[refpolicy] labels on /dev/tty.*

Jason Zaman jason at perfinion.com
Wed Oct 22 16:09:39 UTC 2014


Hi all,

I am confused about the labels on the tty dev nodes. I looked in refpol
and the only fcontext is:

/dev/.*tty[^/]* -c gen_context(system_u:object_r:tty_device_t,s0)

The implications of this are that everything is labelled with
tty_device_t but I am pretty sure this is wrong. I have seen several
different types of nodes which I think should have separate labels.

Ones that I am aware of (please add more or correct my understanding if
it is wrong)

/dev/tty0 -- The consoles (eg ctrl+alt+f1)
/dev/ttyS -- A physical serial port
/dev/ttyUSB0 -- A usb-to-serial port
/dev/ttyACM0 -- I have seen this for both usb-to-serial on embedded
microcontrollers as well as 3G modems and the like.
/dev/usb/tty.* -- I have no idea what this is, its not on my system but
it is labelled usbtty_device_t in refpol.

The label on tty0 seems correct, the label on ttyUSB0 and ttyACM0 should
probably be usbtty_device_t. As for what the label should be on ttyS0, I
am not sure.

Thoughts? I dont want to just send in a patch changing this before I
understand *exactly* what these are used for in case they break
something else.

-- Jason


More information about the refpolicy mailing list