Chris PeBenito 4bf4ed
## <module name="terminal" layer="kernel">
Chris PeBenito 4bf4ed
## <summary>Policy for terminals.</summary>
Chris PeBenito e181fe
Chris PeBenito b4cd15
########################################
Chris PeBenito eda201
## <interface name="term_pty">
Chris PeBenito eda201
##	<description>
Chris PeBenito eda201
##		Transform specified type into a pty type.
Chris PeBenito eda201
##	</description>
Chris PeBenito eda201
##	<parameter name="pty_type">
Chris PeBenito eda201
##		An object type that will applied to a pty.
Chris PeBenito eda201
##	</parameter>
Chris PeBenito eda201
## </interface>
Chris PeBenito b4cd15
#
Chris PeBenito eda201
define(`term_pty',`
Chris PeBenito 0c73cd
	requires_block_template(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 devpts_t:filesystem associate;
Chris PeBenito 0c73cd
	typeattribute $1 ptynode;
Chris PeBenito b16c6b
')
Chris PeBenito b16c6b
Chris PeBenito eda201
define(`term_pty_depend',`
Chris PeBenito 0c73cd
	attribute ptynode;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	type devpts_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class filesystem associate;
Chris PeBenito b16c6b
')
Chris PeBenito b16c6b
Chris PeBenito b16c6b
########################################
Chris PeBenito eda201
## <interface name="term_user_pty">
Chris PeBenito 9f72a2
##	<description>
Chris PeBenito eda201
##		Transform specified type into an user
Chris PeBenito 9f72a2
##		pty type. This allows it to be relabeled via
Chris PeBenito 9f72a2
##		type change by login programs such as ssh.
Chris PeBenito 9f72a2
##	</description>
Chris PeBenito 9f72a2
##	<parameter name="object_type">
Chris PeBenito 9f72a2
##		An object type that will applied to a pty.
Chris PeBenito 9f72a2
##	</parameter>
Chris PeBenito 9f72a2
## </interface>
Chris PeBenito b16c6b
#
Chris PeBenito eda201
define(`term_user_pty',`
Chris PeBenito 0c73cd
	requires_block_template(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0fd9dc
	term_pty($1)
Chris PeBenito 0c73cd
	typeattribute $1 server_ptynode;
Chris PeBenito b16c6b
')
Chris PeBenito b16c6b
Chris PeBenito eda201
define(`term_user_pty_depend',`
Chris PeBenito 0c73cd
	attribute server_ptynode;
Chris PeBenito b16c6b
')
Chris PeBenito b16c6b
Chris PeBenito b16c6b
########################################
Chris PeBenito 0fd9dc
## <interface name="term_tty">
Chris PeBenito eda201
##	<description>
Chris PeBenito eda201
##		Transform specified type into a tty type.
Chris PeBenito eda201
##	</description>
Chris PeBenito 0fd9dc
##	<parameter name="tty_type">
Chris PeBenito eda201
##		An object type that will applied to a tty.
Chris PeBenito eda201
##	</parameter>
Chris PeBenito eda201
## </interface>
Chris PeBenito b16c6b
#
Chris PeBenito eda201
define(`term_tty',`
Chris PeBenito 0c73cd
	requires_block_template(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	typeattribute $2 ttynode;
Chris PeBenito 0c73cd
	type_change $1 tty_device_t:chr_file $2;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	# Debian login is from shadow utils and does not allow resetting the perms.
Chris PeBenito 0c73cd
	# have to fix this!
Chris PeBenito 254bbc
	ifdef(`distro_debian',`
Chris PeBenito 0c73cd
		type_change $1 ttyfile:chr_file $2;
Chris PeBenito 0c73cd
	')
Chris PeBenito 0c73cd
Chris PeBenito 254bbc
	ifdef(`distro_redhat',`
Chris PeBenito eda201
		fs_associate_tmpfs($2)
Chris PeBenito 0c73cd
	')
Chris PeBenito b16c6b
')
Chris PeBenito b16c6b
Chris PeBenito eda201
define(`term_tty_depend',`
Chris PeBenito 0c73cd
	attribute ttynode;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	type tty_device_t;
Chris PeBenito b16c6b
')
