refpolicy*: remove old version recipes and patches.

Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>

44 files changed, 0 insertions, 2380 deletions

diff --git a/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-cgroup.patch b/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-cgroup.patch
deleted file mode 100644
index e5cfaa1..0000000
--- a/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-cgroup.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-Subject: [PATCH] refpolicy: fix real path for cgroup
-
-Upstream-Status: Inappropriate [configuration]
-
-Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
----
- policy/modules/contrib/cgroup.fc | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/policy/modules/contrib/cgroup.fc b/policy/modules/contrib/cgroup.fc
-index b6bb46c..e214727 100644
---- a/policy/modules/contrib/cgroup.fc
-+++ b/policy/modules/contrib/cgroup.fc
-@@ -10,6 +10,9 @@
- /sbin/cgconfigparser           --      gen_context(system_u:object_r:cgconfig_exec_t,s0)
- /sbin/cgrulesengd              --      gen_context(system_u:object_r:cgred_exec_t,s0)
- /sbin/cgclear                  --      gen_context(system_u:object_r:cgclear_exec_t,s0)
-+/usr/sbin/cgconfigparser               --      gen_context(system_u:object_r:cgconfig_exec_t,s0)
-+/usr/sbin/cgrulesengd          --      gen_context(system_u:object_r:cgred_exec_t,s0)
-+/usr/sbin/cgclear                      --      gen_context(system_u:object_r:cgclear_exec_t,s0)
- 
- /var/log/cgrulesengd\.log      --      gen_context(system_u:object_r:cgred_log_t,s0)
- /var/run/cgred.*                       gen_context(system_u:object_r:cgred_var_run_t,s0)
--- 
-1.7.11.7
-
diff --git a/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-clock.patch b/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-clock.patch
deleted file mode 100644
index 3ff8f55..0000000
--- a/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-clock.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-Subject: [PATCH] refpolicy: fix real path for clock
-
-Upstream-Status: Inappropriate [configuration]
-
-Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
----
- policy/modules/system/clock.fc | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/policy/modules/system/clock.fc b/policy/modules/system/clock.fc
-index c5e05ca..a74c40c 100644
---- a/policy/modules/system/clock.fc
-+++ b/policy/modules/system/clock.fc
-@@ -2,4 +2,5 @@
- /etc/adjtime           --      gen_context(system_u:object_r:adjtime_t,s0)
- 
- /sbin/hwclock          --      gen_context(system_u:object_r:hwclock_exec_t,s0)
-+/sbin/hwclock\.util-linux      --      gen_context(system_u:object_r:hwclock_exec_t,s0)
- 
--- 
-1.7.11.7
-
diff --git a/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-corecommands.patch b/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-corecommands.patch
deleted file mode 100644
index 24b67c3..0000000
--- a/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-corecommands.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-Subject: [PATCH] refpolicy: fix real path for corecommands
-
-Upstream-Status: Inappropriate [configuration]
-
-Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
----
- policy/modules/kernel/corecommands.fc | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc
-index f051c4a..ab624f3 100644
---- a/policy/modules/kernel/corecommands.fc
-+++ b/policy/modules/kernel/corecommands.fc
-@@ -153,6 +153,7 @@ ifdef(`distro_gentoo',`
- /sbin/insmod_ksymoops_clean    --      gen_context(system_u:object_r:bin_t,s0)
- /sbin/mkfs\.cramfs             --      gen_context(system_u:object_r:bin_t,s0)
- /sbin/nologin                  --      gen_context(system_u:object_r:shell_exec_t,s0)
-+/usr/sbin/nologin              --      gen_context(system_u:object_r:shell_exec_t,s0)
- 
- #
- # /opt
--- 
-1.7.11.7
-
diff --git a/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-dmesg.patch b/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-dmesg.patch
deleted file mode 100644
index db4c4d4..0000000
--- a/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-dmesg.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-Subject: [PATCH] refpolicy: fix real path for dmesg
-
-Upstream-Status: Inappropriate [configuration]
-
-Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
----
- policy/modules/admin/dmesg.fc | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/policy/modules/admin/dmesg.fc b/policy/modules/admin/dmesg.fc
-index d6cc2d9..7f3e5b0 100644
---- a/policy/modules/admin/dmesg.fc
-+++ b/policy/modules/admin/dmesg.fc
-@@ -1,2 +1,3 @@
- 
- /bin/dmesg             --              gen_context(system_u:object_r:dmesg_exec_t,s0)
-+/bin/dmesg\.util-linux --              gen_context(system_u:object_r:dmesg_exec_t,s0)
--- 
-1.7.11.7
-
diff --git a/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-fix-bind.patch b/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-fix-bind.patch
deleted file mode 100644
index 95ed172..0000000
--- a/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-fix-bind.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-Subject: [PATCH] refpolicy: fix real path for bind.
-
-Upstream-Status: Inappropriate [configuration] 
-
-Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
----
- policy/modules/contrib/bind.fc |    9 +++++++++
- 1 file changed, 9 insertions(+)
-
-diff --git a/policy/modules/contrib/bind.fc b/policy/modules/contrib/bind.fc
-index 59aa54f..3275671 100644
---- a/policy/modules/contrib/bind.fc
-+++ b/policy/modules/contrib/bind.fc
-@@ -1,10 +1,19 @@
- /etc/rc\.d/init\.d/named --    gen_context(system_u:object_r:named_initrc_exec_t,s0)
-+/etc/rc\.d/init\.d/bind  --    gen_context(system_u:object_r:named_initrc_exec_t,s0)
- /etc/rc\.d/init\.d/unbound --  gen_context(system_u:object_r:named_initrc_exec_t,s0)
- 
- /etc/rndc.*            --      gen_context(system_u:object_r:named_conf_t,s0)
- /etc/rndc\.key                 --      gen_context(system_u:object_r:dnssec_t,s0)
- /etc/unbound(/.*)?             gen_context(system_u:object_r:named_conf_t,s0)
- 
-+/etc/bind(/.*)?                 gen_context(system_u:object_r:named_zone_t,s0)
-+/etc/bind/named\.conf   --      gen_context(system_u:object_r:named_conf_t,s0)
-+/etc/bind/named\.conf\.local -- gen_context(system_u:object_r:named_conf_t,s0)
-+/etc/bind/named\.conf\.options -- gen_context(system_u:object_r:named_conf_t,s0)
-+/etc/bind/rndc\.conf    --      gen_context(system_u:object_r:named_conf_t,s0)
-+/etc/bind/rndc\.key     --      gen_context(system_u:object_r:dnssec_t,s0)
-+/var/cache/bind(/.*)?           gen_context(system_u:object_r:named_cache_t,s0)
-+
- /usr/sbin/lwresd       --      gen_context(system_u:object_r:named_exec_t,s0)
- /usr/sbin/named                --      gen_context(system_u:object_r:named_exec_t,s0)
- /usr/sbin/named-checkconf --   gen_context(system_u:object_r:named_checkconf_exec_t,s0)
--- 
-1.7.9.5
-
diff --git a/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-fix-portmap.patch b/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-fix-portmap.patch
deleted file mode 100644
index 25d449d..0000000
--- a/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-fix-portmap.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-Subject: [PATCH] refpolicy: fix real path for portmap.
-
-Fix file contexts for portmap files to match the oe-core install
-paths.
-
-Upstream-Status: Inappropriate [configuration]
-
-Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
----
- policy/modules/contrib/portmap.fc |    7 ++-----
- 1 file changed, 2 insertions(+), 5 deletions(-)
-
-diff --git a/policy/modules/contrib/portmap.fc b/policy/modules/contrib/portmap.fc
-index 3cdcd9f..3faf697 100644
---- a/policy/modules/contrib/portmap.fc
-+++ b/policy/modules/contrib/portmap.fc
-@@ -5,12 +5,9 @@ ifdef(`distro_debian',`
- /sbin/pmap_dump                --      gen_context(system_u:object_r:portmap_helper_exec_t,s0)
- /sbin/pmap_set         --      gen_context(system_u:object_r:portmap_helper_exec_t,s0)
- ', `
--/usr/sbin/pmap_dump    --      gen_context(system_u:object_r:portmap_helper_exec_t,s0)
--/usr/sbin/pmap_set     --      gen_context(system_u:object_r:portmap_helper_exec_t,s0)
-+/sbin/pmap_dump        --      gen_context(system_u:object_r:portmap_helper_exec_t,s0)
-+/sbin/pmap_set --      gen_context(system_u:object_r:portmap_helper_exec_t,s0)
- ')
- 
- /var/run/portmap\.upgrade-state -- gen_context(system_u:object_r:portmap_var_run_t,s0)
--
--ifdef(`distro_debian',`
- /var/run/portmap_mapping --    gen_context(system_u:object_r:portmap_var_run_t,s0)
--')
--- 
-1.7.9.5
-
diff --git a/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-fix-prefix-path_rpc.patch b/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-fix-prefix-path_rpc.patch
deleted file mode 100644
index ef7287c..0000000
--- a/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-fix-prefix-path_rpc.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-Subject: [PATCH] fc: fix prefix path for rpc*
-
-rpc* packages have installed files with the /usr prefix in poky, so fix 
-file contexts for them.
-
-Upstream-Status: Inappropriate [only for Poky]
-
-Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
----
- policy/modules/contrib/rpc.fc     |    4 ++--
- policy/modules/contrib/rpcbind.fc |    2 +-
- 2 files changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/policy/modules/contrib/rpc.fc b/policy/modules/contrib/rpc.fc
-index 5c70c0c..52db849 100644
---- a/policy/modules/contrib/rpc.fc
-+++ b/policy/modules/contrib/rpc.fc
-@@ -9,8 +9,8 @@
- #
- # /sbin
- #
--/sbin/rpc\..*          --      gen_context(system_u:object_r:rpcd_exec_t,s0)
--/sbin/sm-notify                --      gen_context(system_u:object_r:rpcd_exec_t,s0)
-+/usr/sbin/rpc\..*      --      gen_context(system_u:object_r:rpcd_exec_t,s0)
-+/usr/sbin/sm-notify            --      gen_context(system_u:object_r:rpcd_exec_t,s0)
- 
- #
- # /usr
-diff --git a/policy/modules/contrib/rpcbind.fc b/policy/modules/contrib/rpcbind.fc
-index f5c47d6..3cd9e62 100644
---- a/policy/modules/contrib/rpcbind.fc
-+++ b/policy/modules/contrib/rpcbind.fc
-@@ -1,6 +1,6 @@
- /etc/rc\.d/init\.d/rpcbind     --      gen_context(system_u:object_r:rpcbind_initrc_exec_t,s0)
- 
--/sbin/rpcbind          --      gen_context(system_u:object_r:rpcbind_exec_t,s0)
-+/usr/sbin/rpcbind      --      gen_context(system_u:object_r:rpcbind_exec_t,s0)
- 
- /var/lib/rpcbind(/.*)?         gen_context(system_u:object_r:rpcbind_var_lib_t,s0)
- 
--- 
-1.7.5.4
-
diff --git a/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-fix-real-path_login.patch b/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-fix-real-path_login.patch
deleted file mode 100644
index 427181e..0000000
--- a/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-fix-real-path_login.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-Subject: [PATCH] fix real path for login commands.
-
-Upstream-Status: Inappropriate [only for Poky]
-
-Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
----
- policy/modules/system/authlogin.fc |    7 ++++---
- 1 files changed, 4 insertions(+), 3 deletions(-)
-
-diff --git a/policy/modules/system/authlogin.fc b/policy/modules/system/authlogin.fc
-index 28ad538..c8dd17f 100644
---- a/policy/modules/system/authlogin.fc
-+++ b/policy/modules/system/authlogin.fc
-@@ -1,5 +1,7 @@
- 
- /bin/login             --      gen_context(system_u:object_r:login_exec_t,s0)
-+/bin/login\.shadow     --      gen_context(system_u:object_r:login_exec_t,s0)
-+/bin/login\.tinylogin  --      gen_context(system_u:object_r:login_exec_t,s0)
- 
- /etc/\.pwd\.lock       --      gen_context(system_u:object_r:shadow_t,s0)
- /etc/group\.lock       --      gen_context(system_u:object_r:shadow_t,s0)
-@@ -9,9 +11,9 @@
- 
- /sbin/pam_console_apply         --     gen_context(system_u:object_r:pam_console_exec_t,s0)
- /sbin/pam_timestamp_check --   gen_context(system_u:object_r:pam_exec_t,s0)
--/sbin/unix_chkpwd      --      gen_context(system_u:object_r:chkpwd_exec_t,s0)
--/sbin/unix_update      --      gen_context(system_u:object_r:updpwd_exec_t,s0)
--/sbin/unix_verify      --      gen_context(system_u:object_r:chkpwd_exec_t,s0)
-+/usr/sbin/unix_chkpwd  --      gen_context(system_u:object_r:chkpwd_exec_t,s0)
-+/usr/sbin/unix_update  --      gen_context(system_u:object_r:updpwd_exec_t,s0)
-+/usr/sbin/unix_verify  --      gen_context(system_u:object_r:chkpwd_exec_t,s0)
- ifdef(`distro_suse', `
- /sbin/unix2_chkpwd     --      gen_context(system_u:object_r:chkpwd_exec_t,s0)
- ')
--- 
-1.7.5.4
-
diff --git a/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-fix-real-path_resolv.conf.patch b/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-fix-real-path_resolv.conf.patch
deleted file mode 100644
index 80cca67..0000000
--- a/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-fix-real-path_resolv.conf.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-Subject: [PATCH] fix real path for resolv.conf
-
-Upstream-Status: Inappropriate [only for Poky]
-
-Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
----
- policy/modules/system/sysnetwork.fc |    1 +
- 1 files changed, 1 insertions(+), 0 deletions(-)
-
-diff --git a/policy/modules/system/sysnetwork.fc b/policy/modules/system/sysnetwork.fc
-index 346a7cc..dec8632 100644
---- a/policy/modules/system/sysnetwork.fc
-+++ b/policy/modules/system/sysnetwork.fc
-@@ -24,6 +24,7 @@ ifdef(`distro_debian',`
- /etc/hosts\.deny.*     --      gen_context(system_u:object_r:net_conf_t,s0)
- /etc/denyhosts.*       --      gen_context(system_u:object_r:net_conf_t,s0)
- /etc/resolv\.conf.*    --      gen_context(system_u:object_r:net_conf_t,s0)
-+/var/run/resolv\.conf.*        --      gen_context(system_u:object_r:net_conf_t,s0)
- /etc/yp\.conf.*                --      gen_context(system_u:object_r:net_conf_t,s0)
- 
- /etc/dhcp3(/.*)?               gen_context(system_u:object_r:dhcp_etc_t,s0)
--- 
-1.7.5.4
-
diff --git a/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-fix-real-path_shadow.patch b/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-fix-real-path_shadow.patch
deleted file mode 100644
index 29ac2c3..0000000
--- a/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-fix-real-path_shadow.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-Subject: [PATCH] fix real path for shadow commands.
