1 files changed, 0 insertions, 126 deletions
diff --git a/recipes-security/refpolicy/refpolicy-git/0026-policy-module-sysfs-fix-for-new-SELINUXMNT-in-sys.patch b/recipes-security/refpolicy/refpolicy-git/0026-policy-module-sysfs-fix-for-new-SELINUXMNT-in-sys.patch
deleted file mode 100644
index 257395a..0000000
--- a/recipes-security/refpolicy/refpolicy-git/0026-policy-module-sysfs-fix-for-new-SELINUXMNT-in-sys.patch
+++ /dev/null
@@ -1,126 +0,0 @@
-From 06d2bad9325fdc6b0a73858bca7ba51fe591f39d Mon Sep 17 00:00:00 2001
-From: Joe MacDonald <joe_macdonald@mentor.com>
-Date: Fri, 29 Mar 2019 11:16:37 -0400
-Subject: [PATCH 26/34] policy/module/sysfs: fix for new SELINUXMNT in /sys
-SELINUXMNT is now from /selinux to /sys/fs/selinux, so we should
-add rules to access sysfs.
-Upstream-Status: Inappropriate [only for Poky]
-Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
-Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
---
- policy/modules/kernel/selinux.if | 19 +++++++++++++++++++
- 1 file changed, 19 insertions(+)
-diff --git a/policy/modules/kernel/selinux.if b/policy/modules/kernel/selinux.if
-index 6790e5d0..2c95db81 100644
--- a/policy/modules/kernel/selinux.if
-+++ b/policy/modules/kernel/selinux.if
-@@ -117,6 +117,9 @@ interface(`selinux_mount_fs',`
-                type security_t;
-        ')
- 
-+       dev_getattr_sysfs($1)
-+       dev_search_sysfs($1)
-+
-        allow $1 security_t:filesystem mount;
- ')
- 
-@@ -136,6 +139,9 @@ interface(`selinux_remount_fs',`
-                type security_t;
-        ')
- 
-+       dev_getattr_sysfs($1)
-+       dev_search_sysfs($1)
-+
-        allow $1 security_t:filesystem remount;
- ')
- 
-@@ -155,6 +161,9 @@ interface(`selinux_unmount_fs',`
-        ')
- 
-        allow $1 security_t:filesystem unmount;
-+
-+       dev_getattr_sysfs($1)
-+       dev_search_sysfs($1)
- ')
- 
- ########################################
-@@ -217,6 +226,8 @@ interface(`selinux_dontaudit_getattr_dir',`
-        ')
- 
-        dontaudit $1 security_t:dir getattr;
-+       dev_dontaudit_getattr_sysfs($1)
-+       dev_dontaudit_search_sysfs($1)
- ')
- 
- ########################################
-@@ -253,6 +264,7 @@ interface(`selinux_dontaudit_search_fs',`
-                type security_t;
-        ')
- 
-+       dev_dontaudit_search_sysfs($1)
-        dontaudit $1 security_t:dir search_dir_perms;
- ')
- 
-@@ -272,6 +284,7 @@ interface(`selinux_dontaudit_read_fs',`
-                type security_t;
-        ')
- 
-+       dev_dontaudit_getattr_sysfs($1)
-        dontaudit $1 security_t:dir search_dir_perms;
-        dontaudit $1 security_t:file read_file_perms;
- ')
-@@ -361,6 +374,7 @@ interface(`selinux_read_policy',`
-                type security_t;
-        ')
- 
-+       dev_getattr_sysfs($1)
-        dev_search_sysfs($1)
-        allow $1 security_t:dir list_dir_perms;
-        allow $1 security_t:file read_file_perms;
-@@ -394,6 +408,7 @@ interface(`selinux_set_generic_booleans',`
-                type security_t;
-        ')
- 
-+       dev_getattr_sysfs($1)
-        dev_search_sysfs($1)
- 
-        allow $1 security_t:dir list_dir_perms;
-@@ -431,6 +446,7 @@ interface(`selinux_set_all_booleans',`
-                bool secure_mode_policyload;
-        ')
- 
-+       dev_getattr_sysfs($1)
-        dev_search_sysfs($1)
- 
-        allow $1 security_t:dir list_dir_perms;
-@@ -512,6 +528,7 @@ interface(`selinux_dontaudit_validate_context',`
-                type security_t;
-        ')
- 
-+       dev_dontaudit_search_sysfs($1)
-        dontaudit $1 security_t:dir list_dir_perms;
-        dontaudit $1 security_t:file rw_file_perms;
-        dontaudit $1 security_t:security check_context;
-@@ -533,6 +550,7 @@ interface(`selinux_compute_access_vector',`
-                type security_t;
-        ')
- 
-+       dev_getattr_sysfs($1)
-        dev_search_sysfs($1)
-        allow $1 self:netlink_selinux_socket create_socket_perms;
-        allow $1 security_t:dir list_dir_perms;
-@@ -629,6 +647,7 @@ interface(`selinux_compute_user_contexts',`
-                type security_t;
-        ')
- 
-+       dev_getattr_sysfs($1)
-        dev_search_sysfs($1)
-        allow $1 security_t:dir list_dir_perms;
-        allow $1 security_t:file rw_file_perms;
-- 
-2.19.1

diff --git a/recipes-security/refpolicy/refpolicy-git/0026-policy-module-sysfs-fix-for-new-SELINUXMNT-in-sys.patch b/recipes-security/refpolicy/refpolicy-git/0026-policy-module-sysfs-fix-for-new-SELINUXMNT-in-sys.patch deleted file mode 100644 index 257395a..0000000 --- a/recipes-security/refpolicy/refpolicy-git/0026-policy-module-sysfs-fix-for-new-SELINUXMNT-in-sys.patch +++ /dev/null
@@ -1,126 +0,0 @@
1	From 06d2bad9325fdc6b0a73858bca7ba51fe591f39d Mon Sep 17 00:00:00 2001
2	From: Joe MacDonald <joe_macdonald@mentor.com>
3	Date: Fri, 29 Mar 2019 11:16:37 -0400
4	Subject: [PATCH 26/34] policy/module/sysfs: fix for new SELINUXMNT in /sys
5
6	SELINUXMNT is now from /selinux to /sys/fs/selinux, so we should
7	add rules to access sysfs.
