diff options
Diffstat (limited to 'recipes-security/refpolicy/refpolicy/0030-policy-modules-kernel-files-add-rules-for-the-symlin.patch')
-rw-r--r-- | recipes-security/refpolicy/refpolicy/0030-policy-modules-kernel-files-add-rules-for-the-symlin.patch | 102 |
1 files changed, 102 insertions, 0 deletions
diff --git a/recipes-security/refpolicy/refpolicy/0030-policy-modules-kernel-files-add-rules-for-the-symlin.patch b/recipes-security/refpolicy/refpolicy/0030-policy-modules-kernel-files-add-rules-for-the-symlin.patch new file mode 100644 index 0000000..ee329b1 --- /dev/null +++ b/recipes-security/refpolicy/refpolicy/0030-policy-modules-kernel-files-add-rules-for-the-symlin.patch | |||
@@ -0,0 +1,102 @@ | |||
1 | From b4110d4f30f6dc82c810ceaf24911b1fadb0e7c4 Mon Sep 17 00:00:00 2001 | ||
2 | From: Xin Ouyang <Xin.Ouyang@windriver.com> | ||
3 | Date: Thu, 22 Aug 2013 13:37:23 +0800 | ||
4 | Subject: [PATCH] policy/modules/kernel/files: add rules for the symlink of | ||
5 | /tmp | ||
6 | |||
7 | /tmp is a symlink in poky, so we need allow rules for files to read | ||
8 | lnk_file while doing search/list/delete/rw.. in /tmp/ directory. | ||
9 | |||
10 | Upstream-Status: Inappropriate [embedded specific] | ||
11 | |||
12 | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com> | ||
13 | Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com> | ||
14 | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> | ||
15 | --- | ||
16 | policy/modules/kernel/files.fc | 1 + | ||
17 | policy/modules/kernel/files.if | 8 ++++++++ | ||
18 | 2 files changed, 9 insertions(+) | ||
19 | |||
20 | diff --git a/policy/modules/kernel/files.fc b/policy/modules/kernel/files.fc | ||
21 | index 9a6f9d2d4..0f511c830 100644 | ||
22 | --- a/policy/modules/kernel/files.fc | ||
23 | +++ b/policy/modules/kernel/files.fc | ||
24 | @@ -171,6 +171,7 @@ HOME_ROOT/lost\+found/.* <<none>> | ||
25 | # /tmp | ||
26 | # | ||
27 | /tmp -d gen_context(system_u:object_r:tmp_t,s0-mls_systemhigh) | ||
28 | +/tmp -l gen_context(system_u:object_r:tmp_t,s0) | ||
29 | /tmp/.* <<none>> | ||
30 | /tmp/\.journal <<none>> | ||
31 | |||
32 | diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if | ||
33 | index 9e4344d24..14b34a467 100644 | ||
34 | --- a/policy/modules/kernel/files.if | ||
35 | +++ b/policy/modules/kernel/files.if | ||
36 | @@ -4780,6 +4780,7 @@ interface(`files_search_tmp',` | ||
37 | ') | ||
38 | |||
39 | allow $1 tmp_t:dir search_dir_perms; | ||
40 | + allow $1 tmp_t:lnk_file read_lnk_file_perms; | ||
41 | ') | ||
42 | |||
43 | ######################################## | ||
44 | @@ -4816,6 +4817,7 @@ interface(`files_list_tmp',` | ||
45 | ') | ||
46 | |||
47 | allow $1 tmp_t:dir list_dir_perms; | ||
48 | + allow $1 tmp_t:lnk_file read_lnk_file_perms; | ||
49 | ') | ||
50 | |||
51 | ######################################## | ||
52 | @@ -4852,6 +4854,7 @@ interface(`files_delete_tmp_dir_entry',` | ||
53 | ') | ||
54 | |||
55 | allow $1 tmp_t:dir del_entry_dir_perms; | ||
56 | + allow $1 tmp_t:lnk_file read_lnk_file_perms; | ||
57 | ') | ||
58 | |||
59 | ######################################## | ||
60 | @@ -4870,6 +4873,7 @@ interface(`files_read_generic_tmp_files',` | ||
61 | ') | ||
62 | |||
63 | read_files_pattern($1, tmp_t, tmp_t) | ||
64 | + allow $1 tmp_t:lnk_file read_lnk_file_perms; | ||
65 | ') | ||
66 | |||
67 | ######################################## | ||
68 | @@ -4888,6 +4892,7 @@ interface(`files_manage_generic_tmp_dirs',` | ||
69 | ') | ||
70 | |||
71 | manage_dirs_pattern($1, tmp_t, tmp_t) | ||
72 | + allow $1 tmp_t:lnk_file read_lnk_file_perms; | ||
73 | ') | ||
74 | |||
75 | ######################################## | ||
76 | @@ -4924,6 +4929,7 @@ interface(`files_manage_generic_tmp_files',` | ||
77 | ') | ||
78 | |||
79 | manage_files_pattern($1, tmp_t, tmp_t) | ||
80 | + allow $1 tmp_t:lnk_file read_lnk_file_perms; | ||
81 | ') | ||
82 | |||
83 | ######################################## | ||
84 | @@ -4960,6 +4966,7 @@ interface(`files_rw_generic_tmp_sockets',` | ||
85 | ') | ||
86 | |||
87 | rw_sock_files_pattern($1, tmp_t, tmp_t) | ||
88 | + allow $1 tmp_t:lnk_file read_lnk_file_perms; | ||
89 | ') | ||
90 | |||
91 | ######################################## | ||
92 | @@ -5167,6 +5174,7 @@ interface(`files_tmp_filetrans',` | ||
93 | ') | ||
94 | |||
95 | filetrans_pattern($1, tmp_t, $2, $3, $4) | ||
96 | + allow $1 tmp_t:lnk_file read_lnk_file_perms; | ||
97 | ') | ||
98 | |||
99 | ######################################## | ||
100 | -- | ||
101 | 2.25.1 | ||
102 | |||