[selinux-policy: 138/3172] initial commit

Thu Oct 7 19:17:00 UTC 2010

commit 0f3be6dbbb0daa64e2563faa9a39d8d01a854fbd
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Tue May 10 15:31:48 2005 +0000

    initial commit

 refpolicy/policy/modules/kernel/bootloader.fc  |   19 ++++++
 refpolicy/policy/modules/kernel/corenetwork.fc |    7 ++
 refpolicy/policy/modules/kernel/devices.fc     |   78 ++++++++++++++++++++++++
 refpolicy/policy/modules/kernel/storage.fc     |   58 ++++++++++++++++++
 refpolicy/policy/modules/kernel/terminal.fc    |   18 ++++++
 5 files changed, 180 insertions(+), 0 deletions(-)
---

diff --git a/refpolicy/policy/modules/kernel/bootloader.fc b/refpolicy/policy/modules/kernel/bootloader.fc
new file mode 100644
index 0000000..03becf1
--- /dev/null
+++ b/refpolicy/policy/modules/kernel/bootloader.fc
@@ -0,0 +1,19 @@
+# Copyright (C) 2005 Tresys Technology, LLC
+
+/vmlinuz.*		-l	system_u:object_r:boot_t
+/initrd\.img.*		-l	system_u:object_r:boot_t
+
+/boot(/.*)?			system_u:object_r:boot_t
+/boot/System\.map-.*	--	system_u:object_r:system_map_t
+
+/etc/lilo\.conf.*	--	system_u:object_r:bootloader_etc_t
+/etc/yaboot\.conf.*	--	system_u:object_r:bootloader_etc_t
+
+/etc/mkinitrd/scripts/.* --	system_u:object_r:bootloader_exec_t
+
+/usr/sbin/mkinitrd	--	system_u:object_r:bootloader_exec_t
+
+/sbin/grub.*		--	system_u:object_r:bootloader_exec_t
+/sbin/lilo.*		--	system_u:object_r:bootloader_exec_t
+/sbin/mkinitrd		--	system_u:object_r:bootloader_exec_t
+/sbin/ybin.*		--	system_u:object_r:bootloader_exec_t
diff --git a/refpolicy/policy/modules/kernel/corenetwork.fc b/refpolicy/policy/modules/kernel/corenetwork.fc
new file mode 100644
index 0000000..1906949
--- /dev/null
+++ b/refpolicy/policy/modules/kernel/corenetwork.fc
@@ -0,0 +1,7 @@
+# Copyright (C) 2005 Tresys Technology, LLC
+
+/dev/ippp.*	-c	system_u:object_r:ppp_device_t
+/dev/ppp	-c	system_u:object_r:ppp_device_t
+/dev/pppox.*	-c	system_u:object_r:ppp_device_t
+
+/dev/net/.*	-c	system_u:object_r:tun_tap_device_t
diff --git a/refpolicy/policy/modules/kernel/devices.fc b/refpolicy/policy/modules/kernel/devices.fc
new file mode 100644
index 0000000..9adcac7
--- /dev/null
+++ b/refpolicy/policy/modules/kernel/devices.fc
@@ -0,0 +1,78 @@
+# Copyright (C) 2005 Tresys Technology, LLC
+
+/dev(/.*)?			system_u:object_r:device_t
+
+/dev/.*mouse.*		-c	system_u:object_r:mouse_device_t
+/dev/adsp		-c	system_u:object_r:sound_device_t
+/dev/agpgart		-c	system_u:object_r:agp_device_t
+/dev/aload.*		-c	system_u:object_r:sound_device_t
+/dev/amidi.*		-c	system_u:object_r:sound_device_t
+/dev/amixer.*		-c	system_u:object_r:sound_device_t
+/dev/apm_bios		-c	system_u:object_r:apm_bios_t
+/dev/atibm		-c	system_u:object_r:mouse_device_t
+/dev/audio.*		-c	system_u:object_r:sound_device_t
+/dev/beep		-c	system_u:object_r:sound_device_t
+/dev/console		-c	system_u:object_r:console_device_t
+/dev/dsp.*		-c	system_u:object_r:sound_device_t
+/dev/fb[0-9]*		-c	system_u:object_r:framebuf_device_t
+/dev/full		-c	system_u:object_r:null_device_t
+/dev/irlpt[0-9]+	-c	system_u:object_r:printer_device_t
+/dev/js.*		-c	system_u:object_r:mouse_device_t
+/dev/kmem		-c	system_u:object_r:memory_device_t
+/dev/logibm		-c	system_u:object_r:mouse_device_t