Chris PeBenito b16c6b
Chris PeBenito b16c6b
########################################
Chris PeBenito eda201
## <interface name="term_create_pty">
Chris PeBenito eda201
##	<description>
Chris PeBenito eda201
##		Create a pty in the /dev/pts directory.
Chris PeBenito eda201
##	</description>
Chris PeBenito eda201
##	<parameter name="domain">
Chris PeBenito eda201
##		The type of the process creating the pty.
Chris PeBenito eda201
##	</parameter>
Chris PeBenito eda201
##	<parameter name="pty_type">
Chris PeBenito eda201
##		The type of the pty.
Chris PeBenito eda201
##	</parameter>
Chris PeBenito eda201
## </interface>
Chris PeBenito b16c6b
#
Chris PeBenito 9f72a2
define(`term_create_pty',`
Chris PeBenito 0c73cd
	requires_block_template(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	devices_list_device_nodes($1)
Chris PeBenito c2c00b
	allow $1 ptmx_t:chr_file rw_file_perms;
Chris PeBenito 0c73cd
	allow $1 devpts_t:dir r_dir_perms;
Chris PeBenito 0c73cd
	allow $1 devpts_t:filesystem getattr;
Chris PeBenito 0c73cd
	dontaudit $1 bsdpty_device_t:chr_file { getattr read write };
Chris PeBenito 0c73cd
	type_transition $1 devpts_t:chr_file $2;
Chris PeBenito 8a0da1
')
Chris PeBenito 8a0da1
Chris PeBenito 9f72a2
define(`term_create_pty_depend',`
Chris PeBenito 0c73cd
	type ptmx_t, devpts_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class filesystem getattr;
Chris PeBenito 0c73cd
	class dir r_dir_perms;
Chris PeBenito c2c00b
	class chr_file rw_file_perms;
Chris PeBenito 8a0da1
')
Chris PeBenito 8a0da1
Chris PeBenito 8a0da1
########################################
Chris PeBenito 0fd9dc
## <interface name="term_use_all_terms">
Chris PeBenito eda201
##	<description>
Chris PeBenito eda201
##		Read and write the console, all
Chris PeBenito eda201
##		ttys and all ptys.
Chris PeBenito eda201
##	</description>
Chris PeBenito eda201
##	<parameter name="domain">
Chris PeBenito eda201
##		The type of the process performing this action.
Chris PeBenito eda201
##	</parameter>
Chris PeBenito eda201
## </interface>
Chris PeBenito de2cee
#
Chris PeBenito 0fd9dc
define(`term_use_all_terms',`
Chris PeBenito 0c73cd
	requires_block_template(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	devices_list_device_nodes($1)
Chris PeBenito 0c73cd
	allow $1 devpts_t:dir r_dir_perms;
Chris PeBenito 0c73cd
	allow $1 { console_device_t tty_device_t ttynode ptynode }:chr_file rw_file_perms;
Chris PeBenito de2cee
')
Chris PeBenito de2cee
Chris PeBenito 0fd9dc
define(`term_use_all_terms_depend',`
Chris PeBenito 0c73cd
	attribute ttynode, ptynode;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	type console_device_t, devpts_t, tty_device_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class dir r_dir_perms;
Chris PeBenito 0c73cd
	class chr_file rw_file_perms;
Chris PeBenito 3b857e
')
Chris PeBenito 3b857e
Chris PeBenito 3b857e
########################################
Chris PeBenito 9f72a2
## <interface name="term_write_console">
Chris PeBenito 3b857e
##	<description>
Chris PeBenito 3b857e
##		Write to the console.
Chris PeBenito 3b857e
##	</description>
Chris PeBenito 3b857e
##	<parameter name="domain">
Chris PeBenito 3b857e
##		The type of the process performing this action.
Chris PeBenito 3b857e
##	</parameter>
Chris PeBenito 3b857e
## </interface>
Chris PeBenito 3b857e
#
Chris PeBenito 9f72a2
define(`term_write_console',`
Chris PeBenito 3b857e
	requires_block_template(`$0'_depend)
Chris PeBenito 3b857e
Chris PeBenito 3b857e
	devices_list_device_nodes($1)
Chris PeBenito 3b857e
	allow $1 console_device_t:chr_file write;
Chris PeBenito 3b857e
')
Chris PeBenito 3b857e
Chris PeBenito 9f72a2
define(`term_use_console_depend',`
Chris PeBenito 3b857e
	type console_device_t;
Chris PeBenito 3b857e
	class chr_file write;
Chris PeBenito 3ce6cb
')
Chris PeBenito 3ce6cb
Chris PeBenito 3ce6cb
########################################
Chris PeBenito 9f72a2
## <interface name="term_use_console">
Chris PeBenito daa0e0
##	<description>
Chris PeBenito daa0e0
##		Read from and write to the console.
Chris PeBenito daa0e0
##	</description>
Chris PeBenito daa0e0
##	<parameter name="domain">
Chris PeBenito daa0e0
##		The type of the process performing this action.
Chris PeBenito daa0e0
##	</parameter>
Chris PeBenito daa0e0
## </interface>
Chris PeBenito 3ce6cb
#
Chris PeBenito 9f72a2
define(`term_use_console',`
Chris PeBenito 0c73cd
	requires_block_template(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	devices_list_device_nodes($1)
Chris PeBenito 0c73cd
	allow $1 console_device_t:chr_file rw_file_perms;
Chris PeBenito 3ce6cb
')
Chris PeBenito 3ce6cb
Chris PeBenito 9f72a2
define(`term_use_console_depend',`
Chris PeBenito 0c73cd
	type console_device_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class chr_file rw_file_perms;
Chris PeBenito 3ce6cb
')
