From 4600e088679e6ae13e9b27d9fb9cdad02ca84930 Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Thu, 28 Apr 2005 15:46:23 +0000 Subject: [PATCH] reorganize the policy --- refpolicy/policy/modules/system/getty.te | 41 +++++++++--------------- 1 file changed, 16 insertions(+), 25 deletions(-) diff --git a/refpolicy/policy/modules/system/getty.te b/refpolicy/policy/modules/system/getty.te index c97fdcb2..580e3e23 100644 --- a/refpolicy/policy/modules/system/getty.te +++ b/refpolicy/policy/modules/system/getty.te @@ -36,41 +36,32 @@ allow getty_t getty_log_t:file { getattr append setattr }; kernel_read_hardware_state(getty_t) -files_create_private_config(getty_t,getty_etc_t,{ file dir }) -files_create_private_tmp_data(getty_t,getty_tmp_t,{ file dir }) - -authlogin_modify_login_records(getty_t) -logging_send_system_log_message(getty_t) - -# Write to /var/run/utmp. -files_modify_system_runtime_data(getty_t) - -files_manage_system_lock_files(getty_t) -files_read_runtime_system_config(getty_t) -files_read_general_system_config(getty_t) -miscfiles_read_localization(getty_t) - # for error condition handling filesystem_get_persistent_filesystem_attributes(getty_t) # Chown, chmod, read and write ttys. terminal_use_all_terminals(getty_t) +terminal_set_console_attributes(getty_t) -############## -# TODO Items +init_script_use_pseudoterminal(getty_t) -# TODO:May need to create a new interface for setting device node attributes -#allow getty_t console_device_t:chr_file setattr; +files_modify_system_runtime_data(getty_t) +files_create_private_config(getty_t,getty_etc_t,{ file dir }) +files_create_private_tmp_data(getty_t,getty_tmp_t,{ file dir }) +files_manage_system_lock_files(getty_t) +files_read_runtime_system_config(getty_t) +files_read_general_system_config(getty_t) + +authlogin_modify_login_records(getty_t) + +#locallogin_transition(getty_t) + +logging_send_system_log_message(getty_t) + +miscfiles_read_localization(getty_t) # TODO: to allow w to display everyone... #bool user_ttyfile_stat false; #if (user_ttyfile_stat) { #allow userdomain ttyfile:chr_file getattr; #} - -# TODO: Run login in local_login_t domain. -#allow getty_t bin_t:dir search; -#domain_auto_trans(getty_t, login_exec_t, local_login_t) - -# TODO: There is no interface for this in init.if yet. -#allow getty_t initrc_devpts_t:chr_file { read write };