.fc create mode 100644 refpolicy/policy/modules/kernel/devices.fc create mode 100644 refpolicy/policy/modules/kernel/storage.fc create mode 100644 refpolicy/policy/modules/kernel/terminal.fc diff --git a/refpolicy/policy/modules/kernel/bootloader.fc b/refpolicy/policy/modules/kernel/bootloader.fc new file mode 100644 index 00000000..03becf1b --- /dev/null +++ b/refpolicy/policy/modules/kernel/bootloader.fc @@ -0,0 +1,19 @@ +# Copyright (C) 2005 Tresys Technology, LLC + +/vmlinuz.* -l system_u:object_r:boot_t +/initrd\.img.* -l system_u:object_r:boot_t + +/boot(/.*)? system_u:object_r:boot_t +/boot/System\.map-.* -- system_u:object_r:system_map_t + +/etc/lilo\.conf.* -- system_u:object_r:bootloader_etc_t +/etc/yaboot\.conf.* -- system_u:object_r:bootloader_etc_t + +/etc/mkinitrd/scripts/.* -- system_u:object_r:bootloader_exec_t + +/usr/sbin/mkinitrd -- system_u:object_r:bootloader_exec_t + +/sbin/grub.* -- system_u:object_r:bootloader_exec_t +/sbin/lilo.* -- system_u:object_r:bootloader_exec_t +/sbin/mkinitrd -- system_u:object_r:bootloader_exec_t +/sbin/ybin.* -- system_u:object_r:bootloader_exec_t diff --git a/refpolicy/policy/modules/kernel/corenetwork.fc b/refpolicy/policy/modules/kernel/corenetwork.fc new file mode 100644 index 00000000..19069499 --- /dev/null +++ b/refpolicy/policy/modules/kernel/corenetwork.fc @@ -0,0 +1,7 @@ +# Copyright (C) 2005 Tresys Technology, LLC + +/dev/ippp.* -c system_u:object_r:ppp_device_t +/dev/ppp -c system_u:object_r:ppp_device_t +/dev/pppox.* -c system_u:object_r:ppp_device_t + +/dev/net/.* -c system_u:object_r:tun_tap_device_t diff --git a/refpolicy/policy/modules/kernel/devices.fc b/refpolicy/policy/modules/kernel/devices.fc new file mode 100644 index 00000000..9adcac70 --- /dev/null +++ b/refpolicy/policy/modules/kernel/devices.fc @@ -0,0 +1,78 @@ +# Copyright (C) 2005 Tresys Technology, LLC + +/dev(/.*)? system_u:object_r:device_t + +/dev/.*mouse.* -c system_u:object_r:mouse_device_t +/dev/adsp -c system_u:object_r:sound_device_t +/dev/agpgart -c system_u:object_r:agp_device_t +/dev/aload.* -c system_u:object_r:sound_device_t +/dev/amidi.* -c system_u:object_r:sound_device_t +/dev/amixer.* -c system_u:object_r:sound_device_t +/dev/apm_bios -c system_u:object_r:apm_bios_t +/dev/atibm -c system_u:object_r:mouse_device_t +/dev/audio.* -c system_u:object_r:sound_device_t +/dev/beep -c system_u:object_r:sound_device_t +/dev/console -c system_u:object_r:console_device_t +/dev/dsp.* -c system_u:object_r:sound_device_t +/dev/fb[0-9]* -c system_u:object_r:framebuf_device_t +/dev/full -c system_u:object_r:null_device_t +/dev/irlpt[0-9]+ -c system_u:object_r:printer_device_t +/dev/js.* -c system_u:object_r:mouse_device_t +/dev/kmem -c system_u:object_r:memory_device_t +/dev/logibm -c system_u:object_r:mouse_device_t +/dev/lp.* -c system_u:object_r:printer_device_t +/dev/mem -c system_u:object_r:memory_device_t +/dev/microcode -c system_u:object_r:cpu_device_t +/dev/midi.* -c system_u:object_r:sound_device_t +/dev/mixer.