adds a ttynodedev and TIOCLINUX filtering support

Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
author: Dominick Grift <dominick.grift@defensec.nl> 2024-04-25 15:52:48 +0200
committer: Dominick Grift <dominick.grift@defensec.nl> 2024-04-25 16:15:03 +0200
commit: 9da725c52e6a743a1c30257a85a9cf6ccc95042e (patch)
tree: fdb3bbf4a4db4fdbeee70deb125d0bd11bb018b6 /src/dev/termdev/serialtermdev.cil
parent: d20cf3431293133299b5a1e0f41c32ec85f1a4a4 (diff)
download: selinux-policy-9da725c52e6a743a1c30257a85a9cf6ccc95042e.tar.gz
1 files changed, 6 insertions, 6 deletions
diff --git a/src/dev/termdev/serialtermdev.cil b/src/dev/termdev/serialtermdev.cil
index 45d2290..4e06669 100644
--- a/src/dev/termdev/serialtermdev.cil
+++ b/src/dev/termdev/serialtermdev.cil
@@ -31,7 +31,7 @@
 
     (macro appendinherited_serialtermdev_chr_files ((type ARG1))
 	   (allow ARG1 serialtermdev appendinherited_chr_file)
-	   (allowx ARG1 serialtermdev IOCTLCONSOLE)
+	   (allowx ARG1 serialtermdev IOCTLCONSOLE_NOT_TIOCLINUX)
 	   (allowx ARG1 serialtermdev IOCTLTTY_NOT_TIOCSTI)
 	   (allowx ARG1 serialtermdev IOCTLVT))
 
@@ -58,7 +58,7 @@
 
     (macro readwriteinherited_serialtermdev_chr_files ((type ARG1))
 	   (allow ARG1 serialtermdev readwriteinherited_chr_file)
-	   (allowx ARG1 serialtermdev IOCTLCONSOLE)
+	   (allowx ARG1 serialtermdev IOCTLCONSOLE_NOT_TIOCLINUX)
 	   (allowx ARG1 serialtermdev IOCTLTTY_NOT_TIOCSTI)
 	   (allowx ARG1 serialtermdev IOCTLVT))
 
@@ -79,7 +79,7 @@
 
     (macro writeinherited_serialtermdev_chr_files ((type ARG1))
 	   (allow ARG1 serialtermdev writeinherited_chr_file)
-	   (allowx ARG1 serialtermdev IOCTLCONSOLE)
+	   (allowx ARG1 serialtermdev IOCTLCONSOLE_NOT_TIOCLINUX)
 	   (allowx ARG1 serialtermdev IOCTLTTY_NOT_TIOCSTI)
 	   (allowx ARG1 serialtermdev IOCTLVT)))
 
@@ -100,16 +100,16 @@
     (allow typeattr serialtermdev.typeattr (chr_file (not (audit_access execmod))))))
 
 (in after serialtermdev.appendinherited_all_chr_files
-    (allowx ARG1 typeattr IOCTLCONSOLE)
+    (allowx ARG1 typeattr IOCTLCONSOLE_NOT_TIOCLINUX)
     (allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
     (allowx ARG1 typeattr IOCTLVT))
 
 (in after serialtermdev.readwriteinherited_all_chr_files
-    (allowx ARG1 typeattr IOCTLCONSOLE)
+    (allowx ARG1 typeattr IOCTLCONSOLE_NOT_TIOCLINUX)
     (allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
     (allowx ARG1 typeattr IOCTLVT))
 
 (in after serialtermdev.writeinherited_all_chr_files
-    (allowx ARG1 typeattr IOCTLCONSOLE)
+    (allowx ARG1 typeattr IOCTLCONSOLE_NOT_TIOCLINUX)
     (allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
     (allowx ARG1 typeattr IOCTLVT))
author	Dominick Grift <dominick.grift@defensec.nl>	2024-04-25 15:52:48 +0200
committer	Dominick Grift <dominick.grift@defensec.nl>	2024-04-25 16:15:03 +0200
commit	9da725c52e6a743a1c30257a85a9cf6ccc95042e (patch)
tree	fdb3bbf4a4db4fdbeee70deb125d0bd11bb018b6 /src/dev/termdev/serialtermdev.cil
parent	d20cf3431293133299b5a1e0f41c32ec85f1a4a4 (diff)
download	selinux-policy-9da725c52e6a743a1c30257a85a9cf6ccc95042e.tar.gz