Oreon-Lime-R2/selinux-policy/selinux-policy-d9f4a2b/selinux-policy-d9f4a2bbeb91fd95d0c35a90936efb9ea99d2455/policy/modules/kernel/terminal.if

2295 lines
56 KiB
Text
Raw Permalink Normal View History

## <summary>Policy for terminals.</summary>
## <required val="true">
## Depended on by other required modules.
## </required>
########################################
## <summary>
## Transform specified type into a pty type.
## </summary>
## <param name="pty_type">
## <summary>
## An object type that will applied to a pty.
## </summary>
## </param>
#
interface(`term_pty',`
gen_require(`
attribute ptynode;
type devpts_t;
')
dev_node($1)
allow $1 devpts_t:filesystem associate;
typeattribute $1 ptynode;
')
########################################
## <summary>
## Transform specified type into an user
## pty type. This allows it to be relabeled via
## type change by login programs such as ssh.
## </summary>
## <param name="userdomain">
## <summary>
## The type of the user domain associated with
## this pty.
## </summary>
## </param>
## <param name="object_type">
## <summary>
## An object type that will applied to a pty.
## </summary>
## </param>
#
interface(`term_user_pty',`
gen_require(`
attribute server_ptynode;
')
term_pty($2)
type_change $1 server_ptynode:chr_file $2;
')
########################################
## <summary>
## Transform specified type into a pty type
## used by login programs, such as sshd.
## </summary>
## <param name="pty_type">
## <summary>
## An object type that will applied to a pty.
## </summary>
## </param>
#
interface(`term_login_pty',`
gen_require(`
attribute server_ptynode;
')
term_pty($1)
typeattribute $1 server_ptynode;
')
########################################
## <summary>
## Transform specified type into a tty type.
## </summary>
## <param name="tty_type">
## <summary>
## An object type that will applied to a tty.
## </summary>
## </param>
#
interface(`term_tty',`
gen_require(`
attribute ttynode, serial_device;
type tty_device_t;
')
typeattribute $1 ttynode, serial_device;
dev_node($1)
')
########################################
## <summary>
## Transform specified type into a user tty type.
## </summary>
## <param name="domain">
## <summary>
## User domain that is related to this tty.
## </summary>
## </param>
## <param name="tty_type">
## <summary>
## An object type that will applied to a tty.
## </summary>
## </param>
#
interface(`term_user_tty',`
gen_require(`
attribute ttynode;
type console_device_t;
type tty_device_t;
')
term_tty($2)
type_change $1 tty_device_t:chr_file $2;
# Debian login is from shadow utils and does not allow resetting the perms.
# have to fix this!
ifdef(`distro_debian',`
type_change $1 ttynode:chr_file $2;
')
tunable_policy(`login_console_enabled',`
# When user logs in from /dev/console, relabel it
# to user tty type as well.
type_change $1 console_device_t:chr_file $2;
')
')
########################################
## <summary>
## Create the /dev/pts directory.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`term_create_pty_dir',`
gen_require(`
type devpts_t;
')
allow $1 devpts_t:dir create_dir_perms;
dev_filetrans($1, devpts_t, dir, "devpts")
')
########################################
## <summary>
## Create a pty in the /dev/pts directory.
## </summary>
## <param name="domain">
## <summary>
## The type of the process creating the pty.
## </summary>
## </param>
## <param name="pty_type">
## <summary>
## The type of the pty.
## </summary>
## </param>
#
interface(`term_create_pty',`
gen_require(`
type bsdpty_device_t, devpts_t, ptmx_t;
')
dev_list_all_dev_nodes($1)
allow $1 ptmx_t:chr_file rw_file_perms;
allow $1 devpts_t:dir list_dir_perms;
allow $1 devpts_t:filesystem getattr;
dontaudit $1 bsdpty_device_t:chr_file { getattr read write };
type_transition $1 devpts_t:chr_file $2;
')
########################################
## <summary>
## Write the console, all
## ttys and all ptys.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`term_write_all_terms',`
gen_require(`
attribute ttynode, ptynode;
type console_device_t, devpts_t, tty_device_t;
')
dev_list_all_dev_nodes($1)
allow $1 devpts_t:dir list_dir_perms;
allow $1 { console_device_t tty_device_t ttynode ptynode }:chr_file write_chr_file_perms;
')
########################################
## <summary>
## Read and write the console, all
## ttys and all ptys.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`term_use_all_terms',`
gen_require(`
attribute ttynode, ptynode;
type console_device_t, devpts_t, tty_device_t;
')
dev_list_all_dev_nodes($1)
allow $1 devpts_t:dir list_dir_perms;
allow $1 { devpts_t console_device_t tty_device_t ttynode ptynode }:chr_file rw_chr_file_perms;
')
########################################
## <summary>
## Read and write the inherited console, all inherited
## ttys and ptys.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`term_use_all_inherited_terms',`
gen_require(`
attribute ttynode, ptynode;
type console_device_t, devpts_t, tty_device_t;
')
allow $1 { devpts_t console_device_t tty_device_t ttynode ptynode }:chr_file rw_inherited_term_perms;
')
########################################
## <summary>
## Write to the console.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`term_write_console',`
gen_require(`
type console_device_t;
')
dev_list_all_dev_nodes($1)
allow $1 console_device_t:chr_file write_chr_file_perms;
')
########################################
## <summary>
## Read from the console.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`term_read_console',`
gen_require(`
type console_device_t;
')
dev_list_all_dev_nodes($1)
allow $1 console_device_t:chr_file read_chr_file_perms;
')
########################################
## <summary>
## Do not audit attempts to read from the console.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <rolecap/>
#
interface(`term_dontaudit_read_console',`
gen_require(`
type console_device_t;
')
dontaudit $1 console_device_t:chr_file read_chr_file_perms;
')
########################################
## <summary>
## Read from and write to the console.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`term_use_console',`
gen_require(`
type console_device_t;
')
dev_list_all_dev_nodes($1)
allow $1 console_device_t:chr_file rw_chr_file_perms;
')
########################################
## <summary>
## Do not audit attemtps to read from
## or write to the console.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`term_dontaudit_use_console',`
gen_require(`
type console_device_t;
type tty_device_t;
')
init_dontaudit_use_fds($1)
dontaudit $1 console_device_t:chr_file rw_inherited_chr_file_perms;
dontaudit $1 tty_device_t:chr_file rw_inherited_chr_file_perms;
')
########################################
## <summary>
## Set the attributes of the console
## device node.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`term_setattr_console',`
gen_require(`
type console_device_t;
')
dev_list_all_dev_nodes($1)
allow $1 console_device_t:chr_file setattr;
')
########################################
## <summary>
## Relabel from and to the console type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`term_relabel_console',`
gen_require(`
type console_device_t;
')
dev_list_all_dev_nodes($1)
allow $1 console_device_t:chr_file relabel_chr_file_perms;
')
