summaryrefslogtreecommitdiff
path: root/src/dev
diff options
context:
space:
mode:
Diffstat (limited to 'src/dev')
-rw-r--r--src/dev/nodedev.cil6
-rw-r--r--src/dev/nodedev/fbnodedev.cil4
-rw-r--r--src/dev/nodedev/hidrawnodedev.cil4
-rw-r--r--src/dev/nodedev/inputnodedev.cil5
-rw-r--r--src/dev/nodedev/rfkillnodedev.cil4
-rw-r--r--src/dev/nodedev/usbnodedev.cil5
-rw-r--r--src/dev/stordev.cil6
-rw-r--r--src/dev/termdev/ptytermdev.cil2
-rw-r--r--src/dev/termdev/serialtermdev.cil2
9 files changed, 25 insertions, 13 deletions
diff --git a/src/dev/nodedev.cil b/src/dev/nodedev.cil
index b681759..8a01e70 100644
--- a/src/dev/nodedev.cil
+++ b/src/dev/nodedev.cil
@@ -3,14 +3,14 @@
(block nodedev
+ (macro mounton_all_chr_files ((type ARG1))
+ (allow ARG1 typeattr mounton_chr_file))
+
(macro type ((type ARG1))
(typeattributeset typeattr ARG1))
(typeattribute typeattr)
- (macro mounton_all_chr_files ((type ARG1))
- (allow ARG1 typeattr mounton_chr_file))
-
(blockinherit .file.all_macro_template_chr_files)
(call .dev.type (typeattr))
diff --git a/src/dev/nodedev/fbnodedev.cil b/src/dev/nodedev/fbnodedev.cil
index 47d670c..b722c33 100644
--- a/src/dev/nodedev/fbnodedev.cil
+++ b/src/dev/nodedev/fbnodedev.cil
@@ -5,4 +5,6 @@
(filecon "/dev/fb([0-9]+)?" char nodedev_context)
- (blockinherit .nodedev.template))
+ (blockinherit .nodedev.template)
+
+ (call .rbacsep.exempt.obj.type (nodedev)))
diff --git a/src/dev/nodedev/hidrawnodedev.cil b/src/dev/nodedev/hidrawnodedev.cil
index 3ca398f..5890de8 100644
--- a/src/dev/nodedev/hidrawnodedev.cil
+++ b/src/dev/nodedev/hidrawnodedev.cil
@@ -5,4 +5,6 @@
(filecon "/dev/hidraw[0-9]+" char nodedev_context)
- (blockinherit .nodedev.template))
+ (blockinherit .nodedev.template)
+
+ (call .rbacsep.exempt.obj.type (nodedev)))
diff --git a/src/dev/nodedev/inputnodedev.cil b/src/dev/nodedev/inputnodedev.cil
index c68115a..3d0572d 100644
--- a/src/dev/nodedev/inputnodedev.cil
+++ b/src/dev/nodedev/inputnodedev.cil
@@ -6,5 +6,8 @@
(filecon "/dev/input/js([0-9]+)?" char nodedev_context)
(filecon "/dev/input/mice" char nodedev_context)
(filecon "/dev/input/mouse([0-9]+)?" char nodedev_context)
+ (filecon "/dev/psaux" char nodedev_context)
- (blockinherit .nodedev.template))
+ (blockinherit .nodedev.template)
+
+ (call .rbacsep.exempt.obj.type (nodedev)))
diff --git a/src/dev/nodedev/rfkillnodedev.cil b/src/dev/nodedev/rfkillnodedev.cil
index 712cb21..4cd67b6 100644
--- a/src/dev/nodedev/rfkillnodedev.cil
+++ b/src/dev/nodedev/rfkillnodedev.cil
@@ -5,4 +5,6 @@
(filecon "/dev/rfkill" char nodedev_context)
- (blockinherit .nodedev.template))
+ (blockinherit .nodedev.template)
+
+ (call .rbacsep.exempt.obj.type (nodedev)))
diff --git a/src/dev/nodedev/usbnodedev.cil b/src/dev/nodedev/usbnodedev.cil
index 2432b6a..ce2c7ab 100644
--- a/src/dev/nodedev/usbnodedev.cil
+++ b/src/dev/nodedev/usbnodedev.cil
@@ -4,5 +4,8 @@
(block usb
(filecon "/dev/bus/usb/.+" char nodedev_context)
+ (filecon "/dev/usb.+" char nodedev_context)
- (blockinherit .nodedev.template))
+ (blockinherit .nodedev.template)
+
+ (call .rbacsep.exempt.obj.type (nodedev)))
diff --git a/src/dev/stordev.cil b/src/dev/stordev.cil
index 8611ec6..f13d9f3 100644
--- a/src/dev/stordev.cil
+++ b/src/dev/stordev.cil
@@ -3,14 +3,14 @@
(block stordev
+ (macro mounton_all_chr_files ((type ARG1))
+ (allow ARG1 typeattr mounton_chr_file))
+
(macro type ((type ARG1))
(typeattributeset typeattr ARG1))
(typeattribute typeattr)
- (macro mounton_all_chr_files ((type ARG1))
- (allow ARG1 typeattr mounton_chr_file))
-
(blockinherit .file.all_macro_template_blk_files)
(blockinherit .file.all_macro_template_chr_files)
diff --git a/src/dev/termdev/ptytermdev.cil b/src/dev/termdev/ptytermdev.cil
index 4fb7d61..97aed95 100644
--- a/src/dev/termdev/ptytermdev.cil
+++ b/src/dev/termdev/ptytermdev.cil
@@ -98,7 +98,7 @@
(typeattribute typeattr)
- (allow typeattr ptytermdev.typeattr (chr_file (not (execmod mounton))))))
+ (allow typeattr ptytermdev.typeattr (chr_file (not (audit_access execmod))))))
(in after ptytermdev.appendinherited_all_chr_files
(allowx ARG1 typeattr IOCTLCONSOLE)
diff --git a/src/dev/termdev/serialtermdev.cil b/src/dev/termdev/serialtermdev.cil
index 0f04101..afb7aac 100644
--- a/src/dev/termdev/serialtermdev.cil
+++ b/src/dev/termdev/serialtermdev.cil
@@ -97,7 +97,7 @@
(typeattribute typeattr)
- (allow typeattr serialtermdev.typeattr (chr_file (not (execmod mounton))))))
+ (allow typeattr serialtermdev.typeattr (chr_file (not (audit_access execmod))))))
(in after serialtermdev.appendinherited_all_chr_files
(allowx ARG1 typeattr IOCTLCONSOLE)
generated by cgit v1.2.3 (git 2.46.0) at 2025-09-20 21:28:17 +0000