diff options
Diffstat (limited to 'recipes-security/refpolicy/refpolicy/0080-policy-modules-services-avahi-make-avahi_t-MLS-trust.patch')
-rw-r--r-- | recipes-security/refpolicy/refpolicy/0080-policy-modules-services-avahi-make-avahi_t-MLS-trust.patch | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/recipes-security/refpolicy/refpolicy/0080-policy-modules-services-avahi-make-avahi_t-MLS-trust.patch b/recipes-security/refpolicy/refpolicy/0080-policy-modules-services-avahi-make-avahi_t-MLS-trust.patch new file mode 100644 index 0000000..2b1ab6f --- /dev/null +++ b/recipes-security/refpolicy/refpolicy/0080-policy-modules-services-avahi-make-avahi_t-MLS-trust.patch | |||
@@ -0,0 +1,29 @@ | |||
1 | From 0a2e2a58a645bd99242ac5ec60f17fab26a80bf9 Mon Sep 17 00:00:00 2001 | ||
2 | From: Yi Zhao <yi.zhao@windriver.com> | ||
3 | Date: Tue, 23 Jun 2020 08:19:16 +0800 | ||
4 | Subject: [PATCH] policy/modules/services/avahi: make avahi_t MLS trusted for | ||
5 | reading from files up to its clearance | ||
6 | |||
7 | Upstream-Status: Inappropriate [embedded specific] | ||
8 | |||
9 | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> | ||
10 | --- | ||
11 | policy/modules/services/avahi.te | 2 ++ | ||
12 | 1 file changed, 2 insertions(+) | ||
13 | |||
14 | diff --git a/policy/modules/services/avahi.te b/policy/modules/services/avahi.te | ||
15 | index 5643349e3..5994ff3d5 100644 | ||
16 | --- a/policy/modules/services/avahi.te | ||
17 | +++ b/policy/modules/services/avahi.te | ||
18 | @@ -95,6 +95,8 @@ sysnet_etc_filetrans_config(avahi_t) | ||
19 | userdom_dontaudit_use_unpriv_user_fds(avahi_t) | ||
20 | userdom_dontaudit_search_user_home_dirs(avahi_t) | ||
21 | |||
22 | +mls_file_read_to_clearance(avahi_t) | ||
23 | + | ||
24 | optional_policy(` | ||
25 | dbus_system_domain(avahi_t, avahi_exec_t) | ||
26 | |||
27 | -- | ||
28 | 2.17.1 | ||
29 | |||