########################################
## <summary>
## Create the console device (/dev/console).
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`term_create_console_dev',`
gen_require(`
type console_device_t;
')
dev_add_entry_generic_dirs($1)
allow $1 console_device_t:chr_file create;
allow $1 self:capability mknod;
')
########################################
## <summary>
## Watch the console device (/dev/console).
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`term_watch_console_dev',`
gen_require(`
type console_device_t;
')
allow $1 console_device_t:chr_file watch_chr_file_perms;
')
########################################
## <summary>
## Watch_reads the console device (/dev/console).
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`term_watch_reads_console_dev',`
gen_require(`
type console_device_t;
')
allow $1 console_device_t:chr_file watch_reads_chr_file_perms;
')
########################################
## <summary>
## Get the attributes of a pty filesystem
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`term_getattr_pty_fs',`
gen_require(`
type devpts_t;
')
allow $1 devpts_t:filesystem getattr;
')
########################################
## <summary>
## Mount a pty filesystem
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`term_mount_pty_fs',`
gen_require(`
type devpts_t;
')
allow $1 devpts_t:filesystem mount;
')
########################################
## <summary>
## Unmount a pty filesystem
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`term_unmount_pty_fs',`
gen_require(`
type devpts_t;
')
allow $1 devpts_t:filesystem unmount;
')
########################################
## <summary>
## Relabel from and to pty filesystem.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`term_relabel_pty_fs',`
gen_require(`
type devpts_t;
')
dev_list_all_dev_nodes($1)
allow $1 devpts_t:filesystem { relabelto relabelfrom };
')
########################################
## <summary>
## Do not audit attempts to get the
## attributes of the /dev/pts directory.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`term_dontaudit_getattr_pty_dirs',`
gen_require(`
type devpts_t;
')
dontaudit $1 devpts_t:dir getattr;
')
########################################
## <summary>
## Search the contents of the /dev/pts directory.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`term_search_ptys',`
gen_require(`
type devpts_t;
')
dev_list_all_dev_nodes($1)
allow $1 devpts_t:dir search_dir_perms;
')
########################################
## <summary>
## Do not audit attempts to search the
## contents of the /dev/pts directory.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`term_dontaudit_search_ptys',`
gen_require(`
type devpts_t;
')
dev_dontaudit_list_all_dev_nodes($1)
dontaudit $1 devpts_t:dir search_dir_perms;
')
########################################
## <summary>
## Read the /dev/pts directory to
## list all ptys.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`term_list_ptys',`
gen_require(`
type devpts_t;
')
dev_list_all_dev_nodes($1)
allow $1 devpts_t:dir list_dir_perms;
')
########################################
## <summary>
## Relabel the /dev/pts directory
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`term_relabel_ptys_dirs',`
gen_require(`
type devpts_t;
')
allow $1 devpts_t:dir relabel_dir_perms;
')
########################################
## <summary>
## Do not audit attempts to read the
## /dev/pts directory.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`term_dontaudit_list_ptys',`
gen_require(`
type devpts_t;
')
dontaudit $1 devpts_t:dir { getattr search read };
')
########################################
## <summary>
## Do not audit attempts to create, read,
## write, or delete the /dev/pts directory.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`term_dontaudit_manage_pty_dirs',`
gen_require(`
type devpts_t;
')
dontaudit $1 devpts_t:dir manage_dir_perms;
')
########################################
## <summary>
## Get the attributes of generic pty devices.
## </summary>
## <param name="domain">
## <summary>
## Domain to allow
## </summary>
## </param>
#
interface(`term_getattr_generic_ptys',`
gen_require(`
type devpts_t;
')
allow $1 devpts_t:chr_file getattr;
')
########################################
## <summary>
## Do not audit attempts to get the attributes
## of generic pty devices.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`term_dontaudit_getattr_generic_ptys',`
gen_require(`
type devpts_t;
')
dontaudit $1 devpts_t:chr_file getattr;
')
########################################
## <summary>
## ioctl of generic pty devices.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
# cjp: added for ppp
interface(`term_ioctl_generic_ptys',`
gen_require(`
type devpts_t;
')
dev_list_all_dev_nodes($1)
allow $1 devpts_t:dir search;
allow $1 devpts_t:chr_file ioctl;
')
########################################
## <summary>
## Allow setting the attributes of
## generic pty devices.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
# dwalsh: added for rhgb
interface(`term_setattr_generic_ptys',`
gen_require(`
type devpts_t;
')
allow $1 devpts_t:chr_file setattr;
')
########################################
## <summary>
## Dontaudit setting the attributes of
## generic pty devices.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
# dwalsh: added for rhgb
interface(`term_dontaudit_setattr_generic_ptys',`
gen_require(`
type devpts_t;
')
dontaudit $1 devpts_t:chr_file setattr;
')
########################################
## <summary>
## Read and write the generic pty
## type. This is generally only used in
## the targeted policy.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`term_use_generic_ptys',`
gen_require(`
type devpts_t;
')
dev_list_all_dev_nodes($1)
allow $1 devpts_t:dir list_dir_perms;
allow $1 devpts_t:chr_file { rw_term_perms lock append };
')
########################################
## <summary>
## Do not audit attempts to read and
## write the generic pty type. This is
## generally only used in the targeted policy.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`term_dontaudit_use_generic_ptys',`
gen_require(`
type devpts_t;
')
init_dontaudit_use_fds($1)
dontaudit $1 devpts_t:chr_file { getattr read write ioctl };
')
#######################################
## <summary>
## Set the attributes of the tty device
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`term_setattr_controlling_term',`
gen_require(`
type devtty_t;
')
dev_list_all_dev_nodes($1)
allow $1 devtty_t:chr_file setattr;
')
########################################
## <summary>
## Read and write the controlling
## terminal (/dev/tty).
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`term_use_controlling_term',`
gen_require(`
type devtty_t;
')
dev_list_all_dev_nodes($1)
allow $1 devtty_t:chr_file { rw_term_perms lock append };
')
#######################################
## <summary>
## Get the attributes of the pty multiplexor (/dev/ptmx).
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`term_getattr_ptmx',`
gen_require(`
type ptmx_t;
')
allow $1 ptmx_t:chr_file getattr;
')
########################################
## <summary>
## Do not audit attempts to get attributes
## on the pty multiplexor (/dev/ptmx).
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`term_dontaudit_getattr_ptmx',`
gen_require(`
type ptmx_t;
')
dontaudit $1 ptmx_t:chr_file getattr;
')
########################################
## <summary>
## Read and write the pty multiplexor (/dev/ptmx).
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`term_use_ptmx',`
gen_require(`
type ptmx_t;
')
dev_list_all_dev_nodes($1)
allow $1 ptmx_t:chr_file rw_file_perms;
')
