Remove concept of user from terminal module interfaces dealing with ptynode and ttynode since these attributes are not specific to users.

policy/modules/admin/bootloader.te

@@ -93,7 +93,7 @@ fs_manage_dos_files(bootloader_t)
 mls_file_read_all_levels(bootloader_t)
 mls_file_write_all_levels(bootloader_t)
 
-term_getattr_all_user_ttys(bootloader_t)
+term_getattr_all_ttys(bootloader_t)
 term_dontaudit_manage_pty_dirs(bootloader_t)
 
 corecmd_exec_all_executables(bootloader_t)

policy/modules/admin/ddcprobe.te

@@ -36,8 +36,8 @@ files_read_etc_files(ddcprobe_t)
 files_read_etc_runtime_files(ddcprobe_t)
 files_read_usr_files(ddcprobe_t)
 
-term_use_all_user_ttys(ddcprobe_t)
+term_use_all_ttys(ddcprobe_t)
-term_use_all_user_ptys(ddcprobe_t)
+term_use_all_ptys(ddcprobe_t)
 
 libs_read_lib_files(ddcprobe_t)
 

policy/modules/admin/netutils.te

@@ -147,8 +147,8 @@ ifdef(`hide_broken_symptoms',`
 ')
 
 tunable_policy(`user_ping',`
-	term_use_all_user_ttys(ping_t)
+	term_use_all_ttys(ping_t)
-	term_use_all_user_ptys(ping_t)
+	term_use_all_ptys(ping_t)
 ')
 
 optional_policy(`
@@ -218,6 +218,6 @@ dev_read_urand(traceroute_t)
 files_read_usr_files(traceroute_t)
 
 tunable_policy(`user_ping',`
-	term_use_all_user_ttys(traceroute_t)
+	term_use_all_ttys(traceroute_t)
-	term_use_all_user_ptys(traceroute_t)
+	term_use_all_ptys(traceroute_t)
 ')

policy/modules/admin/su.if

@@ -253,10 +253,10 @@ template(`su_role_template',`
 		selinux_compute_user_contexts($1_su_t)
 
 		# Relabel ttys and ptys.
-		term_relabel_all_user_ttys($1_su_t)
+		term_relabel_all_ttys($1_su_t)
 		term_relabel_all_user_ptys($1_su_t)
 		# Close and re-open ttys and ptys to get the fd into the correct domain.
-		term_use_all_user_ttys($1_su_t)
+		term_use_all_ttys($1_su_t)
 		term_use_all_user_ptys($1_su_t)
 
 		seutil_read_config($1_su_t)

policy/modules/admin/sudo.if

@@ -109,8 +109,8 @@ template(`sudo_role_template',`
 	selinux_validate_context($1_sudo_t)
 	selinux_compute_relabel_context($1_sudo_t)
 
-	term_relabel_all_user_ttys($1_sudo_t)
+	term_relabel_all_ttys($1_sudo_t)
-	term_relabel_all_user_ptys($1_sudo_t)
+	term_relabel_all_ptys($1_sudo_t)
 
 	auth_run_chk_passwd($1_sudo_t, $2)
 	# sudo stores a token in the pam_pid directory

policy/modules/admin/usermanage.te

@@ -82,8 +82,8 @@ selinux_compute_create_context(chfn_t)
 selinux_compute_relabel_context(chfn_t)
 selinux_compute_user_contexts(chfn_t)
 
-term_use_all_user_ttys(chfn_t)
+term_use_all_ttys(chfn_t)
-term_use_all_user_ptys(chfn_t)
+term_use_all_ptys(chfn_t)
 
 fs_getattr_xattr_fs(chfn_t)
 fs_search_auto_mountpoints(chfn_t)
@@ -197,8 +197,8 @@ selinux_compute_create_context(groupadd_t)
 selinux_compute_relabel_context(groupadd_t)
 selinux_compute_user_contexts(groupadd_t)
 
-term_use_all_user_ttys(groupadd_t)
+term_use_all_ttys(groupadd_t)
-term_use_all_user_ptys(groupadd_t)
+term_use_all_ptys(groupadd_t)
 
 init_use_fds(groupadd_t)
 init_read_utmp(groupadd_t)
@@ -292,8 +292,8 @@ selinux_compute_create_context(passwd_t)
 selinux_compute_relabel_context(passwd_t)
 selinux_compute_user_contexts(passwd_t)
 
