summaryrefslogtreecommitdiff
path: root/src/dev
diff options
context:
space:
mode:
Diffstat (limited to 'src/dev')
-rw-r--r--src/dev/nodedev/ttynodedev.cil42
-rw-r--r--src/dev/termdev.cil6
-rw-r--r--src/dev/termdev/ptytermdev.cil12
-rw-r--r--src/dev/termdev/ptytermdev/loginptytermdev.cil6
-rw-r--r--src/dev/termdev/serialtermdev.cil12
-rw-r--r--src/dev/termdev/serialtermdev/loginserialtermdev.cil6
6 files changed, 63 insertions, 21 deletions
diff --git a/src/dev/nodedev/ttynodedev.cil b/src/dev/nodedev/ttynodedev.cil
index 00ac2ca..265a070 100644
--- a/src/dev/nodedev/ttynodedev.cil
+++ b/src/dev/nodedev/ttynodedev.cil
@@ -5,6 +5,48 @@
(filecon "/dev/tty" char nodedev_context)
+ (macro tioclinux_nodedev_chr_files ((type ARG1))
+ (allowx ARG1 nodedev TIOCLINUX))
+
+ (macro tiocsti_nodedev_chr_files ((type ARG1))
+ (allowx ARG1 nodedev TIOCSTI))
+
(blockinherit .nodedev.template)
(call .rbacsep.exempt.obj.type (nodedev)))
+
+;; TIOCLINUX, subcode=TIOCL_GETMOUSEREPORTING
+(in after tty.append_nodedev_chr_files
+ (allowx ARG1 nodedev IOCTLCONSOLE_NOT_TIOCLINUX)
+ (allowx ARG1 nodedev IOCTLTTY_NOT_TIOCSTI)
+ (allowx ARG1 nodedev IOCTLVT))
+
+(in after tty.appendinherited_nodedev_chr_files
+ (allowx ARG1 nodedev IOCTLCONSOLE_NOT_TIOCLINUX)
+ (allowx ARG1 nodedev IOCTLTTY_NOT_TIOCSTI)
+ (allowx ARG1 nodedev IOCTLVT))
+
+(in after tty.manage_nodedev_chr_files
+ (allowx ARG1 nodedev IOCTLCONSOLE_NOT_TIOCLINUX)
+ (allowx ARG1 nodedev IOCTLTTY_NOT_TIOCSTI)
+ (allowx ARG1 nodedev IOCTLVT))
+
+(in after tty.readwrite_nodedev_chr_files
+ (allowx ARG1 nodedev IOCTLCONSOLE_NOT_TIOCLINUX)
+ (allowx ARG1 nodedev IOCTLTTY_NOT_TIOCSTI)
+ (allowx ARG1 nodedev IOCTLVT))
+
+(in after tty.readwriteinherited_nodedev_chr_files
+ (allowx ARG1 nodedev IOCTLCONSOLE_NOT_TIOCLINUX)
+ (allowx ARG1 nodedev IOCTLTTY_NOT_TIOCSTI)
+ (allowx ARG1 nodedev IOCTLVT))
+
+(in after tty.write_nodedev_chr_files
+ (allowx ARG1 nodedev IOCTLCONSOLE_NOT_TIOCLINUX)
+ (allowx ARG1 nodedev IOCTLTTY_NOT_TIOCSTI)
+ (allowx ARG1 nodedev IOCTLVT))
+
+(in after tty.writeinherited_nodedev_chr_files
+ (allowx ARG1 nodedev IOCTLCONSOLE_NOT_TIOCLINUX)
+ (allowx ARG1 nodedev IOCTLTTY_NOT_TIOCSTI)
+ (allowx ARG1 nodedev IOCTLVT))
diff --git a/src/dev/termdev.cil b/src/dev/termdev.cil
index 273eebb..702f138 100644
--- a/src/dev/termdev.cil
+++ b/src/dev/termdev.cil
@@ -22,16 +22,16 @@
(allow typeattr termdev.typeattr (chr_file (not (audit_access execmod))))))
(in after termdev.appendinherited_all_chr_files
- (allowx ARG1 typeattr IOCTLCONSOLE)
+ (allowx ARG1 typeattr IOCTLCONSOLE_NOT_TIOCLINUX)
(allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
(allowx ARG1 typeattr IOCTLVT))
(in after termdev.readwriteinherited_all_chr_files
- (allowx ARG1 typeattr IOCTLCONSOLE)
+ (allowx ARG1 typeattr IOCTLCONSOLE_NOT_TIOCLINUX)
(allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
(allowx ARG1 typeattr IOCTLVT))
(in after termdev.writeinherited_all_chr_files
- (allowx ARG1 typeattr IOCTLCONSOLE)
+ (allowx ARG1 typeattr IOCTLCONSOLE_NOT_TIOCLINUX)
(allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
(allowx ARG1 typeattr IOCTLVT))
diff --git a/src/dev/termdev/ptytermdev.cil b/src/dev/termdev/ptytermdev.cil
index 1818854..0a5f93e 100644
--- a/src/dev/termdev/ptytermdev.cil
+++ b/src/dev/termdev/ptytermdev.cil
@@ -32,7 +32,7 @@
(macro appendinherited_ptytermdev_chr_files ((type ARG1))
(allow ARG1 ptytermdev appendinherited_chr_file)
- (allowx ARG1 ptytermdev IOCTLCONSOLE)
+ (allowx ARG1 ptytermdev IOCTLCONSOLE_NOT_TIOCLINUX)
(allowx ARG1 ptytermdev IOCTLTTY_NOT_TIOCSTI)
(allowx ARG1 ptytermdev IOCTLVT))
@@ -59,7 +59,7 @@
(macro readwriteinherited_ptytermdev_chr_files ((type ARG1))
(allow ARG1 ptytermdev readwriteinherited_chr_file)
- (allowx ARG1 ptytermdev IOCTLCONSOLE)
+ (allowx ARG1 ptytermdev IOCTLCONSOLE_NOT_TIOCLINUX)
(allowx ARG1 ptytermdev IOCTLTTY_NOT_TIOCSTI)
(allowx ARG1 ptytermdev IOCTLVT))
@@ -80,7 +80,7 @@
(macro writeinherited_ptytermdev_chr_files ((type ARG1))
(allow ARG1 ptytermdev writeinherited_chr_file)
- (allowx ARG1 ptytermdev IOCTLCONSOLE)
+ (allowx ARG1 ptytermdev IOCTLCONSOLE_NOT_TIOCLINUX)
(allowx ARG1 ptytermdev IOCTLTTY_NOT_TIOCSTI)
(allowx ARG1 ptytermdev IOCTLVT)))
@@ -101,16 +101,16 @@
(allow typeattr ptytermdev.typeattr (chr_file (not (audit_access execmod))))))
(in after ptytermdev.appendinherited_all_chr_files
- (allowx ARG1 typeattr IOCTLCONSOLE)
+ (allowx ARG1 typeattr IOCTLCONSOLE_NOT_TIOCLINUX)
(allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
(allowx ARG1 typeattr IOCTLVT))
(in after ptytermdev.readwriteinherited_all_chr_files
- (allowx ARG1 typeattr IOCTLCONSOLE)
+ (allowx ARG1 typeattr IOCTLCONSOLE_NOT_TIOCLINUX)
(allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
(allowx ARG1 typeattr IOCTLVT))
(in after ptytermdev.writeinherited_all_chr_files
- (allowx ARG1 typeattr IOCTLCONSOLE)
+ (allowx ARG1 typeattr IOCTLCONSOLE_NOT_TIOCLINUX)
(allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
(allowx ARG1 typeattr IOCTLVT))
diff --git a/src/dev/termdev/ptytermdev/loginptytermdev.cil b/src/dev/termdev/ptytermdev/loginptytermdev.cil
index c8ca794..9e94db0 100644
--- a/src/dev/termdev/ptytermdev/loginptytermdev.cil
+++ b/src/dev/termdev/ptytermdev/loginptytermdev.cil
@@ -34,16 +34,16 @@
(blockinherit .ptytermdev.macro_template_chr_files)))
(in after loginptytermdev.appendinherited_all_chr_files
- (allowx ARG1 typeattr IOCTLCONSOLE)
+ (allowx ARG1 typeattr IOCTLCONSOLE_NOT_TIOCLINUX)
(allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
(allowx ARG1 typeattr IOCTLVT))
(in after loginptytermdev.readwriteinherited_all_chr_files
- (allowx ARG1 typeattr IOCTLCONSOLE)
+ (allowx ARG1 typeattr IOCTLCONSOLE_NOT_TIOCLINUX)
(allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
(allowx ARG1 typeattr IOCTLVT))
(in after loginptytermdev.writeinherited_all_chr_files
- (allowx ARG1 typeattr IOCTLCONSOLE)
+ (allowx ARG1 typeattr IOCTLCONSOLE_NOT_TIOCLINUX)
(allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
(allowx ARG1 typeattr IOCTLVT))
diff --git a/src/dev/termdev/serialtermdev.cil b/src/dev/termdev/serialtermdev.cil
