blob: b027817f3ea09fdf4d35b643b7ad43e68e379b55 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
|
;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl>
;; SPDX-License-Identifier: Unlicense
(block tty
(filecon "/dev/tty" char nodedev_context)
(macro tioclinux_nodedev_chr_files ((type ARG1))
(allowx ARG1 nodedev TIOCLINUX))
(macro tiocsti_nodedev_chr_files ((type ARG1))
(allowx ARG1 nodedev TIOCSTI))
(blockinherit .nodedev.template)
(call .rbacsep.exempt.obj.type (nodedev)))
;; TIOCLINUX, subcode=TIOCL_GETMOUSEREPORTING
(in after tty.append_nodedev_chr_files
(allowx ARG1 nodedev IOCTLCONSOLE_NOT_TIOCLINUX)
(allowx ARG1 nodedev IOCTLTTY_NOT_TIOCSTI)
(allowx ARG1 nodedev IOCTLVT))
(in after tty.appendinherited_nodedev_chr_files
(allowx ARG1 nodedev IOCTLCONSOLE_NOT_TIOCLINUX)
(allowx ARG1 nodedev IOCTLTTY_NOT_TIOCSTI)
(allowx ARG1 nodedev IOCTLVT))
(in after tty.manage_nodedev_chr_files
(allowx ARG1 nodedev IOCTLCONSOLE_NOT_TIOCLINUX)
(allowx ARG1 nodedev IOCTLTTY_NOT_TIOCSTI)
(allowx ARG1 nodedev IOCTLVT))
(in after tty.readwrite_nodedev_chr_files
(allowx ARG1 nodedev IOCTLCONSOLE_NOT_TIOCLINUX)
(allowx ARG1 nodedev IOCTLTTY_NOT_TIOCSTI)
(allowx ARG1 nodedev IOCTLVT))
(in after tty.readwriteinherited_nodedev_chr_files
(allowx ARG1 nodedev IOCTLCONSOLE_NOT_TIOCLINUX)
(allowx ARG1 nodedev IOCTLTTY_NOT_TIOCSTI)
(allowx ARG1 nodedev IOCTLVT))
(in after tty.write_nodedev_chr_files
(allowx ARG1 nodedev IOCTLCONSOLE_NOT_TIOCLINUX)
(allowx ARG1 nodedev IOCTLTTY_NOT_TIOCSTI)
(allowx ARG1 nodedev IOCTLVT))
(in after tty.writeinherited_nodedev_chr_files
(allowx ARG1 nodedev IOCTLCONSOLE_NOT_TIOCLINUX)
(allowx ARG1 nodedev IOCTLTTY_NOT_TIOCSTI)
(allowx ARG1 nodedev IOCTLVT))
|
