summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/dev/termdev.cil33
-rw-r--r--src/dev/termdev/ptytermdev.cil33
-rw-r--r--src/dev/termdev/ptytermdev/loginptytermdev.cil33
-rw-r--r--src/dev/termdev/serialtermdev.cil33
-rw-r--r--src/dev/termdev/serialtermdev/loginserialtermdev.cil33
5 files changed, 75 insertions, 90 deletions
diff --git a/src/dev/termdev.cil b/src/dev/termdev.cil
index efd5e7a..956cc18 100644
--- a/src/dev/termdev.cil
+++ b/src/dev/termdev.cil
@@ -3,27 +3,9 @@
(block termdev
- (macro appendinherited_all_chr_files ((type ARG1))
- (allow ARG1 typeattr appendinherited_chr_file)
- (allowx ARG1 typeattr IOCTLCONSOLE)
- (allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
- (allowx ARG1 typeattr IOCTLVT))
-
- (macro readwriteinherited_all_chr_files ((type ARG1))
- (allow ARG1 typeattr readwriteinherited_chr_file)
- (allowx ARG1 typeattr IOCTLCONSOLE)
- (allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
- (allowx ARG1 typeattr IOCTLVT))
-
(macro type ((type ARG1))
(typeattributeset typeattr ARG1))
- (macro writeinherited_all_chr_files ((type ARG1))
- (allow ARG1 typeattr writeinherited_chr_file)
- (allowx ARG1 typeattr IOCTLCONSOLE)
- (allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
- (allowx ARG1 typeattr IOCTLVT))
-
(typeattribute typeattr)
(blockinherit .file.all_macro_template_chr_files)
@@ -38,3 +20,18 @@
(typeattribute typeattr)
(allow typeattr termdev.typeattr (chr_file (not (audit_access execmod))))))
+
+(in after termdev.appendinherited_all_chr_files
+ (allowx ARG1 typeattr IOCTLCONSOLE)
+ (allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
+ (allowx ARG1 typeattr IOCTLVT))
+
+(in after termdev.readwriteinherited_all_chr_files
+ (allowx ARG1 typeattr IOCTLCONSOLE)
+ (allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
+ (allowx ARG1 typeattr IOCTLVT))
+
+(in after termdev.writeinherited_all_chr_files
+ (allowx ARG1 typeattr IOCTLCONSOLE)
+ (allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
+ (allowx ARG1 typeattr IOCTLVT))
diff --git a/src/dev/termdev/ptytermdev.cil b/src/dev/termdev/ptytermdev.cil
index 270cc03..4fb7d61 100644
--- a/src/dev/termdev/ptytermdev.cil
+++ b/src/dev/termdev/ptytermdev.cil
@@ -3,27 +3,9 @@
(block ptytermdev
- (macro appendinherited_all_chr_files ((type ARG1))
- (allow ARG1 typeattr appendinherited_chr_file)
- (allowx ARG1 typeattr IOCTLCONSOLE)
- (allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
- (allowx ARG1 typeattr IOCTLVT))
-
- (macro readwriteinherited_all_chr_files ((type ARG1))
- (allow ARG1 typeattr readwriteinherited_chr_file)
- (allowx ARG1 typeattr IOCTLCONSOLE)
- (allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
- (allowx ARG1 typeattr IOCTLVT))
-
(macro type ((type ARG1))
(typeattributeset typeattr ARG1))
- (macro writeinherited_all_chr_files ((type ARG1))
- (allow ARG1 typeattr writeinherited_chr_file)
- (allowx ARG1 typeattr IOCTLCONSOLE)
- (allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
- (allowx ARG1 typeattr IOCTLVT))
-
(typeattribute typeattr)
(blockinherit .file.all_macro_template_chr_files)
@@ -117,3 +99,18 @@
(typeattribute typeattr)
(allow typeattr ptytermdev.typeattr (chr_file (not (execmod mounton))))))
+
+(in after ptytermdev.appendinherited_all_chr_files
+ (allowx ARG1 typeattr IOCTLCONSOLE)
+ (allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
+ (allowx ARG1 typeattr IOCTLVT))
+
+(in after ptytermdev.readwriteinherited_all_chr_files
+ (allowx ARG1 typeattr IOCTLCONSOLE)
+ (allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
+ (allowx ARG1 typeattr IOCTLVT))
+
+(in after ptytermdev.writeinherited_all_chr_files
+ (allowx ARG1 typeattr IOCTLCONSOLE)
+ (allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
+ (allowx ARG1 typeattr IOCTLVT))
diff --git a/src/dev/termdev/ptytermdev/loginptytermdev.cil b/src/dev/termdev/ptytermdev/loginptytermdev.cil
index 43ae22b..69b4017 100644
--- a/src/dev/termdev/ptytermdev/loginptytermdev.cil
+++ b/src/dev/termdev/ptytermdev/loginptytermdev.cil
@@ -6,27 +6,9 @@
(macro all_type_change ((type ARG1)(type ARG2))
(typechange ARG1 typeattr chr_file ARG2))
- (macro appendinherited_all_chr_files ((type ARG1))
- (allow ARG1 typeattr appendinherited_chr_file)
- (allowx ARG1 typeattr IOCTLCONSOLE)
- (allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
- (allowx ARG1 typeattr IOCTLVT))
-
- (macro readwriteinherited_all_chr_files ((type ARG1))
- (allow ARG1 typeattr readwriteinherited_chr_file)
- (allowx ARG1 typeattr IOCTLCONSOLE)
- (allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
- (allowx ARG1 typeattr IOCTLVT))
-
(macro type ((type ARG1))
(typeattributeset typeattr ARG1))
- (macro writeinherited_all_chr_files ((type ARG1))
