summaryrefslogtreecommitdiffstats
path: root/recipes-security/refpolicy/refpolicy/0056-policy-modules-system-systemd-allow-systemd_backligh.patch
blob: 1c1b459575f29e6fdf14a2eb89dba5472d4b90ed (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35

From 8b0bb1e349e2ea021acec1639be0802ac4d7d0c2 Mon Sep 17 00:00:00 2001
From: Yi Zhao <yi.zhao@windriver.com>
Date: Thu, 4 Feb 2021 15:13:50 +0800
Subject: [PATCH] policy/modules/system/systemd: allow systemd_backlight_t to
 read kernel sysctl

Fixes:
avc:  denied  { search } for  pid=354 comm="systemd-backlig" name="sys"
dev="proc" ino=4026531854
scontext=system_u:system_r:systemd_backlight_t:s0-s15:c0.c1023
tcontext=system_u:object_r:sysctl_t:s0 tclass=dir permissive=0

Upstream-Status: Inappropriate [embedded specific]

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
 policy/modules/system/systemd.te | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
index c1111198d..7d2ba2796 100644
--- a/policy/modules/system/systemd.te
+++ b/policy/modules/system/systemd.te
@@ -324,6 +324,8 @@ udev_read_runtime_files(systemd_backlight_t)
 
 files_search_var_lib(systemd_backlight_t)
 
+kernel_read_kernel_sysctls(systemd_backlight_t)
+
 #######################################
 #
 # Binfmt local policy
-- 
2.17.1
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-06-11 08:21:10 +0000