Chris PeBenito 3ce6cb
Chris PeBenito 3ce6cb
########################################
Chris PeBenito 9f72a2
## <interface name="term_dontaudit_use_console">
Chris PeBenito daa0e0
##	<description>
Chris PeBenito eda201
##		Do not audit attemtps to read from
Chris PeBenito eda201
##		or write to the console.
Chris PeBenito daa0e0
##	</description>
Chris PeBenito daa0e0
##	<parameter name="domain">
Chris PeBenito daa0e0
##		The type of the process performing this action.
Chris PeBenito daa0e0
##	</parameter>
Chris PeBenito daa0e0
## </interface>
Chris PeBenito 3ce6cb
#
Chris PeBenito 9f72a2
define(`term_dontaudit_use_console',`
Chris PeBenito 0c73cd
	requires_block_template(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	dontaudit $1 console_device_t:chr_file { read write };
Chris PeBenito 3ce6cb
')
Chris PeBenito 3ce6cb
Chris PeBenito 9f72a2
define(`term_dontaudit_use_console_depend',`
Chris PeBenito 0c73cd
	type console_device_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class chr_file { read write };
Chris PeBenito 3ce6cb
')
Chris PeBenito 3ce6cb
Chris PeBenito 3ce6cb
########################################
Chris PeBenito eda201
## <interface name="term_setattr_console">
Chris PeBenito eda201
##	<description>
Chris PeBenito eda201
##		Set the attributes of the console
Chris PeBenito eda201
##		device node.
Chris PeBenito eda201
##	</description>
Chris PeBenito eda201
##	<parameter name="domain">
Chris PeBenito eda201
##		The type of the process performing this action.
Chris PeBenito eda201
##	</parameter>
Chris PeBenito eda201
## </interface>
Chris PeBenito 3ce6cb
#
Chris PeBenito 9f72a2
define(`term_setattr_console',`
Chris PeBenito 0c73cd
	requires_block_template(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	devices_list_device_nodes($1)
Chris PeBenito 0c73cd
	allow $1 console_device_t:chr_file setattr;
Chris PeBenito 3ce6cb
')
Chris PeBenito 3ce6cb
Chris PeBenito 9f72a2
define(`term_setattr_console_depend',`
Chris PeBenito 0c73cd
	type console_device_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class chr_file setattr;
Chris PeBenito 3ce6cb
')
Chris PeBenito 3ce6cb
Chris PeBenito 3ce6cb
########################################
Chris PeBenito eda201
## <interface name="term_list_ptys">
Chris PeBenito eda201
##	<description>
Chris PeBenito eda201
##		Read the /dev/pts directory to
Chris PeBenito eda201
##		list all ptys.
Chris PeBenito eda201
##	</description>
Chris PeBenito eda201
##	<parameter name="domain">
Chris PeBenito eda201
##		The type of the process performing this action.
Chris PeBenito eda201
##	</parameter>
Chris PeBenito eda201
## </interface>
Chris PeBenito 3ce6cb
#
Chris PeBenito 9f72a2
define(`term_list_ptys',`
Chris PeBenito 0c73cd
	requires_block_template(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	devices_list_device_nodes($1)
Chris PeBenito 0c73cd
	allow $1 devpts_t:dir r_dir_perms;
Chris PeBenito 3ce6cb
')
Chris PeBenito 3ce6cb
Chris PeBenito 9f72a2
define(`term_list_ptys_depend',`
Chris PeBenito 0c73cd
	type devpts_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class dir r_dir_perms;
Chris PeBenito 3ce6cb
')
Chris PeBenito 3ce6cb
Chris PeBenito 3ce6cb
########################################
Chris PeBenito eda201
## <interface name="term_dontaudit_list_ptys">
Chris PeBenito eda201
##	<description>
Chris PeBenito eda201
##		Do not audit attempts to read the
Chris PeBenito eda201
##		/dev/pts directory to.
Chris PeBenito eda201
##	</description>
Chris PeBenito eda201
##	<parameter name="domain">
Chris PeBenito eda201
##		The type of the process to not audit.
Chris PeBenito eda201
##	</parameter>
Chris PeBenito eda201
## </interface>
Chris PeBenito 3ce6cb
#
Chris PeBenito 9f72a2
define(`term_dontaudit_list_ptys',`
Chris PeBenito 0c73cd
	requires_block_template(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	dontaudit $1 devpts_t:dir { getattr search read };
Chris PeBenito 3ce6cb
')
Chris PeBenito 3ce6cb
Chris PeBenito 9f72a2
define(`term_dontaudit_list_ptys_depend',`
Chris PeBenito 0c73cd
	type devpts_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class dir { getattr search read };
Chris PeBenito 3ce6cb
')
