1 files changed, 38 insertions, 0 deletions
diff --git a/recipes-security/refpolicy/refpolicy/0032-policy-modules-kernel-terminal-don-t-audit-tty_devic.patch b/recipes-security/refpolicy/refpolicy/0032-policy-modules-kernel-terminal-don-t-audit-tty_devic.patch
new file mode 100644
index 0000000..9648dfd
--- /dev/null
+++ b/recipes-security/refpolicy/refpolicy/0032-policy-modules-kernel-terminal-don-t-audit-tty_devic.patch
@@ -0,0 +1,38 @@
+From a23028f17d5e56e20ed3930b3075ba2d1c211b16 Mon Sep 17 00:00:00 2001
+From: Xin Ouyang <Xin.Ouyang@windriver.com>
+Date: Thu, 22 Aug 2013 13:37:23 +0800
+Subject: [PATCH] policy/modules/kernel/terminal: don't audit tty_device_t in
+ term_dontaudit_use_console
+We should also not audit terminal to rw tty_device_t and fds in
+term_dontaudit_use_console.
+Upstream-Status: Inappropriate [embedded specific]
+Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
+Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ policy/modules/kernel/terminal.if | 3 +++
+ 1 file changed, 3 insertions(+)
+diff --git a/policy/modules/kernel/terminal.if b/policy/modules/kernel/terminal.if
+index e5645c7c5..6e9f654ac 100644
+--- a/policy/modules/kernel/terminal.if
+++ b/policy/modules/kernel/terminal.if
+@@ -335,9 +335,12 @@ interface(`term_use_console',`
+ interface(`term_dontaudit_use_console',`
+        gen_require(`
+                type console_device_t;
+               type tty_device_t;
+        ')
+ 
+       init_dontaudit_use_fds($1)
+        dontaudit $1 console_device_t:chr_file rw_chr_file_perms;
+       dontaudit $1 tty_device_t:chr_file rw_chr_file_perms;
+ ')
+ 
+ ########################################
+-- 
+2.25.1

diff --git a/recipes-security/refpolicy/refpolicy/0032-policy-modules-kernel-terminal-don-t-audit-tty_devic.patch b/recipes-security/refpolicy/refpolicy/0032-policy-modules-kernel-terminal-don-t-audit-tty_devic.patch new file mode 100644 index 0000000..9648dfd --- /dev/null +++ b/recipes-security/refpolicy/refpolicy/0032-policy-modules-kernel-terminal-don-t-audit-tty_devic.patch
@@ -0,0 +1,38 @@
	1	From a23028f17d5e56e20ed3930b3075ba2d1c211b16 Mon Sep 17 00:00:00 2001
	2	From: Xin Ouyang <Xin.Ouyang@windriver.com>
	3	Date: Thu, 22 Aug 2013 13:37:23 +0800
	4	Subject: [PATCH] policy/modules/kernel/terminal: don't audit tty_device_t in
	5	term_dontaudit_use_console
	6
	7	We should also not audit terminal to rw tty_device_t and fds in
	8	term_dontaudit_use_console.
	9
	10	Upstream-Status: Inappropriate [embedded specific]
	11
	12	Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
	13	Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
	14	Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
	15	---
	16	policy/modules/kernel/terminal.if \| 3 +++
	17	1 file changed, 3 insertions(+)
	18
	19	diff --git a/policy/modules/kernel/terminal.if b/policy/modules/kernel/terminal.if
	20	index e5645c7c5..6e9f654ac 100644
	21	--- a/policy/modules/kernel/terminal.if
	22	+++ b/policy/modules/kernel/terminal.if
	23	@@ -335,9 +335,12 @@ interface(`term_use_console',`
	24	interface(`term_dontaudit_use_console',`
	25	gen_require(`
	26	type console_device_t;
	27	+ type tty_device_t;
	28	')
	29
	30	+ init_dontaudit_use_fds($1)
	31	dontaudit $1 console_device_t:chr_file rw_chr_file_perms;
	32	+ dontaudit $1 tty_device_t:chr_file rw_chr_file_perms;
	33	')
	34
	35	########################################
	36	--
	37	2.25.1
	38