1 files changed, 33 insertions, 0 deletions
diff --git a/recipes-security/refpolicy/refpolicy/0027-fc-init-add-file-context-to-etc-network-if-files.patch b/recipes-security/refpolicy/refpolicy/0027-fc-init-add-file-context-to-etc-network-if-files.patch
new file mode 100644
index 0000000..e54777c
--- /dev/null
+++ b/recipes-security/refpolicy/refpolicy/0027-fc-init-add-file-context-to-etc-network-if-files.patch
@@ -0,0 +1,33 @@
+From 1d6f9b62082188992bfb681632dff15d5ad608c9 Mon Sep 17 00:00:00 2001
+From: Yi Zhao <yi.zhao@windriver.com>
+Date: Tue, 19 Nov 2019 14:33:28 +0800
+Subject: [PATCH] fc/init: add file context to /etc/network/if-* files
+Upstream-Status: Inappropriate [embedded specific]
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ policy/modules/system/init.fc | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+diff --git a/policy/modules/system/init.fc b/policy/modules/system/init.fc
+index fe72df22a..a9d8f343a 100644
+--- a/policy/modules/system/init.fc
+++ b/policy/modules/system/init.fc
+@@ -70,11 +70,12 @@ ifdef(`distro_redhat',`
+ ifdef(`distro_debian',`
+ /run/hotkey-setup      --      gen_context(system_u:object_r:initrc_runtime_t,s0)
+ /run/kdm/.*            --      gen_context(system_u:object_r:initrc_runtime_t,s0)
+')
+
+ /etc/network/if-pre-up\.d/.* --        gen_context(system_u:object_r:initrc_exec_t,s0)
+ /etc/network/if-up\.d/.* --    gen_context(system_u:object_r:initrc_exec_t,s0)
+ /etc/network/if-down\.d/.* --  gen_context(system_u:object_r:initrc_exec_t,s0)
+ /etc/network/if-post-down\.d/.* -- gen_context(system_u:object_r:initrc_exec_t,s0)
+-')
+ 
+ ifdef(`distro_gentoo', `
+ /var/lib/init\.d(/.*)?         gen_context(system_u:object_r:initrc_state_t,s0)
+-- 
+2.17.1

diff --git a/recipes-security/refpolicy/refpolicy/0027-fc-init-add-file-context-to-etc-network-if-files.patch b/recipes-security/refpolicy/refpolicy/0027-fc-init-add-file-context-to-etc-network-if-files.patch new file mode 100644 index 0000000..e54777c --- /dev/null +++ b/recipes-security/refpolicy/refpolicy/0027-fc-init-add-file-context-to-etc-network-if-files.patch
@@ -0,0 +1,33 @@
	1	From 1d6f9b62082188992bfb681632dff15d5ad608c9 Mon Sep 17 00:00:00 2001
	2	From: Yi Zhao <yi.zhao@windriver.com>
	3	Date: Tue, 19 Nov 2019 14:33:28 +0800
	4	Subject: [PATCH] fc/init: add file context to /etc/network/if-* files
	5
	6	Upstream-Status: Inappropriate [embedded specific]
	7
	8	Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
	9	---
	10	policy/modules/system/init.fc \| 3 ++-
	11	1 file changed, 2 insertions(+), 1 deletion(-)
	12
	13	diff --git a/policy/modules/system/init.fc b/policy/modules/system/init.fc
	14	index fe72df22a..a9d8f343a 100644
	15	--- a/policy/modules/system/init.fc
	16	+++ b/policy/modules/system/init.fc
	17	@@ -70,11 +70,12 @@ ifdef(`distro_redhat',`
	18	ifdef(`distro_debian',`
	19	/run/hotkey-setup -- gen_context(system_u:object_r:initrc_runtime_t,s0)
	20	/run/kdm/.* -- gen_context(system_u:object_r:initrc_runtime_t,s0)
	21	+')
	22	+
	23	/etc/network/if-pre-up\.d/.* -- gen_context(system_u:object_r:initrc_exec_t,s0)
	24	/etc/network/if-up\.d/.* -- gen_context(system_u:object_r:initrc_exec_t,s0)
	25	/etc/network/if-down\.d/.* -- gen_context(system_u:object_r:initrc_exec_t,s0)
	26	/etc/network/if-post-down\.d/.* -- gen_context(system_u:object_r:initrc_exec_t,s0)
	27	-')
	28
	29	ifdef(`distro_gentoo', `
	30	/var/lib/init\.d(/.*)? gen_context(system_u:object_r:initrc_state_t,s0)
	31	--
	32	2.17.1
	33