diff options
Diffstat (limited to 'recipes-security/refpolicy/refpolicy/0035-policy-modules-kernel-terminal-add-rules-for-bsdpty_.patch')
-rw-r--r-- | recipes-security/refpolicy/refpolicy/0035-policy-modules-kernel-terminal-add-rules-for-bsdpty_.patch | 124 |
1 files changed, 124 insertions, 0 deletions
diff --git a/recipes-security/refpolicy/refpolicy/0035-policy-modules-kernel-terminal-add-rules-for-bsdpty_.patch b/recipes-security/refpolicy/refpolicy/0035-policy-modules-kernel-terminal-add-rules-for-bsdpty_.patch new file mode 100644 index 0000000..c6fb34f --- /dev/null +++ b/recipes-security/refpolicy/refpolicy/0035-policy-modules-kernel-terminal-add-rules-for-bsdpty_.patch | |||
@@ -0,0 +1,124 @@ | |||
1 | From cc8505dc9613a98ee8215854ece31a4aca103e8d Mon Sep 17 00:00:00 2001 | ||
2 | From: Xin Ouyang <Xin.Ouyang@windriver.com> | ||
3 | Date: Thu, 22 Aug 2013 13:37:23 +0800 | ||
4 | Subject: [PATCH] policy/modules/kernel/terminal: add rules for bsdpty_device_t | ||
5 | to complete pty devices | ||
6 | |||
7 | Upstream-Status: Inappropriate [embedded specific] | ||
8 | |||
9 | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com> | ||
10 | Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com> | ||
11 | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> | ||
12 | --- | ||
13 | policy/modules/kernel/terminal.if | 16 ++++++++++++++++ | ||
14 | 1 file changed, 16 insertions(+) | ||
15 | |||
16 | diff --git a/policy/modules/kernel/terminal.if b/policy/modules/kernel/terminal.if | ||
17 | index 4bd4884f8..f70e51525 100644 | ||
18 | --- a/policy/modules/kernel/terminal.if | ||
19 | +++ b/policy/modules/kernel/terminal.if | ||
20 | @@ -623,9 +623,11 @@ interface(`term_getattr_generic_ptys',` | ||
21 | interface(`term_dontaudit_getattr_generic_ptys',` | ||
22 | gen_require(` | ||
23 | type devpts_t; | ||
24 | + type bsdpty_device_t; | ||
25 | ') | ||
26 | |||
27 | dontaudit $1 devpts_t:chr_file getattr; | ||
28 | + dontaudit $1 bsdpty_device_t:chr_file getattr; | ||
29 | ') | ||
30 | ######################################## | ||
31 | ## <summary> | ||
32 | @@ -641,11 +643,13 @@ interface(`term_dontaudit_getattr_generic_ptys',` | ||
33 | interface(`term_ioctl_generic_ptys',` | ||
34 | gen_require(` | ||
35 | type devpts_t; | ||
36 | + type bsdpty_device_t; | ||
37 | ') | ||
38 | |||
39 | dev_list_all_dev_nodes($1) | ||
40 | allow $1 devpts_t:dir search; | ||
41 | allow $1 devpts_t:chr_file ioctl; | ||
42 | + allow $1 bsdpty_device_t:chr_file ioctl; | ||
43 | ') | ||
44 | |||
45 | ######################################## | ||
46 | @@ -663,9 +667,11 @@ interface(`term_ioctl_generic_ptys',` | ||
47 | interface(`term_setattr_generic_ptys',` | ||
48 | gen_require(` | ||
49 | type devpts_t; | ||
50 | + type bsdpty_device_t; | ||
51 | ') | ||
52 | |||
53 | allow $1 devpts_t:chr_file setattr; | ||
54 | + allow $1 bsdpty_device_t:chr_file setattr; | ||
55 | ') | ||
56 | |||
57 | ######################################## | ||
58 | @@ -683,9 +689,11 @@ interface(`term_setattr_generic_ptys',` | ||
59 | interface(`term_dontaudit_setattr_generic_ptys',` | ||
60 | gen_require(` | ||
61 | type devpts_t; | ||
62 | + type bsdpty_device_t; | ||
63 | ') | ||
64 | |||
65 | dontaudit $1 devpts_t:chr_file setattr; | ||
66 | + dontaudit $1 bsdpty_device_t:chr_file setattr; | ||
67 | ') | ||
68 | |||
69 | ######################################## | ||
70 | @@ -703,11 +711,13 @@ interface(`term_dontaudit_setattr_generic_ptys',` | ||
71 | interface(`term_use_generic_ptys',` | ||
72 | gen_require(` | ||
73 | type devpts_t; | ||
74 | + type bsdpty_device_t; | ||
75 | ') | ||
76 | |||
77 | dev_list_all_dev_nodes($1) | ||
78 | allow $1 devpts_t:dir list_dir_perms; | ||
79 | allow $1 devpts_t:chr_file { rw_term_perms lock append }; | ||
80 | + allow $1 bsdpty_device_t:chr_file { rw_term_perms lock append }; | ||
81 | ') | ||
82 | |||
83 | ######################################## | ||
84 | @@ -725,9 +735,11 @@ interface(`term_use_generic_ptys',` | ||
85 | interface(`term_dontaudit_use_generic_ptys',` | ||
86 | gen_require(` | ||
87 | type devpts_t; | ||
88 | + type bsdpty_device_t; | ||
89 | ') | ||
90 | |||
91 | dontaudit $1 devpts_t:chr_file { getattr read write ioctl }; | ||
92 | + dontaudit $1 bsdpty_device_t:chr_file { getattr read write ioctl }; | ||
93 | ') | ||
94 | |||
95 | ####################################### | ||
96 | @@ -764,10 +776,12 @@ interface(`term_create_controlling_term',` | ||
97 | interface(`term_setattr_controlling_term',` | ||
98 | gen_require(` | ||
99 | type devtty_t; | ||
100 | + type bsdpty_device_t; | ||
101 | ') | ||
102 | |||
103 | dev_list_all_dev_nodes($1) | ||
104 | allow $1 devtty_t:chr_file setattr; | ||
105 | + allow $1 bsdpty_device_t:chr_file setattr; | ||
106 | ') | ||
107 | |||
108 | ######################################## | ||
109 | @@ -784,10 +798,12 @@ interface(`term_setattr_controlling_term',` | ||
110 | interface(`term_use_controlling_term',` | ||
111 | gen_require(` | ||
112 | type devtty_t; | ||
113 | + type bsdpty_device_t; | ||
114 | ') | ||
115 | |||
116 | dev_list_all_dev_nodes($1) | ||
117 | allow $1 devtty_t:chr_file { rw_term_perms lock append }; | ||
118 | + allow $1 bsdpty_device_t:chr_file { rw_term_perms lock append }; | ||
119 | ') | ||
120 | |||
121 | ####################################### | ||
122 | -- | ||
123 | 2.17.1 | ||
124 | |||