-term_use_all_user_ttys(passwd_t)
+term_use_all_ttys(passwd_t)
-term_use_all_user_ptys(passwd_t)
+term_use_all_ptys(passwd_t)
 
 auth_domtrans_chk_passwd(passwd_t)
 auth_manage_shadow(passwd_t)
@@ -382,8 +382,8 @@ dev_read_urand(sysadm_passwd_t)
 fs_getattr_xattr_fs(sysadm_passwd_t)
 fs_search_auto_mountpoints(sysadm_passwd_t)
 
-term_use_all_user_ttys(sysadm_passwd_t)
+term_use_all_ttys(sysadm_passwd_t)
-term_use_all_user_ptys(sysadm_passwd_t)
+term_use_all_ptys(sysadm_passwd_t)
 
 auth_manage_shadow(sysadm_passwd_t)
 auth_relabel_shadow(sysadm_passwd_t)
@@ -469,8 +469,8 @@ selinux_compute_create_context(useradd_t)
 selinux_compute_relabel_context(useradd_t)
 selinux_compute_user_contexts(useradd_t)
 
-term_use_all_user_ttys(useradd_t)
+term_use_all_ttys(useradd_t)
-term_use_all_user_ptys(useradd_t)
+term_use_all_ptys(useradd_t)
 
 auth_domtrans_chk_passwd(useradd_t)
 auth_rw_lastlog(useradd_t)

policy/modules/admin/vpn.te

@@ -77,8 +77,8 @@ domain_use_interactive_fds(vpnc_t)
 fs_getattr_xattr_fs(vpnc_t)
 fs_getattr_tmpfs(vpnc_t)
 
-term_use_all_user_ptys(vpnc_t)
+term_use_all_ptys(vpnc_t)
-term_use_all_user_ttys(vpnc_t)
+term_use_all_ttys(vpnc_t)
 
 corecmd_exec_all_executables(vpnc_t)
 

policy/modules/apps/ptchown.te

@@ -24,7 +24,7 @@ files_read_etc_files(ptchown_t)
 fs_rw_anon_inodefs_files(ptchown_t)
 
 term_setattr_generic_ptys(ptchown_t)
-term_setattr_all_user_ptys(ptchown_t)
+term_setattr_all_ptys(ptchown_t)
 term_use_generic_ptys(ptchown_t)
 term_use_ptmx(ptchown_t)
 

policy/modules/apps/pulseaudio.te

@@ -53,8 +53,8 @@ fs_rw_anon_inodefs_files(pulseaudio_t)
 fs_getattr_tmpfs(pulseaudio_t)
 fs_list_inotifyfs(pulseaudio_t)
 
-term_use_all_user_ttys(pulseaudio_t)
+term_use_all_ttys(pulseaudio_t)
-term_use_all_user_ptys(pulseaudio_t)
+term_use_all_ptys(pulseaudio_t)
 
 auth_use_nsswitch(pulseaudio_t)
 

policy/modules/apps/userhelper.if

@@ -112,11 +112,11 @@ template(`userhelper_role_template',`
 	# Read the devpts root directory.
 	term_list_ptys($1_userhelper_t)
 	# Relabel terminals.
-	term_relabel_all_user_ttys($1_userhelper_t)
+	term_relabel_all_ttys($1_userhelper_t)
-	term_relabel_all_user_ptys($1_userhelper_t)
+	term_relabel_all_ptys($1_userhelper_t)
 	# Access terminals.
-	term_use_all_user_ttys($1_userhelper_t)
+	term_use_all_ttys($1_userhelper_t)
-	term_use_all_user_ptys($1_userhelper_t)
+	term_use_all_ptys($1_userhelper_t)
 
 	auth_domtrans_chk_passwd($1_userhelper_t)
 	auth_manage_pam_pid($1_userhelper_t)

policy/modules/kernel/terminal.if

@@ -672,7 +672,7 @@ interface(`term_dontaudit_use_ptmx',`
 
 ########################################
 ## <summary>
-##	Get the attributes of all user
+##	Get the attributes of all
 ##	pty device nodes.
 ## </summary>
 ## <param name="domain">
@@ -682,7 +682,7 @@ interface(`term_dontaudit_use_ptmx',`
 ## </param>
 ## <rolecap/>
 #
-interface(`term_getattr_all_user_ptys',`
+interface(`term_getattr_all_ptys',`
 	gen_require(`
 		attribute ptynode;
 		type devpts_t;
@@ -696,7 +696,7 @@ interface(`term_getattr_all_user_ptys',`
 ########################################
 ## <summary>
 ##	Do not audit attempts to get the
-##	attributes of any user pty
+##	attributes of any pty
 ##	device nodes.
 ## </summary>
 ## <param name="domain">
@@ -705,7 +705,7 @@ interface(`term_getattr_all_user_ptys',`
 ##	</summary>
 ## </param>
 #
-interface(`term_dontaudit_getattr_all_user_ptys',`
+interface(`term_dontaudit_getattr_all_ptys',`
 	gen_require(`
 		attribute ptynode;
 	')
@@ -715,7 +715,7 @@ interface(`term_dontaudit_getattr_all_user_ptys',`
 