-
-Upstream-Status: Inappropriate [only for Poky]
-
-Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
----
- policy/modules/admin/usermanage.fc |    6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/policy/modules/admin/usermanage.fc b/policy/modules/admin/usermanage.fc
-index f82f0ce..841ba9b 100644
---- a/policy/modules/admin/usermanage.fc
-+++ b/policy/modules/admin/usermanage.fc
-@@ -4,11 +4,17 @@ ifdef(`distro_gentoo',`
- 
- /usr/bin/chage         --      gen_context(system_u:object_r:passwd_exec_t,s0)
- /usr/bin/chfn          --      gen_context(system_u:object_r:chfn_exec_t,s0)
-+/usr/bin/chfn\.shadow  --      gen_context(system_u:object_r:chfn_exec_t,s0)
- /usr/bin/chsh          --      gen_context(system_u:object_r:chfn_exec_t,s0)
-+/usr/bin/chsh\.shadow  --      gen_context(system_u:object_r:chfn_exec_t,s0)
- /usr/bin/gpasswd       --      gen_context(system_u:object_r:groupadd_exec_t,s0)
- /usr/bin/passwd                --      gen_context(system_u:object_r:passwd_exec_t,s0)
-+/usr/bin/passwd\.shadow        --      gen_context(system_u:object_r:passwd_exec_t,s0)
-+/usr/bin/passwd\.tinylogin     --      gen_context(system_u:object_r:passwd_exec_t,s0)
- /usr/bin/vigr          --      gen_context(system_u:object_r:admin_passwd_exec_t,s0)
-+/sbin/vigr\.shadow     --      gen_context(system_u:object_r:admin_passwd_exec_t,s0)
- /usr/bin/vipw          --      gen_context(system_u:object_r:admin_passwd_exec_t,s0)
-+/sbin/vipw\.shadow     --      gen_context(system_u:object_r:admin_passwd_exec_t,s0)
- 
- /usr/lib/cracklib_dict.* --    gen_context(system_u:object_r:crack_db_t,s0)
- 
--- 
-1.7.9.5
-
diff --git a/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-fstools.patch b/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-fstools.patch
deleted file mode 100644
index b74f8d3..0000000
--- a/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-fstools.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-Subject: [PATCH] refpolicy: fix real path for fstools
-
-Upstream-Status: Inappropriate [configuration]
-
-Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
----
- policy/modules/system/fstools.fc | 11 +++++++++++
- 1 file changed, 11 insertions(+)
-
-diff --git a/policy/modules/system/fstools.fc b/policy/modules/system/fstools.fc
-index a97a096..d996b29 100644
---- a/policy/modules/system/fstools.fc
-+++ b/policy/modules/system/fstools.fc
-@@ -1,6 +1,8 @@
- /sbin/badblocks                --      gen_context(system_u:object_r:fsadm_exec_t,s0)
- /sbin/blkid            --      gen_context(system_u:object_r:fsadm_exec_t,s0)
-+/sbin/blkid\.util-linux        --      gen_context(system_u:object_r:fsadm_exec_t,s0)
- /sbin/blockdev         --      gen_context(system_u:object_r:fsadm_exec_t,s0)
-+/sbin/blockdev\.util-linux     --      gen_context(system_u:object_r:fsadm_exec_t,s0)
- /sbin/cfdisk           --      gen_context(system_u:object_r:fsadm_exec_t,s0)
- /sbin/dosfsck          --      gen_context(system_u:object_r:fsadm_exec_t,s0)
- /sbin/dump             --      gen_context(system_u:object_r:fsadm_exec_t,s0)
-@@ -9,9 +11,12 @@
- /sbin/e4fsck           --      gen_context(system_u:object_r:fsadm_exec_t,s0)
- /sbin/e2label          --      gen_context(system_u:object_r:fsadm_exec_t,s0)
- /sbin/fdisk            --      gen_context(system_u:object_r:fsadm_exec_t,s0)
-+/sbin/fdisk\.util-linux        --      gen_context(system_u:object_r:fsadm_exec_t,s0)
- /sbin/findfs           --      gen_context(system_u:object_r:fsadm_exec_t,s0)
-+/usr/sbin/findfs       --      gen_context(system_u:object_r:fsadm_exec_t,s0)
- /sbin/fsck.*           --      gen_context(system_u:object_r:fsadm_exec_t,s0)
- /sbin/hdparm           --      gen_context(system_u:object_r:fsadm_exec_t,s0)
-+/sbin/hdparm\.hdparm   --      gen_context(system_u:object_r:fsadm_exec_t,s0)
- /sbin/install-mbr      --      gen_context(system_u:object_r:fsadm_exec_t,s0)
- /sbin/jfs_.*           --      gen_context(system_u:object_r:fsadm_exec_t,s0)
- /sbin/losetup.*                --      gen_context(system_u:object_r:fsadm_exec_t,s0)
-@@ -24,20 +29,26 @@
- /sbin/mkraid           --      gen_context(system_u:object_r:fsadm_exec_t,s0)
- /sbin/mkreiserfs       --      gen_context(system_u:object_r:fsadm_exec_t,s0)
- /sbin/mkswap           --      gen_context(system_u:object_r:fsadm_exec_t,s0)
-+/sbin/mkswap\.util-linux       --      gen_context(system_u:object_r:fsadm_exec_t,s0)
- /sbin/parted           --      gen_context(system_u:object_r:fsadm_exec_t,s0)
-+/usr/sbin/parted       --      gen_context(system_u:object_r:fsadm_exec_t,s0)
- /sbin/partprobe                --      gen_context(system_u:object_r:fsadm_exec_t,s0)
-+/usr/sbin/partprobe            --      gen_context(system_u:object_r:fsadm_exec_t,s0)
- /sbin/partx            --      gen_context(system_u:object_r:fsadm_exec_t,s0)
-+/usr/sbin/partx                --      gen_context(system_u:object_r:fsadm_exec_t,s0)
- /sbin/raidautorun      --      gen_context(system_u:object_r:fsadm_exec_t,s0)
- /sbin/raidstart                --      gen_context(system_u:object_r:fsadm_exec_t,s0)
- /sbin/reiserfs(ck|tune)        --      gen_context(system_u:object_r:fsadm_exec_t,s0)
- /sbin/resize.*fs       --      gen_context(system_u:object_r:fsadm_exec_t,s0)
- /sbin/scsi_info                --      gen_context(system_u:object_r:fsadm_exec_t,s0)
- /sbin/sfdisk           --      gen_context(system_u:object_r:fsadm_exec_t,s0)
-+/usr/sbin/sfdisk               --      gen_context(system_u:object_r:fsadm_exec_t,s0)
- /sbin/swapon.*         --      gen_context(system_u:object_r:fsadm_exec_t,s0)
- /sbin/tune2fs          --      gen_context(system_u:object_r:fsadm_exec_t,s0)
- 
- /usr/bin/partition_uuid        --      gen_context(system_u:object_r:fsadm_exec_t,s0)
- /usr/bin/raw           --      gen_context(system_u:object_r:fsadm_exec_t,s0)
-+/usr/sbin/raw          --      gen_context(system_u:object_r:fsadm_exec_t,s0)
- /usr/bin/scsi_unique_id        --      gen_context(system_u:object_r:fsadm_exec_t,s0)
- /usr/bin/syslinux      --      gen_context(system_u:object_r:fsadm_exec_t,s0)
- 
--- 
-1.7.11.7
-
diff --git a/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-iptables.patch b/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-iptables.patch
deleted file mode 100644
index 89b1547..0000000
--- a/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-iptables.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-Subject: [PATCH] refpolicy: fix real path for iptables
-
-Upstream-Status: Inappropriate [configuration]
-
-Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
----
- policy/modules/system/iptables.fc | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/policy/modules/system/iptables.fc b/policy/modules/system/iptables.fc
-index 14cffd2..84ac92b 100644
---- a/policy/modules/system/iptables.fc
-+++ b/policy/modules/system/iptables.fc
-@@ -13,6 +13,7 @@
- /sbin/ipvsadm-restore          --      gen_context(system_u:object_r:iptables_exec_t,s0)
- /sbin/ipvsadm-save             --      gen_context(system_u:object_r:iptables_exec_t,s0)
- /sbin/xtables-multi            --      gen_context(system_u:object_r:iptables_exec_t,s0)
-+/usr/sbin/xtables-multi                --      gen_context(system_u:object_r:iptables_exec_t,s0)
- 
- /usr/sbin/ipchains.*           --      gen_context(system_u:object_r:iptables_exec_t,s0)
- /usr/sbin/iptables             --      gen_context(system_u:object_r:iptables_exec_t,s0)
--- 
-1.7.11.7
-
diff --git a/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-mta.patch b/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-mta.patch
deleted file mode 100644
index 3b4da9e..0000000
--- a/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-mta.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-Subject: [PATCH] refpolicy: fix real path for mta
-
-Upstream-Status: Inappropriate [configuration]
-
-Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
----
- policy/modules/contrib/mta.fc | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/policy/modules/contrib/mta.fc b/policy/modules/contrib/mta.fc
-index afa18c8..aeea97a 100644
---- a/policy/modules/contrib/mta.fc
-+++ b/policy/modules/contrib/mta.fc
-@@ -18,6 +18,7 @@ ifdef(`distro_redhat',`
- 
- /usr/sbin/rmail                --      gen_context(system_u:object_r:sendmail_exec_t,s0)
- /usr/sbin/sendmail\.postfix -- gen_context(system_u:object_r:sendmail_exec_t,s0)
-+/usr/bin/msmtp         --      gen_context(system_u:object_r:sendmail_exec_t,s0)
- /usr/sbin/sendmail(\.sendmail)? -- gen_context(system_u:object_r:sendmail_exec_t,s0)
- /usr/sbin/ssmtp                -- gen_context(system_u:object_r:sendmail_exec_t,s0)
- 
--- 
-1.7.11.7
-
diff --git a/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-netutils.patch b/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-netutils.patch
deleted file mode 100644
index b45d03e..0000000
--- a/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-netutils.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-Subject: [PATCH] refpolicy: fix real path for netutils
-
-Upstream-Status: Inappropriate [configuration]
-
-Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
----
- policy/modules/admin/netutils.fc | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/policy/modules/admin/netutils.fc b/policy/modules/admin/netutils.fc
-index 407078f..f2ed3dc 100644
---- a/policy/modules/admin/netutils.fc
-+++ b/policy/modules/admin/netutils.fc
-@@ -3,6 +3,7 @@
- /bin/traceroute.*      --      gen_context(system_u:object_r:traceroute_exec_t,s0)
- 
- /sbin/arping           --      gen_context(system_u:object_r:netutils_exec_t,s0)
-+/bin/arping            --      gen_context(system_u:object_r:netutils_exec_t,s0)
- 
- /usr/bin/lft           --      gen_context(system_u:object_r:traceroute_exec_t,s0)
- /usr/bin/nmap          --      gen_context(system_u:object_r:traceroute_exec_t,s0)
--- 
-1.7.11.7
-
diff --git a/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-networkmanager.patch b/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-networkmanager.patch
deleted file mode 100644
index 1da6d22..0000000
--- a/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-networkmanager.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-Subject: [PATCH] refpolicy: fix real path for networkmanager
-
-Upstream-Status: Inappropriate [configuration]
-
-Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
----
- policy/modules/contrib/networkmanager.fc | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/policy/modules/contrib/networkmanager.fc b/policy/modules/contrib/networkmanager.fc
-index 386543b..e0739b5 100644
---- a/policy/modules/contrib/networkmanager.fc
-+++ b/policy/modules/contrib/networkmanager.fc
-@@ -5,6 +5,7 @@
- /usr/libexec/nm-dispatcher.action --   gen_context(system_u:object_r:NetworkManager_initrc_exec_t,s0)
- 
- /sbin/wpa_cli                  --      gen_context(system_u:object_r:wpa_cli_exec_t,s0)
-+/usr/sbin/wpa_cli              --      gen_context(system_u:object_r:wpa_cli_exec_t,s0)
- /sbin/wpa_supplicant           --      gen_context(system_u:object_r:NetworkManager_exec_t,s0)
- 
- /usr/s?bin/NetworkManager      --      gen_context(system_u:object_r:NetworkManager_exec_t,s0)
--- 
-1.7.11.7
-
diff --git a/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-nscd.patch b/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-nscd.patch
deleted file mode 100644
index c347919..0000000
--- a/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-nscd.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-Subject: [PATCH] refpolicy: fix real path for nscd
-
-Upstream-Status: Inappropriate [configuration]
-
-Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
----
- policy/modules/contrib/nscd.fc | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/policy/modules/contrib/nscd.fc b/policy/modules/contrib/nscd.fc
-index 623b731..9e4b3d0 100644
---- a/policy/modules/contrib/nscd.fc
-+++ b/policy/modules/contrib/nscd.fc
-@@ -1,6 +1,7 @@
- /etc/rc\.d/init\.d/nscd        --      gen_context(system_u:object_r:nscd_initrc_exec_t,s0)
- 
- /usr/sbin/nscd         --      gen_context(system_u:object_r:nscd_exec_t,s0)
-+/usr/bin/nscd          --      gen_context(system_u:object_r:nscd_exec_t,s0)
- 
- /var/db/nscd(/.*)?             gen_context(system_u:object_r:nscd_var_run_t,s0)
- /var/cache/nscd(/.*)?          gen_context(system_u:object_r:nscd_var_run_t,s0)
--- 
-1.7.11.7
-
diff --git a/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-screen.patch b/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-screen.patch
deleted file mode 100644
index ff4a2fd..0000000
--- a/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-screen.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-Subject: [PATCH] refpolicy: fix real path for screen
-
-Upstream-Status: Inappropriate [configuration]
-
-Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
----
- policy/modules/contrib/screen.fc | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/policy/modules/contrib/screen.fc b/policy/modules/contrib/screen.fc
-index c8254dd..4a321d1 100644
---- a/policy/modules/contrib/screen.fc
-+++ b/policy/modules/contrib/screen.fc
-@@ -8,6 +8,7 @@ HOME_DIR/\.screenrc             --      gen_context(system_u:object_r:screen_home_t,s0)
- # /usr
- #
- /usr/bin/screen                        --      gen_context(system_u:object_r:screen_exec_t,s0)
-+/usr/bin/screen-.*             --      gen_context(system_u:object_r:screen_exec_t,s0)
- 
- #
- # /var
--- 
-1.7.11.7
-
diff --git a/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-ssh.patch b/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-ssh.patch
deleted file mode 100644
index 9aeb3a2..0000000
--- a/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-ssh.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-Subject: [PATCH] refpolicy: fix real path for ssh
-
-Upstream-Status: Inappropriate [configuration]
-
-Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
----
- policy/modules/services/ssh.fc | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/policy/modules/services/ssh.fc b/policy/modules/services/ssh.fc
-index 078bcd7..9717428 100644
---- a/policy/modules/services/ssh.fc
-+++ b/policy/modules/services/ssh.fc
-@@ -6,6 +6,7 @@ HOME_DIR/\.ssh(/.*)?                    gen_context(system_u:object_r:ssh_home_t,s0)
- /etc/ssh/ssh_host_rsa_key      --      gen_context(system_u:object_r:sshd_key_t,s0)
- 
- /usr/bin/ssh                   --      gen_context(system_u:object_r:ssh_exec_t,s0)
-+/usr/bin/ssh\.openssh          --      gen_context(system_u:object_r:ssh_exec_t,s0)
- /usr/bin/ssh-agent             --      gen_context(system_u:object_r:ssh_agent_exec_t,s0)
- /usr/bin/ssh-keygen            --      gen_context(system_u:object_r:ssh_keygen_exec_t,s0)
- 
--- 
-1.7.11.7
-
diff --git a/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-su.patch b/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-su.patch
deleted file mode 100644
index 358e4ef..0000000
--- a/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-su.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-Subject: [PATCH] refpolicy: fix real path for su
-
-Upstream-Status: Inappropriate [configuration]
-
-Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
----
- policy/modules/admin/su.fc | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/policy/modules/admin/su.fc b/policy/modules/admin/su.fc
-index 688abc2..a563687 100644
---- a/policy/modules/admin/su.fc
-+++ b/policy/modules/admin/su.fc
-@@ -1,5 +1,6 @@
- 
- /bin/su                        --      gen_context(system_u:object_r:su_exec_t,s0)
-+/usr/bin/su            --      gen_context(system_u:object_r:su_exec_t,s0)
- 
- /usr/(local/)?bin/ksu  --      gen_context(system_u:object_r:su_exec_t,s0)
- /usr/bin/kdesu         --      gen_context(system_u:object_r:su_exec_t,s0)
--- 
-1.7.11.7
-
diff --git a/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-subs_dist.patch b/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-subs_dist.patch
deleted file mode 100644
index 2eaecdf..0000000
--- a/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-subs_dist.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-Subject: [PATCH] fix file_contexts.subs_dist for poky
-
-This file is used for Linux distros to define specific pathes 
-mapping to the pathes in file_contexts.
