summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/dev/nodedev/ttynodedev.cil42
-rw-r--r--src/dev/termdev.cil6
-rw-r--r--src/dev/termdev/ptytermdev.cil12
-rw-r--r--src/dev/termdev/ptytermdev/loginptytermdev.cil6
-rw-r--r--src/dev/termdev/serialtermdev.cil12
-rw-r--r--src/dev/termdev/serialtermdev/loginserialtermdev.cil6
-rw-r--r--src/misc/xperm/consolexperm.cil5
7 files changed, 65 insertions, 24 deletions
diff --git a/src/dev/nodedev/ttynodedev.cil b/src/dev/nodedev/ttynodedev.cil
index 00ac2ca..265a070 100644
--- a/src/dev/nodedev/ttynodedev.cil
+++ b/src/dev/nodedev/ttynodedev.cil
@@ -5,6 +5,48 @@
(filecon "/dev/tty" char nodedev_context)
+ (macro tioclinux_nodedev_chr_files ((type ARG1))
+ (allowx ARG1 nodedev TIOCLINUX))
+
+ (macro tiocsti_nodedev_chr_files ((type ARG1))
+ (allowx ARG1 nodedev TIOCSTI))
+
(blockinherit .nodedev.template)
(call .rbacsep.exempt.obj.type (nodedev)))
+
+;; TIOCLINUX, subcode=TIOCL_GETMOUSEREPORTING
+(in after tty.append_nodedev_chr_files
+ (allowx ARG1 nodedev IOCTLCONSOLE_NOT_TIOCLINUX)
+ (allowx ARG1 nodedev IOCTLTTY_NOT_TIOCSTI)
+ (allowx ARG1 nodedev IOCTLVT))
+
+(in after tty.appendinherited_nodedev_chr_files
+ (allowx ARG1 nodedev IOCTLCONSOLE_NOT_TIOCLINUX)
+ (allowx ARG1 nodedev IOCTLTTY_NOT_TIOCSTI)
+ (allowx ARG1 nodedev IOCTLVT))
+
+(in after tty.manage_nodedev_chr_files
+ (allowx ARG1 nodedev IOCTLCONSOLE_NOT_TIOCLINUX)
+ (allowx ARG1 nodedev IOCTLTTY_NOT_TIOCSTI)
+ (allowx ARG1 nodedev IOCTLVT))
+
+(in after tty.readwrite_nodedev_chr_files
+ (allowx ARG1 nodedev IOCTLCONSOLE_NOT_TIOCLINUX)
+ (allowx ARG1 nodedev IOCTLTTY_NOT_TIOCSTI)
+ (allowx ARG1 nodedev IOCTLVT))
+
+(in after tty.readwriteinherited_nodedev_chr_files
+ (allowx ARG1 nodedev IOCTLCONSOLE_NOT_TIOCLINUX)
+ (allowx ARG1 nodedev IOCTLTTY_NOT_TIOCSTI)
+ (allowx ARG1 nodedev IOCTLVT))
+
+(in after tty.write_nodedev_chr_files
+ (allowx ARG1 nodedev IOCTLCONSOLE_NOT_TIOCLINUX)
+ (allowx ARG1 nodedev IOCTLTTY_NOT_TIOCSTI)
+ (allowx ARG1 nodedev IOCTLVT))
+
+(in after tty.writeinherited_nodedev_chr_files
+ (allowx ARG1 nodedev IOCTLCONSOLE_NOT_TIOCLINUX)
+ (allowx ARG1 nodedev IOCTLTTY_NOT_TIOCSTI)
+ (allowx ARG1 nodedev IOCTLVT))
diff --git a/src/dev/termdev.cil b/src/dev/termdev.cil
index 273eebb..702f138 100644
--- a/src/dev/termdev.cil
+++ b/src/dev/termdev.cil
@@ -22,16 +22,16 @@
(allow typeattr termdev.typeattr (chr_file (not (audit_access execmod))))))
(in after termdev.appendinherited_all_chr_files
- (allowx ARG1 typeattr IOCTLCONSOLE)
+ (allowx ARG1 typeattr IOCTLCONSOLE_NOT_TIOCLINUX)
(allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
(allowx ARG1 typeattr IOCTLVT))
(in after termdev.readwriteinherited_all_chr_files
- (allowx ARG1 typeattr IOCTLCONSOLE)
+ (allowx ARG1 typeattr IOCTLCONSOLE_NOT_TIOCLINUX)
(allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
(allowx ARG1 typeattr IOCTLVT))
(in after termdev.writeinherited_all_chr_files
- (allowx ARG1 typeattr IOCTLCONSOLE)
+ (allowx ARG1 typeattr IOCTLCONSOLE_NOT_TIOCLINUX)
(allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
(allowx ARG1 typeattr IOCTLVT))
diff --git a/src/dev/termdev/ptytermdev.cil b/src/dev/termdev/ptytermdev.cil
index 1818854..0a5f93e 100644
--- a/src/dev/termdev/ptytermdev.cil
+++ b/src/dev/termdev/ptytermdev.cil
@@ -32,7 +32,7 @@