 ########################################
 ## <summary>
-##	Set the attributes of all user
+##	Set the attributes of all
 ##	pty device nodes.
 ## </summary>
 ## <param name="domain">
@@ -725,7 +725,7 @@ interface(`term_dontaudit_getattr_all_user_ptys',`
 ## </param>
 ## <rolecap/>
 #
-interface(`term_setattr_all_user_ptys',`
+interface(`term_setattr_all_ptys',`
 	gen_require(`
 		attribute ptynode;
 		type devpts_t;
@@ -738,7 +738,7 @@ interface(`term_setattr_all_user_ptys',`
 
 ########################################
 ## <summary>
-##	Relabel to all user ptys.
+##	Relabel to all ptys.
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -746,7 +746,7 @@ interface(`term_setattr_all_user_ptys',`
 ##	</summary>
 ## </param>
 #
-interface(`term_relabelto_all_user_ptys',`
+interface(`term_relabelto_all_ptys',`
 	gen_require(`
 		attribute ptynode;
 	')
@@ -756,7 +756,7 @@ interface(`term_relabelto_all_user_ptys',`
 
 ########################################
 ## <summary>
-##	Write to all user ptys.
+##	Write to all ptys.
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -764,7 +764,7 @@ interface(`term_relabelto_all_user_ptys',`
 ##	</summary>
 ## </param>
 #
-interface(`term_write_all_user_ptys',`
+interface(`term_write_all_ptys',`
 	gen_require(`
 		attribute ptynode;
 	')
@@ -775,7 +775,7 @@ interface(`term_write_all_user_ptys',`
 
 ########################################
 ## <summary>
-##	Read and write all user ptys.
+##	Read and write all ptys.
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -784,7 +784,7 @@ interface(`term_write_all_user_ptys',`
 ## </param>
 ## <rolecap/>
 #
-interface(`term_use_all_user_ptys',`
+interface(`term_use_all_ptys',`
 	gen_require(`
 		attribute ptynode;
 		type devpts_t;
@@ -797,16 +797,15 @@ interface(`term_use_all_user_ptys',`
 
 ########################################
 ## <summary>
-##	Do not audit attempts to read any
+##	Do not audit attempts to read or write any ptys.
-##	user ptys.
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-##	The type of the process to not audit.
+##	Domain to not audit.
 ##	</summary>
 ## </param>
 #
-interface(`term_dontaudit_use_all_user_ptys',`
+interface(`term_dontaudit_use_all_ptys',`
 	gen_require(`
 		attribute ptynode;
 	')
@@ -814,10 +813,143 @@ interface(`term_dontaudit_use_all_user_ptys',`
 	dontaudit $1 ptynode:chr_file { rw_term_perms lock append };
 ')
 