-
-Upstream-Status: Inappropriate [only for Poky]
-
-Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
----
- config/file_contexts.subs_dist |    8 ++++++++
- 1 files changed, 8 insertions(+), 0 deletions(-)
-
-diff --git a/config/file_contexts.subs_dist b/config/file_contexts.subs_dist
-index 32b87a4..ebba73d 100644
---- a/config/file_contexts.subs_dist
-+++ b/config/file_contexts.subs_dist
-@@ -5,3 +5,11 @@
- /usr/lib32 /usr/lib
- /usr/lib64 /usr/lib
- /var/run/lock /var/lock
-+/etc/init.d /etc/rc.d/init.d
-+/var/volatile/log /var/log
-+/var/volatile/run /var/run
-+/var/volatile/cache /var/cache
-+/var/volatile/tmp /var/tmp
-+/var/volatile/lock /var/lock
-+/var/volatile/run/lock /var/lock
-+/www /var/www
--- 
-1.7.5.4
-
diff --git a/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-sysnetwork.patch b/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-sysnetwork.patch
deleted file mode 100644
index e0af6a1..0000000
--- a/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-sysnetwork.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-Subject: [PATCH] refpolicy: fix real path for sysnetwork
-
-Upstream-Status: Inappropriate [configuration]
-
-Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
----
- policy/modules/system/sysnetwork.fc | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/policy/modules/system/sysnetwork.fc b/policy/modules/system/sysnetwork.fc
-index dec8632..2e602e4 100644
---- a/policy/modules/system/sysnetwork.fc
-+++ b/policy/modules/system/sysnetwork.fc
-@@ -3,6 +3,7 @@
- # /bin
- #
- /bin/ip                        --      gen_context(system_u:object_r:ifconfig_exec_t,s0)
-+/sbin/ip\.iproute2     --      gen_context(system_u:object_r:ifconfig_exec_t,s0)
- 
- #
- # /dev
-@@ -43,13 +44,16 @@ ifdef(`distro_redhat',`
- /sbin/dhcdbd           --      gen_context(system_u:object_r:dhcpc_exec_t,s0)
- /sbin/dhcpcd           --      gen_context(system_u:object_r:dhcpc_exec_t,s0)
- /sbin/ethtool          --      gen_context(system_u:object_r:ifconfig_exec_t,s0)
-+/usr/sbin/ethtool      --      gen_context(system_u:object_r:ifconfig_exec_t,s0)
- /sbin/ifconfig         --      gen_context(system_u:object_r:ifconfig_exec_t,s0)
-+/sbin/ifconfig\.net-tools      --      gen_context(system_u:object_r:ifconfig_exec_t,s0)
- /sbin/ip               --      gen_context(system_u:object_r:ifconfig_exec_t,s0)
- /sbin/ipx_configure    --      gen_context(system_u:object_r:ifconfig_exec_t,s0)
- /sbin/ipx_interface    --      gen_context(system_u:object_r:ifconfig_exec_t,s0)
- /sbin/ipx_internal_net --      gen_context(system_u:object_r:ifconfig_exec_t,s0)
- /sbin/iwconfig         --      gen_context(system_u:object_r:ifconfig_exec_t,s0)
- /sbin/mii-tool         --      gen_context(system_u:object_r:ifconfig_exec_t,s0)
-+/sbin/mii-tool\.net-tools      --      gen_context(system_u:object_r:ifconfig_exec_t,s0)
- /sbin/pump             --      gen_context(system_u:object_r:dhcpc_exec_t,s0)
- /sbin/tc               --      gen_context(system_u:object_r:ifconfig_exec_t,s0)
- 
--- 
-1.7.11.7
-
diff --git a/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-update-alternatives_hostname.patch b/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-update-alternatives_hostname.patch
deleted file mode 100644
index e647668..0000000
--- a/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-update-alternatives_hostname.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-Subject: [PATCH] fix update-alternatives for hostname
-
-Upstream-Status: Inappropriate [only for Poky]
-
-Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
----
- policy/modules/system/hostname.fc |    1 +
- 1 files changed, 1 insertions(+), 0 deletions(-)
-
-diff --git a/policy/modules/system/hostname.fc b/policy/modules/system/hostname.fc
-index 9dfecf7..4003b6d 100644
---- a/policy/modules/system/hostname.fc
-+++ b/policy/modules/system/hostname.fc
-@@ -1,2 +1,3 @@
- 
- /bin/hostname          --      gen_context(system_u:object_r:hostname_exec_t,s0)
-+/bin/hostname\.net-tools       --      gen_context(system_u:object_r:hostname_exec_t,s0)
--- 
-1.7.5.4
-
diff --git a/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-update-alternatives_sysklogd.patch b/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-update-alternatives_sysklogd.patch
deleted file mode 100644
index c3c5fe1..0000000
--- a/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-update-alternatives_sysklogd.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-Subject: [PATCH] fix update-alternatives for sysklogd
-
-/etc/syslog.conf is a symlink to /etc/syslog.conf.sysklogd, so a allow rule
-for syslogd_t to read syslog_conf_t lnk_file is needed.
-
-Upstream-Status: Inappropriate [only for Poky]
-
-Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
----
- policy/modules/system/logging.fc |    4 ++++
- 1 files changed, 4 insertions(+), 0 deletions(-)
-
-diff --git a/policy/modules/system/logging.fc b/policy/modules/system/logging.fc
-index 02f4c97..3cb65f1 100644
---- a/policy/modules/system/logging.fc
-+++ b/policy/modules/system/logging.fc
-@@ -2,19 +2,23 @@
- 
- /etc/rsyslog.conf              gen_context(system_u:object_r:syslog_conf_t,s0)
- /etc/syslog.conf               gen_context(system_u:object_r:syslog_conf_t,s0)
-+/etc/syslog.conf\.sysklogd     gen_context(system_u:object_r:syslog_conf_t,s0)
- /etc/audit(/.*)?               gen_context(system_u:object_r:auditd_etc_t,mls_systemhigh)
- /etc/rc\.d/init\.d/auditd --   gen_context(system_u:object_r:auditd_initrc_exec_t,s0)
- /etc/rc\.d/init\.d/rsyslog --  gen_context(system_u:object_r:syslogd_initrc_exec_t,s0)
-+/etc/rc\.d/init\.d/syslog\.sysklogd -- gen_context(system_u:object_r:syslogd_initrc_exec_t,s0)
- 
- /sbin/audispd          --      gen_context(system_u:object_r:audisp_exec_t,s0)
- /sbin/audisp-remote    --      gen_context(system_u:object_r:audisp_remote_exec_t,s0)
- /sbin/auditctl         --      gen_context(system_u:object_r:auditctl_exec_t,s0)
- /sbin/auditd           --      gen_context(system_u:object_r:auditd_exec_t,s0)
- /sbin/klogd            --      gen_context(system_u:object_r:klogd_exec_t,s0)
-+/sbin/klogd\.sysklogd  --      gen_context(system_u:object_r:klogd_exec_t,s0)
- /sbin/minilogd         --      gen_context(system_u:object_r:syslogd_exec_t,s0)
- /sbin/rklogd           --      gen_context(system_u:object_r:klogd_exec_t,s0)
- /sbin/rsyslogd         --      gen_context(system_u:object_r:syslogd_exec_t,s0)
- /sbin/syslogd          --      gen_context(system_u:object_r:syslogd_exec_t,s0)
-+/sbin/syslogd\.sysklogd        --      gen_context(system_u:object_r:syslogd_exec_t,s0)
- /sbin/syslog-ng                --      gen_context(system_u:object_r:syslogd_exec_t,s0)
- 
- /usr/sbin/klogd                --      gen_context(system_u:object_r:klogd_exec_t,s0)
-diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
-index b6b0ddf..a3a25c2 100644
---- a/policy/modules/system/logging.te
-+++ b/policy/modules/system/logging.te
-@@ -369,6 +369,7 @@ allow syslogd_t self:udp_socket create_socket_perms;
- allow syslogd_t self:tcp_socket create_stream_socket_perms;
-
- allow syslogd_t syslog_conf_t:file read_file_perms;
-+allow syslogd_t syslog_conf_t:lnk_file read_file_perms;
-
- # Create and bind to /dev/log or /var/run/log.