########################################
## <summary>
## Do not audit attempts to read and
## write the pty multiplexor (/dev/ptmx).
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`term_dontaudit_use_ptmx',`
gen_require(`
type ptmx_t;
')
dontaudit $1 ptmx_t:chr_file { getattr read write ioctl };
')
########################################
## <summary>
## Get the attributes of all
## pty device nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`term_getattr_all_ptys',`
gen_require(`
attribute ptynode;
type devpts_t;
')
dev_list_all_dev_nodes($1)
allow $1 devpts_t:dir list_dir_perms;
allow $1 ptynode:chr_file getattr;
')
########################################
## <summary>
## Do not audit attempts to get the
## attributes of any pty
## device nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`term_dontaudit_getattr_all_ptys',`
gen_require(`
attribute ptynode;
')
dontaudit $1 ptynode:chr_file getattr;
')
########################################
## <summary>
## Set the attributes of all
## pty device nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`term_setattr_all_ptys',`
gen_require(`
attribute ptynode;
type devpts_t;
')
dev_list_all_dev_nodes($1)
allow $1 devpts_t:dir list_dir_perms;
allow $1 ptynode:chr_file setattr;
')
########################################
## <summary>
## Relabel to all ptys.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`term_relabelto_all_ptys',`
gen_require(`
attribute ptynode;
')
allow $1 ptynode:chr_file relabelto;
')
########################################
## <summary>
## Write to all ptys.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`term_write_all_ptys',`
gen_require(`
attribute ptynode;
')
dev_list_all_dev_nodes($1)
allow $1 ptynode:chr_file write_chr_file_perms;
')
########################################
## <summary>
## Read and write all ptys.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`term_use_all_ptys',`
gen_require(`
attribute ptynode;
type devpts_t;
')
dev_list_all_dev_nodes($1)
allow $1 devpts_t:dir list_dir_perms;
allow $1 ptynode:chr_file { rw_term_perms lock append };
')
########################################
## <summary>
## Read and write all inherited ptys.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`term_use_all_inherited_ptys',`
gen_require(`
attribute ptynode;
type devpts_t;
')
allow $1 ptynode:chr_file { rw_inherited_term_perms lock };
')
########################################
## <summary>
## Do not audit attempts to read or write any ptys.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`term_dontaudit_use_all_ptys',`
gen_require(`
attribute ptynode;
')
dontaudit $1 ptynode:chr_file { rw_inherited_term_perms lock append };
')
########################################
## <summary>
## Relabel from and to all pty device nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`term_relabel_all_ptys',`
gen_require(`
attribute ptynode;
type devpts_t;
')
dev_list_all_dev_nodes($1)
relabel_chr_files_pattern($1, devpts_t, { ptynode devpts_t } )
')
########################################
## <summary>
## Get the attributes of all user
## pty device nodes. (Deprecated)
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`term_getattr_all_user_ptys',`
refpolicywarn(`$0 has been deprecated, use term_getattr_all_ptys() instead.')
term_getattr_all_ptys($1)
')
########################################
## <summary>
## Do not audit attempts to get the
## attributes of any user pty
## device nodes. (Deprecated)
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`term_dontaudit_getattr_all_user_ptys',`
refpolicywarn(`$0 has been deprecated, use term_dontaudit_getattr_all_ptys() instead.')
term_dontaudit_getattr_all_ptys($1)
')
########################################
## <summary>
## Set the attributes of all user
## pty device nodes. (Deprecated)
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`term_setattr_all_user_ptys',`
refpolicywarn(`$0 has been deprecated, use term_setattr_all_ptys() instead.')
term_setattr_all_ptys($1)
')
########################################
## <summary>
## Relabel to all user ptys. (Deprecated)
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`term_relabelto_all_user_ptys',`
refpolicywarn(`$0 has been deprecated, use term_relabelto_all_ptys() instead.')
term_relabelto_all_ptys($1)
')
########################################
## <summary>
## Write to all user ptys. (Deprecated)
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`term_write_all_user_ptys',`
refpolicywarn(`$0 has been deprecated, use term_write_all_ptys() instead.')
term_write_all_ptys($1)
')
########################################
## <summary>
## Read and write all user ptys. (Deprecated)
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`term_use_all_user_ptys',`
refpolicywarn(`$0 has been deprecated, use term_use_all_ptys() instead.')
term_use_all_ptys($1)
')
########################################
## <summary>
## Do not audit attempts to read any
## user ptys. (Deprecated)
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`term_dontaudit_use_all_user_ptys',`
refpolicywarn(`$0 has been deprecated, use term_dontaudit_use_all_ptys() instead.')
term_dontaudit_use_all_ptys($1)
')
########################################
## <summary>
## Relabel from and to all user
## user pty device nodes. (Deprecated)
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`term_relabel_all_user_ptys',`
refpolicywarn(`$0 has been deprecated, use term_relabel_all_ptys() instead.')
term_relabel_all_ptys($1)
')
########################################
## <summary>
## Get the attributes of all unallocated
## tty device nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`term_getattr_unallocated_ttys',`
gen_require(`
type tty_device_t;
')
dev_list_all_dev_nodes($1)
allow $1 tty_device_t:chr_file getattr;
')
########################################
## <summary>
## Allow open access for all unallocated
## tty device nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`term_open_unallocated_ttys',`
gen_require(`
type tty_device_t;
')
dev_list_all_dev_nodes($1)
allow $1 tty_device_t:chr_file open;
')
########################################
## <summary>
## Do not audit attempts to get the attributes
## of all unallocated tty device nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`term_dontaudit_getattr_unallocated_ttys',`
gen_require(`
type tty_device_t;
')
dontaudit $1 tty_device_t:chr_file getattr;
')
########################################
## <summary>
## Set the attributes of all unallocated
## tty device nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`term_setattr_unallocated_ttys',`
gen_require(`
type tty_device_t;
')
dev_list_all_dev_nodes($1)
allow $1 tty_device_t:chr_file setattr;
')
########################################
## <summary>
## Do not audit attempts to set the attributes
## of unallocated tty device nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`term_dontaudit_setattr_unallocated_ttys',`
gen_require(`
type tty_device_t;
')
dontaudit $1 tty_device_t:chr_file setattr;
')
########################################
## <summary>
## Do not audit attempts to ioctl
## unallocated tty device nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`term_dontaudit_ioctl_unallocated_ttys',`
gen_require(`
type tty_device_t;
')
dontaudit $1 tty_device_t:chr_file ioctl;
')
########################################
## <summary>
## Watch unallocated tty device nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`term_watch_unallocated_ttys',`
gen_require(`
type tty_device_t;
')
allow $1 tty_device_t:chr_file watch_chr_file_perms;