+########################################
+## <summary>
+##	Relabel from and to all pty device nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`term_relabel_all_ptys',`
+	gen_require(`
+		attribute ptynode;
+		type devpts_t;
+	')
+
+	dev_list_all_dev_nodes($1)
+	relabel_chr_files_pattern($1, devpts_t, ptynode)
+')
+
+########################################
+## <summary>
+##	Get the attributes of all user
+##	pty device nodes. (Deprecated)
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`term_getattr_all_user_ptys',`
+	refpolicywarn(`$0 has been deprecated, use term_getattr_all_ptys() instead.')
+	term_getattr_all_ptys($1)
+')
+
+########################################
+## <summary>
+##	Do not audit attempts to get the
+##	attributes of any user pty
+##	device nodes. (Deprecated)
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`term_dontaudit_getattr_all_user_ptys',`
+	refpolicywarn(`$0 has been deprecated, use term_dontaudit_getattr_all_ptys() instead.')
+	term_dontaudit_getattr_all_ptys($1)
+')
+
+########################################
+## <summary>
+##	Set the attributes of all user
+##	pty device nodes. (Deprecated)
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`term_setattr_all_user_ptys',`
+	refpolicywarn(`$0 has been deprecated, use term_setattr_all_ptys() instead.')
+	term_setattr_all_ptys($1)
+')
+
+########################################
+## <summary>
+##	Relabel to all user ptys. (Deprecated)
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`term_relabelto_all_user_ptys',`
+	refpolicywarn(`$0 has been deprecated, use term_relabelto_all_ptys() instead.')
+	term_relabelto_all_ptys($1)
+')
+
+########################################
+## <summary>
+##	Write to all user ptys. (Deprecated)
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`term_write_all_user_ptys',`
+	refpolicywarn(`$0 has been deprecated, use term_write_all_ptys() instead.')
+	term_write_all_ptys($1)
+')
+
+########################################
+## <summary>
+##	Read and write all user ptys. (Deprecated)
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`term_use_all_user_ptys',`
+	refpolicywarn(`$0 has been deprecated, use term_use_all_ptys() instead.')
+	term_use_all_ptys($1)
+')
+
+########################################
+## <summary>
+##	Do not audit attempts to read any
+##	user ptys. (Deprecated)
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The type of the process to not audit.
+##	</summary>
+## </param>
+#
+interface(`term_dontaudit_use_all_user_ptys',`
+	refpolicywarn(`$0 has been deprecated, use term_dontaudit_use_all_ptys() instead.')
+	term_dontaudit_use_all_ptys($1)
+')
+
 ########################################
 ## <summary>
 ##	Relabel from and to all user
-##	user pty device nodes.
+##	user pty device nodes. (Deprecated)
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -826,13 +958,8 @@ interface(`term_dontaudit_use_all_user_ptys',`
 ## </param>
 #
 interface(`term_relabel_all_user_ptys',`
-	gen_require(`
+	refpolicywarn(`$0 has been deprecated, use term_relabel_all_ptys() instead.')
-		attribute ptynode;
+	term_relabel_all_ptys($1)
-		type devpts_t;
-	')
-
-	dev_list_all_dev_nodes($1)
-	relabel_chr_files_pattern($1, devpts_t, ptynode)
 ')
 
 ########################################
@@ -1055,8 +1182,7 @@ interface(`term_dontaudit_use_unallocated_ttys',`
 
 ########################################
 ## <summary>
-##	Get the attributes of all user tty
+##	Get the attributes of all tty device nodes.
-##	device nodes.
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -1065,7 +1191,7 @@ interface(`term_dontaudit_use_unallocated_ttys',`
 ## </param>
 ## <rolecap/>
 #
-interface(`term_getattr_all_user_ttys',`
+interface(`term_getattr_all_ttys',`
 	gen_require(`
 		attribute ttynode;
 	')
@@ -1077,8 +1203,7 @@ interface(`term_getattr_all_user_ttys',`
 ########################################
 ## <summary>
 ##	Do not audit attempts to get the
-##	attributes of any user tty
+##	attributes of any tty device nodes.
-##	device nodes.
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -1086,7 +1211,7 @@ interface(`term_getattr_all_user_ttys',`
 ##	</summary>
 ## </param>
 #
-interface(`term_dontaudit_getattr_all_user_ttys',`
+interface(`term_dontaudit_getattr_all_ttys',`
 	gen_require(`
 		attribute ttynode;
 	')
@@ -1097,8 +1222,7 @@ interface(`term_dontaudit_getattr_all_user_ttys',`
 
 ########################################
 ## <summary>
-##	Set the attributes of all user tty
+##	Set the attributes of all tty device nodes.
-##	device nodes.
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -1107,7 +1231,7 @@ interface(`term_dontaudit_getattr_all_user_ttys',`
 ## </param>
 ## <rolecap/>
 #
-interface(`term_setattr_all_user_ttys',`
+interface(`term_setattr_all_ttys',`
 	gen_require(`
 		attribute ttynode;
 	')
@@ -1118,8 +1242,7 @@ interface(`term_setattr_all_user_ttys',`
 
 ########################################
 ## <summary>
-##	Relabel from and to all user
+##	Relabel from and to all tty device nodes.
-##	user tty device nodes.
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -1127,7 +1250,7 @@ interface(`term_setattr_all_user_ttys',`
 ##	</summary>
 ## </param>
 #
-interface(`term_relabel_all_user_ttys',`
+interface(`term_relabel_all_ttys',`
 	gen_require(`
 		attribute ttynode;
 	')
@@ -1138,7 +1261,7 @@ interface(`term_relabel_all_user_ttys',`
 