- allow syslogd_t devlog_t:sock_file manage_sock_file_perms;
--- 
-1.7.5.4
-
diff --git a/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-update-alternatives_sysvinit.patch b/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-update-alternatives_sysvinit.patch
deleted file mode 100644
index 9e0a71f..0000000
--- a/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-update-alternatives_sysvinit.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-Subject: [PATCH] fix update-alternatives for sysvinit
-
-Upstream-Status: Inappropriate [only for Poky]
----
- policy/modules/contrib/shutdown.fc    |    1 +
- policy/modules/kernel/corecommands.fc |    1 +
- policy/modules/system/init.fc         |    1 +
- 3 files changed, 3 insertions(+), 0 deletions(-)
-
-diff --git a/policy/modules/contrib/shutdown.fc b/policy/modules/contrib/shutdown.fc
-index 97671a3..6cad0fd 100644
---- a/policy/modules/contrib/shutdown.fc
-+++ b/policy/modules/contrib/shutdown.fc
-@@ -3,5 +3,6 @@
- /lib/upstart/shutdown  --      gen_context(system_u:object_r:shutdown_exec_t,s0)
- 
- /sbin/shutdown         --      gen_context(system_u:object_r:shutdown_exec_t,s0)
-+/sbin/shutdown\.sysvinit       --      gen_context(system_u:object_r:shutdown_exec_t,s0)
- 
- /var/run/shutdown\.pid --      gen_context(system_u:object_r:shutdown_var_run_t,s0)
-diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc
-index db981df..f051c4a 100644
---- a/policy/modules/kernel/corecommands.fc
-+++ b/policy/modules/kernel/corecommands.fc
-@@ -10,6 +10,7 @@
- /bin/ksh.*                     --      gen_context(system_u:object_r:shell_exec_t,s0)
- /bin/mksh                      --      gen_context(system_u:object_r:shell_exec_t,s0)
- /bin/mountpoint                        --      gen_context(system_u:object_r:bin_t,s0)
-+/bin/mountpoint\.sysvinit      --      gen_context(system_u:object_r:bin_t,s0)
- /bin/sash                      --      gen_context(system_u:object_r:shell_exec_t,s0)
- /bin/tcsh                      --      gen_context(system_u:object_r:shell_exec_t,s0)
- /bin/yash                      --      gen_context(system_u:object_r:shell_exec_t,s0)
-diff --git a/policy/modules/system/init.fc b/policy/modules/system/init.fc
-index d2e40b8..80150ef 100644
---- a/policy/modules/system/init.fc
-+++ b/policy/modules/system/init.fc
-@@ -32,6 +32,7 @@ ifdef(`distro_gentoo', `
- # /sbin
- #
- /sbin/init(ng)?                --      gen_context(system_u:object_r:init_exec_t,s0)
-+/sbin/init\.sysvinit   --      gen_context(system_u:object_r:init_exec_t,s0)
- # because nowadays, /sbin/init is often a symlink to /sbin/upstart
- /sbin/upstart          --      gen_context(system_u:object_r:init_exec_t,s0)
- 
--- 
-1.7.5.4
-
diff --git a/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-update-alternatives_tinylogin.patch b/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-update-alternatives_tinylogin.patch
deleted file mode 100644
index ae06dfa..0000000
--- a/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-update-alternatives_tinylogin.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-Subject: [PATCH] fix update-alternatives for tinylogin getty
-
-Upstream-Status: Inappropriate [only for Poky]
-
-Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
----
- policy/modules/system/getty.fc |    1 +
- 1 files changed, 1 insertions(+), 0 deletions(-)
-
-diff --git a/policy/modules/system/getty.fc b/policy/modules/system/getty.fc
-index e1a1848..a0bfd2e 100644
---- a/policy/modules/system/getty.fc
-+++ b/policy/modules/system/getty.fc
-@@ -2,6 +2,7 @@
- /etc/mgetty(/.*)?              gen_context(system_u:object_r:getty_etc_t,s0)
- 
- /sbin/.*getty          --      gen_context(system_u:object_r:getty_exec_t,s0)
-+/sbin/getty\.tinylogin --      gen_context(system_u:object_r:getty_exec_t,s0)
- 
- /var/log/mgetty\.log.* --      gen_context(system_u:object_r:getty_log_t,s0)
- /var/log/vgetty\.log\..* --    gen_context(system_u:object_r:getty_log_t,s0)
--- 
-1.7.5.4
-
diff --git a/recipes-security/refpolicy/refpolicy-2.20120725/poky-policy-add-rules-for-bsdpty_device_t.patch b/recipes-security/refpolicy/refpolicy-2.20120725/poky-policy-add-rules-for-bsdpty_device_t.patch
deleted file mode 100644
index b5d0fa8..0000000
--- a/recipes-security/refpolicy/refpolicy-2.20120725/poky-policy-add-rules-for-bsdpty_device_t.patch
+++ /dev/null
@@ -1,118 +0,0 @@
-Subject: [PATCH] add rules for bsdpty_device_t to complete pty devices.
-
-Upstream-Status: Pending
-
-Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
----
- policy/modules/kernel/terminal.if |   16 ++++++++++++++++
- 1 files changed, 16 insertions(+), 0 deletions(-)
-
-diff --git a/policy/modules/kernel/terminal.if b/policy/modules/kernel/terminal.if
-index 01dd2f1..f9d46cc 100644
---- a/policy/modules/kernel/terminal.if
-+++ b/policy/modules/kernel/terminal.if
-@@ -512,9 +512,11 @@ interface(`term_dontaudit_manage_pty_dirs',`
- interface(`term_dontaudit_getattr_generic_ptys',`
-        gen_require(`
-                type devpts_t;
-+               type bsdpty_device_t;
-        ')
- 
-        dontaudit $1 devpts_t:chr_file getattr;
-+       dontaudit $1 bsdpty_device_t:chr_file getattr;
- ')
- ########################################
- ## <summary>
-@@ -530,11 +532,13 @@ interface(`term_dontaudit_getattr_generic_ptys',`
- interface(`term_ioctl_generic_ptys',`
-        gen_require(`
-                type devpts_t;
-+               type bsdpty_device_t;
-        ')
- 
-        dev_list_all_dev_nodes($1)
-        allow $1 devpts_t:dir search;
-        allow $1 devpts_t:chr_file ioctl;
-+       allow $1 bsdpty_device_t:chr_file ioctl;
- ')
- 
- ########################################
-@@ -552,9 +556,11 @@ interface(`term_ioctl_generic_ptys',`
- interface(`term_setattr_generic_ptys',`
-        gen_require(`
-                type devpts_t;
-+               type bsdpty_device_t;
-        ')
- 
-        allow $1 devpts_t:chr_file setattr;
-+       allow $1 bsdpty_device_t:chr_file setattr;
- ')
- 
- ########################################
-@@ -572,9 +578,11 @@ interface(`term_setattr_generic_ptys',`
- interface(`term_dontaudit_setattr_generic_ptys',`
-        gen_require(`
-                type devpts_t;
-+               type bsdpty_device_t;
-        ')
- 
-        dontaudit $1 devpts_t:chr_file setattr;
-+       dontaudit $1 bsdpty_device_t:chr_file setattr;
- ')
- 
- ########################################
-@@ -592,11 +600,13 @@ interface(`term_dontaudit_setattr_generic_ptys',`
- interface(`term_use_generic_ptys',`
-        gen_require(`
-                type devpts_t;
-+               type bsdpty_device_t;
-        ')
- 
-        dev_list_all_dev_nodes($1)
-        allow $1 devpts_t:dir list_dir_perms;
-        allow $1 devpts_t:chr_file { rw_term_perms lock append };
-+       allow $1 bsdpty_device_t:chr_file { rw_term_perms lock append };
- ')
- 
- ########################################
-@@ -614,9 +624,11 @@ interface(`term_use_generic_ptys',`
- interface(`term_dontaudit_use_generic_ptys',`
-        gen_require(`
-                type devpts_t;
-+               type bsdpty_device_t;
-        ')
- 
-        dontaudit $1 devpts_t:chr_file { getattr read write ioctl };
-+       dontaudit $1 bsdpty_device_t:chr_file { getattr read write ioctl };
- ')
- 
- #######################################
-@@ -632,10 +644,12 @@ interface(`term_dontaudit_use_generic_ptys',`
- interface(`term_setattr_controlling_term',`
-        gen_require(`
-                type devtty_t;
-+               type bsdpty_device_t;
-        ')
- 
-        dev_list_all_dev_nodes($1)
-        allow $1 devtty_t:chr_file setattr;
-+       allow $1 bsdpty_device_t:chr_file setattr;
- ')
- 
- ########################################
-@@ -652,10 +666,12 @@ interface(`term_setattr_controlling_term',`
- interface(`term_use_controlling_term',`
-        gen_require(`
-                type devtty_t;
-+               type bsdpty_device_t;
-        ')
- 
-        dev_list_all_dev_nodes($1)
-        allow $1 devtty_t:chr_file { rw_term_perms lock append };
-+       allow $1 bsdpty_device_t:chr_file { rw_term_perms lock append };
- ')
- 
- #######################################
--- 
-1.7.5.4
-
diff --git a/recipes-security/refpolicy/refpolicy-2.20120725/poky-policy-add-rules-for-tmp-symlink.patch b/recipes-security/refpolicy/refpolicy-2.20120725/poky-policy-add-rules-for-tmp-symlink.patch
deleted file mode 100644
index 45de2df..0000000
--- a/recipes-security/refpolicy/refpolicy-2.20120725/poky-policy-add-rules-for-tmp-symlink.patch
+++ /dev/null
@@ -1,96 +0,0 @@
-Subject: [PATCH] add rules for the symlink of /tmp
-
-/tmp is a symlink in poky, so we need allow rules for files to read
-lnk_file while doing search/list/delete/rw.. in /tmp/ directory.
-
-Upstream-Status: Inappropriate [only for Poky]
-
-Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
----
- policy/modules/kernel/files.fc |    1 +
- policy/modules/kernel/files.if |    8 ++++++++
- 2 files changed, 9 insertions(+), 0 deletions(-)
-
-diff --git a/policy/modules/kernel/files.fc b/policy/modules/kernel/files.fc
-index 8796ca3..a0db748 100644
---- a/policy/modules/kernel/files.fc
-+++ b/policy/modules/kernel/files.fc
-@@ -185,6 +185,7 @@ ifdef(`distro_debian',`
- # /tmp
- #
- /tmp                   -d      gen_context(system_u:object_r:tmp_t,s0-mls_systemhigh)
-+/tmp                   -l      gen_context(system_u:object_r:tmp_t,s0-mls_systemhigh)
- /tmp/.*                                <<none>>
- /tmp/\.journal                 <<none>>
- 
-diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
-index e1e814d..a7384b0 100644
---- a/policy/modules/kernel/files.if
-+++ b/policy/modules/kernel/files.if
-@@ -4199,6 +4199,7 @@ interface(`files_search_tmp',`
-        ')
- 
-        allow $1 tmp_t:dir search_dir_perms;
-+       allow $1 tmp_t:lnk_file read_lnk_file_perms;
- ')
- 
- ########################################
-@@ -4235,6 +4236,7 @@ interface(`files_list_tmp',`
-        ')
- 
-        allow $1 tmp_t:dir list_dir_perms;
-+       allow $1 tmp_t:lnk_file read_lnk_file_perms;
- ')
- 
- ########################################
-@@ -4271,6 +4273,7 @@ interface(`files_delete_tmp_dir_entry',`
-        ')
- 
-        allow $1 tmp_t:dir del_entry_dir_perms;
-+       allow $1 tmp_t:lnk_file read_lnk_file_perms;
- ')
- 
- ########################################
-@@ -4289,6 +4292,7 @@ interface(`files_read_generic_tmp_files',`
-        ')
- 
-        read_files_pattern($1, tmp_t, tmp_t)
-+       allow $1 tmp_t:lnk_file read_lnk_file_perms;
- ')
- 
- ########################################
-@@ -4307,6 +4311,7 @@ interface(`files_manage_generic_tmp_dirs',`
-        ')
- 
-        manage_dirs_pattern($1, tmp_t, tmp_t)
-+       allow $1 tmp_t:lnk_file read_lnk_file_perms;
- ')
- 
- ########################################
-@@ -4325,6 +4330,7 @@ interface(`files_manage_generic_tmp_files',`
-        ')
- 
-        manage_files_pattern($1, tmp_t, tmp_t)
-+       allow $1 tmp_t:lnk_file read_lnk_file_perms;
- ')
- 
- ########################################
-@@ -4361,6 +4367,7 @@ interface(`files_rw_generic_tmp_sockets',`
-        ')
- 
-        rw_sock_files_pattern($1, tmp_t, tmp_t)
-+       allow $1 tmp_t:lnk_file read_lnk_file_perms;
- ')
- 
- ########################################
-@@ -4550,6 +4557,7 @@ interface(`files_tmp_filetrans',`
-        ')
- 
-        filetrans_pattern($1, tmp_t, $2, $3, $4)
-+       allow $1 tmp_t:lnk_file read_lnk_file_perms;
- ')
- 
- ########################################
--- 
-1.7.5.4
-
diff --git a/recipes-security/refpolicy/refpolicy-2.20120725/poky-policy-add-rules-for-var-cache-symlink.patch b/recipes-security/refpolicy/refpolicy-2.20120725/poky-policy-add-rules-for-var-cache-symlink.patch
deleted file mode 100644
index 243cc7b..0000000
--- a/recipes-security/refpolicy/refpolicy-2.20120725/poky-policy-add-rules-for-var-cache-symlink.patch
+++ /dev/null
@@ -1,509 +0,0 @@
-Subject: [PATCH] add rules for the symlink of /var/cache
-
-/var/cache is a symlink in poky, so we need allow rules for files to read
-lnk_file while doing search/list/delete/rw.. in /var/cache/ directory.
