rpms/selinux-policy
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Add terminal patch from Dan Walsh.

Browse Source
This commit is contained in:
Chris PeBenito 2009-11-19 14:57:49 -05:00
parent b51e8e0b42
commit d6c3ed8557
3 changed files with 41 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
policy/modules/kernel/terminal.fc
View File

@ -13,6 +13,7 @@
/dev/ip2[^/]* -c gen_context(system_u:object_r:tty_device_t,s0) /dev/ip2[^/]* -c gen_context(system_u:object_r:tty_device_t,s0)
/dev/isdn.* -c gen_context(system_u:object_r:tty_device_t,s0) /dev/isdn.* -c gen_context(system_u:object_r:tty_device_t,s0)
/dev/ptmx -c gen_context(system_u:object_r:ptmx_t,s0) /dev/ptmx -c gen_context(system_u:object_r:ptmx_t,s0)
/dev/pts/ptmx -c gen_context(system_u:object_r:ptmx_t,s0)
/dev/rfcomm[0-9]+ -c gen_context(system_u:object_r:tty_device_t,s0) /dev/rfcomm[0-9]+ -c gen_context(system_u:object_r:tty_device_t,s0)
/dev/slamr[0-9]+ -c gen_context(system_u:object_r:tty_device_t,s0) /dev/slamr[0-9]+ -c gen_context(system_u:object_r:tty_device_t,s0)
/dev/tty -c gen_context(system_u:object_r:devtty_t,s0) /dev/tty -c gen_context(system_u:object_r:devtty_t,s0)

39
policy/modules/kernel/terminal.if
View File

@ -196,7 +196,7 @@ interface(`term_use_all_terms',`
dev_list_all_dev_nodes($1) dev_list_all_dev_nodes($1)
allow $1 devpts_t:dir list_dir_perms; allow $1 devpts_t:dir list_dir_perms;
allow $1 { console_device_t tty_device_t ttynode ptynode }:chr_file rw_chr_file_perms; allow $1 { devpts_t console_device_t tty_device_t ttynode ptynode }:chr_file rw_chr_file_perms;
') ')
######################################## ########################################
@ -472,6 +472,24 @@ interface(`term_dontaudit_manage_pty_dirs',`
dontaudit $1 devpts_t:dir manage_dir_perms; dontaudit $1 devpts_t:dir manage_dir_perms;
') ')
########################################
## <summary>
## Do not audit attempts to get the attributes
## of generic pty devices.
## </summary>
## <param name="domain">
## <summary>
## The type of the process to not audit.
## </summary>
## </param>
#
interface(`term_dontaudit_getattr_generic_ptys',`
gen_require(`
type devpts_t;
')
dontaudit $1 devpts_t:chr_file getattr;
')
######################################## ########################################
## <summary> ## <summary>
## ioctl of generic pty devices. ## ioctl of generic pty devices.
@ -575,6 +593,25 @@ interface(`term_dontaudit_use_generic_ptys',`
dontaudit $1 devpts_t:chr_file { getattr read write ioctl }; dontaudit $1 devpts_t:chr_file { getattr read write ioctl };
') ')
#######################################
## <summary>
## Set the attributes of the tty device
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`term_setattr_controlling_term',`
gen_require(`
type devtty_t;
')
dev_list_all_dev_nodes($1)
allow $1 devtty_t:chr_file setattr;
')
######################################## ########################################
## <summary> ## <summary>
## Read and write the controlling ## Read and write the controlling

3
policy/modules/kernel/terminal.te
View File

@ -1,5 +1,5 @@
policy_module(terminal, 1.7.0) policy_module(terminal, 1.7.1)
######################################## ########################################
# #
@ -44,6 +44,7 @@ mls_trusted_object(devtty_t)
type ptmx_t; type ptmx_t;
dev_node(ptmx_t) dev_node(ptmx_t)
mls_trusted_object(ptmx_t) mls_trusted_object(ptmx_t)
allow ptmx_t devpts_t:filesystem associate;
# #
# tty_device_t is the type of /dev/*tty* # tty_device_t is the type of /dev/*tty*