summaryrefslogtreecommitdiffstats
path: root/recipes-security/refpolicy/refpolicy/0030-policy-modules-kernel-files-add-rules-for-the-symlin.patch
diff options
context:
space:
mode:
Diffstat (limited to 'recipes-security/refpolicy/refpolicy/0030-policy-modules-kernel-files-add-rules-for-the-symlin.patch')
-rw-r--r--recipes-security/refpolicy/refpolicy/0030-policy-modules-kernel-files-add-rules-for-the-symlin.patch102
1 files changed, 102 insertions, 0 deletions
diff --git a/recipes-security/refpolicy/refpolicy/0030-policy-modules-kernel-files-add-rules-for-the-symlin.patch b/recipes-security/refpolicy/refpolicy/0030-policy-modules-kernel-files-add-rules-for-the-symlin.patch
new file mode 100644
index 0000000..ee329b1
--- /dev/null
+++ b/recipes-security/refpolicy/refpolicy/0030-policy-modules-kernel-files-add-rules-for-the-symlin.patch
@@ -0,0 +1,102 @@
1From b4110d4f30f6dc82c810ceaf24911b1fadb0e7c4 Mon Sep 17 00:00:00 2001
2From: Xin Ouyang <Xin.Ouyang@windriver.com>
3Date: Thu, 22 Aug 2013 13:37:23 +0800
4Subject: [PATCH] policy/modules/kernel/files: add rules for the symlink of
5 /tmp
6
7/tmp is a symlink in poky, so we need allow rules for files to read
8lnk_file while doing search/list/delete/rw.. in /tmp/ directory.
9
10Upstream-Status: Inappropriate [embedded specific]
11
12Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
13Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
14Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
15---
16 policy/modules/kernel/files.fc | 1 +
17 policy/modules/kernel/files.if | 8 ++++++++
18 2 files changed, 9 insertions(+)
19
20diff --git a/policy/modules/kernel/files.fc b/policy/modules/kernel/files.fc
21index 9a6f9d2d4..0f511c830 100644
22--- a/policy/modules/kernel/files.fc
23+++ b/policy/modules/kernel/files.fc
24@@ -171,6 +171,7 @@ HOME_ROOT/lost\+found/.* <<none>>
25 # /tmp
26 #
27 /tmp -d gen_context(system_u:object_r:tmp_t,s0-mls_systemhigh)
28+/tmp -l gen_context(system_u:object_r:tmp_t,s0)
29 /tmp/.* <<none>>
30 /tmp/\.journal <<none>>
31
32diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
33index 9e4344d24..14b34a467 100644
34--- a/policy/modules/kernel/files.if
35+++ b/policy/modules/kernel/files.if
36@@ -4780,6 +4780,7 @@ interface(`files_search_tmp',`
37 ')
38
39 allow $1 tmp_t:dir search_dir_perms;
40+ allow $1 tmp_t:lnk_file read_lnk_file_perms;
41 ')
42
43 ########################################
44@@ -4816,6 +4817,7 @@ interface(`files_list_tmp',`
45 ')
46
47 allow $1 tmp_t:dir list_dir_perms;
48+ allow $1 tmp_t:lnk_file read_lnk_file_perms;
49 ')
50
51 ########################################
52@@ -4852,6 +4854,7 @@ interface(`files_delete_tmp_dir_entry',`
53 ')
54
55 allow $1 tmp_t:dir del_entry_dir_perms;
56+ allow $1 tmp_t:lnk_file read_lnk_file_perms;
57 ')
58
59 ########################################
60@@ -4870,6 +4873,7 @@ interface(`files_read_generic_tmp_files',`
61 ')
62
63 read_files_pattern($1, tmp_t, tmp_t)
64+ allow $1 tmp_t:lnk_file read_lnk_file_perms;
65 ')
66
67 ########################################
68@@ -4888,6 +4892,7 @@ interface(`files_manage_generic_tmp_dirs',`
69 ')
70
71 manage_dirs_pattern($1, tmp_t, tmp_t)
72+ allow $1 tmp_t:lnk_file read_lnk_file_perms;
73 ')
74
75 ########################################
76@@ -4924,6 +4929,7 @@ interface(`files_manage_generic_tmp_files',`
77 ')
78
79 manage_files_pattern($1, tmp_t, tmp_t)
80+ allow $1 tmp_t:lnk_file read_lnk_file_perms;
81 ')
82
83 ########################################
84@@ -4960,6 +4966,7 @@ interface(`files_rw_generic_tmp_sockets',`
85 ')
86
87 rw_sock_files_pattern($1, tmp_t, tmp_t)
88+ allow $1 tmp_t:lnk_file read_lnk_file_perms;
89 ')
90
91 ########################################
92@@ -5167,6 +5174,7 @@ interface(`files_tmp_filetrans',`
93 ')
94
95 filetrans_pattern($1, tmp_t, $2, $3, $4)
96+ allow $1 tmp_t:lnk_file read_lnk_file_perms;
97 ')
98
99 ########################################
100--
1012.25.1
102
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-05-09 17:33:29 +0000