[selinux-policy: 1623/3172] fix ticket #16

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 21:25:25 UTC 2010 

commit aeaae5185e8d6fad6d7b04df48f6fa2bb4c4f0f8
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Mon Oct 16 16:51:57 2006 +0000

    fix ticket #16

 policy/modules/kernel/terminal.if   |   46 +++++++++++++++++++++++++---------
 policy/modules/system/userdomain.if |    2 +-
 2 files changed, 35 insertions(+), 13 deletions(-)
---
diff --git a/policy/modules/kernel/terminal.if b/policy/modules/kernel/terminal.if
index a12cdaa..d67884a 100644
--- a/policy/modules/kernel/terminal.if
+++ b/policy/modules/kernel/terminal.if
@@ -87,25 +87,47 @@ interface(`term_tty',`
 		type tty_device_t;
 	')
 
-	typeattribute $2 ttynode, serial_device;
-	type_change $1 tty_device_t:chr_file $2;
+	typeattribute $1 ttynode, serial_device;
+
+	# cjp: ?
+	files_associate_tmp($1)
+
+	# static /dev:
+	fs_associate($1)
+	# udev:
+	fs_associate_tmpfs($1)
+')
+
+########################################
+## <summary>
+##	Transform specified type into a user tty type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	User domain that is related to this tty.
+##	</summary>
+## </param>
+## <param name="tty_type">
+##	<summary>
+##	An object type that will applied to a tty.
+##	</summary>
+## </param>
+#
+interface(`term_user_tty',`
+	gen_require(`
+		attribute ttynode;
+		type tty_device_t;
+	')
+
+	term_tty($2)
 
-	fs_associate($2)
-	files_associate_tmp($2)
+	type_change $1 tty_device_t:chr_file $2;
 
 	# Debian login is from shadow utils and does not allow resetting the perms.
 	# have to fix this!
 	ifdef(`distro_debian',`
 		type_change $1 ttynode:chr_file $2;
 	')
-
-	ifdef(`distro_gentoo',`
-		fs_associate_tmpfs($2)
-	')
-
-	ifdef(`distro_redhat',`
-		fs_associate_tmpfs($2)
-	')
 ')
 
 ########################################
diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
index 713adba..6497d33 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -38,7 +38,7 @@ template(`userdom_base_user_template',`
 	files_type($1_devpts_t)
 
 	type $1_tty_device_t; 
-	term_tty($1_t,$1_tty_device_t)
+	term_user_tty($1_t,$1_tty_device_t)
 
 	allow $1_t self:process { signal_perms getsched setsched share getpgid setpgid setcap getsession };
 	allow $1_t self:fd use;

More information about the scm-commits mailing list