1 files changed, 124 insertions, 0 deletions
diff --git a/recipes-security/refpolicy/refpolicy/0035-policy-modules-kernel-terminal-add-rules-for-bsdpty_.patch b/recipes-security/refpolicy/refpolicy/0035-policy-modules-kernel-terminal-add-rules-for-bsdpty_.patch
new file mode 100644
index 0000000..c6fb34f
--- /dev/null
+++ b/recipes-security/refpolicy/refpolicy/0035-policy-modules-kernel-terminal-add-rules-for-bsdpty_.patch
@@ -0,0 +1,124 @@
+From cc8505dc9613a98ee8215854ece31a4aca103e8d Mon Sep 17 00:00:00 2001
+From: Xin Ouyang <Xin.Ouyang@windriver.com>
+Date: Thu, 22 Aug 2013 13:37:23 +0800
+Subject: [PATCH] policy/modules/kernel/terminal: add rules for bsdpty_device_t
+ to complete pty devices
+Upstream-Status: Inappropriate [embedded specific]
+Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
+Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ policy/modules/kernel/terminal.if | 16 ++++++++++++++++
+ 1 file changed, 16 insertions(+)
+diff --git a/policy/modules/kernel/terminal.if b/policy/modules/kernel/terminal.if
+index 4bd4884f8..f70e51525 100644
+--- a/policy/modules/kernel/terminal.if
+++ b/policy/modules/kernel/terminal.if
+@@ -623,9 +623,11 @@ interface(`term_getattr_generic_ptys',`
+ interface(`term_dontaudit_getattr_generic_ptys',`
+        gen_require(`
+                type devpts_t;
+               type bsdpty_device_t;
+        ')
+ 
+        dontaudit $1 devpts_t:chr_file getattr;
+       dontaudit $1 bsdpty_device_t:chr_file getattr;
+ ')
+ ########################################
+ ## <summary>
+@@ -641,11 +643,13 @@ interface(`term_dontaudit_getattr_generic_ptys',`
+ interface(`term_ioctl_generic_ptys',`
+        gen_require(`
+                type devpts_t;
+               type bsdpty_device_t;
+        ')
+ 
+        dev_list_all_dev_nodes($1)
+        allow $1 devpts_t:dir search;
+        allow $1 devpts_t:chr_file ioctl;
+       allow $1 bsdpty_device_t:chr_file ioctl;
+ ')
+ 
+ ########################################
+@@ -663,9 +667,11 @@ interface(`term_ioctl_generic_ptys',`
+ interface(`term_setattr_generic_ptys',`
+        gen_require(`
+                type devpts_t;
+               type bsdpty_device_t;
+        ')
+ 
+        allow $1 devpts_t:chr_file setattr;
+       allow $1 bsdpty_device_t:chr_file setattr;
+ ')
+ 
+ ########################################
+@@ -683,9 +689,11 @@ interface(`term_setattr_generic_ptys',`
+ interface(`term_dontaudit_setattr_generic_ptys',`
+        gen_require(`
+                type devpts_t;
+               type bsdpty_device_t;
+        ')
+ 
+        dontaudit $1 devpts_t:chr_file setattr;
+       dontaudit $1 bsdpty_device_t:chr_file setattr;
+ ')
+ 
+ ########################################
+@@ -703,11 +711,13 @@ interface(`term_dontaudit_setattr_generic_ptys',`
+ interface(`term_use_generic_ptys',`
+        gen_require(`
+                type devpts_t;
+               type bsdpty_device_t;
+        ')
+ 
+        dev_list_all_dev_nodes($1)
+        allow $1 devpts_t:dir list_dir_perms;
+        allow $1 devpts_t:chr_file { rw_term_perms lock append };
+       allow $1 bsdpty_device_t:chr_file { rw_term_perms lock append };
+ ')
+ 
+ ########################################
+@@ -725,9 +735,11 @@ interface(`term_use_generic_ptys',`
+ interface(`term_dontaudit_use_generic_ptys',`
+        gen_require(`
+                type devpts_t;
+               type bsdpty_device_t;
+        ')
+ 
+        dontaudit $1 devpts_t:chr_file { getattr read write ioctl };
+       dontaudit $1 bsdpty_device_t:chr_file { getattr read write ioctl };
+ ')
+ 
+ #######################################
+@@ -764,10 +776,12 @@ interface(`term_create_controlling_term',`
+ interface(`term_setattr_controlling_term',`
+        gen_require(`
+                type devtty_t;
+               type bsdpty_device_t;
+        ')
+ 
+        dev_list_all_dev_nodes($1)
+        allow $1 devtty_t:chr_file setattr;
+       allow $1 bsdpty_device_t:chr_file setattr;
+ ')
+ 
+ ########################################
+@@ -784,10 +798,12 @@ interface(`term_setattr_controlling_term',`
+ interface(`term_use_controlling_term',`
+        gen_require(`
+                type devtty_t;
+               type bsdpty_device_t;
+        ')
+ 
+        dev_list_all_dev_nodes($1)
+        allow $1 devtty_t:chr_file { rw_term_perms lock append };
+       allow $1 bsdpty_device_t:chr_file { rw_term_perms lock append };
