From: dwalsh@redhat.com (Daniel J Walsh)
Date: Fri, 24 Oct 2014 10:52:24 -0400
Subject: [refpolicy] labels on /dev/tty.*
In-Reply-To: <5448F140.6010909@tresys.com>
References: <20141022160939.GA5598@meriadoc.omgwtfbbq>
	<5448F140.6010909@tresys.com>
Message-ID: <544A67A8.6090404@redhat.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com


On 10/23/2014 08:14 AM, Christopher J. PeBenito wrote:
> On 10/22/2014 12:09 PM, Jason Zaman wrote:
>> Hi all,
>>
>> I am confused about the labels on the tty dev nodes. I looked in refpol
>> and the only fcontext is:
>>
>> /dev/.*tty[^/]* -c gen_context(system_u:object_r:tty_device_t,s0)
>>
>> The implications of this are that everything is labelled with
>> tty_device_t but I am pretty sure this is wrong. I have seen several
>> different types of nodes which I think should have separate labels.
>>
>> Ones that I am aware of (please add more or correct my understanding if
>> it is wrong)
>>
>> /dev/tty0 -- The consoles (eg ctrl+alt+f1)
>> /dev/ttyS -- A physical serial port
>> /dev/ttyUSB0 -- A usb-to-serial port
>> /dev/ttyACM0 -- I have seen this for both usb-to-serial on embedded
>> microcontrollers as well as 3G modems and the like.
>> /dev/usb/tty.* -- I have no idea what this is, its not on my system but
>> it is labelled usbtty_device_t in refpol.
>>
>> The label on tty0 seems correct, the label on ttyUSB0 and ttyACM0 should
>> probably be usbtty_device_t. As for what the label should be on ttyS0, I
>> am not sure.
>>
>> Thoughts? I dont want to just send in a patch changing this before I
>> understand *exactly* what these are used for in case they break
>> something else.
> It seems more likely that usbtty_device_t should be dropped.  I don't
> see any reason for there to be a distinction based on the underlying
> hardware.
>
>
I agree.