Chris PeBenito 3ce6cb
Chris PeBenito 3ce6cb
########################################
Chris PeBenito eda201
## <interface name="term_use_generic_pty">
Chris PeBenito eda201
##	<description>
Chris PeBenito eda201
##		Read and write the generic pty
Chris PeBenito eda201
##		type.  This is generally only used in
Chris PeBenito eda201
##		the targeted policy.
Chris PeBenito eda201
##	</description>
Chris PeBenito eda201
##	<parameter name="domain">
Chris PeBenito eda201
##		The type of the process performing this action.
Chris PeBenito eda201
##	</parameter>
Chris PeBenito eda201
## </interface>
Chris PeBenito 3ce6cb
#
Chris PeBenito 9f72a2
define(`term_use_generic_pty',`
Chris PeBenito 0c73cd
	requires_block_template(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	devices_list_device_nodes($1)
Chris PeBenito 0c73cd
	allow $1 devpts_t:chr_file { read write };
Chris PeBenito 3ce6cb
')
Chris PeBenito 3ce6cb
Chris PeBenito 9f72a2
define(`term_use_generic_pty_depend',`
Chris PeBenito 0c73cd
	type devpts_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class chr_file { read write };
Chris PeBenito de2cee
')
Chris PeBenito de2cee
Chris PeBenito de2cee
########################################
Chris PeBenito eda201
## <interface name="term_dontaudit_use_generic_pty">
Chris PeBenito eda201
##	<description>
Chris PeBenito eda201
##		Dot not audit attempts to read and
Chris PeBenito eda201
##		write the generic pty type.  This is
Chris PeBenito eda201
##		generally only used in the targeted policy.
Chris PeBenito eda201
##	</description>
Chris PeBenito eda201
##	<parameter name="domain">
Chris PeBenito eda201
##		The type of the process to not audit.
Chris PeBenito eda201
##	</parameter>
Chris PeBenito eda201
## </interface>
Chris PeBenito b4cd15
#
Chris PeBenito 9f72a2
define(`term_dontaudit_use_generic_pty',`
Chris PeBenito 0c73cd
	requires_block_template(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	dontaudit $1 devpts_t:chr_file { read write };
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito 9f72a2
define(`term_dontaudit_use_generic_pty_depend',`
Chris PeBenito 0c73cd
	type devpts_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class chr_file { read write };
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito eda201
## <interface name="term_use_controlling_term">
Chris PeBenito eda201
##	<description>
Chris PeBenito eda201
##		Read and write the controlling
Chris PeBenito eda201
##		terminal (/dev/tty).
Chris PeBenito eda201
##	</description>
Chris PeBenito eda201
##	<parameter name="domain">
Chris PeBenito eda201
##		The type of the process performing this action.
Chris PeBenito eda201
##	</parameter>
Chris PeBenito eda201
## </interface>
Chris PeBenito b4cd15
#
Chris PeBenito eda201
define(`term_use_controlling_term',`
Chris PeBenito 0c73cd
	requires_block_template(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	devices_list_device_nodes($1)
Chris PeBenito 0c73cd
	allow $1 devtty_t:chr_file { getattr read write ioctl };
Chris PeBenito 811985
')
Chris PeBenito 811985
Chris PeBenito 9f72a2
define(`term_use_controlling_terminal_depend',`
Chris PeBenito 0c73cd
	type devtty_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class chr_file { getattr read write ioctl };
Chris PeBenito 811985
')
Chris PeBenito 811985
Chris PeBenito 811985
########################################
Chris PeBenito eda201
## <interface name="term_dontaudit_use_ptmx">
Chris PeBenito eda201
##	<description>
Chris PeBenito eda201
##		Do not audit attempts to read and
Chris PeBenito eda201
##		write the pty multiplexor (/dev/ptmx).
Chris PeBenito eda201
##	</description>
Chris PeBenito eda201
##	<parameter name="domain">
Chris PeBenito eda201
##		The type of the process to not audit.
Chris PeBenito eda201
##	</parameter>
Chris PeBenito eda201
## </interface>
Chris PeBenito 811985
#
Chris PeBenito eda201
define(`term_dontaudit_use_ptmx',`
Chris PeBenito 0c73cd
	requires_block_template(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	dontaudit $1 ptmx_t:chr_file { getattr read write };
Chris PeBenito 55a46d
')
Chris PeBenito 55a46d
Chris PeBenito eda201
define(`term_dontaudit_use_ptmx_depend',`
Chris PeBenito 0c73cd
	type ptmx_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class chr_file { getattr read write };
Chris PeBenito 55a46d
')
