summaryrefslogtreecommitdiffstats
path: root/recipes-security/refpolicy/refpolicy/0059-policy-modules-system-setrans-allow-setrans_t-use-fd.patch
blob: 96d05880902d68fd3fa15a603205cb6ac1e7fa53 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30

From 5fa9e03a3b90f97e573a7724cd9d49b53730d083 Mon Sep 17 00:00:00 2001
From: Roy Li <rongqing.li@windriver.com>
Date: Sat, 22 Feb 2014 13:35:38 +0800
Subject: [PATCH] policy/modules/system/setrans: allow setrans_t use fd at any
 level

Upstream-Status: Inappropriate [embedded specific]

Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
 policy/modules/system/setrans.te | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/policy/modules/system/setrans.te b/policy/modules/system/setrans.te
index 25aadfc5f..564e2d4d1 100644
--- a/policy/modules/system/setrans.te
+++ b/policy/modules/system/setrans.te
@@ -73,6 +73,8 @@ mls_net_receive_all_levels(setrans_t)
 mls_socket_write_all_levels(setrans_t)
 mls_process_read_all_levels(setrans_t)
 mls_socket_read_all_levels(setrans_t)
+mls_fd_use_all_levels(setrans_t)
+mls_trusted_object(setrans_t)
 
 selinux_compute_access_vector(setrans_t)
 
-- 
2.17.1
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-06-11 08:15:53 +0000