summaryrefslogtreecommitdiffstats
path: root/recipes-security/refpolicy/refpolicy/0046-policy-modules-system-init-make-init_t-MLS-trusted-f.patch
diff options
context:
space:
mode:
Diffstat (limited to 'recipes-security/refpolicy/refpolicy/0046-policy-modules-system-init-make-init_t-MLS-trusted-f.patch')
-rw-r--r--recipes-security/refpolicy/refpolicy/0046-policy-modules-system-init-make-init_t-MLS-trusted-f.patch46
1 files changed, 46 insertions, 0 deletions
diff --git a/recipes-security/refpolicy/refpolicy/0046-policy-modules-system-init-make-init_t-MLS-trusted-f.patch b/recipes-security/refpolicy/refpolicy/0046-policy-modules-system-init-make-init_t-MLS-trusted-f.patch
new file mode 100644
index 0000000..b996aa3
--- /dev/null
+++ b/recipes-security/refpolicy/refpolicy/0046-policy-modules-system-init-make-init_t-MLS-trusted-f.patch
@@ -0,0 +1,46 @@
1From f2ff5081b1a98272c803ccfd24aeea91e8d5c368 Mon Sep 17 00:00:00 2001
2From: Wenzong Fan <wenzong.fan@windriver.com>
3Date: Fri, 15 Jan 2016 03:47:05 -0500
4Subject: [PATCH] policy/modules/system/init: make init_t MLS trusted for
5 lowering/raising the leve of files
6
7Fix security_validate_transition issues:
8
9 op=security_validate_transition seresult=denied \
10 oldcontext=system_u:object_r:device_t:s15:c0.c1023 \
11 newcontext=system_u:object_r:device_t:s0 \
12 taskcontext=system_u:system_r:init_t:s0-s15:c0.c1023 \
13 tclass=dir
14
15 op=security_validate_transition seresult=denied \
16 oldcontext=system_u:object_r:var_run_t:s0 \
17 newcontext=system_u:object_r:var_log_t:s0-s15:c0.c1023 \
18 taskcontext=system_u:system_r:init_t:s0-s15:c0.c1023 \
19 tclass=dir
20
21Upstream-Status: Inappropriate [embedded specific]
22
23Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
24Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
25---
26 policy/modules/system/init.te | 4 ++++
27 1 file changed, 4 insertions(+)
28
29diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
30index 809019873..be9c75155 100644
31--- a/policy/modules/system/init.te
32+++ b/policy/modules/system/init.te
33@@ -238,6 +238,10 @@ mls_process_write_all_levels(init_t)
34 mls_fd_use_all_levels(init_t)
35 mls_process_set_level(init_t)
36
37+# MLS trusted for lowering/raising the level of files
38+mls_file_downgrade(init_t)
39+mls_file_upgrade(init_t)
40+
41 # the following one is needed for libselinux:is_selinux_enabled()
42 # otherwise the call fails and sysvinit tries to load the policy
43 # again when using the initramfs
44--
452.25.1
46
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-05-09 17:37:55 +0000