* -c system_u:object_r:sound_device_t +/dev/mmetfgrab -c system_u:object_r:scanner_device_t +/dev/mpu401.* -c system_u:object_r:sound_device_t +/dev/null -c system_u:object_r:null_device_t +/dev/nvidia.* -c system_u:object_r:xserver_misc_device_t +/dev/nvram -c system_u:object_r:memory_device_t +/dev/par.* -c system_u:object_r:printer_device_t +/dev/patmgr[01] -c system_u:object_r:sound_device_t +/dev/pmu -c system_u:object_r:power_device_t +/dev/port -c system_u:object_r:memory_device_t +/dev/psaux -c system_u:object_r:mouse_device_t +/dev/rmidi.* -c system_u:object_r:sound_device_t +/dev/radeon -c system_u:object_r:dri_device_t +/dev/radio.* -c system_u:object_r:v4l_device_t +/dev/random -c system_u:object_r:random_device_t +/dev/rtc -c system_u:object_r:clock_device_t +/dev/sequencer -c system_u:object_r:sound_device_t +/dev/sequencer2 -c system_u:object_r:sound_device_t +/dev/smpte.* -c system_u:object_r:sound_device_t +/dev/srnd[0-7] -c system_u:object_r:sound_device_t +/dev/sndstat -c system_u:object_r:sound_device_t +/dev/tlk[0-3] -c system_u:object_r:v4l_device_t +/dev/urandom -c system_u:object_r:urandom_device_t +/dev/usblp.* -c system_u:object_r:printer_device_t +ifdef(`distro_suse', ` +/dev/usbscanner -c system_u:object_r:scanner_device_t +') +/dev/vbi.* -c system_u:object_r:v4l_device_t +/dev/video.* -c system_u:object_r:v4l_device_t +/dev/vttuner -c system_u:object_r:v4l_device_t +/dev/vtx.* -c system_u:object_r:v4l_device_t +/dev/winradio. -c system_u:object_r:v4l_device_t +/dev/zero -c system_u:object_r:zero_device_t + +/dev/cpu/.* -c system_u:object_r:cpu_device_t +/dev/cpu/mtrr -c system_u:object_r:mtrr_device_t + +/dev/dri/.+ -c system_u:object_r:dri_device_t + +/dev/input/.*mouse.* -c system_u:object_r:mouse_device_t +/dev/input/event.* -c system_u:object_r:event_device_t +/dev/input/mice -c system_u:object_r:mouse_device_t +/dev/input/js.* -c system_u:object_r:mouse_device_t + +/dev/pts(/.*)? <> + +/dev/snd/.* -c system_u:object_r:sound_device_t + +/dev/usb/dc2xx.* -c system_u:object_r:scanner_device_t +/dev/usb/lp.* -c system_u:object_r:printer_device_t +/dev/usb/mdc800.* -c system_u:object_r:scanner_device_t +/dev/usb/scanner.* -c system_u:object_r:scanner_device_t diff --git a/refpolicy/policy/modules/kernel/storage.fc b/refpolicy/policy/modules/kernel/storage.fc new file mode 100644 index 00000000..dabb2b48 --- /dev/null +++ b/refpolicy/policy/modules/kernel/storage.fc @@ -0,0 +1,58 @@ +# Copyright (C) 2005 Tresys Technology, LLC + +/dev/n?(raw)?[qr]ft[0-3] -c system_u:object_r:tape_device_t +/dev/n?[hs]t[0-9].* -c system_u:object_r:tape_device_t +/dev/n?z?qft[0-3] -c system_u:object_r:tape_device_t +/dev/n?osst[0-3].* -c system_u:object_r:tape_device_t +/dev/n?pt[0-9]+ -c system_u:object_r:tape_device_t +/dev/n?tpqic[12].* -c system_u:object_r:tape_device_t +/dev/[shmx]d[^/]* -b system_u:object_r:fixed_disk_device_t +/dev/aztcd -b system_u:object_r:removable_device_t +/dev/bpcd -b system_u:object_r:removable_device_t +/dev/cdu.* -b system_u:object_r:removable_device_t +/dev/cm20.