Add terminal patch from Dan Walsh.
This commit is contained in:
Chris PeBenito
parent
b51e8e0b42
commit
d6c3ed8557
@ -13,6 +13,7 @@
|
||||
/dev/ip2[^/]* -c gen_context(system_u:object_r:tty_device_t,s0)
|
||||
/dev/isdn.* -c gen_context(system_u:object_r:tty_device_t,s0)
|
||||
/dev/ptmx -c gen_context(system_u:object_r:ptmx_t,s0)
|
||||
/dev/pts/ptmx -c gen_context(system_u:object_r:ptmx_t,s0)
|
||||
/dev/rfcomm[0-9]+ -c gen_context(system_u:object_r:tty_device_t,s0)
|
||||
/dev/slamr[0-9]+ -c gen_context(system_u:object_r:tty_device_t,s0)
|
||||
/dev/tty -c gen_context(system_u:object_r:devtty_t,s0)
|
||||
|
||||
@ -196,7 +196,7 @@ interface(`term_use_all_terms',`
|
||||
|
||||
dev_list_all_dev_nodes($1)
|
||||
allow $1 devpts_t:dir list_dir_perms;
|
||||
allow $1 { console_device_t tty_device_t ttynode ptynode }:chr_file rw_chr_file_perms;
|
||||
allow $1 { devpts_t console_device_t tty_device_t ttynode ptynode }:chr_file rw_chr_file_perms;
|
||||
')
|
||||
|
||||
########################################
|
||||
@ -472,6 +472,24 @@ interface(`term_dontaudit_manage_pty_dirs',`
|
||||
dontaudit $1 devpts_t:dir manage_dir_perms;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Do not audit attempts to get the attributes
|
||||
## of generic pty devices.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## The type of the process to not audit.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`term_dontaudit_getattr_generic_ptys',`
|
||||
gen_require(`
|
||||
type devpts_t;
|
||||
')
|
||||
|
||||
dontaudit $1 devpts_t:chr_file getattr;
|
||||
')
|
||||
########################################
|
||||
## <summary>
|
||||
## ioctl of generic pty devices.
|
||||
@ -575,6 +593,25 @@ interface(`term_dontaudit_use_generic_ptys',`
|
||||
dontaudit $1 devpts_t:chr_file { getattr read write ioctl };
|
||||
')
|
||||
|
||||
#######################################
|
||||
## <summary>
|
||||
## Set the attributes of the tty device
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`term_setattr_controlling_term',`
|
||||
gen_require(`
|
||||
type devtty_t;
|
||||
')
|
||||
|
||||
dev_list_all_dev_nodes($1)
|
||||
allow $1 devtty_t:chr_file setattr;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Read and write the controlling
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(terminal, 1.7.0)
|
||||
policy_module(terminal, 1.7.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
@ -44,6 +44,7 @@ mls_trusted_object(devtty_t)
|
||||
type ptmx_t;
|
||||
dev_node(ptmx_t)
|
||||
mls_trusted_object(ptmx_t)
|
||||
allow ptmx_t devpts_t:filesystem associate;
|
||||
|
||||
#
|
||||
# tty_device_t is the type of /dev/*tty*
|
||||
|
||||
Loading…
Reference in New Issue
Block a user