aboutsummaryrefslogtreecommitdiffstats
path: root/recipes-security/refpolicy/refpolicy-git/poky-policy-add-rules-for-bsdpty_device_t.patch
blob: ad7b5a6398f2ea79098e9df2fe4374fd2fd5dab9 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
From c0b65c327b9354ee5c403cbde428e762ce3f327e Mon Sep 17 00:00:00 2001
From: Xin Ouyang <Xin.Ouyang@windriver.com>
Date: Thu, 22 Aug 2013 13:37:23 +0800
Subject: [PATCH 5/6] add rules for bsdpty_device_t to complete pty devices.

Upstream-Status: Pending

Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
---
 policy/modules/kernel/terminal.if |   16 ++++++++++++++++
 1 file changed, 16 insertions(+)

--- a/policy/modules/kernel/terminal.if
+++ b/policy/modules/kernel/terminal.if
@@ -603,13 +603,15 @@ interface(`term_getattr_generic_ptys',`
 ## </param>
 #
 interface(`term_dontaudit_getattr_generic_ptys',`
 	gen_require(`
 		type devpts_t;
+		type bsdpty_device_t;
 	')
 
 	dontaudit $1 devpts_t:chr_file getattr;
+	dontaudit $1 bsdpty_device_t:chr_file getattr;
 ')
 ########################################
 ## <summary>
 ##	ioctl of generic pty devices.
 ## </summary>
@@ -621,15 +623,17 @@ interface(`term_dontaudit_getattr_generi
 #
 # cjp: added for ppp
 interface(`term_ioctl_generic_ptys',`
 	gen_require(`
 		type devpts_t;
+		type bsdpty_device_t;
 	')
 
 	dev_list_all_dev_nodes($1)
 	allow $1 devpts_t:dir search;
 	allow $1 devpts_t:chr_file ioctl;
+	allow $1 bsdpty_device_t:chr_file ioctl;
 ')
 
 ########################################
 ## <summary>
 ##	Allow setting the attributes of
@@ -643,13 +647,15 @@ interface(`term_ioctl_generic_ptys',`
 #
 # dwalsh: added for rhgb
 interface(`term_setattr_generic_ptys',`
 	gen_require(`
 		type devpts_t;
+		type bsdpty_device_t;
 	')
 
 	allow $1 devpts_t:chr_file setattr;
+	allow $1 bsdpty_device_t:chr_file setattr;
 ')
 
 ########################################
 ## <summary>
 ##	Dontaudit setting the attributes of
@@ -663,13 +669,15 @@ interface(`term_setattr_generic_ptys',`
 #
 # dwalsh: added for rhgb
 interface(`term_dontaudit_setattr_generic_ptys',`
 	gen_require(`
 		type devpts_t;
+		type bsdpty_device_t;
 	')
 
 	dontaudit $1 devpts_t:chr_file setattr;
+	dontaudit $1 bsdpty_device_t:chr_file setattr;
 ')
 
 ########################################
 ## <summary>
 ##	Read and write the generic pty
@@ -683,15 +691,17 @@ interface(`term_dontaudit_setattr_generi
 ## </param>
 #
 interface(`term_use_generic_ptys',`
 	gen_require(`
 		type devpts_t;
+		type bsdpty_device_t;
 	')
 
 	dev_list_all_dev_nodes($1)
 	allow $1 devpts_t:dir list_dir_perms;
 	allow $1 devpts_t:chr_file { rw_term_perms lock append };
+	allow $1 bsdpty_device_t:chr_file { rw_term_perms lock append };
 ')
 
 ########################################
 ## <summary>
 ##	Dot not audit attempts to read and
@@ -705,13 +715,15 @@ interface(`term_use_generic_ptys',`
 ## </param>
 #
 interface(`term_dontaudit_use_generic_ptys',`
 	gen_require(`
 		type devpts_t;
+		type bsdpty_device_t;
 	')
 
 	dontaudit $1 devpts_t:chr_file { getattr read write ioctl };
+	dontaudit $1 bsdpty_device_t:chr_file { getattr read write ioctl };
 ')
 
 #######################################
 ## <summary>
 ##	Set the attributes of the tty device
@@ -723,14 +735,16 @@ interface(`term_dontaudit_use_generic_pt
 ## </param>
 #
 interface(`term_setattr_controlling_term',`
 	gen_require(`
 		type devtty_t;
+		type bsdpty_device_t;
 	')
 
 	dev_list_all_dev_nodes($1)
 	allow $1 devtty_t:chr_file setattr;
+	allow $1 bsdpty_device_t:chr_file setattr;
 ')
 
 ########################################
 ## <summary>
 ##	Read and write the controlling
@@ -743,14 +757,16 @@ interface(`term_setattr_controlling_term
 ## </param>
 #
 interface(`term_use_controlling_term',`
 	gen_require(`
 		type devtty_t;
+		type bsdpty_device_t;
 	')
 
 	dev_list_all_dev_nodes($1)
 	allow $1 devtty_t:chr_file { rw_term_perms lock append };
+	allow $1 bsdpty_device_t:chr_file { rw_term_perms lock append };
 ')
 
 #######################################
 ## <summary>
 ##	Get the attributes of the pty multiplexor (/dev/ptmx).