')
########################################
## <summary>
## Watch_reads unallocated tty device nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`term_watch_reads_unallocated_ttys',`
gen_require(`
type tty_device_t;
')
allow $1 tty_device_t:chr_file watch_reads_chr_file_perms;
')
########################################
## <summary>
## Relabel from and to the unallocated
## tty type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`term_relabel_unallocated_ttys',`
gen_require(`
type tty_device_t;
')
dev_list_all_dev_nodes($1)
allow $1 tty_device_t:chr_file relabel_chr_file_perms;
')
########################################
## <summary>
## Mounton unallocated tty device nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`term_mounton_unallocated_ttys',`
gen_require(`
type tty_device_t;
')
allow $1 tty_device_t:chr_file mounton;
')
########################################
## <summary>
## Relabel from all user tty types to
## the unallocated tty type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`term_reset_tty_labels',`
gen_require(`
attribute ttynode;
type tty_device_t;
')
dev_list_all_dev_nodes($1)
allow $1 ttynode:chr_file relabelfrom;
allow $1 tty_device_t:chr_file relabelto;
')
########################################
## <summary>
## Append to unallocated ttys.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`term_append_unallocated_ttys',`
gen_require(`
type tty_device_t;
')
dev_list_all_dev_nodes($1)
allow $1 tty_device_t:chr_file append_chr_file_perms;
')
########################################
## <summary>
## Write to unallocated ttys.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`term_write_unallocated_ttys',`
gen_require(`
type tty_device_t;
')
dev_list_all_dev_nodes($1)
allow $1 tty_device_t:chr_file write_chr_file_perms;
')
########################################
## <summary>
## Read and write unallocated ttys.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`term_use_unallocated_ttys',`
gen_require(`
type tty_device_t;
')
dev_list_all_dev_nodes($1)
allow $1 tty_device_t:chr_file rw_chr_file_perms;
')
########################################
## <summary>
## Do not audit attempts to read or
## write unallocated ttys.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`term_dontaudit_use_unallocated_ttys',`
gen_require(`
type tty_device_t;
')
init_dontaudit_use_fds($1)
dontaudit $1 tty_device_t:chr_file rw_inherited_chr_file_perms;
')
########################################
## <summary>
## Read and write USB tty character
## device nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`term_use_usb_ttys',`
gen_require(`
type usbtty_device_t;
')
dev_list_all_dev_nodes($1)
allow $1 usbtty_device_t:chr_file rw_chr_file_perms;
')
#######################################
## <summary>
## Setattr on USB tty character
## device nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`term_setattr_usb_ttys',`
gen_require(`
type usbtty_device_t;
')
allow $1 usbtty_device_t:chr_file setattr;
')
########################################
## <summary>
## Get the attributes of all tty device nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`term_getattr_all_ttys',`
gen_require(`
type tty_device_t;
attribute ttynode;
')
dev_list_all_dev_nodes($1)
allow $1 ttynode:chr_file getattr;
allow $1 tty_device_t:chr_file getattr;
')
########################################
## <summary>
## Do not audit attempts to get the
## attributes of any tty device nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`term_dontaudit_getattr_all_ttys',`
gen_require(`
attribute ttynode;
type tty_device_t;
')
dev_list_all_dev_nodes($1)
dontaudit $1 ttynode:chr_file getattr;
dontaudit $1 tty_device_t:chr_file getattr;
')
########################################
## <summary>
## Set the attributes of all tty device nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`term_setattr_all_ttys',`
gen_require(`
attribute ttynode;
')
dev_list_all_dev_nodes($1)
allow $1 ttynode:chr_file setattr;
')
########################################
## <summary>
## Relabel from and to all tty device nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`term_relabel_all_ttys',`
gen_require(`
attribute ttynode;
')
dev_list_all_dev_nodes($1)
allow $1 ttynode:chr_file relabel_chr_file_perms;
')
########################################
## <summary>
## Write to all ttys.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`term_write_all_ttys',`
gen_require(`
attribute ttynode;
')
dev_list_all_dev_nodes($1)
allow $1 ttynode:chr_file write_chr_file_perms;
')
########################################
## <summary>
## Read and write all ttys.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`term_use_all_ttys',`
gen_require(`
attribute ttynode;
')
dev_list_all_dev_nodes($1)
allow $1 ttynode:chr_file rw_term_perms;
')
########################################
## <summary>
## Read and write all inherited ttys.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`term_use_all_inherited_ttys',`
gen_require(`
attribute ttynode;
')
dev_list_all_dev_nodes($1)
allow $1 ttynode:chr_file rw_inherited_term_perms;
')
########################################
## <summary>
## Do not audit attempts to read or write
## any ttys.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`term_dontaudit_use_all_ttys',`
gen_require(`
attribute ttynode;
')
dontaudit $1 ttynode:chr_file rw_inherited_chr_file_perms;
')
########################################
## <summary>
## Get the attributes of all user tty
## device nodes. (Deprecated)
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`term_getattr_all_user_ttys',`
refpolicywarn(`$0() is deprecated, use term_getattr_all_ttys() instead.')
term_getattr_all_ttys($1)
')
########################################
## <summary>
## Do not audit attempts to get the
## attributes of any user tty
## device nodes. (Deprecated)
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`term_dontaudit_getattr_all_user_ttys',`
refpolicywarn(`$0() is deprecated, use term_dontaudit_getattr_all_ttys() instead.')
term_dontaudit_getattr_all_ttys($1)
')
########################################
## <summary>
## Set the attributes of all user tty
## device nodes. (Deprecated)
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`term_setattr_all_user_ttys',`
refpolicywarn(`$0() is deprecated, use term_setattr_all_ttys() instead.')
term_setattr_all_ttys($1)
')
########################################
## <summary>
## Relabel from and to all user
## user tty device nodes. (Deprecated)
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`term_relabel_all_user_ttys',`
refpolicywarn(`$0() is deprecated, use term_relabel_all_ttys() instead.')
term_relabel_all_ttys($1)
')
########################################
## <summary>
## Write to all user ttys. (Deprecated)
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`term_write_all_user_ttys',`
refpolicywarn(`$0() is deprecated, use term_write_all_ttys() instead.')
term_write_all_ttys($1)
')
########################################
## <summary>
## Read and write all user to all user ttys. (Deprecated)
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`term_use_all_user_ttys',`
refpolicywarn(`$0() is deprecated, use term_use_all_ttys() instead.')
term_use_all_ttys($1)
')
########################################
## <summary>
## Do not audit attempts to read or write
## any user ttys. (Deprecated)
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`term_dontaudit_use_all_user_ttys',`
refpolicywarn(`$0() is deprecated, use term_dontaudit_use_all_ttys() instead.')