-
-Upstream-Status: Inappropriate [only for Poky] 
-
-Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
----
- policy/modules/contrib/abrt.te      |    2 ++
- policy/modules/contrib/afs.te       |    1 +
- policy/modules/contrib/apache.if    |    5 +++++
- policy/modules/contrib/apache.te    |    1 +
- policy/modules/contrib/apt.if       |    2 ++
- policy/modules/contrib/apt.te       |    1 +
- policy/modules/contrib/bind.if      |    2 ++
- policy/modules/contrib/bind.te      |    1 +
- policy/modules/contrib/logwatch.if  |    2 ++
- policy/modules/contrib/logwatch.te  |    1 +
- policy/modules/contrib/podsleuth.te |    1 +
- policy/modules/contrib/portage.te   |    1 +
- policy/modules/contrib/rpm.if       |    4 ++++
- policy/modules/contrib/rpm.te       |    1 +
- policy/modules/contrib/squid.if     |    2 ++
- policy/modules/contrib/squid.te     |    1 +
- policy/modules/contrib/virt.if      |    2 ++
- policy/modules/contrib/virt.te      |    2 ++
- policy/modules/services/xserver.if  |    6 ++++++
- policy/modules/system/authlogin.if  |   10 ++++++++++
- policy/modules/system/miscfiles.if  |    8 ++++++++
- 21 files changed, 56 insertions(+)
-
-diff --git a/policy/modules/contrib/abrt.te b/policy/modules/contrib/abrt.te
-index 30861ec..10c941a 100644
---- a/policy/modules/contrib/abrt.te
-+++ b/policy/modules/contrib/abrt.te
-@@ -73,6 +73,7 @@ files_tmp_filetrans(abrt_t, abrt_tmp_t, { file dir })
- # abrt var/cache files
- manage_files_pattern(abrt_t, abrt_var_cache_t, abrt_var_cache_t)
- manage_dirs_pattern(abrt_t, abrt_var_cache_t, abrt_var_cache_t)
-+allow abrt_t var_t:lnk_file read_lnk_file_perms;
- manage_lnk_files_pattern(abrt_t, abrt_var_cache_t, abrt_var_cache_t)
- files_var_filetrans(abrt_t, abrt_var_cache_t, { file dir })
- files_spool_filetrans(abrt_t, abrt_var_cache_t, dir)
-@@ -193,6 +194,7 @@ read_files_pattern(abrt_helper_t, abrt_etc_t, abrt_etc_t)
- 
- files_search_spool(abrt_helper_t)
- manage_dirs_pattern(abrt_helper_t, abrt_var_cache_t, abrt_var_cache_t)
-+allow abrt_helper_t var_t:lnk_file read_lnk_file_perms;
- manage_files_pattern(abrt_helper_t, abrt_var_cache_t, abrt_var_cache_t)
- manage_lnk_files_pattern(abrt_helper_t, abrt_var_cache_t, abrt_var_cache_t)
- files_var_filetrans(abrt_helper_t, abrt_var_cache_t, { file dir })
-diff --git a/policy/modules/contrib/afs.te b/policy/modules/contrib/afs.te
-index a496fde..a739e1d 100644
---- a/policy/modules/contrib/afs.te
-+++ b/policy/modules/contrib/afs.te
-@@ -78,6 +78,7 @@ allow afs_t self:unix_stream_socket create_stream_socket_perms;
- 
- manage_files_pattern(afs_t, afs_cache_t, afs_cache_t)
- manage_dirs_pattern(afs_t, afs_cache_t, afs_cache_t)
-+allow afs_t var_t:lnk_file read_lnk_file_perms;
- files_var_filetrans(afs_t, afs_cache_t, { file dir })
- 
- kernel_rw_afs_state(afs_t)
-diff --git a/policy/modules/contrib/apache.if b/policy/modules/contrib/apache.if
-index 6480167..1b3c593 100644
---- a/policy/modules/contrib/apache.if
-+++ b/policy/modules/contrib/apache.if
-@@ -485,9 +485,11 @@ interface(`apache_manage_all_content',`
- interface(`apache_setattr_cache_dirs',`
-        gen_require(`
-                type httpd_cache_t;
-+               type var_t;
-        ')
- 
-        allow $1 httpd_cache_t:dir setattr;
-+       allow $1 var_t:lnk_file read_lnk_file_perms;
- ')
- 
- ########################################
-@@ -504,9 +506,11 @@ interface(`apache_setattr_cache_dirs',`
- interface(`apache_list_cache',`
-        gen_require(`
-                type httpd_cache_t;
-+               type var_t;
-        ')
- 
-        list_dirs_pattern($1, httpd_cache_t, httpd_cache_t)
-+       allow $1 var_t:lnk_file read_lnk_file_perms;
- ')
- 
- ########################################
-@@ -777,6 +781,7 @@ interface(`apache_list_modules',`
- interface(`apache_exec_modules',`
-        gen_require(`
-                type httpd_modules_t;
-+               type var_t;
-        ')
- 
-        allow $1 httpd_modules_t:dir list_dir_perms;
-diff --git a/policy/modules/contrib/apache.te b/policy/modules/contrib/apache.te
-index 0833afb..1115d37 100644
---- a/policy/modules/contrib/apache.te
-+++ b/policy/modules/contrib/apache.te
-@@ -291,6 +291,7 @@ allow httpd_t self:udp_socket create_socket_perms;
- 
- # Allow httpd_t to put files in /var/cache/httpd etc
- manage_dirs_pattern(httpd_t, httpd_cache_t, httpd_cache_t)
-+allow httpd_t var_t:lnk_file read_lnk_file_perms;
- manage_files_pattern(httpd_t, httpd_cache_t, httpd_cache_t)
- manage_lnk_files_pattern(httpd_t, httpd_cache_t, httpd_cache_t)
- 
-diff --git a/policy/modules/contrib/apt.if b/policy/modules/contrib/apt.if
-index e696b80..c6cc149 100644
---- a/policy/modules/contrib/apt.if
-+++ b/policy/modules/contrib/apt.if
-@@ -152,10 +152,12 @@ interface(`apt_use_ptys',`
- interface(`apt_read_cache',`
-        gen_require(`
-                type apt_var_cache_t;
-+               type var_t;
-        ')
- 
-        files_search_var($1)
-        allow $1 apt_var_cache_t:dir list_dir_perms;
-+       allow $1 var_t:lnk_file read_lnk_file_perms;
-        dontaudit $1 apt_var_cache_t:dir write;
-        allow $1 apt_var_cache_t:file read_file_perms;
- ')
-diff --git a/policy/modules/contrib/apt.te b/policy/modules/contrib/apt.te
-index 8555315..8bfd892 100644
---- a/policy/modules/contrib/apt.te
-+++ b/policy/modules/contrib/apt.te
-@@ -78,6 +78,7 @@ fs_tmpfs_filetrans(apt_t, apt_tmpfs_t, { dir file lnk_file sock_file fifo_file }
- # Access /var/cache/apt files
- manage_files_pattern(apt_t, apt_var_cache_t, apt_var_cache_t)
- files_var_filetrans(apt_t, apt_var_cache_t, dir)
-+allow apt_t var_t:lnk_file read_lnk_file_perms;
- 
- # Access /var/lib/apt files
- manage_files_pattern(apt_t, apt_var_lib_t, apt_var_lib_t)
-diff --git a/policy/modules/contrib/bind.if b/policy/modules/contrib/bind.if
-index 44a1e3d..9b93562 100644
---- a/policy/modules/contrib/bind.if
-+++ b/policy/modules/contrib/bind.if
-@@ -221,12 +221,14 @@ interface(`bind_manage_config_dirs',`
- interface(`bind_search_cache',`
-        gen_require(`
-                type named_conf_t, named_cache_t, named_zone_t;
-+               type var_t;
-        ')
- 
-        files_search_var($1)
-        allow $1 named_conf_t:dir search_dir_perms;
-        allow $1 named_zone_t:dir search_dir_perms;
-        allow $1 named_cache_t:dir search_dir_perms;
-+       allow $1 var_t:lnk_file read_lnk_file_perms;
- ')
- 
- ########################################
-diff --git a/policy/modules/contrib/bind.te b/policy/modules/contrib/bind.te
-index 0968cb4..15c605c 100644
---- a/policy/modules/contrib/bind.te
-+++ b/policy/modules/contrib/bind.te
-@@ -79,6 +79,7 @@ read_lnk_files_pattern(named_t, named_conf_t, named_conf_t)
- # write cache for secondary zones
- manage_files_pattern(named_t, named_cache_t, named_cache_t)
- manage_lnk_files_pattern(named_t, named_cache_t, named_cache_t)
-+allow named_t var_t:lnk_file read_lnk_file_perms;
- 
- can_exec(named_t, named_exec_t)
- 
-diff --git a/policy/modules/contrib/logwatch.if b/policy/modules/contrib/logwatch.if
-index d878e75..1484c1e 100644
---- a/policy/modules/contrib/logwatch.if
-+++ b/policy/modules/contrib/logwatch.if
-@@ -32,7 +32,9 @@ interface(`logwatch_read_tmp_files',`
- interface(`logwatch_search_cache_dir',`
-        gen_require(`
-                type logwatch_cache_t;
-+               type var_t;
-        ')
- 
-        allow $1 logwatch_cache_t:dir search_dir_perms;
-+       allow $1 var_t:lnk_file read_lnk_file_perms;
- ')
-diff --git a/policy/modules/contrib/logwatch.te b/policy/modules/contrib/logwatch.te
-index 75ce30f..31bff65 100644
---- a/policy/modules/contrib/logwatch.te
-+++ b/policy/modules/contrib/logwatch.te
-@@ -30,6 +30,7 @@ allow logwatch_t self:fifo_file rw_file_perms;
- allow logwatch_t self:unix_stream_socket create_stream_socket_perms;
- 
- manage_dirs_pattern(logwatch_t, logwatch_cache_t, logwatch_cache_t)
-+allow logwatch_t var_t:lnk_file read_lnk_file_perms;
- manage_files_pattern(logwatch_t, logwatch_cache_t, logwatch_cache_t)
- 
- allow logwatch_t logwatch_lock_t:file manage_file_perms;
-diff --git a/policy/modules/contrib/podsleuth.te b/policy/modules/contrib/podsleuth.te
-index 4cffb07..32ab27e 100644
---- a/policy/modules/contrib/podsleuth.te
-+++ b/policy/modules/contrib/podsleuth.te
-@@ -33,6 +33,7 @@ allow podsleuth_t self:tcp_socket create_stream_socket_perms;
- allow podsleuth_t self:udp_socket create_socket_perms;
- 
- manage_dirs_pattern(podsleuth_t, podsleuth_cache_t, podsleuth_cache_t)
-+allow podsleuth_t var_t:lnk_file read_lnk_file_perms;
- manage_files_pattern(podsleuth_t, podsleuth_cache_t, podsleuth_cache_t)
- files_var_filetrans(podsleuth_t, podsleuth_cache_t, { file dir })
- 
-diff --git a/policy/modules/contrib/portage.te b/policy/modules/contrib/portage.te
-index 630f16f..f4e43be 100644
---- a/policy/modules/contrib/portage.te
-+++ b/policy/modules/contrib/portage.te
-@@ -339,5 +339,6 @@ portage_compile_domain(portage_sandbox_t)
- ifdef(`hide_broken_symptoms',`
-        # leaked descriptors
-        dontaudit portage_sandbox_t portage_cache_t:dir { setattr };
-+       allow portage_sandbox_t var_t:lnk_file read_lnk_file_perms;
-        dontaudit portage_sandbox_t portage_cache_t:file { setattr write };
- ')
-diff --git a/policy/modules/contrib/rpm.if b/policy/modules/contrib/rpm.if
-index 951d8f6..f4c6825 100644
---- a/policy/modules/contrib/rpm.if
-+++ b/policy/modules/contrib/rpm.if
-@@ -408,10 +408,12 @@ interface(`rpm_read_script_tmp_files',`
- interface(`rpm_read_cache',`
-        gen_require(`
-                type rpm_var_cache_t;
-+               type var_t;
-        ')
- 
-        files_search_var($1)
-        allow $1 rpm_var_cache_t:dir list_dir_perms;
-+       allow $1 var_t:lnk_file read_lnk_file_perms;
-        read_files_pattern($1, rpm_var_cache_t, rpm_var_cache_t)
-        read_lnk_files_pattern($1, rpm_var_cache_t, rpm_var_cache_t)
- ')
-@@ -429,10 +431,12 @@ interface(`rpm_read_cache',`
- interface(`rpm_manage_cache',`
-        gen_require(`
-                type rpm_var_cache_t;
-+               type var_t;
-        ')
- 
-        files_search_var_lib($1)
-        manage_dirs_pattern($1, rpm_var_cache_t, rpm_var_cache_t)
-+       allow $1 var_t:lnk_file read_lnk_file_perms;
-        manage_files_pattern($1, rpm_var_cache_t, rpm_var_cache_t)
-        manage_lnk_files_pattern($1, rpm_var_cache_t, rpm_var_cache_t)
- ')
-diff --git a/policy/modules/contrib/rpm.te b/policy/modules/contrib/rpm.te
-index 60149a5..f3f0640 100644
---- a/policy/modules/contrib/rpm.te
-+++ b/policy/modules/contrib/rpm.te
-@@ -98,6 +98,7 @@ fs_tmpfs_filetrans(rpm_t, rpm_tmpfs_t, { dir file lnk_file sock_file fifo_file }
- can_exec(rpm_t, rpm_tmpfs_t)
- 
- manage_dirs_pattern(rpm_t, rpm_var_cache_t, rpm_var_cache_t)
-+allow rpm_t var_t:lnk_file read_lnk_file_perms;
- manage_files_pattern(rpm_t, rpm_var_cache_t, rpm_var_cache_t)
- files_var_filetrans(rpm_t, rpm_var_cache_t, dir)
- 
-diff --git a/policy/modules/contrib/squid.if b/policy/modules/contrib/squid.if
-index d2496bd..28f8e2e 100644
---- a/policy/modules/contrib/squid.if
-+++ b/policy/modules/contrib/squid.if
-@@ -88,9 +88,11 @@ interface(`squid_rw_stream_sockets',`
- interface(`squid_dontaudit_search_cache',`
-        gen_require(`
-                type squid_cache_t;
-+               type var_t;
-        ')
- 
-        dontaudit $1 squid_cache_t:dir search_dir_perms;
-+       allow $1 var_t:lnk_file read_lnk_file_perms;
- ')
- 
- ########################################
-diff --git a/policy/modules/contrib/squid.te b/policy/modules/contrib/squid.te
-index c38de7a..01e1222 100644
---- a/policy/modules/contrib/squid.te
-+++ b/policy/modules/contrib/squid.te
-@@ -67,6 +67,7 @@ allow squid_t self:udp_socket create_socket_perms;
- 
- # Grant permissions to create, access, and delete cache files.
