[refpolicy] labels on /dev/tty.* - Christopher J. PeBenito

All of lore.kernel.org
 help / color / mirror / Atom feed

From: cpebenito@tresys.com (Christopher J. PeBenito)
To: refpolicy@oss.tresys.com
Subject: [refpolicy] labels on /dev/tty.*
Date: Thu, 23 Oct 2014 08:14:56 -0400	[thread overview]
Message-ID: <5448F140.6010909@tresys.com> (raw)
In-Reply-To: <20141022160939.GA5598@meriadoc.omgwtfbbq>

On 10/22/2014 12:09 PM, Jason Zaman wrote:
> Hi all,
> 
> I am confused about the labels on the tty dev nodes. I looked in refpol
> and the only fcontext is:
> 
> /dev/.*tty[^/]* -c gen_context(system_u:object_r:tty_device_t,s0)
> 
> The implications of this are that everything is labelled with
> tty_device_t but I am pretty sure this is wrong. I have seen several
> different types of nodes which I think should have separate labels.
> 
> Ones that I am aware of (please add more or correct my understanding if
> it is wrong)
> 
> /dev/tty0 -- The consoles (eg ctrl+alt+f1)
> /dev/ttyS -- A physical serial port
> /dev/ttyUSB0 -- A usb-to-serial port
> /dev/ttyACM0 -- I have seen this for both usb-to-serial on embedded
> microcontrollers as well as 3G modems and the like.
> /dev/usb/tty.* -- I have no idea what this is, its not on my system but
> it is labelled usbtty_device_t in refpol.
> 
> The label on tty0 seems correct, the label on ttyUSB0 and ttyACM0 should
> probably be usbtty_device_t. As for what the label should be on ttyS0, I
> am not sure.
> 
> Thoughts? I dont want to just send in a patch changing this before I
> understand *exactly* what these are used for in case they break
> something else.

It seems more likely that usbtty_device_t should be dropped.  I don't
see any reason for there to be a distinction based on the underlying
hardware.


-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com

next prev parent reply	other threads:[~2014-10-23 12:14 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-10-22 16:09 [refpolicy] labels on /dev/tty.* Jason Zaman
2014-10-23 12:14 ` Christopher J. PeBenito [this message]
2014-10-24 14:52   ` Daniel J Walsh
2014-10-26  4:41   ` Jason Zaman
2014-10-27 13:49     ` Christopher J. PeBenito

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=5448F140.6010909@tresys.com \
    --to=cpebenito@tresys.com \
    --cc=refpolicy@oss.tresys.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.