+/dev/lp.*		-c	system_u:object_r:printer_device_t
+/dev/mem		-c	system_u:object_r:memory_device_t
+/dev/microcode		-c	system_u:object_r:cpu_device_t
+/dev/midi.*		-c	system_u:object_r:sound_device_t
+/dev/mixer.*		-c	system_u:object_r:sound_device_t
+/dev/mmetfgrab		-c	system_u:object_r:scanner_device_t
+/dev/mpu401.*		-c	system_u:object_r:sound_device_t
+/dev/null		-c	system_u:object_r:null_device_t
+/dev/nvidia.*		-c	system_u:object_r:xserver_misc_device_t
+/dev/nvram		-c	system_u:object_r:memory_device_t
+/dev/par.*		-c	system_u:object_r:printer_device_t
+/dev/patmgr[01]		-c	system_u:object_r:sound_device_t
+/dev/pmu		-c	system_u:object_r:power_device_t
+/dev/port		-c	system_u:object_r:memory_device_t
+/dev/psaux		-c	system_u:object_r:mouse_device_t
+/dev/rmidi.*		-c	system_u:object_r:sound_device_t
+/dev/radeon		-c	system_u:object_r:dri_device_t
+/dev/radio.*		-c	system_u:object_r:v4l_device_t
+/dev/random		-c	system_u:object_r:random_device_t
+/dev/rtc		-c	system_u:object_r:clock_device_t
+/dev/sequencer		-c	system_u:object_r:sound_device_t
+/dev/sequencer2		-c	system_u:object_r:sound_device_t
+/dev/smpte.*		-c	system_u:object_r:sound_device_t
+/dev/srnd[0-7]		-c	system_u:object_r:sound_device_t
+/dev/sndstat		-c	system_u:object_r:sound_device_t
+/dev/tlk[0-3]		-c	system_u:object_r:v4l_device_t
+/dev/urandom		-c	system_u:object_r:urandom_device_t
+/dev/usblp.*		-c	system_u:object_r:printer_device_t
+ifdef(`distro_suse', `
+/dev/usbscanner		-c	system_u:object_r:scanner_device_t
+')
+/dev/vbi.*		-c	system_u:object_r:v4l_device_t
+/dev/video.*		-c	system_u:object_r:v4l_device_t
+/dev/vttuner		-c	system_u:object_r:v4l_device_t
+/dev/vtx.*		-c	system_u:object_r:v4l_device_t
+/dev/winradio.		-c	system_u:object_r:v4l_device_t
+/dev/zero		-c	system_u:object_r:zero_device_t
+
+/dev/cpu/.*		-c	system_u:object_r:cpu_device_t
+/dev/cpu/mtrr		-c	system_u:object_r:mtrr_device_t
+
+/dev/dri/.+		-c	system_u:object_r:dri_device_t
+
+/dev/input/.*mouse.*	-c	system_u:object_r:mouse_device_t
+/dev/input/event.*	-c	system_u:object_r:event_device_t
+/dev/input/mice		-c	system_u:object_r:mouse_device_t
+/dev/input/js.*		-c	system_u:object_r:mouse_device_t
+
+/dev/pts(/.*)?		<<none>>
+
+/dev/snd/.*		-c	system_u:object_r:sound_device_t
+
+/dev/usb/dc2xx.*	-c	system_u:object_r:scanner_device_t
+/dev/usb/lp.*		-c	system_u:object_r:printer_device_t
+/dev/usb/mdc800.*	-c	system_u:object_r:scanner_device_t
+/dev/usb/scanner.*	-c	system_u:object_r:scanner_device_t
diff --git a/refpolicy/policy/modules/kernel/storage.fc b/refpolicy/policy/modules/kernel/storage.fc
new file mode 100644
index 0000000..dabb2b4
--- /dev/null
+++ b/refpolicy/policy/modules/kernel/storage.fc
@@ -0,0 +1,58 @@
+# Copyright (C) 2005 Tresys Technology, LLC
+
+/dev/n?(raw)?[qr]ft[0-3] -c	system_u:object_r:tape_device_t
+/dev/n?[hs]t[0-9].*	-c	system_u:object_r:tape_device_t
+/dev/n?z?qft[0-3]	-c	system_u:object_r:tape_device_t
+/dev/n?osst[0-3].*	-c	system_u:object_r:tape_device_t
+/dev/n?pt[0-9]+		-c	system_u:object_r:tape_device_t
+/dev/n?tpqic[12].*	-c	system_u:object_r:tape_device_t
+/dev/[shmx]d[^/]*	-b	system_u:object_r:fixed_disk_device_t
+/dev/aztcd		-b	system_u:object_r:removable_device_t
