diff options
Diffstat (limited to 'recipes-security/refpolicy/refpolicy/0032-policy-modules-kernel-terminal-don-t-audit-tty_devic.patch')
-rw-r--r-- | recipes-security/refpolicy/refpolicy/0032-policy-modules-kernel-terminal-don-t-audit-tty_devic.patch | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/recipes-security/refpolicy/refpolicy/0032-policy-modules-kernel-terminal-don-t-audit-tty_devic.patch b/recipes-security/refpolicy/refpolicy/0032-policy-modules-kernel-terminal-don-t-audit-tty_devic.patch new file mode 100644 index 0000000..9648dfd --- /dev/null +++ b/recipes-security/refpolicy/refpolicy/0032-policy-modules-kernel-terminal-don-t-audit-tty_devic.patch | |||
@@ -0,0 +1,38 @@ | |||
1 | From a23028f17d5e56e20ed3930b3075ba2d1c211b16 Mon Sep 17 00:00:00 2001 | ||
2 | From: Xin Ouyang <Xin.Ouyang@windriver.com> | ||
3 | Date: Thu, 22 Aug 2013 13:37:23 +0800 | ||
4 | Subject: [PATCH] policy/modules/kernel/terminal: don't audit tty_device_t in | ||
5 | term_dontaudit_use_console | ||
6 | |||
7 | We should also not audit terminal to rw tty_device_t and fds in | ||
8 | term_dontaudit_use_console. | ||
9 | |||
10 | Upstream-Status: Inappropriate [embedded specific] | ||
11 | |||
12 | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com> | ||
13 | Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com> | ||
14 | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> | ||
15 | --- | ||
16 | policy/modules/kernel/terminal.if | 3 +++ | ||
17 | 1 file changed, 3 insertions(+) | ||
18 | |||
19 | diff --git a/policy/modules/kernel/terminal.if b/policy/modules/kernel/terminal.if | ||
20 | index e5645c7c5..6e9f654ac 100644 | ||
21 | --- a/policy/modules/kernel/terminal.if | ||
22 | +++ b/policy/modules/kernel/terminal.if | ||
23 | @@ -335,9 +335,12 @@ interface(`term_use_console',` | ||
24 | interface(`term_dontaudit_use_console',` | ||
25 | gen_require(` | ||
26 | type console_device_t; | ||
27 | + type tty_device_t; | ||
28 | ') | ||
29 | |||
30 | + init_dontaudit_use_fds($1) | ||
31 | dontaudit $1 console_device_t:chr_file rw_chr_file_perms; | ||
32 | + dontaudit $1 tty_device_t:chr_file rw_chr_file_perms; | ||
33 | ') | ||
34 | |||
35 | ######################################## | ||
36 | -- | ||
37 | 2.25.1 | ||
38 | |||