Chris PeBenito 55a46d
Chris PeBenito 55a46d
########################################
Chris PeBenito 0fd9dc
## <interface name="term_getattr_all_user_ptys">
Chris PeBenito eda201
##	<description>
Chris PeBenito 0fd9dc
##		Get the attributes of all user
Chris PeBenito 0fd9dc
##		pty device nodes.
Chris PeBenito eda201
##	</description>
Chris PeBenito eda201
##	<parameter name="domain">
Chris PeBenito eda201
##		The type of the process performing this action.
Chris PeBenito eda201
##	</parameter>
Chris PeBenito eda201
## </interface>
Chris PeBenito b4cd15
#
Chris PeBenito 0fd9dc
define(`term_getattr_all_user_ptys',`
Chris PeBenito 0c73cd
	requires_block_template(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	devices_list_device_nodes($1)
Chris PeBenito 0c73cd
	allow $1 devpts_t:dir r_dir_perms;
Chris PeBenito 0c73cd
	allow $1 ptynode:chr_file getattr;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito 9f72a2
define(`term_getattr_all_ptys_depend',`
Chris PeBenito 0c73cd
	attribute ptynode;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class dir r_dir_perms;
Chris PeBenito 0c73cd
	class chr_file getattr;
Chris PeBenito 7bba9d
')
Chris PeBenito 7bba9d
Chris PeBenito 7bba9d
########################################
Chris PeBenito eda201
## <interface name="term_use_all_user_ptys">
Chris PeBenito eda201
##	<description>
Chris PeBenito eda201
##		Read and write all user ptys.
Chris PeBenito eda201
##	</description>
Chris PeBenito eda201
##	<parameter name="domain">
Chris PeBenito eda201
##		The type of the process performing this action.
Chris PeBenito eda201
##	</parameter>
Chris PeBenito eda201
## </interface>
Chris PeBenito 7bba9d
#
Chris PeBenito eda201
define(`term_use_all_user_ptys',`
Chris PeBenito 0c73cd
	requires_block_template(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	devices_list_device_nodes($1)
Chris PeBenito 0c73cd
	allow $1 devpts_t:dir r_dir_perms;
Chris PeBenito 0c73cd
	allow $1 ptynode:chr_file { getattr read write ioctl };
Chris PeBenito 7bba9d
')
Chris PeBenito 7bba9d
Chris PeBenito eda201
define(`term_use_all_user_ptys_depend',`
Chris PeBenito 0c73cd
	attribute ptynode;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class dir r_dir_perms;
Chris PeBenito 0c73cd
	class chr_file { getattr read write ioctl };
Chris PeBenito d0eddb
')
Chris PeBenito d0eddb
Chris PeBenito d0eddb
########################################
Chris PeBenito eda201
## <interface name="term_dontaudit_use_all_user_ptys">
Chris PeBenito eda201
##	<description>
Chris PeBenito eda201
##		Do not audit attempts to read any
Chris PeBenito eda201
##		user ptys.
Chris PeBenito eda201
##	</description>
Chris PeBenito eda201
##	<parameter name="domain">
Chris PeBenito eda201
##		The type of the process to not audit.
Chris PeBenito eda201
##	</parameter>
Chris PeBenito eda201
## </interface>
Chris PeBenito d0eddb
#
Chris PeBenito eda201
define(`term_dontaudit_use_all_user_ptys',`
Chris PeBenito 0c73cd
	requires_block_template(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	dontaudit $1 ptynode:chr_file { read write };
Chris PeBenito d0eddb
')
Chris PeBenito d0eddb
Chris PeBenito eda201
define(`term_dontaudit_use_all_user_ptys_depend',`
Chris PeBenito 0c73cd
	attribute ptynode;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class chr_file { read write };
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito eda201
## <interface name="term_getattr_unallocated_ttys">
Chris PeBenito eda201
##	<description>
Chris PeBenito eda201
##		Get the attributes of all unallocated
Chris PeBenito eda201
##		tty device nodes.
Chris PeBenito eda201
##	</description>
Chris PeBenito eda201
##	<parameter name="domain">
Chris PeBenito eda201
##		The type of the process performing this action.
Chris PeBenito eda201
##	</parameter>
Chris PeBenito eda201
## </interface>
Chris PeBenito 7bba9d
#
Chris PeBenito 0fd9dc
define(`term_getattr_unallocated_ttys',`
Chris PeBenito 0c73cd
	requires_block_template(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	devices_list_device_nodes($1)
Chris PeBenito 0c73cd
	allow $1 tty_device_t:chr_file getattr;
Chris PeBenito 7bba9d
')
Chris PeBenito 7bba9d
Chris PeBenito 0fd9dc
define(`term_getattr_unallocated_ttys_depend',`
Chris PeBenito 0c73cd
	type tty_device_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class chr_file getattr;
Chris PeBenito 7bba9d
')
