1 files changed, 40 insertions, 0 deletions
diff --git a/recipes-security/refpolicy/refpolicy/0002-refpolicy-minimum-make-xdg-module-optional.patch b/recipes-security/refpolicy/refpolicy/0002-refpolicy-minimum-make-xdg-module-optional.patch
new file mode 100644
index 0000000..84764e5
--- /dev/null
+++ b/recipes-security/refpolicy/refpolicy/0002-refpolicy-minimum-make-xdg-module-optional.patch
@@ -0,0 +1,40 @@
+From 1ff0e212ce737bba59d90977a58a15250bc84ea9 Mon Sep 17 00:00:00 2001
+From: Yi Zhao <yi.zhao@windriver.com>
+Date: Wed, 29 Sep 2021 11:08:49 +0800
+Subject: [PATCH] refpolicy-minimum: make xdg module optional
+The systemd module invokes xdg_config_content and xdg_data_content
+interfaces which are from xdg module. Since xdg is not a core module, we
+could make it optional in minimum policy.
+Upstream-Status: Inappropriate [embedded specific]
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ policy/modules/system/systemd.te | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
+index 8cea6baa1..218834495 100644
+--- a/policy/modules/system/systemd.te
+++ b/policy/modules/system/systemd.te
+@@ -276,10 +276,14 @@ files_type(systemd_update_run_t)
+ 
+ type systemd_conf_home_t;
+ init_unit_file(systemd_conf_home_t)
+-xdg_config_content(systemd_conf_home_t)
+optional_policy(`
+       xdg_config_content(systemd_conf_home_t)
+')
+ 
+ type systemd_data_home_t;
+-xdg_data_content(systemd_data_home_t)
+optional_policy(`
+       xdg_data_content(systemd_data_home_t)
+')
+ 
+ type systemd_user_runtime_notify_t;
+ userdom_user_runtime_content(systemd_user_runtime_notify_t)
+-- 
+2.17.1

diff --git a/recipes-security/refpolicy/refpolicy/0002-refpolicy-minimum-make-xdg-module-optional.patch b/recipes-security/refpolicy/refpolicy/0002-refpolicy-minimum-make-xdg-module-optional.patch new file mode 100644 index 0000000..84764e5 --- /dev/null +++ b/recipes-security/refpolicy/refpolicy/0002-refpolicy-minimum-make-xdg-module-optional.patch
@@ -0,0 +1,40 @@
	1	From 1ff0e212ce737bba59d90977a58a15250bc84ea9 Mon Sep 17 00:00:00 2001
	2	From: Yi Zhao <yi.zhao@windriver.com>
	3	Date: Wed, 29 Sep 2021 11:08:49 +0800
	4	Subject: [PATCH] refpolicy-minimum: make xdg module optional
	5
	6	The systemd module invokes xdg_config_content and xdg_data_content
	7	interfaces which are from xdg module. Since xdg is not a core module, we
	8	could make it optional in minimum policy.
	9
	10	Upstream-Status: Inappropriate [embedded specific]
	11
	12	Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
	13	---
	14	policy/modules/system/systemd.te \| 8 ++++++--
	15	1 file changed, 6 insertions(+), 2 deletions(-)
	16
	17	diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
	18	index 8cea6baa1..218834495 100644
	19	--- a/policy/modules/system/systemd.te
	20	+++ b/policy/modules/system/systemd.te
	21	@@ -276,10 +276,14 @@ files_type(systemd_update_run_t)
	22
	23	type systemd_conf_home_t;
	24	init_unit_file(systemd_conf_home_t)
	25	-xdg_config_content(systemd_conf_home_t)
	26	+optional_policy(`
	27	+ xdg_config_content(systemd_conf_home_t)
	28	+')
	29
	30	type systemd_data_home_t;
	31	-xdg_data_content(systemd_data_home_t)
	32	+optional_policy(`
	33	+ xdg_data_content(systemd_data_home_t)
	34	+')
	35
	36	type systemd_user_runtime_notify_t;
	37	userdom_user_runtime_content(systemd_user_runtime_notify_t)
	38	--
	39	2.17.1
	40