refpolicy: upgrade 20231002+git -> 20240226+git

ChangeLog:
https://github.com/SELinuxProject/refpolicy/blob/main/Changelog

Notable Changes:
  Many systemd updates up to v255
  RPM and dnf fixes
  Tighten private key handling for Apache
  Many container and kubernetes improvements
  Add support for Cilium
  Update object class definitions up to io_uring:cmd
  Add additional rules to cloud-init based on sysadm_t

* Update to latest git rev.
* Refresh patches.
* Add a patch to fix reboot timeout error.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>

1 files changed, 30 insertions, 0 deletions

diff --git a/recipes-security/refpolicy/refpolicy/0054-policy-modules-system-setrans-allow-setrans_t-use-fd.patch b/recipes-security/refpolicy/refpolicy/0054-policy-modules-system-setrans-allow-setrans_t-use-fd.patch
new file mode 100644
index 0000000..5118ef8
--- /dev/null
+++ b/recipes-security/refpolicy/refpolicy/0054-policy-modules-system-setrans-allow-setrans_t-use-fd.patch
@@ -0,0 +1,30 @@
+From 6d6e2d34ec63771a01ef258c98f1ad49efdc2f67 Mon Sep 17 00:00:00 2001
+From: Roy Li <rongqing.li@windriver.com>
+Date: Sat, 22 Feb 2014 13:35:38 +0800
+Subject: [PATCH] policy/modules/system/setrans: allow setrans_t use fd at any
+ level
+
+Upstream-Status: Inappropriate [embedded specific]
+
+Signed-off-by: Roy Li <rongqing.li@windriver.com>
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ policy/modules/system/setrans.te | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/policy/modules/system/setrans.te b/policy/modules/system/setrans.te
+index 12e66aad9..5510f7fac 100644
+--- a/policy/modules/system/setrans.te
++++ b/policy/modules/system/setrans.te
+@@ -69,6 +69,8 @@ mls_net_receive_all_levels(setrans_t)
+ mls_socket_write_all_levels(setrans_t)
+ mls_process_read_all_levels(setrans_t)
+ mls_socket_read_all_levels(setrans_t)
++mls_fd_use_all_levels(setrans_t)
++mls_trusted_object(setrans_t)
+ 
+ selinux_compute_access_vector(setrans_t)
+ 
+-- 
+2.25.1
+