 ########################################
 ## <summary>
-##	Write to all user ttys.
+##	Write to all ttys.
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -1146,7 +1269,7 @@ interface(`term_relabel_all_user_ttys',`
 ##	</summary>
 ## </param>
 #
-interface(`term_write_all_user_ttys',`
+interface(`term_write_all_ttys',`
 	gen_require(`
 		attribute ttynode;
 	')
@@ -1157,7 +1280,7 @@ interface(`term_write_all_user_ttys',`
 
 ########################################
 ## <summary>
-##	Read and write all user to all user ttys.
+##	Read and write all ttys.
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -1166,7 +1289,7 @@ interface(`term_write_all_user_ttys',`
 ## </param>
 ## <rolecap/>
 #
-interface(`term_use_all_user_ttys',`
+interface(`term_use_all_ttys',`
 	gen_require(`
 		attribute ttynode;
 	')
@@ -1178,7 +1301,124 @@ interface(`term_use_all_user_ttys',`
 ########################################
 ## <summary>
 ##	Do not audit attempts to read or write
-##	any user ttys.
+##	any ttys.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`term_dontaudit_use_all_ttys',`
+	gen_require(`
+		attribute ttynode;
+	')
+
+	dontaudit $1 ttynode:chr_file rw_chr_file_perms;
+')
+
+########################################
+## <summary>
+##	Get the attributes of all user tty
+##	device nodes. (Deprecated)
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`term_getattr_all_user_ttys',`
+	refpolicywarn(`$0() is deprecated, use term_getattr_all_ttys() instead.')
+	term_getattr_all_ttys($1)
+')
+
+########################################
+## <summary>
+##	Do not audit attempts to get the
+##	attributes of any user tty
+##	device nodes. (Deprecated)
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`term_dontaudit_getattr_all_user_ttys',`
+	refpolicywarn(`$0() is deprecated, use term_dontaudit_getattr_all_ttys() instead.')
+	term_dontaudit_getattr_all_ttys($1)
+')
+
+########################################
+## <summary>
+##	Set the attributes of all user tty
+##	device nodes. (Deprecated)
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`term_setattr_all_user_ttys',`
+	refpolicywarn(`$0() is deprecated, use term_setattr_all_ttys() instead.')
+	term_setattr_all_ttys($1)
+')
+
+########################################
+## <summary>
+##	Relabel from and to all user
+##	user tty device nodes. (Deprecated)
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`term_relabel_all_user_ttys',`
+	refpolicywarn(`$0() is deprecated, use term_relabel_all_ttys() instead.')
+	term_relabel_all_ttys($1)
+')
+
+########################################
+## <summary>
+##	Write to all user ttys. (Deprecated)
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`term_write_all_user_ttys',`
+	refpolicywarn(`$0() is deprecated, use term_write_all_ttys() instead.')
+	term_write_all_ttys($1)
+')
+
+########################################
+## <summary>
+##	Read and write all user to all user ttys. (Deprecated)
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`term_use_all_user_ttys',`
+	refpolicywarn(`$0() is deprecated, use term_use_all_ttys() instead.')
+	term_use_all_ttys($1)
+')
+
+########################################
+## <summary>
+##	Do not audit attempts to read or write
+##	any user ttys. (Deprecated)
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -1187,9 +1427,6 @@ interface(`term_use_all_user_ttys',`
 ## </param>
 #
 interface(`term_dontaudit_use_all_user_ttys',`
-	gen_require(`
+	refpolicywarn(`$0() is deprecated, use term_dontaudit_use_all_ttys() instead.')
-		attribute ttynode;
+	term_dontaudit_use_all_ttys($1)
-	')
-
-	dontaudit $1 ttynode:chr_file rw_chr_file_perms;
 ')

policy/modules/services/bluetooth.te

@@ -206,7 +206,7 @@ kernel_read_kernel_sysctls(bluetooth_helper_t)
 
 dev_read_urand(bluetooth_helper_t)
 
-term_dontaudit_use_all_user_ttys(bluetooth_helper_t)
+term_dontaudit_use_all_ttys(bluetooth_helper_t)
 
 corecmd_exec_bin(bluetooth_helper_t)
 corecmd_exec_shell(bluetooth_helper_t)

policy/modules/services/finger.te

@@ -63,8 +63,8 @@ dev_read_sysfs(fingerd_t)
 fs_getattr_all_fs(fingerd_t)
 fs_search_auto_mountpoints(fingerd_t)
 