(macro appendinherited_ptytermdev_chr_files ((type ARG1))
(allow ARG1 ptytermdev appendinherited_chr_file)
- (allowx ARG1 ptytermdev IOCTLCONSOLE)
+ (allowx ARG1 ptytermdev IOCTLCONSOLE_NOT_TIOCLINUX)
(allowx ARG1 ptytermdev IOCTLTTY_NOT_TIOCSTI)
(allowx ARG1 ptytermdev IOCTLVT))
@@ -59,7 +59,7 @@
(macro readwriteinherited_ptytermdev_chr_files ((type ARG1))
(allow ARG1 ptytermdev readwriteinherited_chr_file)
- (allowx ARG1 ptytermdev IOCTLCONSOLE)
+ (allowx ARG1 ptytermdev IOCTLCONSOLE_NOT_TIOCLINUX)
(allowx ARG1 ptytermdev IOCTLTTY_NOT_TIOCSTI)
(allowx ARG1 ptytermdev IOCTLVT))
@@ -80,7 +80,7 @@
(macro writeinherited_ptytermdev_chr_files ((type ARG1))
(allow ARG1 ptytermdev writeinherited_chr_file)
- (allowx ARG1 ptytermdev IOCTLCONSOLE)
+ (allowx ARG1 ptytermdev IOCTLCONSOLE_NOT_TIOCLINUX)
(allowx ARG1 ptytermdev IOCTLTTY_NOT_TIOCSTI)
(allowx ARG1 ptytermdev IOCTLVT)))
@@ -101,16 +101,16 @@
(allow typeattr ptytermdev.typeattr (chr_file (not (audit_access execmod))))))
(in after ptytermdev.appendinherited_all_chr_files
- (allowx ARG1 typeattr IOCTLCONSOLE)
+ (allowx ARG1 typeattr IOCTLCONSOLE_NOT_TIOCLINUX)
(allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
(allowx ARG1 typeattr IOCTLVT))
(in after ptytermdev.readwriteinherited_all_chr_files
- (allowx ARG1 typeattr IOCTLCONSOLE)
+ (allowx ARG1 typeattr IOCTLCONSOLE_NOT_TIOCLINUX)
(allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
(allowx ARG1 typeattr IOCTLVT))
(in after ptytermdev.writeinherited_all_chr_files
- (allowx ARG1 typeattr IOCTLCONSOLE)
+ (allowx ARG1 typeattr IOCTLCONSOLE_NOT_TIOCLINUX)
(allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
(allowx ARG1 typeattr IOCTLVT))
diff --git a/src/dev/termdev/ptytermdev/loginptytermdev.cil b/src/dev/termdev/ptytermdev/loginptytermdev.cil
index c8ca794..9e94db0 100644
--- a/src/dev/termdev/ptytermdev/loginptytermdev.cil
+++ b/src/dev/termdev/ptytermdev/loginptytermdev.cil
@@ -34,16 +34,16 @@
(blockinherit .ptytermdev.macro_template_chr_files)))
(in after loginptytermdev.appendinherited_all_chr_files
- (allowx ARG1 typeattr IOCTLCONSOLE)
+ (allowx ARG1 typeattr IOCTLCONSOLE_NOT_TIOCLINUX)
(allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
(allowx ARG1 typeattr IOCTLVT))
(in after loginptytermdev.readwriteinherited_all_chr_files
- (allowx ARG1 typeattr IOCTLCONSOLE)
+ (allowx ARG1 typeattr IOCTLCONSOLE_NOT_TIOCLINUX)
(allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
(allowx ARG1 typeattr IOCTLVT))
(in after loginptytermdev.writeinherited_all_chr_files
- (allowx ARG1 typeattr IOCTLCONSOLE)
+ (allowx ARG1 typeattr IOCTLCONSOLE_NOT_TIOCLINUX)
(allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
(allowx ARG1 typeattr IOCTLVT))
diff --git a/src/dev/termdev/serialtermdev.cil b/src/dev/termdev/serialtermdev.cil
index 45d2290..4e06669 100644
--- a/src/dev/termdev/serialtermdev.cil
+++ b/src/dev/termdev/serialtermdev.cil
@@ -31,7 +31,7 @@
(macro appendinherited_serialtermdev_chr_files ((type ARG1))
(allow ARG1 serialtermdev appendinherited_chr_file)
- (allowx ARG1 serialtermdev IOCTLCONSOLE)
+ (allowx ARG1 serialtermdev IOCTLCONSOLE_NOT_TIOCLINUX)
(allowx ARG1 serialtermdev IOCTLTTY_NOT_TIOCSTI)
(allowx ARG1 serialtermdev IOCTLVT))
@@ -58,7 +58,7 @@
(macro readwriteinherited_serialtermdev_chr_files ((type ARG1))