+/dev/bpcd		-b	system_u:object_r:removable_device_t
+/dev/cdu.*		-b	system_u:object_r:removable_device_t
+/dev/cm20.*		-b	system_u:object_r:removable_device_t
+/dev/dasd[^/]*		-b	system_u:object_r:fixed_disk_device_t
+/dev/dm-[0-9]+		-b	system_u:object_r:fixed_disk_device_t
+/dev/fd[^/]+		-b	system_u:object_r:removable_device_t
+/dev/flash[^/]*		-b	system_u:object_r:fixed_disk_device_t
+/dev/gscd		-b	system_u:object_r:removable_device_t
+/dev/hitcd		-b	system_u:object_r:removable_device_t
+/dev/ht[0-1]		-b	system_u:object_r:tape_device_t
+/dev/initrd		-b	system_u:object_r:fixed_disk_device_t
+/dev/jsfd		-b	system_u:object_r:fixed_disk_device_t
+/dev/jsflash		-c	system_u:object_r:fixed_disk_device_t
+/dev/loop.*		-b	system_u:object_r:fixed_disk_device_t
+/dev/mcdx?		-b	system_u:object_r:removable_device_t
+/dev/nb[^/]+		-b	system_u:object_r:fixed_disk_device_t
+/dev/optcd		-b	system_u:object_r:removable_device_t
+/dev/p[fg][0-3]		-b	system_u:object_r:removable_device_t
+/dev/pcd[0-3]		-b	system_u:object_r:removable_device_t
+/dev/pd[a-d][^/]*	-b	system_u:object_r:removable_device_t
+/dev/pg[0-3]		-c	system_u:object_r:removable_device_t
+/dev/ram.*		-b	system_u:object_r:fixed_disk_device_t
+/dev/rawctl		-c	system_u:object_r:fixed_disk_device_t
+/dev/rd.*		-b	system_u:object_r:fixed_disk_device_t
+ifdef(`distro_redhat', `
+/dev/root		-b	system_u:object_r:fixed_disk_device_t
+')
+/dev/s(cd|r)[^/]*	-b	system_u:object_r:removable_device_t
+/dev/sbpcd.*		-b	system_u:object_r:removable_device_t
+/dev/sg[0-9]+		-c	system_u:object_r:scsi_generic_device_t
+/dev/sjcd		-b	system_u:object_r:removable_device_t
+/dev/sonycd		-b	system_u:object_r:removable_device_t
+/dev/tape.*		-c	system_u:object_r:tape_device_t
+/dev/ubd[^/]*		-b	system_u:object_r:fixed_disk_device_t
+
+/dev/ataraid/.*		-b	system_u:object_r:fixed_disk_device_t
+
+/dev/cciss/[^/]*	-b	system_u:object_r:fixed_disk_device_t
+
+/dev/i2o/hd[^/]*	-b	system_u:object_r:fixed_disk_device_t
+
+/dev/ida/[^/]*		-b	system_u:object_r:fixed_disk_device_t
+
+/dev/raw/raw[0-9]+	-c	system_u:object_r:fixed_disk_device_t
+
+/dev/scramdisk/.*	-b	system_u:object_r:fixed_disk_device_t
+
+/dev/usb/rio500		-c	system_u:object_r:removable_device_t
diff --git a/refpolicy/policy/modules/kernel/terminal.fc b/refpolicy/policy/modules/kernel/terminal.fc
new file mode 100644
index 0000000..322511c
--- /dev/null
+++ b/refpolicy/policy/modules/kernel/terminal.fc
@@ -0,0 +1,18 @@
+# Copyright (C) 2005 Tresys Technology, LLC
+
+/dev/.*tty[^/]*		-c	system_u:object_r:tty_device_t
+/dev/[pt]ty[abcdepqrstuvwxyz][0-9a-f]	-c system_u:object_r:bsdpty_device_t
+/dev/capi.*		-c	system_u:object_r:tty_device_t
+/dev/cu.*		-c	system_u:object_r:tty_device_t
+/dev/dcbri[0-9]+	-c	system_u:object_r:tty_device_t
+/dev/hvc.*		-c	system_u:object_r:tty_device_t
+/dev/hvsi.*		-c	system_u:object_r:tty_device_t
+/dev/ircomm[0-9]+	-c	system_u:object_r:tty_device_t
+/dev/ip2[^/]*		-c	system_u:object_r:tty_device_t
+/dev/isdn.*		-c	system_u:object_r:tty_device_t
+/dev/ptmx		-c	system_u:object_r:ptmx_t
+/dev/tty		-c	system_u:object_r:devtty_t
+/dev/ttySG.*		-c	system_u:object_r:tty_device_t
+/dev/vcs[^/]*		-c	system_u:object_r:tty_device_t
+
+/dev/usb/tty.*		-c	system_u:object_r:usbtty_device_t
