From 179eb23bb725e40b53bbd5e63026abd0655f25ac Mon Sep 17 00:00:00 2001
From: Dominick Grift <dominick.grift@defensec.nl>
Date: Wed, 18 Dec 2024 13:03:20 +0100
Subject: clean up dev.unconfined

---
 src/dev.cil                       | 5 +----
 src/dev/nodedev.cil               | 4 ++++
 src/dev/stordev.cil               | 2 +-
 src/dev/termdev.cil               | 6 ++++--
 src/dev/termdev/ptytermdev.cil    | 4 ++++
 src/dev/termdev/serialtermdev.cil | 4 ++++
 6 files changed, 18 insertions(+), 7 deletions(-)

diff --git a/src/dev.cil b/src/dev.cil
index 22413bd..a7ec444 100644
--- a/src/dev.cil
+++ b/src/dev.cil
@@ -41,10 +41,7 @@
     (macro type ((type ARG1))
 	   (typeattributeset typeattr ARG1))
 
-    (typeattribute typeattr)
-
-    (allow typeattr dev.typeattr (blk_file (not (audit_access execmod map))))
-    (allow typeattr dev.typeattr (chr_file (not (audit_access execmod))))))
+    (typeattribute typeattr)))
 
 (in unconfined
 
diff --git a/src/dev/nodedev.cil b/src/dev/nodedev.cil
index bf76848..3630643 100644
--- a/src/dev/nodedev.cil
+++ b/src/dev/nodedev.cil
@@ -114,3 +114,7 @@
     (typeattribute typeattr)
 
     (allow typeattr nodedev.typeattr (chr_file (not (audit_access execmod))))))
+
+(in dev.unconfined
+
+    (call .nodedev.unconfined.type (typeattr)))
diff --git a/src/dev/stordev.cil b/src/dev/stordev.cil
index a1ee7ef..7c95e03 100644
--- a/src/dev/stordev.cil
+++ b/src/dev/stordev.cil
@@ -185,4 +185,4 @@
 
 (in dev.unconfined
 
-    (call .stordev.readwrite.type (typeattr)))
+    (call .stordev.unconfined.type (typeattr)))
diff --git a/src/dev/termdev.cil b/src/dev/termdev.cil
index 702f138..bf340e5 100644
--- a/src/dev/termdev.cil
+++ b/src/dev/termdev.cil
@@ -17,9 +17,11 @@
     (macro type ((type ARG1))
 	   (typeattributeset typeattr ARG1))
 
-    (typeattribute typeattr)
+    (typeattribute typeattr)))
 
-    (allow typeattr termdev.typeattr (chr_file (not (audit_access execmod))))))
+(in dev.unconfined
+
+    (call .termdev.unconfined.type (typeattr)))
 
 (in after termdev.appendinherited_all_chr_files
     (allowx ARG1 typeattr IOCTLCONSOLE_NOT_TIOCLINUX)
diff --git a/src/dev/termdev/ptytermdev.cil b/src/dev/termdev/ptytermdev.cil
index 8a3b3af..9eb43db 100644
--- a/src/dev/termdev/ptytermdev.cil
+++ b/src/dev/termdev/ptytermdev.cil
@@ -100,6 +100,10 @@
 
     (allow typeattr ptytermdev.typeattr (chr_file (not (audit_access execmod))))))
 
+(in termdev.unconfined
+
+    (call .ptytermdev.unconfined.type (typeattr)))
+
 (in after ptytermdev.appendinherited_all_chr_files
     (allowx ARG1 typeattr IOCTLCONSOLE_NOT_TIOCLINUX)
     (allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
diff --git a/src/dev/termdev/serialtermdev.cil b/src/dev/termdev/serialtermdev.cil
index 510ea76..059e9ef 100644
--- a/src/dev/termdev/serialtermdev.cil
+++ b/src/dev/termdev/serialtermdev.cil
@@ -99,6 +99,10 @@
 
     (allow typeattr serialtermdev.typeattr (chr_file (not (audit_access execmod))))))
 
+(in termdev.unconfined
+
+    (call .serialtermdev.unconfined.type (typeattr)))
+
 (in after serialtermdev.appendinherited_all_chr_files
     (allowx ARG1 typeattr IOCTLCONSOLE_NOT_TIOCLINUX)
     (allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
-- 
cgit v1.2.3