diff options
| -rw-r--r-- | src/dev.cil | 5 | ||||
| -rw-r--r-- | src/dev/nodedev.cil | 4 | ||||
| -rw-r--r-- | src/dev/stordev.cil | 2 | ||||
| -rw-r--r-- | src/dev/termdev.cil | 6 | ||||
| -rw-r--r-- | src/dev/termdev/ptytermdev.cil | 4 | ||||
| -rw-r--r-- | src/dev/termdev/serialtermdev.cil | 4 |
6 files changed, 18 insertions, 7 deletions
diff --git a/src/dev.cil b/src/dev.cil index 22413bd..a7ec444 100644 --- a/src/dev.cil +++ b/src/dev.cil @@ -41,10 +41,7 @@ (macro type ((type ARG1)) (typeattributeset typeattr ARG1)) - (typeattribute typeattr) - - (allow typeattr dev.typeattr (blk_file (not (audit_access execmod map)))) - (allow typeattr dev.typeattr (chr_file (not (audit_access execmod)))))) + (typeattribute typeattr))) (in unconfined diff --git a/src/dev/nodedev.cil b/src/dev/nodedev.cil index bf76848..3630643 100644 --- a/src/dev/nodedev.cil +++ b/src/dev/nodedev.cil @@ -114,3 +114,7 @@ (typeattribute typeattr) (allow typeattr nodedev.typeattr (chr_file (not (audit_access execmod)))))) + +(in dev.unconfined + + (call .nodedev.unconfined.type (typeattr))) diff --git a/src/dev/stordev.cil b/src/dev/stordev.cil index a1ee7ef..7c95e03 100644 --- a/src/dev/stordev.cil +++ b/src/dev/stordev.cil @@ -185,4 +185,4 @@ (in dev.unconfined - (call .stordev.readwrite.type (typeattr))) + (call .stordev.unconfined.type (typeattr))) diff --git a/src/dev/termdev.cil b/src/dev/termdev.cil index 702f138..bf340e5 100644 --- a/src/dev/termdev.cil +++ b/src/dev/termdev.cil @@ -17,9 +17,11 @@ (macro type ((type ARG1)) (typeattributeset typeattr ARG1)) - (typeattribute typeattr) + (typeattribute typeattr))) - (allow typeattr termdev.typeattr (chr_file (not (audit_access execmod)))))) +(in dev.unconfined + + (call .termdev.unconfined.type (typeattr))) (in after termdev.appendinherited_all_chr_files (allowx ARG1 typeattr IOCTLCONSOLE_NOT_TIOCLINUX) diff --git a/src/dev/termdev/ptytermdev.cil b/src/dev/termdev/ptytermdev.cil index 8a3b3af..9eb43db 100644 --- a/src/dev/termdev/ptytermdev.cil +++ b/src/dev/termdev/ptytermdev.cil @@ -100,6 +100,10 @@ (allow typeattr ptytermdev.typeattr (chr_file (not (audit_access execmod)))))) +(in termdev.unconfined + + (call .ptytermdev.unconfined.type (typeattr))) + (in after ptytermdev.appendinherited_all_chr_files (allowx ARG1 typeattr IOCTLCONSOLE_NOT_TIOCLINUX) (allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI) diff --git a/src/dev/termdev/serialtermdev.cil b/src/dev/termdev/serialtermdev.cil index 510ea76..059e9ef 100644 --- a/src/dev/termdev/serialtermdev.cil +++ b/src/dev/termdev/serialtermdev.cil @@ -99,6 +99,10 @@ (allow typeattr serialtermdev.typeattr (chr_file (not (audit_access execmod)))))) +(in termdev.unconfined + + (call .serialtermdev.unconfined.type (typeattr))) + (in after serialtermdev.appendinherited_all_chr_files (allowx ARG1 typeattr IOCTLCONSOLE_NOT_TIOCLINUX) (allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI) |