- manage_dirs_pattern(squid_t, squid_cache_t, squid_cache_t)
-+allow squid_t var_t:lnk_file read_lnk_file_perms;
- manage_files_pattern(squid_t, squid_cache_t, squid_cache_t)
- manage_lnk_files_pattern(squid_t, squid_cache_t, squid_cache_t)
- 
-diff --git a/policy/modules/contrib/virt.if b/policy/modules/contrib/virt.if
-index 6f0736b..2fcd979 100644
---- a/policy/modules/contrib/virt.if
-+++ b/policy/modules/contrib/virt.if
-@@ -438,10 +438,12 @@ interface(`virt_read_images',`
- interface(`virt_manage_svirt_cache',`
-        gen_require(`
-                type svirt_cache_t;
-+               type var_t;
-        ')
- 
-        files_search_var($1)
-        manage_dirs_pattern($1, svirt_cache_t, svirt_cache_t)
-+       allow $1 var_t:lnk_file read_lnk_file_perms;
-        manage_files_pattern($1, svirt_cache_t, svirt_cache_t)
-        manage_lnk_files_pattern($1, svirt_cache_t, svirt_cache_t)
- ')
-diff --git a/policy/modules/contrib/virt.te b/policy/modules/contrib/virt.te
-index 947bbc6..659abcc 100644
---- a/policy/modules/contrib/virt.te
-+++ b/policy/modules/contrib/virt.te
-@@ -108,6 +108,7 @@ ifdef(`enable_mls',`
- allow svirt_t self:udp_socket create_socket_perms;
- 
- manage_dirs_pattern(svirt_t, svirt_cache_t, svirt_cache_t)
-+allow svirt_t var_t:lnk_file read_lnk_file_perms;
- manage_files_pattern(svirt_t, svirt_cache_t, svirt_cache_t)
- files_var_filetrans(svirt_t, svirt_cache_t, { file dir })
- 
-@@ -186,6 +187,7 @@ allow virtd_t self:tun_socket create_socket_perms;
- allow virtd_t self:netlink_kobject_uevent_socket create_socket_perms;
- 
- manage_dirs_pattern(virtd_t, svirt_cache_t, svirt_cache_t)
-+allow virtd_t var_t:lnk_file read_lnk_file_perms;
- manage_files_pattern(virtd_t, svirt_cache_t, svirt_cache_t)
- 
- manage_dirs_pattern(virtd_t, virt_content_t, virt_content_t)
-diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if
-index 130ced9..ffef982 100644
---- a/policy/modules/services/xserver.if
-+++ b/policy/modules/services/xserver.if
-@@ -22,6 +22,7 @@ interface(`xserver_restricted_role',`
-                type user_fonts_t, user_fonts_cache_t, user_fonts_config_t;
-                type iceauth_t, iceauth_exec_t, iceauth_home_t;
-                type xauth_t, xauth_exec_t, xauth_home_t;
-+               type var_t;
-        ')
- 
-        role $1 types { xserver_t xauth_t iceauth_t };
-@@ -41,6 +42,7 @@ interface(`xserver_restricted_role',`
-        allow $2 user_fonts_config_t:file read_file_perms;
- 
-        manage_dirs_pattern($2, user_fonts_cache_t, user_fonts_cache_t)
-+       allow $2 var_t:lnk_file read_lnk_file_perms;
-        manage_files_pattern($2, user_fonts_cache_t, user_fonts_cache_t)
- 
-        stream_connect_pattern($2, xserver_tmp_t, xserver_tmp_t, xserver_t)
-@@ -134,6 +136,7 @@ interface(`xserver_role',`
-        gen_require(`
-                type iceauth_home_t, xserver_t, xserver_tmpfs_t, xauth_home_t;
-                type user_fonts_t, user_fonts_cache_t, user_fonts_config_t;
-+               type var_t;
-        ')
- 
-        xserver_restricted_role($1, $2)
-@@ -154,6 +157,7 @@ interface(`xserver_role',`
-        relabel_files_pattern($2, user_fonts_t, user_fonts_t)
- 
-        manage_dirs_pattern($2, user_fonts_cache_t, user_fonts_cache_t)
-+       allow $2 var_t:lnk_file read_lnk_file_perms;
-        manage_files_pattern($2, user_fonts_cache_t, user_fonts_cache_t)
-        relabel_dirs_pattern($2, user_fonts_cache_t, user_fonts_cache_t)
-        relabel_files_pattern($2, user_fonts_cache_t, user_fonts_cache_t)
-@@ -512,6 +516,7 @@ template(`xserver_user_x_domain_template',`
- interface(`xserver_use_user_fonts',`
-        gen_require(`
-                type user_fonts_t, user_fonts_cache_t, user_fonts_config_t;
-+               type var_t;
-        ')
- 
-        # Read per user fonts
-@@ -520,6 +525,7 @@ interface(`xserver_use_user_fonts',`
- 
-        # Manipulate the global font cache
-        manage_dirs_pattern($1, user_fonts_cache_t, user_fonts_cache_t)
-+       allow $1 var_t:lnk_file read_lnk_file_perms;
-        manage_files_pattern($1, user_fonts_cache_t, user_fonts_cache_t)
- 
-        # Read per user font config
-diff --git a/policy/modules/system/authlogin.if b/policy/modules/system/authlogin.if
-index f416ce9..00a209d 100644
---- a/policy/modules/system/authlogin.if
-+++ b/policy/modules/system/authlogin.if
-@@ -95,6 +95,7 @@ interface(`auth_use_pam',`
- interface(`auth_login_pgm_domain',`
-        gen_require(`
-                type var_auth_t, auth_cache_t;
-+               type var_t;
-        ')
- 
-        domain_type($1)
-@@ -116,6 +117,7 @@ interface(`auth_login_pgm_domain',`
-        manage_files_pattern($1, var_auth_t, var_auth_t)
- 
-        manage_dirs_pattern($1, auth_cache_t, auth_cache_t)
-+       allow $1 var_t:lnk_file read_lnk_file_perms;
-        manage_files_pattern($1, auth_cache_t, auth_cache_t)
-        manage_sock_files_pattern($1, auth_cache_t, auth_cache_t)
-        files_var_filetrans($1, auth_cache_t, dir)
-@@ -279,9 +281,11 @@ interface(`auth_ranged_domtrans_login_program',`
- interface(`auth_search_cache',`
-        gen_require(`
-                type auth_cache_t;
-+               type var_t;
-        ')
- 
-        allow $1 auth_cache_t:dir search_dir_perms;
-+       allow $1 var_t:lnk_file read_lnk_file_perms;
- ')
- 
- ########################################
-@@ -333,9 +337,11 @@ interface(`auth_rw_cache',`
- interface(`auth_manage_cache',`
-        gen_require(`
-                type auth_cache_t;
-+               type var_t;
-        ')
- 
-        manage_dirs_pattern($1, auth_cache_t, auth_cache_t)
-+       allow $1 var_t:lnk_file read_lnk_file_perms;
-        manage_files_pattern($1, auth_cache_t, auth_cache_t)
- ')
- 
-@@ -352,9 +358,11 @@ interface(`auth_manage_cache',`
- interface(`auth_var_filetrans_cache',`
-        gen_require(`
-                type auth_cache_t;
-+               type var_t;
-        ')
- 
-        files_var_filetrans($1, auth_cache_t, { file dir } )
-+       allow $1 var_t:lnk_file read_lnk_file_perms;
- ')
- 
- ########################################
-@@ -371,9 +379,11 @@ interface(`auth_domtrans_chk_passwd',`
-        gen_require(`
-                type chkpwd_t, chkpwd_exec_t, shadow_t;
-                type auth_cache_t;
-+               type var_t;
-        ')
- 
-        allow $1 auth_cache_t:dir search_dir_perms;
-+       allow $1 var_t:lnk_file read_lnk_file_perms;
- 
-        corecmd_search_bin($1)
-        domtrans_pattern($1, chkpwd_exec_t, chkpwd_t)
-diff --git a/policy/modules/system/miscfiles.if b/policy/modules/system/miscfiles.if
-index 926ba65..e2eaee6 100644
---- a/policy/modules/system/miscfiles.if
-+++ b/policy/modules/system/miscfiles.if
-@@ -183,6 +183,7 @@ interface(`miscfiles_manage_cert_files',`
- interface(`miscfiles_read_fonts',`
-        gen_require(`
-                type fonts_t, fonts_cache_t;
-+               type var_t;
-        ')
- 
-        # cjp: fonts can be in either of these dirs
-@@ -194,6 +195,7 @@ interface(`miscfiles_read_fonts',`
-        read_lnk_files_pattern($1, fonts_t, fonts_t)
- 
-        allow $1 fonts_cache_t:dir list_dir_perms;
-+       allow $1 var_t:lnk_file read_lnk_file_perms;
-        read_files_pattern($1, fonts_cache_t, fonts_cache_t)
-        read_lnk_files_pattern($1, fonts_cache_t, fonts_cache_t)
- ')
-@@ -295,9 +297,11 @@ interface(`miscfiles_manage_fonts',`
- interface(`miscfiles_setattr_fonts_cache_dirs',`
-        gen_require(`
-                type fonts_cache_t;
-+               type var_t;
-        ')
- 
-        allow $1 fonts_cache_t:dir setattr;
-+       allow $1 var_t:lnk_file read_lnk_file_perms;
- ')
- 
- ########################################
-@@ -314,9 +318,11 @@ interface(`miscfiles_setattr_fonts_cache_dirs',`
- interface(`miscfiles_dontaudit_setattr_fonts_cache_dirs',`
-        gen_require(`
-                type fonts_cache_t;
-+               type var_t;
-        ')
- 
-        dontaudit $1 fonts_cache_t:dir setattr;
-+       allow $1 var_t:lnk_file read_lnk_file_perms;
- ')
- 
- ########################################
-@@ -333,11 +339,13 @@ interface(`miscfiles_dontaudit_setattr_fonts_cache_dirs',`
- interface(`miscfiles_manage_fonts_cache',`
-        gen_require(`
-                type fonts_cache_t;
-+               type var_t;
-        ')
- 
-        files_search_var($1)
- 
-        manage_dirs_pattern($1, fonts_cache_t, fonts_cache_t)
-+       allow $1 var_t:lnk_file read_lnk_file_perms;
-        manage_files_pattern($1, fonts_cache_t, fonts_cache_t)
-        manage_lnk_files_pattern($1, fonts_cache_t, fonts_cache_t)
- ')
--- 
-1.7.9.5
-
diff --git a/recipes-security/refpolicy/refpolicy-2.20120725/poky-policy-add-rules-for-var-log-symlink-apache.patch b/recipes-security/refpolicy/refpolicy-2.20120725/poky-policy-add-rules-for-var-log-symlink-apache.patch
deleted file mode 100644
index 91492c4..0000000
--- a/recipes-security/refpolicy/refpolicy-2.20120725/poky-policy-add-rules-for-var-log-symlink-apache.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-Subject: [PATCH] add rules for the symlink of /var/log - apache2
-
-We have added rules for the symlink of /var/log in logging.if,
-while apache.te uses /var/log but does not use the interfaces in
-logging.if. So still need add a individual rule for apache.te.
-
-Upstream-Status: Inappropriate [only for Poky]
-
-Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
----
- policy/modules/contrib/apache.te |    1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/policy/modules/contrib/apache.te b/policy/modules/contrib/apache.te
-index 1115d37..4c6316d 100644
---- a/policy/modules/contrib/apache.te
-+++ b/policy/modules/contrib/apache.te
-@@ -310,6 +310,7 @@ create_files_pattern(httpd_t, httpd_log_t, httpd_log_t)
- append_files_pattern(httpd_t, httpd_log_t, httpd_log_t)
- read_files_pattern(httpd_t, httpd_log_t, httpd_log_t)
- read_lnk_files_pattern(httpd_t, httpd_log_t, httpd_log_t)
-+read_lnk_files_pattern(httpd_t, var_log_t, var_log_t)
- # cjp: need to refine create interfaces to
- # cut this back to add_name only
- logging_log_filetrans(httpd_t, httpd_log_t, file)
--- 
-1.7.9.5
-
diff --git a/recipes-security/refpolicy/refpolicy-2.20120725/poky-policy-add-rules-for-var-log-symlink.patch b/recipes-security/refpolicy/refpolicy-2.20120725/poky-policy-add-rules-for-var-log-symlink.patch
deleted file mode 100644
index a2f3c5d..0000000
--- a/recipes-security/refpolicy/refpolicy-2.20120725/poky-policy-add-rules-for-var-log-symlink.patch
+++ /dev/null
@@ -1,140 +0,0 @@
-Subject: [PATCH] add rules for the symlink of /var/log
-
-/var/log is a symlink in poky, so we need allow rules for files to read
-lnk_file while doing search/list/delete/rw.. in /var/log/ directory.
-
-Upstream-Status: Inappropriate [only for Poky]
-
-Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
----
- policy/modules/system/logging.fc |    1 +
- policy/modules/system/logging.if |   14 +++++++++++++-
- 2 files changed, 14 insertions(+), 1 deletion(-)
-
-diff --git a/policy/modules/system/logging.fc b/policy/modules/system/logging.fc
-index 3cb65f1..2419cd7 100644
---- a/policy/modules/system/logging.fc
-+++ b/policy/modules/system/logging.fc
-@@ -41,6 +41,7 @@ ifdef(`distro_suse', `
- /var/cfengine/outputs(/.*)?    gen_context(system_u:object_r:var_log_t,s0)
- 
- /var/log               -d      gen_context(system_u:object_r:var_log_t,s0-mls_systemhigh)
-+/var/log               -l      gen_context(system_u:object_r:var_log_t,s0-mls_systemhigh)
- /var/log/.*                    gen_context(system_u:object_r:var_log_t,s0)
- /var/log/boot\.log     --      gen_context(system_u:object_r:var_log_t,mls_systemhigh)
- /var/log/messages[^/]*         gen_context(system_u:object_r:var_log_t,mls_systemhigh)
-diff --git a/policy/modules/system/logging.if b/policy/modules/system/logging.if
-index 321bb13..4812d46 100644
---- a/policy/modules/system/logging.if
-+++ b/policy/modules/system/logging.if
-@@ -136,12 +136,13 @@ interface(`logging_set_audit_parameters',`
- #
- interface(`logging_read_audit_log',`
-        gen_require(`
--               type auditd_log_t;
-+               type auditd_log_t, var_log_t;
-        ')
- 
-        files_search_var($1)
-        read_files_pattern($1, auditd_log_t, auditd_log_t)
-        allow $1 auditd_log_t:dir list_dir_perms;
-+       allow $1 var_log_t:lnk_file read_lnk_file_perms;
- ')
- 
- ########################################
-@@ -626,6 +627,7 @@ interface(`logging_search_logs',`
- 
-        files_search_var($1)
-        allow $1 var_log_t:dir search_dir_perms;
-+       allow $1 var_log_t:lnk_file read_lnk_file_perms;
- ')
- 
- #######################################
-@@ -663,6 +665,7 @@ interface(`logging_list_logs',`
- 
-        files_search_var($1)
-        allow $1 var_log_t:dir list_dir_perms;
-+       allow $1 var_log_t:lnk_file read_lnk_file_perms;
- ')
- 
- #######################################
-@@ -682,6 +685,7 @@ interface(`logging_rw_generic_log_dirs',`
- 
-        files_search_var($1)
-        allow $1 var_log_t:dir rw_dir_perms;
-+       allow $1 var_log_t:lnk_file read_lnk_file_perms;
- ')
- 
- #######################################
-@@ -756,10 +760,12 @@ interface(`logging_append_all_logs',`
- interface(`logging_read_all_logs',`
-        gen_require(`
-                attribute logfile;
-+               type var_log_t;
-        ')
- 
-        files_search_var($1)
-        allow $1 logfile:dir list_dir_perms;
-+       allow $1 var_log_t:lnk_file read_lnk_file_perms;
-        read_files_pattern($1, logfile, logfile)
- ')
- 
-@@ -778,10 +784,12 @@ interface(`logging_read_all_logs',`
- interface(`logging_exec_all_logs',`
-        gen_require(`
-                attribute logfile;
-+               type var_log_t;
-        ')
- 
-        files_search_var($1)
-        allow $1 logfile:dir list_dir_perms;
-+       allow $1 var_log_t:lnk_file read_lnk_file_perms;
-        can_exec($1, logfile)
- ')
- 
-@@ -843,6 +851,7 @@ interface(`logging_read_generic_logs',`
- 
-        files_search_var($1)
-        allow $1 var_log_t:dir list_dir_perms;
-+       allow $1 var_log_t:lnk_file read_lnk_file_perms;
-        read_files_pattern($1, var_log_t, var_log_t)
- ')
- 
-@@ -863,6 +872,7 @@ interface(`logging_write_generic_logs',`
- 
-        files_search_var($1)
-        allow $1 var_log_t:dir list_dir_perms;
-+       allow $1 var_log_t:lnk_file read_lnk_file_perms;
-        write_files_pattern($1, var_log_t, var_log_t)
- ')
- 
-@@ -901,6 +911,7 @@ interface(`logging_rw_generic_logs',`
- 
-        files_search_var($1)
-        allow $1 var_log_t:dir list_dir_perms;
-+       allow $1 var_log_t:lnk_file read_lnk_file_perms;
-        rw_files_pattern($1, var_log_t, var_log_t)
- ')
- 
-@@ -923,6 +934,7 @@ interface(`logging_manage_generic_logs',`
- 
-        files_search_var($1)
-        manage_files_pattern($1, var_log_t, var_log_t)
-+       allow $1 var_log_t:lnk_file read_lnk_file_perms;
- ')
- 
- ########################################
-diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
-index a3a25c2..a45c68e 100644
---- a/policy/modules/system/logging.te
-+++ b/policy/modules/system/logging.te
-@@ -139,6 +139,7 @@ allow auditd_t auditd_etc_t:file read_file_perms;
- manage_files_pattern(auditd_t, auditd_log_t, auditd_log_t)
- manage_lnk_files_pattern(auditd_t, auditd_log_t, auditd_log_t)
- allow auditd_t var_log_t:dir search_dir_perms;
-+allow auditd_t var_log_t:lnk_file read_lnk_file_perms;
- 
- manage_files_pattern(auditd_t, auditd_var_run_t, auditd_var_run_t)
- manage_sock_files_pattern(auditd_t, auditd_var_run_t, auditd_var_run_t)
--- 
-1.7.9.5
diff --git a/recipes-security/refpolicy/refpolicy-2.20120725/poky-policy-add-syslogd_t-to-trusted-object.patch b/recipes-security/refpolicy/refpolicy-2.20120725/poky-policy-add-syslogd_t-to-trusted-object.patch
deleted file mode 100644
index 9b5db54..0000000
--- a/recipes-security/refpolicy/refpolicy-2.20120725/poky-policy-add-syslogd_t-to-trusted-object.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-Subject: [PATCH] Add the syslogd_t to trusted object
-
-We add the syslogd_t to trusted object, because other process need
-to have the right to connectto/sendto /dev/log.
