selinux-refpolicy/strict/types/device.te

164 lines
3.4 KiB
Plaintext

#
# Authors: Stephen Smalley <sds@epoch.ncsc.mil> and Timothy Fraser
#
############################################
#
# Device types
#
#
# device_t is the type of /dev.
#
type device_t, file_type, mount_point, dev_fs;
#
# null_device_t is the type of /dev/null.
#
type null_device_t, device_type, dev_fs, mlstrustedobject;
#
# zero_device_t is the type of /dev/zero.
#
type zero_device_t, device_type, dev_fs, mlstrustedobject;
#
# console_device_t is the type of /dev/console.
#
type console_device_t, device_type, dev_fs;
#
# xconsole_device_t is the type of /dev/xconsole
type xconsole_device_t, file_type, dev_fs;
#
# memory_device_t is the type of /dev/kmem,
# /dev/mem, and /dev/port.
#
type memory_device_t, device_type, dev_fs;
#
# random_device_t is the type of /dev/random
# urandom_device_t is the type of /dev/urandom
#
type random_device_t, device_type, dev_fs;
type urandom_device_t, device_type, dev_fs;
#
# devtty_t is the type of /dev/tty.
#
type devtty_t, device_type, dev_fs, mlstrustedobject;
#
# tty_device_t is the type of /dev/*tty*
#
type tty_device_t, serial_device, device_type, dev_fs;
#
# bsdpty_device_t is the type of /dev/[tp]ty[abcdepqrstuvwxyz][0-9a-f]
type bsdpty_device_t, device_type, dev_fs;
#
# usbtty_device_t is the type of /dev/usr/tty*
#
type usbtty_device_t, serial_device, device_type, dev_fs;
#
# printer_device_t is the type for printer devices
#
type printer_device_t, device_type, dev_fs;
#
# fixed_disk_device_t is the type of
# /dev/hd* and /dev/sd*.
#
type fixed_disk_device_t, device_type, dev_fs;
#
# scsi_generic_device_t is the type of /dev/sg*
# it gives access to ALL SCSI devices (both fixed and removable)
#
type scsi_generic_device_t, device_type, dev_fs;
#
# removable_device_t is the type of
# /dev/scd* and /dev/fd*.
#
type removable_device_t, device_type, dev_fs;
#
# clock_device_t is the type of
# /dev/rtc.
#
type clock_device_t, device_type, dev_fs;
#
# tun_tap_device_t is the type of /dev/net/tun/* and /dev/net/tap/*
#
type tun_tap_device_t, device_type, dev_fs;
#
# misc_device_t is the type of miscellaneous devices.
# XXX: FIXME! Appropriate access to these devices need to be identified.
#
type misc_device_t, device_type, dev_fs;
#
# A more general type for mouse devices.
#
type mouse_device_t, device_type, dev_fs;
#
# For generic /dev/input/event* event devices
#
type event_device_t, device_type, dev_fs;
#
# Not sure what these devices are for, but X wants access to them.
#
type agp_device_t, device_type, dev_fs;
type dri_device_t, device_type, dev_fs;
# Type for sound devices.
type sound_device_t, device_type, dev_fs;
# Type for /dev/ppp.
type ppp_device_t, device_type, dev_fs;
# Type for frame buffer /dev/fb/*
type framebuf_device_t, device_type, dev_fs;
# Type for /dev/.devfsd
type devfs_control_t, device_type, dev_fs;
# Type for /dev/cpu/mtrr
type mtrr_device_t, device_type, dev_fs;
# Type for /dev/pmu
type power_device_t, device_type, dev_fs;
# Type for /dev/apm_bios
type apm_bios_t, device_type, dev_fs;
# Type for v4l
type v4l_device_t, device_type, dev_fs;
# tape drives
type tape_device_t, device_type, dev_fs;
# scanners
type scanner_device_t, device_type, dev_fs;
# cpu control devices /dev/cpu/0/*
type cpu_device_t, device_type, dev_fs;
# for other device nodes such as the NVidia binary-only driver
type xserver_misc_device_t, device_type, dev_fs;
# for the IBM zSeries z90crypt hardware ssl accelorator
type crypt_device_t, device_type, dev_fs;