(allow ARG1 serialtermdev readwriteinherited_chr_file)
- (allowx ARG1 serialtermdev IOCTLCONSOLE)
+ (allowx ARG1 serialtermdev IOCTLCONSOLE_NOT_TIOCLINUX)
(allowx ARG1 serialtermdev IOCTLTTY_NOT_TIOCSTI)
(allowx ARG1 serialtermdev IOCTLVT))
@@ -79,7 +79,7 @@
(macro writeinherited_serialtermdev_chr_files ((type ARG1))
(allow ARG1 serialtermdev writeinherited_chr_file)
- (allowx ARG1 serialtermdev IOCTLCONSOLE)
+ (allowx ARG1 serialtermdev IOCTLCONSOLE_NOT_TIOCLINUX)
(allowx ARG1 serialtermdev IOCTLTTY_NOT_TIOCSTI)
(allowx ARG1 serialtermdev IOCTLVT)))
@@ -100,16 +100,16 @@
(allow typeattr serialtermdev.typeattr (chr_file (not (audit_access execmod))))))
(in after serialtermdev.appendinherited_all_chr_files
- (allowx ARG1 typeattr IOCTLCONSOLE)
+ (allowx ARG1 typeattr IOCTLCONSOLE_NOT_TIOCLINUX)
(allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
(allowx ARG1 typeattr IOCTLVT))
(in after serialtermdev.readwriteinherited_all_chr_files
- (allowx ARG1 typeattr IOCTLCONSOLE)
+ (allowx ARG1 typeattr IOCTLCONSOLE_NOT_TIOCLINUX)
(allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
(allowx ARG1 typeattr IOCTLVT))
(in after serialtermdev.writeinherited_all_chr_files
- (allowx ARG1 typeattr IOCTLCONSOLE)
+ (allowx ARG1 typeattr IOCTLCONSOLE_NOT_TIOCLINUX)
(allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
(allowx ARG1 typeattr IOCTLVT))
diff --git a/src/dev/termdev/serialtermdev/loginserialtermdev.cil b/src/dev/termdev/serialtermdev/loginserialtermdev.cil
index fdc8f51..e480302 100644
--- a/src/dev/termdev/serialtermdev/loginserialtermdev.cil
+++ b/src/dev/termdev/serialtermdev/loginserialtermdev.cil
@@ -34,16 +34,16 @@
(blockinherit .serialtermdev.macro_template_chr_files)))
(in after loginserialtermdev.appendinherited_all_chr_files
- (allowx ARG1 typeattr IOCTLCONSOLE)
+ (allowx ARG1 typeattr IOCTLCONSOLE_NOT_TIOCLINUX)
(allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
(allowx ARG1 typeattr IOCTLVT))
(in after loginserialtermdev.readwriteinherited_all_chr_files
- (allowx ARG1 typeattr IOCTLCONSOLE)
+ (allowx ARG1 typeattr IOCTLCONSOLE_NOT_TIOCLINUX)
(allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
(allowx ARG1 typeattr IOCTLVT))
(in after loginserialtermdev.writeinherited_all_chr_files
- (allowx ARG1 typeattr IOCTLCONSOLE)
+ (allowx ARG1 typeattr IOCTLCONSOLE_NOT_TIOCLINUX)
(allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
(allowx ARG1 typeattr IOCTLVT))
diff --git a/src/misc/xperm/consolexperm.cil b/src/misc/xperm/consolexperm.cil
index ce14d75..331fd97 100644
--- a/src/misc/xperm/consolexperm.cil
+++ b/src/misc/xperm/consolexperm.cil
@@ -1,15 +1,14 @@
;; SPDX-FileCopyrightText: © 2024 Dominick Grift <dominick.grift@defensec.nl>
;; SPDX-License-Identifier: Unlicense
-(permissionx IOCTLCONSOLE
+(permissionx IOCTLCONSOLE_NOT_TIOCLINUX
(ioctl chr_file (0x4b72 0x4b31 0x4b32 0x4b64 0x4b65 0x4b33 0x4b34
0x4b35 0x4b36 0x4b37 0x4b3a 0x4b3b 0x4b30
0x4b2f 0x4b70 0x4b71 0x4b60 0x4b6b 0x4b61
0x4b6c 0x4b6d 0x4b40 0x4b69 0x4b41 0x4b6a
0x4b66 0x4b67 0x4b68 0x4b44 0x4b45 0x4b62
0x4b63 0x4b46 0x4b47 0x4b48 0x4b49 0x4b4a
- 0x4b4c 0x4b4d 0x4b4e 0x541c 0x4bfa
- 0x4bfb)))
+ 0x4b4c 0x4b4d 0x4b4e 0x4bfa 0x4bfb)))
;; Font handling
(permissionx KDFONTOP (ioctl chr_file (0x4b72)))
generated by cgit v1.2.3 (git 2.46.0) at 2025-09-20 19:40:43 +0000