-
-Upstream-Status: Inappropriate [only for Poky]
-
-Signed-off-by: Roy.Li <rongqing.li@windriver.com>
-Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
----
- policy/modules/system/logging.te |    1 +
- 1 files changed, 1 insertions(+), 0 deletions(-)
-
-diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
-index 0034021..b6b0ddf 100644
---- a/policy/modules/system/logging.te
-+++ b/policy/modules/system/logging.te
-@@ -444,6 +444,7 @@ fs_getattr_all_fs(syslogd_t)
- fs_search_auto_mountpoints(syslogd_t)
- 
- mls_file_write_all_levels(syslogd_t) # Need to be able to write to /var/run/ and /var/log directories
-+mls_trusted_object(syslogd_t) # Other process need to have the right to connectto/sendto /dev/log
- 
- term_write_console(syslogd_t)
- # Allow syslog to a terminal
--- 
-1.7.5.4
-
diff --git a/recipes-security/refpolicy/refpolicy-2.20120725/poky-policy-allow-dbusd-to-exec-shell-commands.patch b/recipes-security/refpolicy/refpolicy-2.20120725/poky-policy-allow-dbusd-to-exec-shell-commands.patch
deleted file mode 100644
index 6207e40..0000000
--- a/recipes-security/refpolicy/refpolicy-2.20120725/poky-policy-allow-dbusd-to-exec-shell-commands.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-Subject: [PATCH] allow dbusd to exec shell commands.
-
-Upstream-Status: Inappropriate [only for Poky]
-
-Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
----
- policy/modules/contrib/dbus.te |    2 ++
- 1 files changed, 2 insertions(+), 0 deletions(-)
-
-diff --git a/policy/modules/contrib/dbus.te b/policy/modules/contrib/dbus.te
-index 529944b..bb76257 100644
---- a/policy/modules/contrib/dbus.te
-+++ b/policy/modules/contrib/dbus.te
-@@ -111,6 +111,8 @@ corecmd_list_bin(system_dbusd_t)
- corecmd_read_bin_pipes(system_dbusd_t)
- corecmd_read_bin_sockets(system_dbusd_t)
- 
-+corecmd_exec_shell(system_dbusd_t)
-+
- domain_use_interactive_fds(system_dbusd_t)
- domain_read_all_domains_state(system_dbusd_t)
- 
--- 
-1.7.5.4
-
diff --git a/recipes-security/refpolicy/refpolicy-2.20120725/poky-policy-allow-dbusd-to-setrlimit-itself.patch b/recipes-security/refpolicy/refpolicy-2.20120725/poky-policy-allow-dbusd-to-setrlimit-itself.patch
deleted file mode 100644
index 6eded62..0000000
--- a/recipes-security/refpolicy/refpolicy-2.20120725/poky-policy-allow-dbusd-to-setrlimit-itself.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-Subject: [PATCH] allow system_dbusd_t to setrlimit itself.
-
-avc:  denied  { setrlimit } for  pid=391 comm="dbus-daemon"
-    scontext=system_u:system_r:system_dbusd_t:s0-s15:c0.c1023
-    tcontext=system_u:system_r:system_dbusd_t:s0-s15:c0.c1023 tclass=proces
-
-Upstream-Status: Inappropriate [only for Poky]
-
-Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
----
- policy/modules/contrib/dbus.te |    2 +-
- 1 files changed, 1 insertions(+), 1 deletions(-)
-
-diff --git a/policy/modules/contrib/dbus.te b/policy/modules/contrib/dbus.te
-index 625cb32..529944b 100644
---- a/policy/modules/contrib/dbus.te
-+++ b/policy/modules/contrib/dbus.te
-@@ -53,7 +53,7 @@ ifdef(`enable_mls',`
- # cjp: dac_override should probably go in a distro_debian
- allow system_dbusd_t self:capability { dac_override setgid setpcap setuid };
- dontaudit system_dbusd_t self:capability sys_tty_config;
--allow system_dbusd_t self:process { getattr getsched signal_perms setpgid getcap setcap };
-+allow system_dbusd_t self:process { getattr getsched signal_perms setpgid getcap setcap setrlimit };
- allow system_dbusd_t self:fifo_file rw_fifo_file_perms;
- allow system_dbusd_t self:dbus { send_msg acquire_svc };
- allow system_dbusd_t self:unix_stream_socket { connectto create_stream_socket_perms connectto };
--- 
-1.7.5.4
-
diff --git a/recipes-security/refpolicy/refpolicy-2.20120725/poky-policy-allow-nfsd-to-bind-nfs-port.patch b/recipes-security/refpolicy/refpolicy-2.20120725/poky-policy-allow-nfsd-to-bind-nfs-port.patch
deleted file mode 100644
index e643b10..0000000
--- a/recipes-security/refpolicy/refpolicy-2.20120725/poky-policy-allow-nfsd-to-bind-nfs-port.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-Subject: [PATCH] refpolicy: allow nfsd to bind nfs port
-
-NFS server need bind to tcp/udp 2049,20048-20049 port, but no
-these rules in default refpolicy. So add the allow rules.
-
-Upstream-Status: Pending
-
-Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
----
- policy/modules/contrib/rpc.te           |  2 ++
- policy/modules/kernel/corenetwork.te    | 10 ++++++++++
- policy/modules/kernel/corenetwork.te.in |  1 +
- 3 files changed, 13 insertions(+)
-
-diff --git a/policy/modules/contrib/rpc.te b/policy/modules/contrib/rpc.te
-index 0fc7ddd..03783ae 100644
---- a/policy/modules/contrib/rpc.te
-+++ b/policy/modules/contrib/rpc.te
-@@ -128,6 +128,8 @@ corecmd_exec_shell(nfsd_t)
- 
- corenet_tcp_bind_all_rpc_ports(nfsd_t)
- corenet_udp_bind_all_rpc_ports(nfsd_t)
-+corenet_tcp_bind_nfs_port(nfsd_t)
-+corenet_udp_bind_nfs_port(nfsd_t)
- 
- dev_dontaudit_getattr_all_blk_files(nfsd_t)
- dev_dontaudit_getattr_all_chr_files(nfsd_t)
-diff --git a/policy/modules/kernel/corenetwork.te b/policy/modules/kernel/corenetwork.te
-index a5276af..8fca50e 100644
---- a/policy/modules/kernel/corenetwork.te
-+++ b/policy/modules/kernel/corenetwork.te
-@@ -849,6 +849,16 @@ portcon tcp 5405 gen_context(system_u:object_r:netsupport_port_t,s0)
- portcon udp 5405 gen_context(system_u:object_r:netsupport_port_t,s0)
- 
- 
-+type nfs_port_t, port_type, defined_port_type;
-+type nfs_client_packet_t, packet_type, client_packet_type;
-+type nfs_server_packet_t, packet_type, server_packet_type;
-+typeattribute nfs_port_t unreserved_port_type;
-+portcon tcp 2049 gen_context(system_u:object_r:nfs_port_t,s0)
-+portcon udp 2049 gen_context(system_u:object_r:nfs_port_t,s0)
-+portcon tcp 20048-20049 gen_context(system_u:object_r:nfs_port_t,s0)
-+portcon udp 20048-20049 gen_context(system_u:object_r:nfs_port_t,s0)
-+
-+
- type nmbd_port_t, port_type, defined_port_type;
- type nmbd_client_packet_t, packet_type, client_packet_type;
- type nmbd_server_packet_t, packet_type, server_packet_type;
-diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in
-index fe2ee5e..fca0bc3 100644
---- a/policy/modules/kernel/corenetwork.te.in
-+++ b/policy/modules/kernel/corenetwork.te.in
-@@ -164,6 +164,7 @@ network_port(mysqlmanagerd, tcp,2273,s0)
- network_port(nessus, tcp,1241,s0)
- network_port(netport, tcp,3129,s0, udp,3129,s0)
- network_port(netsupport, tcp,5404,s0, udp,5404,s0, tcp,5405,s0, udp,5405,s0)
-+network_port(nfs, tcp,2049,s0, udp,2049,s0, tcp,20048-20049,s0, udp,20048-20049,s0)
- network_port(nmbd, udp,137,s0, udp,138,s0)
- network_port(ntop, tcp,3000-3001,s0, udp,3000-3001,s0)
- network_port(ntp, udp,123,s0)
--- 
-1.7.11.7
-
diff --git a/recipes-security/refpolicy/refpolicy-2.20120725/poky-policy-allow-nfsd-to-exec-shell-commands.patch b/recipes-security/refpolicy/refpolicy-2.20120725/poky-policy-allow-nfsd-to-exec-shell-commands.patch
deleted file mode 100644
index f1fcc4c..0000000
--- a/recipes-security/refpolicy/refpolicy-2.20120725/poky-policy-allow-nfsd-to-exec-shell-commands.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-Subject: [PATCH] allow nfsd to exec shell commands.
-
-Upstream-Status: Inappropriate [only for Poky]
-
-Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
----
- policy/modules/contrib/rpc.te   |    7 +++++++
- policy/modules/kernel/kernel.if |   18 ++++++++++++++++++
- 2 files changed, 25 insertions(+), 0 deletions(-)
-
-diff --git a/policy/modules/contrib/rpc.te b/policy/modules/contrib/rpc.te
-index 330d01f..fde39d2 100644
---- a/policy/modules/contrib/rpc.te
-+++ b/policy/modules/contrib/rpc.te
-@@ -120,6 +120,11 @@ allow nfsd_t { nfsd_rw_t nfsd_ro_t }:dir list_dir_perms;
- kernel_read_system_state(nfsd_t)
- kernel_read_network_state(nfsd_t)
- kernel_dontaudit_getattr_core_if(nfsd_t)
-+kernel_setsched(nfsd_t)
-+kernel_request_load_module(nfsd_t)
-+kernel_mounton_proc(nfsd_t)
-+
-+corecmd_exec_shell(nfsd_t)
- 
- corenet_tcp_bind_all_rpc_ports(nfsd_t)
- corenet_udp_bind_all_rpc_ports(nfsd_t)
-@@ -174,6 +179,8 @@ tunable_policy(`nfs_export_all_ro',`
-        files_read_non_auth_files(nfsd_t)
- ')
- 
-+mount_exec(nfsd_t)
-+
- ########################################
- #
- # GSSD local policy
-diff --git a/policy/modules/kernel/kernel.if b/policy/modules/kernel/kernel.if
-index 4bf45cb..25e7b1b 100644
---- a/policy/modules/kernel/kernel.if
-+++ b/policy/modules/kernel/kernel.if
-@@ -785,6 +785,24 @@ interface(`kernel_unmount_proc',`
- 
- ########################################
- ## <summary>
-+##     Mounton a proc filesystem.
-+## </summary>
-+## <param name="domain">
-+##     <summary>
-+##     Domain allowed access.
-+##     </summary>
-+## </param>
-+#
-+interface(`kernel_mounton_proc',`
-+       gen_require(`
-+               type proc_t;
-+       ')
-+
-+       allow $1 proc_t:dir mounton;
-+')
-+
-+########################################
-+## <summary>
- ##     Get the attributes of the proc filesystem.