-term_getattr_all_user_ttys(fingerd_t)
+term_getattr_all_ttys(fingerd_t)
-term_getattr_all_user_ptys(fingerd_t)
+term_getattr_all_ptys(fingerd_t)
 
 auth_read_lastlog(fingerd_t)
 

policy/modules/services/portslave.te

@@ -80,7 +80,7 @@ fs_getattr_xattr_fs(portslave_t)
 
 term_use_unallocated_ttys(portslave_t)
 term_setattr_unallocated_ttys(portslave_t)
-term_use_all_user_ttys(portslave_t)
+term_use_all_ttys(portslave_t)
 term_search_ptys(portslave_t)
 
 auth_rw_login_records(portslave_t)

policy/modules/services/postfix.te

@@ -409,8 +409,8 @@ manage_files_pattern(postfix_postdrop_t, postfix_spool_maildrop_t, postfix_spool
 corenet_udp_sendrecv_generic_if(postfix_postdrop_t)
 corenet_udp_sendrecv_generic_node(postfix_postdrop_t)
 
-term_dontaudit_use_all_user_ptys(postfix_postdrop_t)
+term_dontaudit_use_all_ptys(postfix_postdrop_t)
-term_dontaudit_use_all_user_ttys(postfix_postdrop_t)
+term_dontaudit_use_all_ttys(postfix_postdrop_t)
 
 mta_rw_user_mail_stream_sockets(postfix_postdrop_t)
 
@@ -445,8 +445,8 @@ write_fifo_files_pattern(postfix_postqueue_t, postfix_public_t, postfix_public_t
 domtrans_pattern(postfix_postqueue_t, postfix_showq_exec_t, postfix_showq_t)
 
 # to write the mailq output, it really should not need read access!
-term_use_all_user_ptys(postfix_postqueue_t)
+term_use_all_ptys(postfix_postqueue_t)
-term_use_all_user_ttys(postfix_postqueue_t)
+term_use_all_ttys(postfix_postqueue_t)
 
 init_sigchld_script(postfix_postqueue_t)
 init_use_script_fds(postfix_postqueue_t)
@@ -490,8 +490,8 @@ allow postfix_showq_t postfix_spool_maildrop_t:file read_file_perms;
 allow postfix_showq_t postfix_spool_maildrop_t:lnk_file { getattr read };
 
 # to write the mailq output, it really should not need read access!
-term_use_all_user_ptys(postfix_showq_t)
+term_use_all_ptys(postfix_showq_t)
-term_use_all_user_ttys(postfix_showq_t)
+term_use_all_ttys(postfix_showq_t)
 
 ########################################
 #

policy/modules/services/puppet.te

@@ -114,7 +114,7 @@ selinux_set_generic_booleans(puppet_t)
 selinux_validate_context(puppet_t)
 
 term_dontaudit_getattr_unallocated_ttys(puppet_t)
-term_dontaudit_getattr_all_user_ttys(puppet_t)
+term_dontaudit_getattr_all_ttys(puppet_t)
 
 init_all_labeled_script_domtrans(puppet_t)
 init_domtrans_script(puppet_t)

policy/modules/services/remotelogin.te

@@ -49,7 +49,7 @@ dev_dontaudit_search_sysfs(remote_login_t)
 fs_getattr_xattr_fs(remote_login_t)
 fs_search_auto_mountpoints(remote_login_t)
 
-term_relabel_all_user_ptys(remote_login_t)
+term_relabel_all_ptys(remote_login_t)
 
 auth_rw_login_records(remote_login_t)
 auth_rw_faillog(remote_login_t)

policy/modules/services/setroubleshoot.te

@@ -82,8 +82,8 @@ fs_getattr_all_files(setroubleshootd_t)
 selinux_get_enforce_mode(setroubleshootd_t)
 selinux_validate_context(setroubleshootd_t)
 
-term_dontaudit_use_all_user_ptys(setroubleshootd_t)
+term_dontaudit_use_all_ptys(setroubleshootd_t)
-term_dontaudit_use_all_user_ttys(setroubleshootd_t)
+term_dontaudit_use_all_ttys(setroubleshootd_t)
 
 auth_use_nsswitch(setroubleshootd_t)
 

policy/modules/services/ssh.te

@@ -290,9 +290,9 @@ files_tmp_filetrans(sshd_t, sshd_tmp_t, { dir file sock_file })
 kernel_search_key(sshd_t)
 kernel_link_key(sshd_t)
 
-term_use_all_user_ptys(sshd_t)
+term_use_all_ptys(sshd_t)
-term_setattr_all_user_ptys(sshd_t)
+term_setattr_all_ptys(sshd_t)
-term_relabelto_all_user_ptys(sshd_t)
+term_relabelto_all_ptys(sshd_t)
 
