1 files changed, 0 insertions, 71 deletions
diff --git a/recipes-security/refpolicy/refpolicy/0037-policy-modules-admin-usermanage-allow-useradd-to-rel.patch b/recipes-security/refpolicy/refpolicy/0037-policy-modules-admin-usermanage-allow-useradd-to-rel.patch
deleted file mode 100644
index 9465a3e..0000000
--- a/recipes-security/refpolicy/refpolicy/0037-policy-modules-admin-usermanage-allow-useradd-to-rel.patch
+++ /dev/null
@@ -1,71 +0,0 @@
-From 07866ad826b299194c1bfd7978e5077dde72a68e Mon Sep 17 00:00:00 2001
-From: Yi Zhao <yi.zhao@windriver.com>
-Date: Mon, 11 Oct 2021 10:10:10 +0800
-Subject: [PATCH] policy/modules/admin/usermanage: allow useradd to relabel
- user home files
-Fixes:
-avc: denied { relabelfrom } for pid=491 comm="useradd" name=".bashrc"
-dev="vda" ino=12641 scontext=root:sysadm_r:useradd_t
-tcontext=user_u:object_r:user_home_t tclass=file permissive=0
-Upstream-Status: Inappropriate [embedded specific]
-Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
- policy/modules/admin/usermanage.te  |  2 ++
- policy/modules/system/userdomain.if | 18 ++++++++++++++++++
- 2 files changed, 20 insertions(+)
-diff --git a/policy/modules/admin/usermanage.te b/policy/modules/admin/usermanage.te
-index 98646b4b4..50c479498 100644
--- a/policy/modules/admin/usermanage.te
-+++ b/policy/modules/admin/usermanage.te
-@@ -496,6 +496,7 @@ files_read_etc_runtime_files(useradd_t)
- 
- fs_search_auto_mountpoints(useradd_t)
- fs_getattr_xattr_fs(useradd_t)
-+fs_search_tmpfs(useradd_t)
- 
- mls_file_upgrade(useradd_t)
- 
-@@ -541,6 +542,7 @@ userdom_home_filetrans_user_home_dir(useradd_t)
- userdom_manage_user_home_content_dirs(useradd_t)
- userdom_manage_user_home_content_files(useradd_t)
- userdom_user_home_dir_filetrans_user_home_content(useradd_t, notdevfile_class_set)
-+userdom_relabel_user_home_content_files(useradd_t)
- 
- optional_policy(`
-        mta_manage_spool(useradd_t)
-diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
-index 22b3c1bf7..ec625170d 100644
--- a/policy/modules/system/userdomain.if
-+++ b/policy/modules/system/userdomain.if
-@@ -2362,6 +2362,24 @@ interface(`userdom_dontaudit_relabel_user_home_content_files',`
-        dontaudit $1 user_home_t:file relabel_file_perms;
- ')
- 
-+########################################
-+## <summary>
-+##     Relabel user home files.
-+## </summary>
-+## <param name="domain">
-+##     <summary>
-+##     Domain allowed access.
-+##     </summary>
-+## </param>
-+#
-+interface(`userdom_relabel_user_home_content_files',`
-+       gen_require(`
-+               type user_home_t;
-+       ')
-+
-+       allow $1 user_home_t:file relabel_file_perms;
-+')
-+
- ########################################
- ## <summary>
- ##     Read user home subdirectory symbolic links.
-- 
-2.17.1

diff --git a/recipes-security/refpolicy/refpolicy/0037-policy-modules-admin-usermanage-allow-useradd-to-rel.patch b/recipes-security/refpolicy/refpolicy/0037-policy-modules-admin-usermanage-allow-useradd-to-rel.patch deleted file mode 100644 index 9465a3e..0000000 --- a/recipes-security/refpolicy/refpolicy/0037-policy-modules-admin-usermanage-allow-useradd-to-rel.patch +++ /dev/null
@@ -1,71 +0,0 @@
1	From 07866ad826b299194c1bfd7978e5077dde72a68e Mon Sep 17 00:00:00 2001
2	From: Yi Zhao <yi.zhao@windriver.com>
3	Date: Mon, 11 Oct 2021 10:10:10 +0800
4	Subject: [PATCH] policy/modules/admin/usermanage: allow useradd to relabel
5	user home files
6
7	Fixes:
8	avc: denied { relabelfrom } for pid=491 comm="useradd" name=".bashrc"
9	dev="vda" ino=12641 scontext=root:sysadm_r:useradd_t
10	tcontext=user_u:object_r:user_home_t tclass=file permissive=0
11
12	Upstream-Status: Inappropriate [embedded specific]
13
14	Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
15	---
16	policy/modules/admin/usermanage.te \| 2 ++
17	policy/modules/system/userdomain.if \| 18 ++++++++++++++++++
18	2 files changed, 20 insertions(+)
19
20	diff --git a/policy/modules/admin/usermanage.te b/policy/modules/admin/usermanage.te
21	index 98646b4b4..50c479498 100644
22	--- a/policy/modules/admin/usermanage.te
23	+++ b/policy/modules/admin/usermanage.te
24	@@ -496,6 +496,7 @@ files_read_etc_runtime_files(useradd_t)
25
26	fs_search_auto_mountpoints(useradd_t)
27	fs_getattr_xattr_fs(useradd_t)
28	+fs_search_tmpfs(useradd_t)
29
30	mls_file_upgrade(useradd_t)
31
32	@@ -541,6 +542,7 @@ userdom_home_filetrans_user_home_dir(useradd_t)
33	userdom_manage_user_home_content_dirs(useradd_t)
34	userdom_manage_user_home_content_files(useradd_t)
35	userdom_user_home_dir_filetrans_user_home_content(useradd_t, notdevfile_class_set)
36	+userdom_relabel_user_home_content_files(useradd_t)
37
38	optional_policy(`
39	mta_manage_spool(useradd_t)
40	diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
41	index 22b3c1bf7..ec625170d 100644
42	--- a/policy/modules/system/userdomain.if
43	+++ b/policy/modules/system/userdomain.if
44	@@ -2362,6 +2362,24 @@ interface(`userdom_dontaudit_relabel_user_home_content_files',`
45	dontaudit $1 user_home_t:file relabel_file_perms;
46	')
47
48	+########################################
49	+## <summary>
50	+## Relabel user home files.
51	+## </summary>
52	+## <param name="domain">
53	+## <summary>
54	+## Domain allowed access.
55	+## </summary>
56	+## </param>
57	+#
58	+interface(`userdom_relabel_user_home_content_files',`
59	+ gen_require(`
60	+ type user_home_t;
61	+ ')
62	+
63	+ allow $1 user_home_t:file relabel_file_perms;
64	+')
65	+
66	########################################
67	## <summary>
68	## Read user home subdirectory symbolic links.
69	--
70	2.17.1
71