* -b system_u:object_r:removable_device_t +/dev/dasd[^/]* -b system_u:object_r:fixed_disk_device_t +/dev/dm-[0-9]+ -b system_u:object_r:fixed_disk_device_t +/dev/fd[^/]+ -b system_u:object_r:removable_device_t +/dev/flash[^/]* -b system_u:object_r:fixed_disk_device_t +/dev/gscd -b system_u:object_r:removable_device_t +/dev/hitcd -b system_u:object_r:removable_device_t +/dev/ht[0-1] -b system_u:object_r:tape_device_t +/dev/initrd -b system_u:object_r:fixed_disk_device_t +/dev/jsfd -b system_u:object_r:fixed_disk_device_t +/dev/jsflash -c system_u:object_r:fixed_disk_device_t +/dev/loop.* -b system_u:object_r:fixed_disk_device_t +/dev/mcdx? -b system_u:object_r:removable_device_t +/dev/nb[^/]+ -b system_u:object_r:fixed_disk_device_t +/dev/optcd -b system_u:object_r:removable_device_t +/dev/p[fg][0-3] -b system_u:object_r:removable_device_t +/dev/pcd[0-3] -b system_u:object_r:removable_device_t +/dev/pd[a-d][^/]* -b system_u:object_r:removable_device_t +/dev/pg[0-3] -c system_u:object_r:removable_device_t +/dev/ram.* -b system_u:object_r:fixed_disk_device_t +/dev/rawctl -c system_u:object_r:fixed_disk_device_t +/dev/rd.* -b system_u:object_r:fixed_disk_device_t +ifdef(`distro_redhat', ` +/dev/root -b system_u:object_r:fixed_disk_device_t +') +/dev/s(cd|r)[^/]* -b system_u:object_r:removable_device_t +/dev/sbpcd.* -b system_u:object_r:removable_device_t +/dev/sg[0-9]+ -c system_u:object_r:scsi_generic_device_t +/dev/sjcd -b system_u:object_r:removable_device_t +/dev/sonycd -b system_u:object_r:removable_device_t +/dev/tape.* -c system_u:object_r:tape_device_t +/dev/ubd[^/]* -b system_u:object_r:fixed_disk_device_t + +/dev/ataraid/.* -b system_u:object_r:fixed_disk_device_t + +/dev/cciss/[^/]* -b system_u:object_r:fixed_disk_device_t + +/dev/i2o/hd[^/]* -b system_u:object_r:fixed_disk_device_t + +/dev/ida/[^/]* -b system_u:object_r:fixed_disk_device_t + +/dev/raw/raw[0-9]+ -c system_u:object_r:fixed_disk_device_t + +/dev/scramdisk/.* -b system_u:object_r:fixed_disk_device_t + +/dev/usb/rio500 -c system_u:object_r:removable_device_t diff --git a/refpolicy/policy/modules/kernel/terminal.fc b/refpolicy/policy/modules/kernel/terminal.fc new file mode 100644 index 00000000..322511ce --- /dev/null +++ b/refpolicy/policy/modules/kernel/terminal.fc @@ -0,0 +1,18 @@ +# Copyright (C) 2005 Tresys Technology, LLC + +/dev/.*tty[^/]* -c system_u:object_r:tty_device_t +/dev/[pt]ty[abcdepqrstuvwxyz][0-9a-f] -c system_u:object_r:bsdpty_device_t +/dev/capi.* -c system_u:object_r:tty_device_t +/dev/cu.* -c system_u:object_r:tty_device_t +/dev/dcbri[0-9]+ -c system_u:object_r:tty_device_t +/dev/hvc.* -c system_u:object_r:tty_device_t +/dev/hvsi.* -c system_u:object_r:tty_device_t +/dev/ircomm[0-9]+ -c system_u:object_r:tty_device_t +/dev/ip2[^/]* -c system_u:object_r:tty_device_t +/dev/isdn.* -c system_u:object_r:tty_device_t +/dev/ptmx -c system_u:object_r:ptmx_t +/dev/tty -c system_u:object_r:devtty_t +/dev/ttySG.* -c system_u:object_r:tty_device_t +/dev/vcs[^/]* -c system_u:object_r:tty_device_t + +/dev/usb/tty.* -c system_u:object_r:usbtty_device_t