diff options
Diffstat (limited to 'recipes-security/refpolicy/refpolicy/0032-policy-modules-kernel-terminal-don-t-audit-tty_devic.patch')
-rw-r--r-- | recipes-security/refpolicy/refpolicy/0032-policy-modules-kernel-terminal-don-t-audit-tty_devic.patch | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/recipes-security/refpolicy/refpolicy/0032-policy-modules-kernel-terminal-don-t-audit-tty_devic.patch b/recipes-security/refpolicy/refpolicy/0032-policy-modules-kernel-terminal-don-t-audit-tty_devic.patch new file mode 100644 index 0000000..b3dd24f --- /dev/null +++ b/recipes-security/refpolicy/refpolicy/0032-policy-modules-kernel-terminal-don-t-audit-tty_devic.patch @@ -0,0 +1,38 @@ +From 3da00356bee8be72115652850d535c9ec5f1b333 Mon Sep 17 00:00:00 2001 +From: Xin Ouyang <Xin.Ouyang@windriver.com> +Date: Thu, 22 Aug 2013 13:37:23 +0800 +Subject: [PATCH] policy/modules/kernel/terminal: don't audit tty_device_t in + term_dontaudit_use_console + +We should also not audit terminal to rw tty_device_t and fds in +term_dontaudit_use_console. + +Upstream-Status: Inappropriate [embedded specific] + +Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com> +Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com> +Signed-off-by: Yi Zhao <yi.zhao@windriver.com> +--- + policy/modules/kernel/terminal.if | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/policy/modules/kernel/terminal.if b/policy/modules/kernel/terminal.if +index e5645c7c5..6e9f654ac 100644 +--- a/policy/modules/kernel/terminal.if ++++ b/policy/modules/kernel/terminal.if +@@ -335,9 +335,12 @@ interface(`term_use_console',` + interface(`term_dontaudit_use_console',` + gen_require(` + type console_device_t; ++ type tty_device_t; + ') + ++ init_dontaudit_use_fds($1) + dontaudit $1 console_device_t:chr_file rw_chr_file_perms; ++ dontaudit $1 tty_device_t:chr_file rw_chr_file_perms; + ') + + ######################################## +-- +2.25.1 + |