add tty_device_t and devpts_t chr_file interfaces
This commit is contained in:
Chris PeBenito
parent
dfaf6c2ad8
commit
de2cee6817
@ -25,6 +25,24 @@ class chr_file { getattr read write };
|
||||
devices_list_device_nodes_depend
|
||||
')
|
||||
|
||||
########################################
|
||||
#
|
||||
# terminal_use_all_terminals(domain,[`optional'])
|
||||
#
|
||||
define(`terminal_use_all_terminals',`
|
||||
requires_block_template(terminal_use_all_terminals_depend,$2)
|
||||
devices_list_device_nodes($1,optional)
|
||||
allow $1 devpts_t:dir { getattr read search };
|
||||
allow $1 { console_device_t devtty_t ttynode ptynode }:chr_file { read write };
|
||||
')
|
||||
|
||||
define(`terminal_use_all_terminals_depend',`
|
||||
attribute ttynode, ptynode;
|
||||
type console_device_t, devtty_t, devpts_t;
|
||||
class chr_file { read write };
|
||||
devices_list_device_nodes_depend
|
||||
')
|
||||
|
||||
########################################
|
||||
#
|
||||
# terminal_use_console(domain,[`optional'])
|
||||
@ -89,39 +107,65 @@ devices_list_device_nodes_depend
|
||||
|
||||
########################################
|
||||
#
|
||||
# terminal_use_all_terminals(domain,[`optional'])
|
||||
# terminal_reset_physical_terminal_labels(domain)
|
||||
#
|
||||
define(`terminal_use_all_terminals',`
|
||||
requires_block_template(terminal_use_all_terminals_depend,$2)
|
||||
devices_list_device_nodes($1,optional)
|
||||
allow $1 devpts_t:dir { getattr read search };
|
||||
allow $1 { console_device_t devtty_t ttynode ptynode }:chr_file { read write };
|
||||
define(`terminal_reset_physical_terminal_labels',`
|
||||
requires_block_template(terminal_reset_physical_terminal_labels_depend)
|
||||
devices_list_device_nodes($1)
|
||||
allow $1 ttynode:chr_file relabelfrom;
|
||||
allow $1 tty_device_t:chr_file relabelto;
|
||||
')
|
||||
|
||||
define(`terminal_use_all_terminals_depend',`
|
||||
attribute ttynode, ptynode;
|
||||
type console_device_t, devtty_t, devpts_t;
|
||||
class chr_file { read write };
|
||||
define(`terminal_reset_physical_terminal_labels_depend',`
|
||||
attribute ttynode;
|
||||
type tty_device_t;
|
||||
class chr_file { relabelfrom relabelto };
|
||||
devices_list_device_nodes_depend
|
||||
')
|
||||
|
||||
########################################
|
||||
#
|
||||
# terminal_reset_labels(domain,[`optional'])
|
||||
# terminal_use_general_physical_terminal(domain)
|
||||
#
|
||||
define(`terminal_reset_labels',`
|
||||
requires_block_template(terminal_reset_labels_depend,$2)
|
||||
devices_list_device_nodes($1,optional)
|
||||
allow $1 ttynode:chr_file relabelfrom;
|
||||
allow $1 tty_device_t:chr_file relabelto;
|
||||
define(`terminal_use_general_physical_terminal',`
|
||||
requires_block_template(terminal_use_general_physical_terminal_depend)
|
||||
devices_list_device_nodes($1)
|
||||
allow $1 tty_device_t:chr_file { read write };
|
||||
')
|
||||
|
||||
define(`terminal_reset_labels_depend',`
|
||||
attribute ttynode;
|
||||
define(`terminal_use_general_physical_terminal_depend',`
|
||||
type tty_device_t;
|
||||
class chr_file { relabelfrom relabelto };
|
||||
class chr_file { read write };
|
||||
')
|
||||
|
||||
########################################
|
||||
#
|
||||
# terminal_ignore_use_general_physical_terminal(domain)
|
||||
#
|
||||
define(`terminal_ignore_use_general_physical_terminal',`
|
||||
requires_block_template(terminal_ignore_use_general_physical_terminal_depend)
|
||||
dontaudit $1 tty_device_t:chr_file { read write };
|
||||
')
|
||||
|
||||
define(`terminal_ignore_use_general_physical_terminal_depend',`
|
||||
type tty_device_t;
|
||||
class chr_file { read write };
|
||||
')
|
||||
|
||||
########################################
|
||||
#
|
||||
# terminal_get_user_terminal_attributes(domain,[`optional'])
|
||||
#
|
||||
define(`terminal_get_user_terminal_attributes',`
|
||||
requires_block_template(terminal_get_user_terminal_attributes_depend,$2)
|
||||
devices_list_device_nodes($1,optional)
|
||||
allow $1 ttynode:chr_file getattr;
|
||||
')
|
||||
|
||||
define(`terminal_get_user_terminal_attributes_depend',`
|
||||
attribute ttynode;
|
||||
class chr_file getattr;
|
||||
devices_list_device_nodes_depend
|
||||
kernel_relabeling_privilege_depend
|
||||
')
|
||||
|
||||
########################################
|
||||
@ -156,16 +200,29 @@ class dir { getattr search read };
|
||||
|
||||
########################################
|
||||
#
|
||||
# terminal_get_user_terminal_attributes(domain,[`optional'])
|
||||
# terminal_use_general_pseudoterminal(domain)
|
||||
#
|
||||
define(`terminal_get_user_terminal_attributes',`
|
||||
requires_block_template(terminal_get_user_terminal_attributes_depend,$2)
|
||||
devices_list_device_nodes($1,optional)
|
||||
allow $1 ttynode:chr_file getattr;
|
||||
define(`terminal_use_general_pseudoterminal',`
|
||||
requires_block_template(terminal_use_general_pseudoterminal_depend)
|
||||
devices_list_device_nodes($1)
|
||||
allow $1 devpts_t:chr_file { read write };
|
||||
')
|
||||
|
||||
define(`terminal_get_user_terminal_attributes_depend',`
|
||||
attribute ttynode;
|
||||
class chr_file getattr;
|
||||
devices_list_device_nodes_depend
|
||||
define(`terminal_use_general_pseudoterminal_depend',`
|
||||
type devpts_t;
|
||||
class chr_file { read write };
|
||||
')
|
||||
|
||||
########################################
|
||||
#
|
||||
# terminal_ignore_use_general_pseudoterminal(domain)
|
||||
#
|
||||
define(`terminal_ignore_use_general_pseudoterminal',`
|
||||
requires_block_template(terminal_ignore_use_general_pseudoterminal_depend)
|
||||
dontaudit $1 devpts_t:chr_file { read write };
|
||||
')
|
||||
|
||||
define(`terminal_ignore_use_general_pseudoterminal_depend',`
|
||||
type devpts_t;
|
||||
class chr_file { read write };
|
||||
')
|
||||
|
||||
Loading…
Reference in New Issue
Block a user