[selinux-policy: 2308/3172] Add terminal patch from Dan Walsh.

[Daniel J Walsh]

commit d6c3ed85577a26cefec4b981338019d3f3af8949
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Thu Nov 19 14:57:49 2009 -0500

    Add terminal patch from Dan Walsh.

 policy/modules/kernel/terminal.fc |    1 +
 policy/modules/kernel/terminal.if |   39 ++++++++++++++++++++++++++++++++++++-
 policy/modules/kernel/terminal.te |    3 +-
 3 files changed, 41 insertions(+), 2 deletions(-)
---
diff --git a/policy/modules/kernel/terminal.fc b/policy/modules/kernel/terminal.fc
index 592a1ac..3994e57 100644
--- a/policy/modules/kernel/terminal.fc
+++ b/policy/modules/kernel/terminal.fc
@@ -13,6 +13,7 @@
 /dev/ip2[^/]*		-c	gen_context(system_u:object_r:tty_device_t,s0)
 /dev/isdn.*		-c	gen_context(system_u:object_r:tty_device_t,s0)
 /dev/ptmx		-c	gen_context(system_u:object_r:ptmx_t,s0)
+/dev/pts/ptmx		-c	gen_context(system_u:object_r:ptmx_t,s0)
 /dev/rfcomm[0-9]+	-c	gen_context(system_u:object_r:tty_device_t,s0)
 /dev/slamr[0-9]+	-c	gen_context(system_u:object_r:tty_device_t,s0)
 /dev/tty		-c	gen_context(system_u:object_r:devtty_t,s0)
diff --git a/policy/modules/kernel/terminal.if b/policy/modules/kernel/terminal.if
index f89eaba..8e90762 100644
--- a/policy/modules/kernel/terminal.if
+++ b/policy/modules/kernel/terminal.if
@@ -196,7 +196,7 @@ interface(`term_use_all_terms',`
 
 	dev_list_all_dev_nodes($1)
 	allow $1 devpts_t:dir list_dir_perms;
-	allow $1 { console_device_t tty_device_t ttynode ptynode }:chr_file rw_chr_file_perms;
+	allow $1 { devpts_t console_device_t tty_device_t ttynode ptynode }:chr_file rw_chr_file_perms;
 ')
 
 ########################################
@@ -474,6 +474,24 @@ interface(`term_dontaudit_manage_pty_dirs',`
 
 ########################################
 ## <summary>
+##	Do not audit attempts to get the attributes
+##	of generic pty devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The type of the process to not audit.
+##	</summary>
+## </param>
+#
+interface(`term_dontaudit_getattr_generic_ptys',`
+	gen_require(`
+		type devpts_t;
+	')
+
+	dontaudit $1 devpts_t:chr_file getattr;
+')
+########################################
+## <summary>
 ##	ioctl of generic pty devices.
 ## </summary>
 ## <param name="domain">
@@ -575,6 +593,25 @@ interface(`term_dontaudit_use_generic_ptys',`
 	dontaudit $1 devpts_t:chr_file { getattr read write ioctl };
 ')
 
+#######################################
+## <summary>
+##      Set the attributes of the tty device
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+interface(`term_setattr_controlling_term',`
+       gen_require(`
+               type devtty_t;
+       ')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 devtty_t:chr_file setattr;
+')
+
 ########################################
 ## <summary>
 ##	Read and write the controlling
diff --git a/policy/modules/kernel/terminal.te b/policy/modules/kernel/terminal.te
index f7db981..ba8d5b6 100644
--- a/policy/modules/kernel/terminal.te
+++ b/policy/modules/kernel/terminal.te
@@ -1,5 +1,5 @@
 
-policy_module(terminal, 1.7.0)
+policy_module(terminal, 1.7.1)
 
 ########################################
 #
@@ -44,6 +44,7 @@ mls_trusted_object(devtty_t)
 type ptmx_t;
 dev_node(ptmx_t)
 mls_trusted_object(ptmx_t)
+allow ptmx_t devpts_t:filesystem associate;
 
 #
 # tty_device_t is the type of /dev/*tty*