8
9	Upstream-Status: Inappropriate [only for Poky]
10
11	Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
12	Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
13	---
14	policy/modules/kernel/selinux.if \| 19 +++++++++++++++++++
15	1 file changed, 19 insertions(+)
16
17	diff --git a/policy/modules/kernel/selinux.if b/policy/modules/kernel/selinux.if
18	index 6790e5d0..2c95db81 100644
19	--- a/policy/modules/kernel/selinux.if
20	+++ b/policy/modules/kernel/selinux.if
21	@@ -117,6 +117,9 @@ interface(`selinux_mount_fs',`
22	type security_t;
23	')
24
25	+ dev_getattr_sysfs($1)
26	+ dev_search_sysfs($1)
27	+
28	allow $1 security_t:filesystem mount;
29	')
30
31	@@ -136,6 +139,9 @@ interface(`selinux_remount_fs',`
32	type security_t;
33	')
34
35	+ dev_getattr_sysfs($1)
36	+ dev_search_sysfs($1)
37	+
38	allow $1 security_t:filesystem remount;
39	')
40
41	@@ -155,6 +161,9 @@ interface(`selinux_unmount_fs',`
42	')
43
44	allow $1 security_t:filesystem unmount;
45	+
46	+ dev_getattr_sysfs($1)
47	+ dev_search_sysfs($1)
48	')
49
50	########################################
51	@@ -217,6 +226,8 @@ interface(`selinux_dontaudit_getattr_dir',`
52	')
53
54	dontaudit $1 security_t:dir getattr;
55	+ dev_dontaudit_getattr_sysfs($1)
56	+ dev_dontaudit_search_sysfs($1)
57	')
58
59	########################################
60	@@ -253,6 +264,7 @@ interface(`selinux_dontaudit_search_fs',`
61	type security_t;
62	')
63
64	+ dev_dontaudit_search_sysfs($1)
65	dontaudit $1 security_t:dir search_dir_perms;
66	')
67
68	@@ -272,6 +284,7 @@ interface(`selinux_dontaudit_read_fs',`
69	type security_t;
70	')
71
72	+ dev_dontaudit_getattr_sysfs($1)
73	dontaudit $1 security_t:dir search_dir_perms;
74	dontaudit $1 security_t:file read_file_perms;
75	')
76	@@ -361,6 +374,7 @@ interface(`selinux_read_policy',`
77	type security_t;
78	')
79
80	+ dev_getattr_sysfs($1)
81	dev_search_sysfs($1)
82	allow $1 security_t:dir list_dir_perms;
83	allow $1 security_t:file read_file_perms;
84	@@ -394,6 +408,7 @@ interface(`selinux_set_generic_booleans',`
85	type security_t;
86	')
87
88	+ dev_getattr_sysfs($1)
89	dev_search_sysfs($1)
90
91	allow $1 security_t:dir list_dir_perms;
92	@@ -431,6 +446,7 @@ interface(`selinux_set_all_booleans',`
93	bool secure_mode_policyload;
94	')
95
96	+ dev_getattr_sysfs($1)
97	dev_search_sysfs($1)
98
99	allow $1 security_t:dir list_dir_perms;
100	@@ -512,6 +528,7 @@ interface(`selinux_dontaudit_validate_context',`
101	type security_t;
102	')
103
104	+ dev_dontaudit_search_sysfs($1)
105	dontaudit $1 security_t:dir list_dir_perms;
106	dontaudit $1 security_t:file rw_file_perms;
107	dontaudit $1 security_t:security check_context;
108	@@ -533,6 +550,7 @@ interface(`selinux_compute_access_vector',`
109	type security_t;
110	')
111
112	+ dev_getattr_sysfs($1)
113	dev_search_sysfs($1)
114	allow $1 self:netlink_selinux_socket create_socket_perms;
115	allow $1 security_t:dir list_dir_perms;
116	@@ -629,6 +647,7 @@ interface(`selinux_compute_user_contexts',`
117	type security_t;
118	')
119
120	+ dev_getattr_sysfs($1)
121	dev_search_sysfs($1)
122	allow $1 security_t:dir list_dir_perms;
123	allow $1 security_t:file rw_file_perms;
124	--
125	2.19.1
126