Chris PeBenito 7bba9d
Chris PeBenito 7bba9d
########################################
Chris PeBenito eda201
## <interface name="term_setattr_unallocated_ttys">
Chris PeBenito eda201
##	<description>
Chris PeBenito eda201
##		Set the attributes of all unallocated
Chris PeBenito eda201
##		tty device nodes.
Chris PeBenito eda201
##	</description>
Chris PeBenito eda201
##	<parameter name="domain">
Chris PeBenito eda201
##		The type of the process performing this action.
Chris PeBenito eda201
##	</parameter>
Chris PeBenito eda201
## </interface>
Chris PeBenito 7bba9d
#
Chris PeBenito 0fd9dc
define(`term_setattr_unallocated_ttys',`
Chris PeBenito 0c73cd
	requires_block_template(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	devices_list_device_nodes($1)
Chris PeBenito 0c73cd
	allow $1 tty_device_t:chr_file setattr;
Chris PeBenito 7bba9d
')
Chris PeBenito 7bba9d
Chris PeBenito 0fd9dc
define(`term_setattr_unallocated_ttys_depend',`
Chris PeBenito 0c73cd
	type tty_device_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class chr_file setattr;
Chris PeBenito 7bba9d
')
Chris PeBenito 7bba9d
Chris PeBenito 7bba9d
########################################
Chris PeBenito eda201
## <interface name="term_relabel_unallocated_ttys">
Chris PeBenito eda201
##	<description>
Chris PeBenito eda201
##		Relabel from and to the unallocated
Chris PeBenito eda201
##		tty type.
Chris PeBenito eda201
##	</description>
Chris PeBenito eda201
##	<parameter name="domain">
Chris PeBenito eda201
##		The type of the process performing this action.
Chris PeBenito eda201
##	</parameter>
Chris PeBenito eda201
## </interface>
Chris PeBenito 4bf4ed
#
Chris PeBenito 0fd9dc
define(`term_relabel_unallocated_ttys',`
Chris PeBenito 0c73cd
	requires_block_template(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	devices_list_device_nodes($1)
Chris PeBenito 0c73cd
	allow $1 tty_device_t:chr_file { relabelfrom relabelto };
Chris PeBenito 4bf4ed
')
Chris PeBenito 4bf4ed
Chris PeBenito 0fd9dc
define(`term_relabel_unallocated_ttys_depend',`
Chris PeBenito 0c73cd
	type tty_device_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class chr_file { relabelfrom relabelto };
Chris PeBenito 4bf4ed
')
Chris PeBenito 4bf4ed
Chris PeBenito 4bf4ed
########################################
Chris PeBenito eda201
## <interface name="term_reset_tty_labels">
Chris PeBenito eda201
##	<description>
Chris PeBenito eda201
##		Relabel from all user tty types to
Chris PeBenito eda201
##		the unallocated tty type.
Chris PeBenito eda201
##	</description>
Chris PeBenito eda201
##	<parameter name="domain">
Chris PeBenito eda201
##		The type of the process performing this action.
Chris PeBenito eda201
##	</parameter>
Chris PeBenito eda201
## </interface>
Chris PeBenito b4cd15
#
Chris PeBenito 9f72a2
define(`term_reset_tty_labels',`
Chris PeBenito 0c73cd
	requires_block_template(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	devices_list_device_nodes($1)
Chris PeBenito 0c73cd
	allow $1 ttynode:chr_file relabelfrom;
Chris PeBenito 0c73cd
	allow $1 tty_device_t:chr_file relabelto;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito 9f72a2
define(`term_reset_tty_labels_depend',`
Chris PeBenito 0c73cd
	attribute ttynode;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	type tty_device_t;
Chris PeBenito 0c73cd
	class chr_file { relabelfrom relabelto };
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito 0fd9dc
## <interface name="term_write_unallocated_ttys">
Chris PeBenito daa0e0
##	<description>
Chris PeBenito eda201
##		Write to unallocated ttys.
Chris PeBenito daa0e0
##	</description>
Chris PeBenito daa0e0
##	<parameter name="domain">
Chris PeBenito daa0e0
##		The type of the process performing this action.
Chris PeBenito daa0e0
##	</parameter>
Chris PeBenito daa0e0
## </interface>
Chris PeBenito daa0e0
#
Chris PeBenito 0fd9dc
define(`term_write_unallocated_ttys',`
Chris PeBenito 0c73cd
	requires_block_template(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	devices_list_device_nodes($1)
Chris PeBenito 0c73cd
	allow $1 tty_device_t:chr_file { getattr write };
Chris PeBenito daa0e0
')
Chris PeBenito daa0e0
Chris PeBenito 0fd9dc
define(`term_write_unallocated_ttys_depend',`
Chris PeBenito 0c73cd
	type tty_device_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class chr_file { getattr write };
Chris PeBenito daa0e0
')
