From 0d58268e290fe9dfa1c17d97b9ca7709aa53d595 Mon Sep 17 00:00:00 2001
From: Yi Zhao <yi.zhao@windriver.com>
Date: Wed, 11 Oct 2023 10:50:24 +0800
Subject: refpolicy: upgrade 20221101+git -> 20231002+git

* Switch branch to main.
* Update to latest git rev.
* Drop obsolete and useless patches.
* Refresh patches.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
---
 ...les-system-logging-add-rules-for-syslogd-.patch | 34 ++++++++++++++++++++++
 1 file changed, 34 insertions(+)
 create mode 100644 recipes-security/refpolicy/refpolicy/0029-policy-modules-system-logging-add-rules-for-syslogd-.patch

(limited to 'recipes-security/refpolicy/refpolicy/0029-policy-modules-system-logging-add-rules-for-syslogd-.patch')

diff --git a/recipes-security/refpolicy/refpolicy/0029-policy-modules-system-logging-add-rules-for-syslogd-.patch b/recipes-security/refpolicy/refpolicy/0029-policy-modules-system-logging-add-rules-for-syslogd-.patch
new file mode 100644
index 0000000..2889ee8
--- /dev/null
+++ b/recipes-security/refpolicy/refpolicy/0029-policy-modules-system-logging-add-rules-for-syslogd-.patch
@@ -0,0 +1,34 @@
+From a40442cbc570b9b028ebc1da0115bc368e165c29 Mon Sep 17 00:00:00 2001
+From: Joe MacDonald <joe_macdonald@mentor.com>
+Date: Fri, 29 Mar 2019 10:33:18 -0400
+Subject: [PATCH] policy/modules/system/logging: add rules for syslogd symlink
+ of /var/log
+
+We have added rules for the symlink of /var/log in logging.if, while
+syslogd_t uses /var/log but does not use the interfaces in logging.if. So
+still need add a individual rule for syslogd_t.
+
+Upstream-Status: Inappropriate [embedded specific]
+
+Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
+Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ policy/modules/system/logging.te | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
+index 9d9a01fcc..45584dba6 100644
+--- a/policy/modules/system/logging.te
++++ b/policy/modules/system/logging.te
+@@ -425,6 +425,7 @@ files_search_spool(syslogd_t)
+ 
+ # Allow access for syslog-ng
+ allow syslogd_t var_log_t:dir { create setattr };
++allow syslogd_t var_log_t:lnk_file read_lnk_file_perms;
+ 
+ # for systemd but can not be conditional
+ files_runtime_filetrans(syslogd_t, syslogd_tmp_t, dir, "log")
+-- 
+2.25.1
+
-- 
cgit v1.2.3-54-g00ecf