 # for X forwarding
 corenet_tcp_bind_xserver_port(sshd_t)

policy/modules/system/authlogin.te

@@ -165,8 +165,8 @@ fs_search_auto_mountpoints(pam_t)
 
 miscfiles_read_localization(pam_t)
 
-term_use_all_user_ttys(pam_t)
+term_use_all_ttys(pam_t)
-term_use_all_user_ptys(pam_t)
+term_use_all_ptys(pam_t)
 
 init_dontaudit_rw_utmp(pam_t)
 
@@ -253,8 +253,8 @@ storage_getattr_scsi_generic_dev(pam_console_t)
 storage_setattr_scsi_generic_dev(pam_console_t)
 
 term_use_console(pam_console_t)
-term_use_all_user_ttys(pam_console_t)
+term_use_all_ttys(pam_console_t)
-term_use_all_user_ptys(pam_console_t)
+term_use_all_ptys(pam_console_t)
 term_setattr_console(pam_console_t)
 term_getattr_unallocated_ttys(pam_console_t)
 term_setattr_unallocated_ttys(pam_console_t)
@@ -354,10 +354,10 @@ dev_read_urand(utempter_t)
 
 files_read_etc_files(utempter_t)
 
-term_getattr_all_user_ttys(utempter_t)
+term_getattr_all_ttys(utempter_t)
-term_getattr_all_user_ptys(utempter_t)
+term_getattr_all_ptys(utempter_t)
-term_dontaudit_use_all_user_ttys(utempter_t)
+term_dontaudit_use_all_ttys(utempter_t)
-term_dontaudit_use_all_user_ptys(utempter_t)
+term_dontaudit_use_all_ptys(utempter_t)
 term_dontaudit_use_ptmx(utempter_t)
 
 init_rw_utmp(utempter_t)

policy/modules/system/clock.te

@@ -47,8 +47,8 @@ fs_search_auto_mountpoints(hwclock_t)
 
 term_dontaudit_use_console(hwclock_t)
 term_use_unallocated_ttys(hwclock_t)
-term_use_all_user_ttys(hwclock_t)
+term_use_all_ttys(hwclock_t)
-term_use_all_user_ptys(hwclock_t)
+term_use_all_ptys(hwclock_t)
 
 domain_use_interactive_fds(hwclock_t)
 

policy/modules/system/getty.te

@@ -79,9 +79,9 @@ mls_file_read_all_levels(getty_t)
 mls_file_write_all_levels(getty_t)
 
 # Chown, chmod, read and write ttys.
-term_use_all_user_ttys(getty_t)
+term_use_all_ttys(getty_t)
 term_use_unallocated_ttys(getty_t)
-term_setattr_all_user_ttys(getty_t)
+term_setattr_all_ttys(getty_t)
 term_setattr_unallocated_ttys(getty_t)
 term_setattr_console(getty_t)
 term_dontaudit_use_console(getty_t)

policy/modules/system/hostname.te

@@ -39,8 +39,8 @@ fs_search_auto_mountpoints(hostname_t)
 fs_dontaudit_use_tmpfs_chr_dev(hostname_t)
 
 term_dontaudit_use_console(hostname_t)
-term_use_all_user_ttys(hostname_t)
+term_use_all_ttys(hostname_t)
-term_use_all_user_ptys(hostname_t)
+term_use_all_ptys(hostname_t)
 
 init_use_fds(hostname_t)
 init_use_script_fds(hostname_t)

policy/modules/system/ipsec.te

@@ -144,7 +144,7 @@ fs_getattr_all_fs(ipsec_t)
 fs_search_auto_mountpoints(ipsec_t)
 
 term_use_console(ipsec_t)
-term_dontaudit_use_all_user_ttys(ipsec_t)
+term_dontaudit_use_all_ttys(ipsec_t)
 
 auth_use_nsswitch(ipsec_t)
 

policy/modules/system/locallogin.te

@@ -112,11 +112,11 @@ storage_dontaudit_setattr_fixed_disk_dev(local_login_t)
 storage_dontaudit_getattr_removable_dev(local_login_t)
 storage_dontaudit_setattr_removable_dev(local_login_t)
 