term_dontaudit_use_all_ttys($1)
')
########################################
## <summary>
## Watch user tty device nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`term_watch_user_ttys',`
gen_require(`
type user_tty_device_t;
')
allow $1 user_tty_device_t:chr_file watch_chr_file_perms;
')
########################################
## <summary>
## Watch_reads user tty device nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`term_watch_reads_user_ttys',`
gen_require(`
type user_tty_device_t;
')
allow $1 user_tty_device_t:chr_file watch_reads_chr_file_perms;
')
####################################
## <summary>
## Getattr on the virtio console.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`term_getattr_virtio_console',`
gen_require(`
type virtio_device_t;
')
allow $1 virtio_device_t:chr_file getattr_chr_file_perms;
')
#####################################
## <summary>
## Read from and write to the virtio console.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`term_use_virtio_console',`
gen_require(`
type virtio_device_t;
')
dev_list_all_dev_nodes($1)
allow $1 virtio_device_t:chr_file rw_chr_file_perms;
')
########################################
## <summary>
## Create all named term devices with the correct label
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`term_filetrans_all_named_dev',`
gen_require(`
type tty_device_t;
type bsdpty_device_t;
type console_device_t;
type ptmx_t;
type devtty_t;
type virtio_device_t;
type devpts_t;
type usbtty_device_t;
')
dev_filetrans($1, devtty_t, chr_file, "tty")
dev_filetrans($1, tty_device_t, chr_file, "tty0")
dev_filetrans($1, tty_device_t, chr_file, "tty1")
dev_filetrans($1, tty_device_t, chr_file, "tty2")
dev_filetrans($1, tty_device_t, chr_file, "tty3")
dev_filetrans($1, tty_device_t, chr_file, "tty4")
dev_filetrans($1, tty_device_t, chr_file, "tty5")
dev_filetrans($1, tty_device_t, chr_file, "tty6")
dev_filetrans($1, tty_device_t, chr_file, "tty7")
dev_filetrans($1, tty_device_t, chr_file, "tty8")
dev_filetrans($1, tty_device_t, chr_file, "tty9")
dev_filetrans($1, tty_device_t, chr_file, "tty10")
dev_filetrans($1, tty_device_t, chr_file, "tty11")
dev_filetrans($1, tty_device_t, chr_file, "tty12")
dev_filetrans($1, tty_device_t, chr_file, "tty13")
dev_filetrans($1, tty_device_t, chr_file, "tty14")
dev_filetrans($1, tty_device_t, chr_file, "tty15")
dev_filetrans($1, tty_device_t, chr_file, "tty16")
dev_filetrans($1, tty_device_t, chr_file, "tty17")
dev_filetrans($1, tty_device_t, chr_file, "tty18")
dev_filetrans($1, tty_device_t, chr_file, "tty19")
dev_filetrans($1, tty_device_t, chr_file, "tty20")
dev_filetrans($1, tty_device_t, chr_file, "tty21")
dev_filetrans($1, tty_device_t, chr_file, "tty22")
dev_filetrans($1, tty_device_t, chr_file, "tty23")
dev_filetrans($1, tty_device_t, chr_file, "tty24")
dev_filetrans($1, tty_device_t, chr_file, "tty25")
dev_filetrans($1, tty_device_t, chr_file, "tty26")
dev_filetrans($1, tty_device_t, chr_file, "tty27")
dev_filetrans($1, tty_device_t, chr_file, "tty28")
dev_filetrans($1, tty_device_t, chr_file, "tty29")
dev_filetrans($1, tty_device_t, chr_file, "tty30")
dev_filetrans($1, tty_device_t, chr_file, "tty31")
dev_filetrans($1, tty_device_t, chr_file, "tty32")
dev_filetrans($1, tty_device_t, chr_file, "tty33")
dev_filetrans($1, tty_device_t, chr_file, "tty34")
dev_filetrans($1, tty_device_t, chr_file, "tty35")
dev_filetrans($1, tty_device_t, chr_file, "tty36")
dev_filetrans($1, tty_device_t, chr_file, "tty37")
dev_filetrans($1, tty_device_t, chr_file, "tty38")
dev_filetrans($1, tty_device_t, chr_file, "tty39")
dev_filetrans($1, tty_device_t, chr_file, "tty40")
dev_filetrans($1, tty_device_t, chr_file, "tty41")
dev_filetrans($1, tty_device_t, chr_file, "tty42")
dev_filetrans($1, tty_device_t, chr_file, "tty43")
dev_filetrans($1, tty_device_t, chr_file, "tty44")
dev_filetrans($1, tty_device_t, chr_file, "tty45")
dev_filetrans($1, tty_device_t, chr_file, "tty46")
dev_filetrans($1, tty_device_t, chr_file, "tty47")
dev_filetrans($1, tty_device_t, chr_file, "tty48")
dev_filetrans($1, tty_device_t, chr_file, "tty49")
dev_filetrans($1, tty_device_t, chr_file, "tty50")
dev_filetrans($1, tty_device_t, chr_file, "tty51")
dev_filetrans($1, tty_device_t, chr_file, "tty52")
dev_filetrans($1, tty_device_t, chr_file, "tty53")
dev_filetrans($1, tty_device_t, chr_file, "tty54")
dev_filetrans($1, tty_device_t, chr_file, "tty55")
dev_filetrans($1, tty_device_t, chr_file, "tty56")
dev_filetrans($1, tty_device_t, chr_file, "tty57")
dev_filetrans($1, tty_device_t, chr_file, "tty58")
dev_filetrans($1, tty_device_t, chr_file, "tty59")
dev_filetrans($1, tty_device_t, chr_file, "tty60")
dev_filetrans($1, tty_device_t, chr_file, "tty61")
dev_filetrans($1, tty_device_t, chr_file, "tty62")
dev_filetrans($1, tty_device_t, chr_file, "tty63")
dev_filetrans($1, tty_device_t, chr_file, "tty64")
dev_filetrans($1, tty_device_t, chr_file, "tty65")
dev_filetrans($1, tty_device_t, chr_file, "tty66")
dev_filetrans($1, tty_device_t, chr_file, "tty67")
dev_filetrans($1, tty_device_t, chr_file, "tty68")
dev_filetrans($1, tty_device_t, chr_file, "tty69")
dev_filetrans($1, tty_device_t, chr_file, "tty70")
