1 files changed, 0 insertions, 65 deletions
diff --git a/recipes-security/refpolicy/refpolicy/0044-policy-modules-services-rngd-fix-security-context-fo.patch b/recipes-security/refpolicy/refpolicy/0044-policy-modules-services-rngd-fix-security-context-fo.patch
deleted file mode 100644
index 7bd1402..0000000
--- a/recipes-security/refpolicy/refpolicy/0044-policy-modules-services-rngd-fix-security-context-fo.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-From 5dbfff582a9c7745f8517adefb27c5f90653f8fa Mon Sep 17 00:00:00 2001
-From: Wenzong Fan <wenzong.fan@windriver.com>
-Date: Wed, 25 May 2016 03:16:24 -0400
-Subject: [PATCH] policy/modules/services/rngd: fix security context for
- rng-tools
-* Fix security context for /etc/init.d/rng-tools
-* Allow rngd_t to read sysfs
-Fixes:
-avc: denied { read } for pid=355 comm="rngd" name="cpu" dev="sysfs"
-ino=36 scontext=system_u:system_r:rngd_t
-tcontext=system_u:object_r:sysfs_t tclass=dir permissive=1
-avc: denied { getsched } for pid=355 comm="rngd"
-scontext=system_u:system_r:rngd_t tcontext=system_u:system_r:rngd_t
-tclass=process permissive=1
-avc: denied { setsched } for pid=355 comm="rngd"
-scontext=system_u:system_r:rngd_t tcontext=system_u:system_r:rngd_t
-tclass=process permissive=1
-Upstream-Status: Inappropriate [embedded specific]
-Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
-Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
- policy/modules/services/rngd.fc | 1 +
- policy/modules/services/rngd.te | 3 ++-
- 2 files changed, 3 insertions(+), 1 deletion(-)
-diff --git a/policy/modules/services/rngd.fc b/policy/modules/services/rngd.fc
-index 382c067f9..0ecc5acc4 100644
--- a/policy/modules/services/rngd.fc
-+++ b/policy/modules/services/rngd.fc
-@@ -1,4 +1,5 @@
- /etc/rc\.d/init\.d/rngd        --      gen_context(system_u:object_r:rngd_initrc_exec_t,s0)
-+/etc/rc\.d/init\.d/rng-tools   --      gen_context(system_u:object_r:rngd_initrc_exec_t,s0)
- 
- /usr/bin/rngd  --      gen_context(system_u:object_r:rngd_exec_t,s0)
- 
-diff --git a/policy/modules/services/rngd.te b/policy/modules/services/rngd.te
-index 4540e4ec7..48f08fb48 100644
--- a/policy/modules/services/rngd.te
-+++ b/policy/modules/services/rngd.te
-@@ -21,7 +21,7 @@ files_runtime_file(rngd_runtime_t)
- #
- 
- allow rngd_t self:capability { ipc_lock sys_admin };
-allow rngd_t self:process signal;
-+allow rngd_t self:process { signal getsched setsched };
- allow rngd_t self:fifo_file rw_fifo_file_perms;
- allow rngd_t self:unix_stream_socket { accept listen };
- 
-@@ -34,6 +34,7 @@ dev_read_rand(rngd_t)
- dev_read_urand(rngd_t)
- dev_rw_tpm(rngd_t)
- dev_write_rand(rngd_t)
-+dev_read_sysfs(rngd_t)
- 
- files_read_etc_files(rngd_t)
- 
-- 
-2.17.1

diff --git a/recipes-security/refpolicy/refpolicy/0044-policy-modules-services-rngd-fix-security-context-fo.patch b/recipes-security/refpolicy/refpolicy/0044-policy-modules-services-rngd-fix-security-context-fo.patch deleted file mode 100644 index 7bd1402..0000000 --- a/recipes-security/refpolicy/refpolicy/0044-policy-modules-services-rngd-fix-security-context-fo.patch +++ /dev/null
@@ -1,65 +0,0 @@
1	From 5dbfff582a9c7745f8517adefb27c5f90653f8fa Mon Sep 17 00:00:00 2001
2	From: Wenzong Fan <wenzong.fan@windriver.com>
3	Date: Wed, 25 May 2016 03:16:24 -0400
4	Subject: [PATCH] policy/modules/services/rngd: fix security context for
5	rng-tools
6
7	* Fix security context for /etc/init.d/rng-tools
8	* Allow rngd_t to read sysfs
9
10	Fixes:
11	avc: denied { read } for pid=355 comm="rngd" name="cpu" dev="sysfs"
12	ino=36 scontext=system_u:system_r:rngd_t
13	tcontext=system_u:object_r:sysfs_t tclass=dir permissive=1
14
15	avc: denied { getsched } for pid=355 comm="rngd"
16	scontext=system_u:system_r:rngd_t tcontext=system_u:system_r:rngd_t
17	tclass=process permissive=1
18
19	avc: denied { setsched } for pid=355 comm="rngd"
20	scontext=system_u:system_r:rngd_t tcontext=system_u:system_r:rngd_t
21	tclass=process permissive=1
22
23	Upstream-Status: Inappropriate [embedded specific]
24
25	Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
26	Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
27	---
28	policy/modules/services/rngd.fc \| 1 +
29	policy/modules/services/rngd.te \| 3 ++-
30	2 files changed, 3 insertions(+), 1 deletion(-)
31
32	diff --git a/policy/modules/services/rngd.fc b/policy/modules/services/rngd.fc
33	index 382c067f9..0ecc5acc4 100644
34	--- a/policy/modules/services/rngd.fc
35	+++ b/policy/modules/services/rngd.fc
36	@@ -1,4 +1,5 @@
37	/etc/rc\.d/init\.d/rngd -- gen_context(system_u:object_r:rngd_initrc_exec_t,s0)
38	+/etc/rc\.d/init\.d/rng-tools -- gen_context(system_u:object_r:rngd_initrc_exec_t,s0)
39
40	/usr/bin/rngd -- gen_context(system_u:object_r:rngd_exec_t,s0)
41
42	diff --git a/policy/modules/services/rngd.te b/policy/modules/services/rngd.te
43	index 4540e4ec7..48f08fb48 100644
44	--- a/policy/modules/services/rngd.te
45	+++ b/policy/modules/services/rngd.te
46	@@ -21,7 +21,7 @@ files_runtime_file(rngd_runtime_t)
47	#
48
49	allow rngd_t self:capability { ipc_lock sys_admin };
50	-allow rngd_t self:process signal;
51	+allow rngd_t self:process { signal getsched setsched };
52	allow rngd_t self:fifo_file rw_fifo_file_perms;
53	allow rngd_t self:unix_stream_socket { accept listen };
54
55	@@ -34,6 +34,7 @@ dev_read_rand(rngd_t)
56	dev_read_urand(rngd_t)
57	dev_rw_tpm(rngd_t)
58	dev_write_rand(rngd_t)
59	+dev_read_sysfs(rngd_t)
60
61	files_read_etc_files(rngd_t)
62
63	--
64	2.17.1
65