Chris PeBenito daa0e0
Chris PeBenito daa0e0
########################################
Chris PeBenito eda201
## <interface name="term_use_unallocated_tty">
Chris PeBenito eda201
##	<description>
Chris PeBenito eda201
##		Read and write unallocated ttys.
Chris PeBenito eda201
##	</description>
Chris PeBenito eda201
##	<parameter name="domain">
Chris PeBenito eda201
##		The type of the process performing this action.
Chris PeBenito eda201
##	</parameter>
Chris PeBenito eda201
## </interface>
Chris PeBenito de2cee
#
Chris PeBenito 9f72a2
define(`term_use_unallocated_tty',`
Chris PeBenito 0c73cd
	requires_block_template(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	devices_list_device_nodes($1)
Chris PeBenito 0c73cd
	allow $1 tty_device_t:chr_file { getattr read write ioctl };
Chris PeBenito de2cee
')
Chris PeBenito de2cee
Chris PeBenito 9f72a2
define(`term_use_unallocated_tty_depend',`
Chris PeBenito 0c73cd
	type tty_device_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class chr_file { getattr read write ioctl };
Chris PeBenito de2cee
')
Chris PeBenito de2cee
Chris PeBenito de2cee
########################################
Chris PeBenito eda201
## <interface name="term_dontaudit_use_unallocated_tty">
Chris PeBenito eda201
##	<description>
Chris PeBenito eda201
##		Do not audit attempts to read or
Chris PeBenito eda201
##		write unallocated ttys.
Chris PeBenito eda201
##	</description>
Chris PeBenito eda201
##	<parameter name="domain">
Chris PeBenito eda201
##		The type of the process to not audit.
Chris PeBenito eda201
##	</parameter>
Chris PeBenito eda201
## </interface>
Chris PeBenito de2cee
#
Chris PeBenito 9f72a2
define(`term_dontaudit_use_unallocated_tty',`
Chris PeBenito 0c73cd
	requires_block_template(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	dontaudit $1 tty_device_t:chr_file { read write };
Chris PeBenito de2cee
')
Chris PeBenito de2cee
Chris PeBenito 9f72a2
define(`term_dontaudit_use_unallocated_tty_depend',`
Chris PeBenito 0c73cd
	type tty_device_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class chr_file { read write };
Chris PeBenito de2cee
')
Chris PeBenito de2cee
Chris PeBenito de2cee
########################################
Chris PeBenito eda201
## <interface name="term_getattr_all_user_ttys">
Chris PeBenito eda201
##	<description>
Chris PeBenito eda201
##		Get the attributes of all user tty
Chris PeBenito eda201
##		device nodes.
Chris PeBenito eda201
##	</description>
Chris PeBenito eda201
##	<parameter name="domain">
Chris PeBenito eda201
##		The type of the process performing this action.
Chris PeBenito eda201
##	</parameter>
Chris PeBenito eda201
## </interface>
Chris PeBenito de2cee
#
Chris PeBenito eda201
define(`term_getattr_all_user_ttys',`
Chris PeBenito 0c73cd
	requires_block_template(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	devices_list_device_nodes($1)
Chris PeBenito 0c73cd
	allow $1 ttynode:chr_file getattr;
Chris PeBenito ee5772
')
Chris PeBenito ee5772
Chris PeBenito eda201
define(`term_getattr_all_user_ttys_depend',`
Chris PeBenito 0c73cd
	attribute ttynode;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class chr_file getattr;
Chris PeBenito ee5772
')
Chris PeBenito ee5772
Chris PeBenito ee5772
########################################
Chris PeBenito eda201
## <interface name="term_dontaudit_getattr_all_user_ttys">
Chris PeBenito eda201
##	<description>
Chris PeBenito eda201
##		Do not audit attempts to get the 
Chris PeBenito eda201
##		attributes of any user tty
Chris PeBenito eda201
##		device nodes.
Chris PeBenito eda201
##	</description>
Chris PeBenito eda201
##	<parameter name="domain">
Chris PeBenito eda201
##		The type of the process performing this action.
Chris PeBenito eda201
##	</parameter>
Chris PeBenito eda201
## </interface>
Chris PeBenito ee5772
#
Chris PeBenito eda201
define(`term_dontaudit_getattr_all_user_ttys',`
Chris PeBenito 0c73cd
	requires_block_template(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito eda201
	dontaudit $1 ttynode:chr_file getattr;
Chris PeBenito 4bf4ed
')
Chris PeBenito 4bf4ed
Chris PeBenito eda201
define(`term_dontaudit_getattr_all_user_ttys_depend',`
Chris PeBenito 0c73cd
	attribute ttynode;
Chris PeBenito 0c73cd
Chris PeBenito eda201
	class chr_file getattr;
Chris PeBenito 4bf4ed
')