dev_filetrans($1, tty_device_t, chr_file, "tty71")
dev_filetrans($1, tty_device_t, chr_file, "tty72")
dev_filetrans($1, tty_device_t, chr_file, "tty73")
dev_filetrans($1, tty_device_t, chr_file, "tty74")
dev_filetrans($1, tty_device_t, chr_file, "tty75")
dev_filetrans($1, tty_device_t, chr_file, "tty76")
dev_filetrans($1, tty_device_t, chr_file, "tty77")
dev_filetrans($1, tty_device_t, chr_file, "tty78")
dev_filetrans($1, tty_device_t, chr_file, "tty79")
dev_filetrans($1, tty_device_t, chr_file, "tty80")
dev_filetrans($1, tty_device_t, chr_file, "tty81")
dev_filetrans($1, tty_device_t, chr_file, "tty82")
dev_filetrans($1, tty_device_t, chr_file, "tty83")
dev_filetrans($1, tty_device_t, chr_file, "tty84")
dev_filetrans($1, tty_device_t, chr_file, "tty85")
dev_filetrans($1, tty_device_t, chr_file, "tty86")
dev_filetrans($1, tty_device_t, chr_file, "tty87")
dev_filetrans($1, tty_device_t, chr_file, "tty88")
dev_filetrans($1, tty_device_t, chr_file, "tty89")
dev_filetrans($1, tty_device_t, chr_file, "tty90")
dev_filetrans($1, tty_device_t, chr_file, "tty91")
dev_filetrans($1, tty_device_t, chr_file, "tty92")
dev_filetrans($1, tty_device_t, chr_file, "tty93")
dev_filetrans($1, tty_device_t, chr_file, "tty94")
dev_filetrans($1, tty_device_t, chr_file, "tty95")
dev_filetrans($1, tty_device_t, chr_file, "tty96")
dev_filetrans($1, tty_device_t, chr_file, "tty97")
dev_filetrans($1, tty_device_t, chr_file, "tty98")
dev_filetrans($1, tty_device_t, chr_file, "tty99")
dev_filetrans($1, tty_device_t, chr_file, "pty")
dev_filetrans($1, tty_device_t, chr_file, "pty0")
dev_filetrans($1, tty_device_t, chr_file, "pty1")
dev_filetrans($1, tty_device_t, chr_file, "pty2")
dev_filetrans($1, tty_device_t, chr_file, "pty3")
dev_filetrans($1, tty_device_t, chr_file, "pty4")
dev_filetrans($1, tty_device_t, chr_file, "pty5")
dev_filetrans($1, tty_device_t, chr_file, "pty6")
dev_filetrans($1, tty_device_t, chr_file, "pty7")
dev_filetrans($1, tty_device_t, chr_file, "pty8")
dev_filetrans($1, tty_device_t, chr_file, "pty9")
dev_filetrans($1, tty_device_t, chr_file, "pty10")
dev_filetrans($1, tty_device_t, chr_file, "pty11")
dev_filetrans($1, tty_device_t, chr_file, "pty12")
dev_filetrans($1, tty_device_t, chr_file, "pty13")
dev_filetrans($1, tty_device_t, chr_file, "pty14")
dev_filetrans($1, tty_device_t, chr_file, "pty15")
dev_filetrans($1, tty_device_t, chr_file, "pty16")
dev_filetrans($1, tty_device_t, chr_file, "pty17")
dev_filetrans($1, tty_device_t, chr_file, "pty18")
dev_filetrans($1, tty_device_t, chr_file, "pty19")
dev_filetrans($1, tty_device_t, chr_file, "pty20")
dev_filetrans($1, tty_device_t, chr_file, "pty21")
dev_filetrans($1, tty_device_t, chr_file, "pty22")
dev_filetrans($1, tty_device_t, chr_file, "pty23")
dev_filetrans($1, tty_device_t, chr_file, "pty24")
dev_filetrans($1, tty_device_t, chr_file, "pty25")
dev_filetrans($1, tty_device_t, chr_file, "pty26")
dev_filetrans($1, tty_device_t, chr_file, "pty27")
dev_filetrans($1, tty_device_t, chr_file, "pty28")
dev_filetrans($1, tty_device_t, chr_file, "pty29")
dev_filetrans($1, tty_device_t, chr_file, "pty30")
dev_filetrans($1, tty_device_t, chr_file, "pty31")
dev_filetrans($1, tty_device_t, chr_file, "pty32")
dev_filetrans($1, tty_device_t, chr_file, "pty33")
dev_filetrans($1, tty_device_t, chr_file, "pty34")
dev_filetrans($1, tty_device_t, chr_file, "pty35")
dev_filetrans($1, tty_device_t, chr_file, "pty36")
dev_filetrans($1, tty_device_t, chr_file, "pty37")
dev_filetrans($1, tty_device_t, chr_file, "pty38")
dev_filetrans($1, tty_device_t, chr_file, "pty39")
dev_filetrans($1, tty_device_t, chr_file, "pty40")
dev_filetrans($1, tty_device_t, chr_file, "pty41")
dev_filetrans($1, tty_device_t, chr_file, "pty42")
dev_filetrans($1, tty_device_t, chr_file, "pty43")
dev_filetrans($1, tty_device_t, chr_file, "pty44")
dev_filetrans($1, tty_device_t, chr_file, "pty45")
dev_filetrans($1, tty_device_t, chr_file, "pty46")
dev_filetrans($1, tty_device_t, chr_file, "pty47")
dev_filetrans($1, tty_device_t, chr_file, "pty48")
dev_filetrans($1, tty_device_t, chr_file, "pty49")
dev_filetrans($1, tty_device_t, chr_file, "pty50")
dev_filetrans($1, tty_device_t, chr_file, "pty51")
dev_filetrans($1, tty_device_t, chr_file, "pty52")
dev_filetrans($1, tty_device_t, chr_file, "pty53")
dev_filetrans($1, tty_device_t, chr_file, "pty54")
dev_filetrans($1, tty_device_t, chr_file, "pty55")
dev_filetrans($1, tty_device_t, chr_file, "pty56")
dev_filetrans($1, tty_device_t, chr_file, "pty57")
dev_filetrans($1, tty_device_t, chr_file, "pty58")
dev_filetrans($1, tty_device_t, chr_file, "pty59")
dev_filetrans($1, tty_device_t, chr_file, "pty60")
dev_filetrans($1, tty_device_t, chr_file, "pty61")
dev_filetrans($1, tty_device_t, chr_file, "pty62")
dev_filetrans($1, tty_device_t, chr_file, "pty63")
dev_filetrans($1, tty_device_t, chr_file, "pty64")
dev_filetrans($1, tty_device_t, chr_file, "pty65")
dev_filetrans($1, tty_device_t, chr_file, "pty66")
dev_filetrans($1, tty_device_t, chr_file, "pty67")
dev_filetrans($1, tty_device_t, chr_file, "pty68")
dev_filetrans($1, tty_device_t, chr_file, "pty69")
