From: samgandhi9@gmail.com (Sam Gandhi)
Date: Mon, 6 Jun 2011 16:26:41 -0700
Subject: [refpolicy] Help with policy definition.
Message-ID: <BANLkTi=2=mMMTE9raGH+HM8sa7SK3VX=fA@mail.gmail.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

I am writing a policy for embedded device that I am working with. When
I am in permissive mode I can login to my console located on
/dev/ttymxc1.

which generate AVC message

user.notice kernel: type=1400 audit(165.890:8): avc:  denied  {
relabelto } for  pid=605 comm="login" name="ttymxc1" dev=tmpfs
ino=1475 scontext=system_u:system_r:kernel_t
tcontext=user_u:object_r:tty_device_t tclass=chr_file

which audit2allow says should translate to :

     allow kernel_t tty_device_t:chr_file relabelto;

Even if with above allow rule when in enforcing mode I am not able to
login to my serial console and I get message on the console.

login: chsid(/dev/ttymxc1, user_u:object_r:tty_device_t) failed:

/dev/ttymxc1 in my case has label of  user_u:object_r:tty_device_t

What am I missing in my configuration or any hints on how I should go
about debugging this issue/

/Sam