+ ')
+ 
+ #######################################
+-- 
+2.17.1

diff --git a/recipes-security/refpolicy/refpolicy/0035-policy-modules-kernel-terminal-add-rules-for-bsdpty_.patch b/recipes-security/refpolicy/refpolicy/0035-policy-modules-kernel-terminal-add-rules-for-bsdpty_.patch new file mode 100644 index 0000000..c6fb34f --- /dev/null +++ b/recipes-security/refpolicy/refpolicy/0035-policy-modules-kernel-terminal-add-rules-for-bsdpty_.patch
@@ -0,0 +1,124 @@
	1	From cc8505dc9613a98ee8215854ece31a4aca103e8d Mon Sep 17 00:00:00 2001
	2	From: Xin Ouyang <Xin.Ouyang@windriver.com>
	3	Date: Thu, 22 Aug 2013 13:37:23 +0800
	4	Subject: [PATCH] policy/modules/kernel/terminal: add rules for bsdpty_device_t
	5	to complete pty devices
	6
	7	Upstream-Status: Inappropriate [embedded specific]
	8
	9	Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
	10	Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
	11	Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
	12	---
	13	policy/modules/kernel/terminal.if \| 16 ++++++++++++++++
	14	1 file changed, 16 insertions(+)
	15
	16	diff --git a/policy/modules/kernel/terminal.if b/policy/modules/kernel/terminal.if
	17	index 4bd4884f8..f70e51525 100644
	18	--- a/policy/modules/kernel/terminal.if
	19	+++ b/policy/modules/kernel/terminal.if
	20	@@ -623,9 +623,11 @@ interface(`term_getattr_generic_ptys',`
	21	interface(`term_dontaudit_getattr_generic_ptys',`
	22	gen_require(`
	23	type devpts_t;
	24	+ type bsdpty_device_t;
	25	')
	26
	27	dontaudit $1 devpts_t:chr_file getattr;
	28	+ dontaudit $1 bsdpty_device_t:chr_file getattr;
	29	')
	30	########################################
	31	## <summary>
	32	@@ -641,11 +643,13 @@ interface(`term_dontaudit_getattr_generic_ptys',`
	33	interface(`term_ioctl_generic_ptys',`
	34	gen_require(`
	35	type devpts_t;
	36	+ type bsdpty_device_t;
	37	')
	38
	39	dev_list_all_dev_nodes($1)
	40	allow $1 devpts_t:dir search;
	41	allow $1 devpts_t:chr_file ioctl;
	42	+ allow $1 bsdpty_device_t:chr_file ioctl;
	43	')
	44
	45	########################################
	46	@@ -663,9 +667,11 @@ interface(`term_ioctl_generic_ptys',`
	47	interface(`term_setattr_generic_ptys',`
	48	gen_require(`
	49	type devpts_t;
	50	+ type bsdpty_device_t;
	51	')
	52
	53	allow $1 devpts_t:chr_file setattr;
	54	+ allow $1 bsdpty_device_t:chr_file setattr;
	55	')
	56
	57	########################################
	58	@@ -683,9 +689,11 @@ interface(`term_setattr_generic_ptys',`
	59	interface(`term_dontaudit_setattr_generic_ptys',`
	60	gen_require(`
	61	type devpts_t;
	62	+ type bsdpty_device_t;
	63	')
	64
	65	dontaudit $1 devpts_t:chr_file setattr;
	66	+ dontaudit $1 bsdpty_device_t:chr_file setattr;
	67	')
	68
	69	########################################
	70	@@ -703,11 +711,13 @@ interface(`term_dontaudit_setattr_generic_ptys',`
	71	interface(`term_use_generic_ptys',`
	72	gen_require(`
	73	type devpts_t;
	74	+ type bsdpty_device_t;
	75	')
	76
	77	dev_list_all_dev_nodes($1)
	78	allow $1 devpts_t:dir list_dir_perms;
	79	allow $1 devpts_t:chr_file { rw_term_perms lock append };
	80	+ allow $1 bsdpty_device_t:chr_file { rw_term_perms lock append };
	81	')
	82
	83	########################################
	84	@@ -725,9 +735,11 @@ interface(`term_use_generic_ptys',`
	85	interface(`term_dontaudit_use_generic_ptys',`
	86	gen_require(`
	87	type devpts_t;
	88	+ type bsdpty_device_t;
	89	')
	90
	91	dontaudit $1 devpts_t:chr_file { getattr read write ioctl };
	92	+ dontaudit $1 bsdpty_device_t:chr_file { getattr read write ioctl };
	93	')
	94
	95	#######################################
	96	@@ -764,10 +776,12 @@ interface(`term_create_controlling_term',`
	97	interface(`term_setattr_controlling_term',`
	98	gen_require(`
	99	type devtty_t;
	100	+ type bsdpty_device_t;
	101	')
	102
	103	dev_list_all_dev_nodes($1)
	104	allow $1 devtty_t:chr_file setattr;
	105	+ allow $1 bsdpty_device_t:chr_file setattr;
	106	')
	107
	108	########################################
	109	@@ -784,10 +798,12 @@ interface(`term_setattr_controlling_term',`
	110	interface(`term_use_controlling_term',`
	111	gen_require(`
	112	type devtty_t;
	113	+ type bsdpty_device_t;
	114	')
	115
	116	dev_list_all_dev_nodes($1)
	117	allow $1 devtty_t:chr_file { rw_term_perms lock append };
	118	+ allow $1 bsdpty_device_t:chr_file { rw_term_perms lock append };
	119	')
	120
	121	#######################################
	122	--
	123	2.17.1
	124