- (allow ARG1 typeattr writeinherited_chr_file)
- (allowx ARG1 typeattr IOCTLCONSOLE)
- (allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
- (allowx ARG1 typeattr IOCTLVT))
-
(typeattribute typeattr)
(blockinherit .file.all_macro_template_chr_files)
@@ -50,3 +32,18 @@
(blockinherit .loginptytermdev.base_template)
(blockinherit .ptytermdev.macro_template_chr_files)))
+
+(in after loginptytermdev.appendinherited_all_chr_files
+ (allowx ARG1 typeattr IOCTLCONSOLE)
+ (allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
+ (allowx ARG1 typeattr IOCTLVT))
+
+(in after loginptytermdev.readwriteinherited_all_chr_files
+ (allowx ARG1 typeattr IOCTLCONSOLE)
+ (allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
+ (allowx ARG1 typeattr IOCTLVT))
+
+(in after loginptytermdev.writeinherited_all_chr_files
+ (allowx ARG1 typeattr IOCTLCONSOLE)
+ (allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
+ (allowx ARG1 typeattr IOCTLVT))
diff --git a/src/dev/termdev/serialtermdev.cil b/src/dev/termdev/serialtermdev.cil
index 5907658..0f04101 100644
--- a/src/dev/termdev/serialtermdev.cil
+++ b/src/dev/termdev/serialtermdev.cil
@@ -3,27 +3,9 @@
(block serialtermdev
- (macro appendinherited_all_chr_files ((type ARG1))
- (allow ARG1 typeattr appendinherited_chr_file)
- (allowx ARG1 typeattr IOCTLCONSOLE)
- (allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
- (allowx ARG1 typeattr IOCTLVT))
-
- (macro readwriteinherited_all_chr_files ((type ARG1))
- (allow ARG1 typeattr readwriteinherited_chr_file)
- (allowx ARG1 typeattr IOCTLCONSOLE)
- (allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
- (allowx ARG1 typeattr IOCTLVT))
-
(macro type ((type ARG1))
(typeattributeset typeattr ARG1))
- (macro writeinherited_all_chr_files ((type ARG1))
- (allow ARG1 typeattr writeinherited_chr_file)
- (allowx ARG1 typeattr IOCTLCONSOLE)
- (allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
- (allowx ARG1 typeattr IOCTLVT))
-
(typeattribute typeattr)
(blockinherit .file.all_macro_template_chr_files)
@@ -116,3 +98,18 @@
(typeattribute typeattr)
(allow typeattr serialtermdev.typeattr (chr_file (not (execmod mounton))))))
+
+(in after serialtermdev.appendinherited_all_chr_files
+ (allowx ARG1 typeattr IOCTLCONSOLE)
+ (allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
+ (allowx ARG1 typeattr IOCTLVT))
+
+(in after serialtermdev.readwriteinherited_all_chr_files
+ (allowx ARG1 typeattr IOCTLCONSOLE)
+ (allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
+ (allowx ARG1 typeattr IOCTLVT))
+
+(in after serialtermdev.writeinherited_all_chr_files
+ (allowx ARG1 typeattr IOCTLCONSOLE)
+ (allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
+ (allowx ARG1 typeattr IOCTLVT))
diff --git a/src/dev/termdev/serialtermdev/loginserialtermdev.cil b/src/dev/termdev/serialtermdev/loginserialtermdev.cil
index b5a9d91..9a789d8 100644
--- a/src/dev/termdev/serialtermdev/loginserialtermdev.cil
+++ b/src/dev/termdev/serialtermdev/loginserialtermdev.cil
@@ -6,27 +6,9 @@
(macro all_type_change ((type ARG1)(type ARG2))
(typechange ARG1 typeattr chr_file ARG2))
- (macro appendinherited_all_chr_files ((type ARG1))
- (allow ARG1 typeattr appendinherited_chr_file)
- (allowx ARG1 typeattr IOCTLCONSOLE)
- (allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
- (allowx ARG1 typeattr IOCTLVT))
-
- (macro readwriteinherited_all_chr_files ((type ARG1))
- (allow ARG1 typeattr readwriteinherited_chr_file)
- (allowx ARG1 typeattr IOCTLCONSOLE)
- (allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
- (allowx ARG1 typeattr IOCTLVT))
-
(macro type ((type ARG1))
(typeattributeset typeattr ARG1))
- (macro writeinherited_all_chr_files ((type ARG1))
- (allow ARG1 typeattr writeinherited_chr_file)
- (allowx ARG1 typeattr IOCTLCONSOLE)
- (allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
- (allowx ARG1 typeattr IOCTLVT))
-
(typeattribute typeattr)
(blockinherit .file.all_macro_template_chr_files)
@@ -50,3 +32,18 @@
(blockinherit .loginserialtermdev.base_template)
(blockinherit .serialtermdev.macro_template_chr_files)))
+
+(in after loginserialtermdev.appendinherited_all_chr_files
+ (allowx ARG1 typeattr IOCTLCONSOLE)
+ (allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
+ (allowx ARG1 typeattr IOCTLVT))
+
+(in after loginserialtermdev.readwriteinherited_all_chr_files
+ (allowx ARG1 typeattr IOCTLCONSOLE)
+ (allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
+ (allowx ARG1 typeattr IOCTLVT))
+
+(in after loginserialtermdev.writeinherited_all_chr_files
+ (allowx ARG1 typeattr IOCTLCONSOLE)
+ (allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
+ (allowx ARG1 typeattr IOCTLVT))
generated by cgit v1.2.3 (git 2.46.0) at 2025-09-20 21:30:07 +0000