dev_filetrans($1, tty_device_t, chr_file, "pty70")
dev_filetrans($1, tty_device_t, chr_file, "pty71")
dev_filetrans($1, tty_device_t, chr_file, "pty72")
dev_filetrans($1, tty_device_t, chr_file, "pty73")
dev_filetrans($1, tty_device_t, chr_file, "pty74")
dev_filetrans($1, tty_device_t, chr_file, "pty75")
dev_filetrans($1, tty_device_t, chr_file, "pty76")
dev_filetrans($1, tty_device_t, chr_file, "pty77")
dev_filetrans($1, tty_device_t, chr_file, "pty78")
dev_filetrans($1, tty_device_t, chr_file, "pty79")
dev_filetrans($1, tty_device_t, chr_file, "pty80")
dev_filetrans($1, tty_device_t, chr_file, "pty81")
dev_filetrans($1, tty_device_t, chr_file, "pty82")
dev_filetrans($1, tty_device_t, chr_file, "pty83")
dev_filetrans($1, tty_device_t, chr_file, "pty84")
dev_filetrans($1, tty_device_t, chr_file, "pty85")
dev_filetrans($1, tty_device_t, chr_file, "pty86")
dev_filetrans($1, tty_device_t, chr_file, "pty87")
dev_filetrans($1, tty_device_t, chr_file, "pty88")
dev_filetrans($1, tty_device_t, chr_file, "pty89")
dev_filetrans($1, tty_device_t, chr_file, "pty90")
dev_filetrans($1, tty_device_t, chr_file, "pty91")
dev_filetrans($1, tty_device_t, chr_file, "pty92")
dev_filetrans($1, tty_device_t, chr_file, "pty93")
dev_filetrans($1, tty_device_t, chr_file, "pty94")
dev_filetrans($1, tty_device_t, chr_file, "pty95")
dev_filetrans($1, tty_device_t, chr_file, "pty96")
dev_filetrans($1, tty_device_t, chr_file, "pty97")
dev_filetrans($1, tty_device_t, chr_file, "pty98")
dev_filetrans($1, tty_device_t, chr_file, "pty99")
dev_filetrans($1, tty_device_t, chr_file, "adb0")
dev_filetrans($1, tty_device_t, chr_file, "adb1")
dev_filetrans($1, tty_device_t, chr_file, "adb2")
dev_filetrans($1, tty_device_t, chr_file, "adb3")
dev_filetrans($1, tty_device_t, chr_file, "adb4")
dev_filetrans($1, tty_device_t, chr_file, "adb5")
dev_filetrans($1, tty_device_t, chr_file, "adb6")
dev_filetrans($1, tty_device_t, chr_file, "adb7")
dev_filetrans($1, tty_device_t, chr_file, "adb8")
dev_filetrans($1, tty_device_t, chr_file, "adb9")
dev_filetrans($1, tty_device_t, chr_file, "capi0")
dev_filetrans($1, tty_device_t, chr_file, "capi1")
dev_filetrans($1, tty_device_t, chr_file, "capi2")
dev_filetrans($1, tty_device_t, chr_file, "capi3")
dev_filetrans($1, tty_device_t, chr_file, "capi4")
dev_filetrans($1, tty_device_t, chr_file, "capi5")
dev_filetrans($1, tty_device_t, chr_file, "capi6")
dev_filetrans($1, tty_device_t, chr_file, "capi7")
dev_filetrans($1, tty_device_t, chr_file, "capi8")
dev_filetrans($1, tty_device_t, chr_file, "capi9")
dev_filetrans($1, console_device_t, chr_file, "console")
dev_filetrans($1, tty_device_t, chr_file, "cu0")
dev_filetrans($1, tty_device_t, chr_file, "cu1")
dev_filetrans($1, tty_device_t, chr_file, "cu2")
dev_filetrans($1, tty_device_t, chr_file, "cu3")
dev_filetrans($1, tty_device_t, chr_file, "cu4")
dev_filetrans($1, tty_device_t, chr_file, "cu5")
dev_filetrans($1, tty_device_t, chr_file, "cu6")
dev_filetrans($1, tty_device_t, chr_file, "cu7")
dev_filetrans($1, tty_device_t, chr_file, "cu8")
dev_filetrans($1, tty_device_t, chr_file, "cu9")
dev_filetrans($1, tty_device_t, chr_file, "dcbri0")
dev_filetrans($1, tty_device_t, chr_file, "dcbri1")
dev_filetrans($1, tty_device_t, chr_file, "dcbri2")
dev_filetrans($1, tty_device_t, chr_file, "dcbri3")
dev_filetrans($1, tty_device_t, chr_file, "dcbri4")
dev_filetrans($1, tty_device_t, chr_file, "dcbri5")
dev_filetrans($1, tty_device_t, chr_file, "dcbri6")
dev_filetrans($1, tty_device_t, chr_file, "dcbri7")
dev_filetrans($1, tty_device_t, chr_file, "dcbri8")
dev_filetrans($1, tty_device_t, chr_file, "dcbri9")
dev_filetrans($1, tty_device_t, chr_file, "vcsa")
dev_filetrans($1, tty_device_t, chr_file, "vcsb")
dev_filetrans($1, tty_device_t, chr_file, "vcsc")
dev_filetrans($1, tty_device_t, chr_file, "vcsd")
dev_filetrans($1, tty_device_t, chr_file, "vcse")
dev_filetrans($1, tty_device_t, chr_file, "hvc0")
dev_filetrans($1, tty_device_t, chr_file, "hvc1")
dev_filetrans($1, tty_device_t, chr_file, "hvc2")
dev_filetrans($1, tty_device_t, chr_file, "hvc3")
dev_filetrans($1, tty_device_t, chr_file, "hvc4")
dev_filetrans($1, tty_device_t, chr_file, "hvc5")
dev_filetrans($1, tty_device_t, chr_file, "hvc6")
dev_filetrans($1, tty_device_t, chr_file, "hvc7")
dev_filetrans($1, tty_device_t, chr_file, "hvc8")
dev_filetrans($1, tty_device_t, chr_file, "hvc9")
dev_filetrans($1, tty_device_t, chr_file, "hvsi0")
dev_filetrans($1, tty_device_t, chr_file, "hvsi1")
dev_filetrans($1, tty_device_t, chr_file, "hvsi2")
dev_filetrans($1, tty_device_t, chr_file, "hvsi3")
dev_filetrans($1, tty_device_t, chr_file, "hvsi4")
dev_filetrans($1, tty_device_t, chr_file, "hvsi5")
dev_filetrans($1, tty_device_t, chr_file, "hvsi6")
dev_filetrans($1, tty_device_t, chr_file, "hvsi7")
dev_filetrans($1, tty_device_t, chr_file, "hvsi8")
dev_filetrans($1, tty_device_t, chr_file, "hvsi9")
dev_filetrans($1, tty_device_t, chr_file, "ircomm0")
dev_filetrans($1, tty_device_t, chr_file, "ircomm1")
dev_filetrans($1, tty_device_t, chr_file, "ircomm2")
dev_filetrans($1, tty_device_t, chr_file, "ircomm3")
dev_filetrans($1, tty_device_t, chr_file, "ircomm4")