Chris PeBenito 4bf4ed
Chris PeBenito 4bf4ed
########################################
Chris PeBenito eda201
## <interface name="term_setattr_all_user_ttys">
Chris PeBenito eda201
##	<description>
Chris PeBenito eda201
##		Set the attributes of all user tty
Chris PeBenito eda201
##		device nodes.
Chris PeBenito eda201
##	</description>
Chris PeBenito eda201
##	<parameter name="domain">
Chris PeBenito eda201
##		The type of the process performing this action.
Chris PeBenito eda201
##	</parameter>
Chris PeBenito eda201
## </interface>
Chris PeBenito 4bf4ed
#
Chris PeBenito eda201
define(`term_setattr_all_user_ttys',`
Chris PeBenito 0c73cd
	requires_block_template(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito eda201
	devices_list_device_nodes($1)
Chris PeBenito eda201
	allow $1 ttynode:chr_file setattr;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito eda201
define(`term_setattr_all_user_ttys_depend',`
Chris PeBenito 0c73cd
	attribute ttynode;
Chris PeBenito 0c73cd
Chris PeBenito eda201
	class chr_file setattr;
Chris PeBenito b4cd15
')
Chris PeBenito a2d824
Chris PeBenito a2d824
########################################
Chris PeBenito eda201
## <interface name="term_relabel_all_user_ttys">
Chris PeBenito eda201
##	<description>
Chris PeBenito eda201
##		Relabel from and to all user
Chris PeBenito eda201
##		user tty device nodes.
Chris PeBenito eda201
##	</description>
Chris PeBenito eda201
##	<parameter name="domain">
Chris PeBenito eda201
##		The type of the process performing this action.
Chris PeBenito eda201
##	</parameter>
Chris PeBenito eda201
## </interface>
Chris PeBenito 4bf4ed
#
Chris PeBenito eda201
define(`term_relabel_all_user_ttys',`
Chris PeBenito 0c73cd
	requires_block_template(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	devices_list_device_nodes($1)
Chris PeBenito 0c73cd
	allow $1 ttynode:chr_file { relabelfrom relabelto };
Chris PeBenito 4bf4ed
')
Chris PeBenito 4bf4ed
Chris PeBenito eda201
define(`term_relabel_all_user_ttys_depend',`
Chris PeBenito 0c73cd
	attribute ttynode;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class chr_file { relabelfrom relabelto };
Chris PeBenito 4bf4ed
')
Chris PeBenito 4bf4ed
Chris PeBenito 4bf4ed
########################################
Chris PeBenito eda201
## <interface name="term_write_all_user_ttys">
Chris PeBenito daa0e0
##	<description>
Chris PeBenito eda201
##		Write to all user ttys.
Chris PeBenito daa0e0
##	</description>
Chris PeBenito daa0e0
##	<parameter name="domain">
Chris PeBenito daa0e0
##		The type of the process performing this action.
Chris PeBenito daa0e0
##	</parameter>
Chris PeBenito daa0e0
## </interface>
Chris PeBenito daa0e0
#
Chris PeBenito eda201
define(`term_write_all_user_ttys',`
Chris PeBenito 0c73cd
	requires_block_template(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	devices_list_device_nodes($1)
Chris PeBenito 0c73cd
	allow $1 ttynode:chr_file { getattr write };
Chris PeBenito daa0e0
')
Chris PeBenito daa0e0
Chris PeBenito eda201
define(`term_write_all_user_ttys_depend',`
Chris PeBenito 0c73cd
	attribute ttynode;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class chr_file { getattr write };
Chris PeBenito daa0e0
')
Chris PeBenito daa0e0
Chris PeBenito daa0e0
########################################
Chris PeBenito eda201
## <interface name="term_use_all_user_ttys">
Chris PeBenito eda201
##	<description>
Chris PeBenito eda201
##		Read and write all user to all user ttys.
Chris PeBenito eda201
##	</description>
Chris PeBenito eda201
##	<parameter name="domain">
Chris PeBenito eda201
##		The type of the process performing this action.
Chris PeBenito eda201
##	</parameter>
Chris PeBenito eda201
## </interface>
Chris PeBenito a2d824
#
Chris PeBenito eda201
define(`term_use_all_user_ttys',`
Chris PeBenito 0c73cd
	requires_block_template(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	devices_list_device_nodes($1)
Chris PeBenito 0c73cd
	allow $1 ttynode:chr_file { getattr read write ioctl };
Chris PeBenito a2d824
')
Chris PeBenito a2d824
Chris PeBenito eda201
define(`term_use_all_user_ttys_depend',`
Chris PeBenito 0c73cd
	attribute ttynode;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class chr_file { getattr read write ioctl };
Chris PeBenito de2cee
')
Chris PeBenito de2cee
Chris PeBenito de2cee
########################################
Chris PeBenito eda201
## <interface name="term_dontaudit_use_all_user_ttys">
Chris PeBenito eda201
##	<description>
Chris PeBenito eda201
##		Do not audit attempts to read or write
Chris PeBenito eda201
##		any user ttys.
Chris PeBenito eda201
##	</description>
Chris PeBenito eda201
##	<parameter name="domain">
Chris PeBenito eda201
##		The type of the process performing this action.
Chris PeBenito eda201
##	</parameter>
Chris PeBenito eda201
## </interface>
Chris PeBenito de2cee
#
Chris PeBenito eda201
define(`term_dontaudit_use_all_user_ttys',`
Chris PeBenito 0c73cd
	requires_block_template(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	dontaudit $1 ttynode:chr_file { read write };
Chris PeBenito de2cee
')
Chris PeBenito de2cee
Chris PeBenito eda201
define(`term_dontaudit_use_all_user_ttys_depend',`
Chris PeBenito 0c73cd
	attribute ttynode;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class chr_file { read write };
Chris PeBenito a2d824
')
Chris PeBenito 4bf4ed
Chris PeBenito 4bf4ed
## </module>