-term_use_all_user_ttys(local_login_t)
+term_use_all_ttys(local_login_t)
 term_use_unallocated_ttys(local_login_t)
 term_relabel_unallocated_ttys(local_login_t)
-term_relabel_all_user_ttys(local_login_t)
+term_relabel_all_ttys(local_login_t)
-term_setattr_all_user_ttys(local_login_t)
+term_setattr_all_ttys(local_login_t)
 term_setattr_unallocated_ttys(local_login_t)
 
 auth_rw_login_records(local_login_t)

policy/modules/system/logging.te

@@ -428,7 +428,7 @@ term_write_unallocated_ttys(syslogd_t)
 # for sending messages to logged in users
 init_read_utmp(syslogd_t)
 init_dontaudit_write_utmp(syslogd_t)
-term_write_all_user_ttys(syslogd_t)
+term_write_all_ttys(syslogd_t)
 
 auth_use_nsswitch(syslogd_t)
 

policy/modules/system/pcmcia.te

@@ -89,8 +89,8 @@ fs_getattr_all_fs(cardmgr_t)
 fs_search_auto_mountpoints(cardmgr_t)
 
 term_use_unallocated_ttys(cardmgr_t)
-term_getattr_all_user_ttys(cardmgr_t)
+term_getattr_all_ttys(cardmgr_t)
-term_dontaudit_getattr_all_user_ptys(cardmgr_t)
+term_dontaudit_getattr_all_ptys(cardmgr_t)
 
 libs_exec_ld_so(cardmgr_t)
 libs_exec_lib_files(cardmgr_t)

policy/modules/system/selinuxutil.te

@@ -254,10 +254,10 @@ selinux_compute_create_context(newrole_t)
 selinux_compute_relabel_context(newrole_t)
 selinux_compute_user_contexts(newrole_t)
 
-term_use_all_user_ttys(newrole_t)
+term_use_all_ttys(newrole_t)
-term_use_all_user_ptys(newrole_t)
+term_use_all_ptys(newrole_t)
-term_relabel_all_user_ttys(newrole_t)
+term_relabel_all_ttys(newrole_t)
-term_relabel_all_user_ptys(newrole_t)
+term_relabel_all_ptys(newrole_t)
 term_getattr_unallocated_ttys(newrole_t)
 term_dontaudit_use_unallocated_ttys(newrole_t)
 
@@ -550,8 +550,8 @@ selinux_compute_create_context(setfiles_t)
 selinux_compute_relabel_context(setfiles_t)
 selinux_compute_user_contexts(setfiles_t)
 
-term_use_all_user_ttys(setfiles_t)
+term_use_all_ttys(setfiles_t)
-term_use_all_user_ptys(setfiles_t)
+term_use_all_ptys(setfiles_t)
 term_use_unallocated_ttys(setfiles_t)
 
 # this is to satisfy the assertion:

policy/modules/system/sysnetwork.te

@@ -119,8 +119,8 @@ files_dontaudit_search_locks(dhcpc_t)
 fs_getattr_all_fs(dhcpc_t)
 fs_search_auto_mountpoints(dhcpc_t)
 
-term_dontaudit_use_all_user_ttys(dhcpc_t)
+term_dontaudit_use_all_ttys(dhcpc_t)
-term_dontaudit_use_all_user_ptys(dhcpc_t)
+term_dontaudit_use_all_ptys(dhcpc_t)
 term_dontaudit_use_unallocated_ttys(dhcpc_t)
 term_dontaudit_use_generic_ptys(dhcpc_t)
 
@@ -276,8 +276,8 @@ files_read_etc_files(ifconfig_t)
 fs_getattr_xattr_fs(ifconfig_t)
 fs_search_auto_mountpoints(ifconfig_t)
 
-term_dontaudit_use_all_user_ttys(ifconfig_t)
+term_dontaudit_use_all_ttys(ifconfig_t)
-term_dontaudit_use_all_user_ptys(ifconfig_t)
+term_dontaudit_use_all_ptys(ifconfig_t)
 
 files_dontaudit_read_root_files(ifconfig_t)
 

policy/modules/system/userdomain.if

@@ -576,7 +576,7 @@ template(`userdom_common_user_template',`
 	')
 
 	tunable_policy(`user_ttyfile_stat',`
-		term_getattr_all_user_ttys($1_t)
+		term_getattr_all_ttys($1_t)
 	')
 
 	optional_policy(`

policy/modules/system/xen.te

@@ -214,7 +214,7 @@ storage_raw_read_fixed_disk(xend_t)
 storage_raw_write_fixed_disk(xend_t)
 storage_raw_read_removable_device(xend_t)
 
-term_getattr_all_user_ptys(xend_t)
+term_getattr_all_ptys(xend_t)
 term_use_generic_ptys(xend_t)
 term_use_ptmx(xend_t)
 term_getattr_pty_fs(xend_t)