Move use of user_devpts_t from terminal.fc to userdomain.fc

The type user_devpts_t is actually declared in userdomain.te and moving it removes a dependency of the base module (which terminal is a part) on a module. Moved the file contexts to label slave pseudo terminals with the user_devpts_t type from terminal.fc to userdomain.fc. Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2018-04-11 14:55:23 -04:00 · 2018-04-11 14:55:23 -04:00 · 90b214c004
commit 90b214c004
parent 6226181924
2 changed files with 2 additions and 1 deletions
--- a/policy/modules/kernel/terminal.fc
+++ b/policy/modules/kernel/terminal.fc
@ -24,7 +24,6 @@
 /dev/pty/.*		-c	gen_context(system_u:object_r:bsdpty_device_t,s0)

 /dev/pts		-d	gen_context(system_u:object_r:devpts_t,s0-mls_systemhigh)
-/dev/pts/[0-9]+		-c	gen_context(system_u:object_r:user_devpts_t,s0)
 # if /dev/ptmx is a symlink to /dev/pts/ptmx then we need to have /dev/pts/ptmx
 # relabelled before sshd etc are ready to accept connections
 /dev/pts/ptmx		-c	gen_context(system_u:object_r:ptmx_t,s0)
--- a/policy/modules/system/userdomain.fc
+++ b/policy/modules/system/userdomain.fc
@ -10,3 +10,5 @@ HOME_DIR/\.pki(/.*)?	gen_context(system_u:object_r:user_cert_t,s0)
 # new genhomedircon required for these patterns
 /run/user/%{USERID}	-d	gen_context(system_u:object_r:user_runtime_t,s0)
 /run/user/%{USERID}/.+	<<none>>
+
+/dev/pts/[0-9]+		-c	gen_context(system_u:object_r:user_devpts_t,s0)