dev_filetrans($1, tty_device_t, chr_file, "ircomm5")
dev_filetrans($1, tty_device_t, chr_file, "ircomm6")
dev_filetrans($1, tty_device_t, chr_file, "ircomm7")
dev_filetrans($1, tty_device_t, chr_file, "ircomm8")
dev_filetrans($1, tty_device_t, chr_file, "ircomm9")
dev_filetrans($1, tty_device_t, chr_file, "isdn0")
dev_filetrans($1, tty_device_t, chr_file, "isdn1")
dev_filetrans($1, tty_device_t, chr_file, "isdn2")
dev_filetrans($1, tty_device_t, chr_file, "isdn3")
dev_filetrans($1, tty_device_t, chr_file, "isdn4")
dev_filetrans($1, tty_device_t, chr_file, "isdn5")
dev_filetrans($1, tty_device_t, chr_file, "isdn6")
dev_filetrans($1, tty_device_t, chr_file, "isdn7")
dev_filetrans($1, tty_device_t, chr_file, "isdn8")
dev_filetrans($1, tty_device_t, chr_file, "isdn9")
filetrans_pattern($1, devpts_t, ptmx_t, chr_file, "ptmx")
dev_filetrans($1, ptmx_t, chr_file, "ptmx")
dev_filetrans($1, tty_device_t, chr_file, "rfcomm0")
dev_filetrans($1, tty_device_t, chr_file, "rfcomm1")
dev_filetrans($1, tty_device_t, chr_file, "rfcomm2")
dev_filetrans($1, tty_device_t, chr_file, "rfcomm3")
dev_filetrans($1, tty_device_t, chr_file, "rfcomm4")
dev_filetrans($1, tty_device_t, chr_file, "rfcomm5")
dev_filetrans($1, tty_device_t, chr_file, "rfcomm6")
dev_filetrans($1, tty_device_t, chr_file, "rfcomm7")
dev_filetrans($1, tty_device_t, chr_file, "rfcomm8")
dev_filetrans($1, tty_device_t, chr_file, "rfcomm9")
dev_filetrans($1, tty_device_t, chr_file, "slamr0")
dev_filetrans($1, tty_device_t, chr_file, "slamr1")
dev_filetrans($1, tty_device_t, chr_file, "slamr2")
dev_filetrans($1, tty_device_t, chr_file, "slamr3")
dev_filetrans($1, tty_device_t, chr_file, "slamr4")
dev_filetrans($1, tty_device_t, chr_file, "slamr5")
dev_filetrans($1, tty_device_t, chr_file, "slamr6")
dev_filetrans($1, tty_device_t, chr_file, "slamr7")
dev_filetrans($1, tty_device_t, chr_file, "slamr8")
dev_filetrans($1, tty_device_t, chr_file, "slamr9")
dev_filetrans($1, tty_device_t, chr_file, "ttyACM0")
dev_filetrans($1, tty_device_t, chr_file, "ttyACM1")
dev_filetrans($1, tty_device_t, chr_file, "ttyACM2")
dev_filetrans($1, tty_device_t, chr_file, "ttyACM3")
dev_filetrans($1, tty_device_t, chr_file, "ttyACM4")
dev_filetrans($1, tty_device_t, chr_file, "ttyACM5")
dev_filetrans($1, tty_device_t, chr_file, "ttyACM6")
dev_filetrans($1, tty_device_t, chr_file, "ttyACM7")
dev_filetrans($1, tty_device_t, chr_file, "ttyACM8")
dev_filetrans($1, tty_device_t, chr_file, "ttyACM9")
dev_filetrans($1, tty_device_t, chr_file, "ttyS0")
dev_filetrans($1, tty_device_t, chr_file, "ttyS1")
dev_filetrans($1, tty_device_t, chr_file, "ttyS2")
dev_filetrans($1, tty_device_t, chr_file, "ttyS3")
dev_filetrans($1, tty_device_t, chr_file, "ttyS4")
dev_filetrans($1, tty_device_t, chr_file, "ttyS5")
dev_filetrans($1, tty_device_t, chr_file, "ttyS6")
dev_filetrans($1, tty_device_t, chr_file, "ttyS7")
dev_filetrans($1, tty_device_t, chr_file, "ttyS8")
dev_filetrans($1, tty_device_t, chr_file, "ttyS9")
dev_filetrans($1, tty_device_t, chr_file, "ttySG0")
dev_filetrans($1, tty_device_t, chr_file, "ttySG1")
dev_filetrans($1, tty_device_t, chr_file, "ttySG2")
dev_filetrans($1, tty_device_t, chr_file, "ttySG3")
dev_filetrans($1, tty_device_t, chr_file, "ttySG4")
dev_filetrans($1, tty_device_t, chr_file, "ttySG5")
dev_filetrans($1, tty_device_t, chr_file, "ttySG6")
dev_filetrans($1, tty_device_t, chr_file, "ttySG7")
dev_filetrans($1, tty_device_t, chr_file, "ttySG8")
dev_filetrans($1, tty_device_t, chr_file, "ttySG9")
dev_filetrans($1, usbtty_device_t, chr_file, "ttyUSB0")
dev_filetrans($1, usbtty_device_t, chr_file, "ttyUSB1")
dev_filetrans($1, usbtty_device_t, chr_file, "ttyUSB2")
dev_filetrans($1, usbtty_device_t, chr_file, "ttyUSB3")
dev_filetrans($1, usbtty_device_t, chr_file, "ttyUSB4")
dev_filetrans($1, usbtty_device_t, chr_file, "ttyUSB5")
dev_filetrans($1, usbtty_device_t, chr_file, "ttyUSB6")
dev_filetrans($1, usbtty_device_t, chr_file, "ttyUSB7")
dev_filetrans($1, usbtty_device_t, chr_file, "ttyUSB8")
dev_filetrans($1, usbtty_device_t, chr_file, "ttyUSB9")
dev_filetrans($1, virtio_device_t, chr_file, "vport0p0")
dev_filetrans($1, virtio_device_t, chr_file, "vport0p1")
dev_filetrans($1, virtio_device_t, chr_file, "vport0p2")
dev_filetrans($1, virtio_device_t, chr_file, "vport0p3")
dev_filetrans($1, virtio_device_t, chr_file, "vport0p4")
dev_filetrans($1, virtio_device_t, chr_file, "vport0p5")
dev_filetrans($1, virtio_device_t, chr_file, "vport0p6")
dev_filetrans($1, virtio_device_t, chr_file, "vport0p7")
dev_filetrans($1, virtio_device_t, chr_file, "vport0p8")
dev_filetrans($1, virtio_device_t, chr_file, "vport0p9")
dev_filetrans($1, devpts_t, dir, "pts")
dev_filetrans($1, tty_device_t, chr_file, "xvc0")
dev_filetrans($1, tty_device_t, chr_file, "xvc1")
dev_filetrans($1, tty_device_t, chr_file, "xvc2")
dev_filetrans($1, tty_device_t, chr_file, "xvc3")
dev_filetrans($1, tty_device_t, chr_file, "xvc4")
dev_filetrans($1, tty_device_t, chr_file, "xvc5")
dev_filetrans($1, tty_device_t, chr_file, "xvc6")
dev_filetrans($1, tty_device_t, chr_file, "xvc7")
dev_filetrans($1, tty_device_t, chr_file, "xvc8")
dev_filetrans($1, tty_device_t, chr_file, "xvc9")
')