index 45d2290..4e06669 100644
--- a/src/dev/termdev/serialtermdev.cil
+++ b/src/dev/termdev/serialtermdev.cil
@@ -31,7 +31,7 @@
(macro appendinherited_serialtermdev_chr_files ((type ARG1))
(allow ARG1 serialtermdev appendinherited_chr_file)
- (allowx ARG1 serialtermdev IOCTLCONSOLE)
+ (allowx ARG1 serialtermdev IOCTLCONSOLE_NOT_TIOCLINUX)
(allowx ARG1 serialtermdev IOCTLTTY_NOT_TIOCSTI)
(allowx ARG1 serialtermdev IOCTLVT))
@@ -58,7 +58,7 @@
(macro readwriteinherited_serialtermdev_chr_files ((type ARG1))
(allow ARG1 serialtermdev readwriteinherited_chr_file)
- (allowx ARG1 serialtermdev IOCTLCONSOLE)
+ (allowx ARG1 serialtermdev IOCTLCONSOLE_NOT_TIOCLINUX)
(allowx ARG1 serialtermdev IOCTLTTY_NOT_TIOCSTI)
(allowx ARG1 serialtermdev IOCTLVT))
@@ -79,7 +79,7 @@
(macro writeinherited_serialtermdev_chr_files ((type ARG1))
(allow ARG1 serialtermdev writeinherited_chr_file)
- (allowx ARG1 serialtermdev IOCTLCONSOLE)
+ (allowx ARG1 serialtermdev IOCTLCONSOLE_NOT_TIOCLINUX)
(allowx ARG1 serialtermdev IOCTLTTY_NOT_TIOCSTI)
(allowx ARG1 serialtermdev IOCTLVT)))
@@ -100,16 +100,16 @@
(allow typeattr serialtermdev.typeattr (chr_file (not (audit_access execmod))))))
(in after serialtermdev.appendinherited_all_chr_files
- (allowx ARG1 typeattr IOCTLCONSOLE)
+ (allowx ARG1 typeattr IOCTLCONSOLE_NOT_TIOCLINUX)
(allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
(allowx ARG1 typeattr IOCTLVT))
(in after serialtermdev.readwriteinherited_all_chr_files
- (allowx ARG1 typeattr IOCTLCONSOLE)
+ (allowx ARG1 typeattr IOCTLCONSOLE_NOT_TIOCLINUX)
(allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
(allowx ARG1 typeattr IOCTLVT))
(in after serialtermdev.writeinherited_all_chr_files
- (allowx ARG1 typeattr IOCTLCONSOLE)
+ (allowx ARG1 typeattr IOCTLCONSOLE_NOT_TIOCLINUX)
(allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
(allowx ARG1 typeattr IOCTLVT))
diff --git a/src/dev/termdev/serialtermdev/loginserialtermdev.cil b/src/dev/termdev/serialtermdev/loginserialtermdev.cil
index fdc8f51..e480302 100644
--- a/src/dev/termdev/serialtermdev/loginserialtermdev.cil
+++ b/src/dev/termdev/serialtermdev/loginserialtermdev.cil
@@ -34,16 +34,16 @@
(blockinherit .serialtermdev.macro_template_chr_files)))
(in after loginserialtermdev.appendinherited_all_chr_files
- (allowx ARG1 typeattr IOCTLCONSOLE)
+ (allowx ARG1 typeattr IOCTLCONSOLE_NOT_TIOCLINUX)
(allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
(allowx ARG1 typeattr IOCTLVT))
(in after loginserialtermdev.readwriteinherited_all_chr_files
- (allowx ARG1 typeattr IOCTLCONSOLE)
+ (allowx ARG1 typeattr IOCTLCONSOLE_NOT_TIOCLINUX)
(allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
(allowx ARG1 typeattr IOCTLVT))
(in after loginserialtermdev.writeinherited_all_chr_files
- (allowx ARG1 typeattr IOCTLCONSOLE)
+ (allowx ARG1 typeattr IOCTLCONSOLE_NOT_TIOCLINUX)
(allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
(allowx ARG1 typeattr IOCTLVT))
generated by cgit v1.2.3 (git 2.46.0) at 2025-09-20 23:00:55 +0000