- ## </summary>
- ## <param name="domain">
--- 
-1.7.5.4
-
diff --git a/recipes-security/refpolicy/refpolicy-2.20120725/poky-policy-allow-setfiles_t-to-read-symlinks.patch b/recipes-security/refpolicy/refpolicy-2.20120725/poky-policy-allow-setfiles_t-to-read-symlinks.patch
deleted file mode 100644
index 15dc506..0000000
--- a/recipes-security/refpolicy/refpolicy-2.20120725/poky-policy-allow-setfiles_t-to-read-symlinks.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-Subject: [PATCH] fix setfiles_t to read symlinks
-
-Upstream-Status: Pending 
-
-Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
----
- policy/modules/system/selinuxutil.te |    3 +++
- 1 files changed, 3 insertions(+), 0 deletions(-)
-
-diff --git a/policy/modules/system/selinuxutil.te b/policy/modules/system/selinuxutil.te
-index ec01d0b..45ed81b 100644
---- a/policy/modules/system/selinuxutil.te
-+++ b/policy/modules/system/selinuxutil.te
-@@ -553,6 +553,9 @@ files_list_all(setfiles_t)
- files_relabel_all_files(setfiles_t)
- files_read_usr_symlinks(setfiles_t)
- 
-+# needs to be able to read symlinks to make restorecon on symlink working
-+files_read_all_symlinks(setfiles_t)
-+
- fs_getattr_xattr_fs(setfiles_t)
- fs_list_all(setfiles_t)
- fs_search_auto_mountpoints(setfiles_t)
--- 
-1.7.5.4
-
diff --git a/recipes-security/refpolicy/refpolicy-2.20120725/poky-policy-don-t-audit-tty_device_t.patch b/recipes-security/refpolicy/refpolicy-2.20120725/poky-policy-don-t-audit-tty_device_t.patch
deleted file mode 100644
index d7e407b..0000000
--- a/recipes-security/refpolicy/refpolicy-2.20120725/poky-policy-don-t-audit-tty_device_t.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-Subject: [PATCH] don't audit tty_device_t in term_dontaudit_use_console.
-
-We should also not audit terminal to rw tty_device_t and fds in 
-term_dontaudit_use_console. 
-
-Upstream-Status: Inappropriate [only for Poky]
-
-Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
----
- policy/modules/kernel/terminal.if |    3 +++
- 1 files changed, 3 insertions(+), 0 deletions(-)
-
-diff --git a/policy/modules/kernel/terminal.if b/policy/modules/kernel/terminal.if
-index f9d46cc..234e0b8 100644
---- a/policy/modules/kernel/terminal.if
-+++ b/policy/modules/kernel/terminal.if
-@@ -299,9 +299,12 @@ interface(`term_use_console',`
- interface(`term_dontaudit_use_console',`
-        gen_require(`
-                type console_device_t;
-+               type tty_device_t;
-        ')
- 
-+       init_dontaudit_use_fds($1)
-        dontaudit $1 console_device_t:chr_file rw_chr_file_perms;
-+       dontaudit $1 tty_device_t:chr_file rw_chr_file_perms;
- ')
- 
- ########################################
--- 
-1.7.5.4
-
diff --git a/recipes-security/refpolicy/refpolicy-2.20120725/poky-policy-fix-new-SELINUXMNT-in-sys.patch b/recipes-security/refpolicy/refpolicy-2.20120725/poky-policy-fix-new-SELINUXMNT-in-sys.patch
deleted file mode 100644
index fa0a274..0000000
--- a/recipes-security/refpolicy/refpolicy-2.20120725/poky-policy-fix-new-SELINUXMNT-in-sys.patch
+++ /dev/null
@@ -1,213 +0,0 @@
-Subject: [PATCH] fix for new SELINUXMNT in /sys
-
-SELINUXMNT is now from /selinux to /sys/fs/selinux, so we should
-add rules to access sysfs.
-
-Upstream-Status: Inappropriate [only for Poky]
-
-Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
----
- policy/modules/kernel/selinux.if |   40 ++++++++++++++++++++++++++++++++++++++
- 1 files changed, 40 insertions(+), 0 deletions(-)
-
-diff --git a/policy/modules/kernel/selinux.if b/policy/modules/kernel/selinux.if
-index 81440c5..b57ec34 100644
---- a/policy/modules/kernel/selinux.if
-+++ b/policy/modules/kernel/selinux.if
-@@ -58,6 +58,10 @@ interface(`selinux_get_fs_mount',`
-                type security_t;
-        ')
- 
-+       # SELINUXMNT is now /sys/fs/selinux, so we should add rules to 
-+       # access sysfs
-+       dev_getattr_sysfs_dirs($1)
-+       dev_search_sysfs($1)
-        # starting in libselinux 2.0.5, init_selinuxmnt() will
-        # attempt to short circuit by checking if SELINUXMNT
-        # (/selinux) is already a selinuxfs
-@@ -84,6 +88,7 @@ interface(`selinux_dontaudit_get_fs_mount',`
-                type security_t;
-        ')
- 
-+       dev_dontaudit_search_sysfs($1)
-        # starting in libselinux 2.0.5, init_selinuxmnt() will
-        # attempt to short circuit by checking if SELINUXMNT
-        # (/selinux) is already a selinuxfs
-@@ -109,6 +114,8 @@ interface(`selinux_mount_fs',`
-                type security_t;
-        ')
- 
-+       dev_getattr_sysfs_dirs($1)
-+       dev_search_sysfs($1)
-        allow $1 security_t:filesystem mount;
- ')
- 
-@@ -128,6 +135,8 @@ interface(`selinux_remount_fs',`
-                type security_t;
-        ')
- 
-+       dev_getattr_sysfs_dirs($1)
-+       dev_search_sysfs($1)
-        allow $1 security_t:filesystem remount;
- ')
- 
-@@ -146,6 +155,8 @@ interface(`selinux_unmount_fs',`
-                type security_t;
-        ')
- 
-+       dev_getattr_sysfs_dirs($1)
-+       dev_search_sysfs($1)
-        allow $1 security_t:filesystem unmount;
- ')
- 
-@@ -164,6 +175,8 @@ interface(`selinux_getattr_fs',`
-                type security_t;
-        ')
- 
-+       dev_getattr_sysfs_dirs($1)
-+       dev_search_sysfs($1)
-        allow $1 security_t:filesystem getattr;
- ')
- 
-@@ -183,6 +196,7 @@ interface(`selinux_dontaudit_getattr_fs',`
-                type security_t;
-        ')
- 
-+       dev_dontaudit_search_sysfs($1)
-        dontaudit $1 security_t:filesystem getattr;
- ')
- 
-@@ -202,6 +216,7 @@ interface(`selinux_dontaudit_getattr_dir',`
-                type security_t;
-        ')
- 
-+       dev_dontaudit_search_sysfs($1)
-        dontaudit $1 security_t:dir getattr;
- ')
- 
-@@ -220,6 +235,8 @@ interface(`selinux_search_fs',`
-                type security_t;
-        ')
- 
-+       dev_getattr_sysfs_dirs($1)
-+       dev_search_sysfs($1)
-        allow $1 security_t:dir search_dir_perms;
- ')
- 
-@@ -238,6 +255,7 @@ interface(`selinux_dontaudit_search_fs',`
-                type security_t;
-        ')
- 
-+       dev_dontaudit_search_sysfs($1)
-        dontaudit $1 security_t:dir search_dir_perms;
- ')
- 
-@@ -257,6 +275,7 @@ interface(`selinux_dontaudit_read_fs',`
-                type security_t;
-        ')
- 
-+       dev_dontaudit_search_sysfs($1)
-        dontaudit $1 security_t:dir search_dir_perms;
-        dontaudit $1 security_t:file read_file_perms;
- ')
-@@ -342,6 +361,8 @@ interface(`selinux_load_policy',`
-                bool secure_mode_policyload;
-        ')
- 
-+       dev_getattr_sysfs_dirs($1)
-+       dev_search_sysfs($1)
-        allow $1 security_t:dir list_dir_perms;
-        allow $1 security_t:file rw_file_perms;
-        typeattribute $1 can_load_policy;
-@@ -371,6 +392,8 @@ interface(`selinux_read_policy',`
-                type security_t;
-        ')
- 
-+       dev_getattr_sysfs_dirs($1)
-+       dev_search_sysfs($1)
-        allow $1 security_t:dir list_dir_perms;
-        allow $1 security_t:file read_file_perms;
-        allow $1 security_t:security read_policy;
-@@ -435,6 +458,8 @@ interface(`selinux_set_generic_booleans',`
-                type security_t;
-        ')
- 
-+       dev_getattr_sysfs_dirs($1)
-+       dev_search_sysfs($1)
-        allow $1 security_t:dir list_dir_perms;
-        allow $1 security_t:file rw_file_perms;
- 
-@@ -475,6 +500,8 @@ interface(`selinux_set_all_booleans',`
-                bool secure_mode_policyload;
-        ')
- 
-+       dev_getattr_sysfs_dirs($1)
-+       dev_search_sysfs($1)
-        allow $1 security_t:dir list_dir_perms;
-        allow $1 { boolean_type -secure_mode_policyload_t }:file rw_file_perms;
-        allow $1 secure_mode_policyload_t:file read_file_perms;
-@@ -519,6 +546,8 @@ interface(`selinux_set_parameters',`
-                attribute can_setsecparam;
-        ')
- 
-+       dev_getattr_sysfs_dirs($1)
-+       dev_search_sysfs($1)
-        allow $1 security_t:dir list_dir_perms;
-        allow $1 security_t:file rw_file_perms;
-        allow $1 security_t:security setsecparam;
-@@ -563,6 +592,7 @@ interface(`selinux_dontaudit_validate_context',`
-                type security_t;
-        ')
- 
-+       dev_dontaudit_search_sysfs($1)
-        dontaudit $1 security_t:dir list_dir_perms;
-        dontaudit $1 security_t:file rw_file_perms;
-        dontaudit $1 security_t:security check_context;
-@@ -584,6 +614,8 @@ interface(`selinux_compute_access_vector',`
-                type security_t;
-        ')
- 
-+       dev_getattr_sysfs_dirs($1)
-+       dev_search_sysfs($1)
-        allow $1 security_t:dir list_dir_perms;
-        allow $1 security_t:file rw_file_perms;
-        allow $1 security_t:security compute_av;
-@@ -605,6 +637,8 @@ interface(`selinux_compute_create_context',`
-                type security_t;
-        ')
- 
-+       dev_getattr_sysfs_dirs($1)
-+       dev_search_sysfs($1)
-        allow $1 security_t:dir list_dir_perms;
-        allow $1 security_t:file rw_file_perms;
-        allow $1 security_t:security compute_create;
-@@ -626,6 +660,8 @@ interface(`selinux_compute_member',`
-                type security_t;
-        ')
- 
-+       dev_getattr_sysfs_dirs($1)
-+       dev_search_sysfs($1)
-        allow $1 security_t:dir list_dir_perms;
-        allow $1 security_t:file rw_file_perms;
-        allow $1 security_t:security compute_member;
-@@ -655,6 +691,8 @@ interface(`selinux_compute_relabel_context',`
-                type security_t;
-        ')
- 
-+       dev_getattr_sysfs_dirs($1)
-+       dev_search_sysfs($1)
-        allow $1 security_t:dir list_dir_perms;
-        allow $1 security_t:file rw_file_perms;
-        allow $1 security_t:security compute_relabel;
-@@ -675,6 +713,8 @@ interface(`selinux_compute_user_contexts',`
-                type security_t;
-        ')
- 
-+       dev_getattr_sysfs_dirs($1)
-+       dev_search_sysfs($1)
-        allow $1 security_t:dir list_dir_perms;
-        allow $1 security_t:file rw_file_perms;
-        allow $1 security_t:security compute_user;
--- 
-1.7.5.4
-
diff --git a/recipes-security/refpolicy/refpolicy-2.20120725/poky-policy-fix-nfsd_t-to-mount_nfsd_fs_t.patch b/recipes-security/refpolicy/refpolicy-2.20120725/poky-policy-fix-nfsd_t-to-mount_nfsd_fs_t.patch
deleted file mode 100644
index 42ee31e..0000000
--- a/recipes-security/refpolicy/refpolicy-2.20120725/poky-policy-fix-nfsd_t-to-mount_nfsd_fs_t.patch
+++ /dev/null
@@ -1,70 +0,0 @@
-Subject: [PATCH] fix policy for nfsserver to mount nfsd_fs_t.
-
-Upstream-Status: Pending
-
-Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
----
- policy/modules/contrib/rpc.te       |    6 +++++-
- policy/modules/contrib/rpcbind.te   |    5 +++++
- policy/modules/kernel/filesystem.te |    1 +
- policy/modules/kernel/kernel.te     |    1 +
- 4 files changed, 12 insertions(+), 1 deletions(-)
-
-diff --git a/policy/modules/contrib/rpc.te b/policy/modules/contrib/rpc.te
-index fde39d2..0fc7ddd 100644
---- a/policy/modules/contrib/rpc.te
-+++ b/policy/modules/contrib/rpc.te
-@@ -179,7 +179,11 @@ tunable_policy(`nfs_export_all_ro',`
-        files_read_non_auth_files(nfsd_t)
- ')
- 
--mount_exec(nfsd_t)
-+# Should domtrans to mount_t while mounting nfsd_fs_t.
-+mount_domtrans(nfsd_t)
-+# nfsd_t need to chdir to /var/lib/nfs and read files.
-+files_list_var(nfsd_t)
-+rpc_read_nfs_state_data(nfsd_t)
- 
- ########################################
- #
-diff --git a/policy/modules/contrib/rpcbind.te b/policy/modules/contrib/rpcbind.te
-index a63e9ee..55397d9 100644
---- a/policy/modules/contrib/rpcbind.te
-+++ b/policy/modules/contrib/rpcbind.te
-@@ -67,3 +67,8 @@ logging_send_syslog_msg(rpcbind_t)
- miscfiles_read_localization(rpcbind_t)
- 
- sysnet_dns_name_resolve(rpcbind_t)
-+
-+# nfsd_t would not be allowed to send unix_stream_socket to rpcbind_t,
-+# because the are running in different level. So add rules to allow this.
-+mls_socket_read_all_levels(rpcbind_t)
-+mls_socket_write_all_levels(rpcbind_t)
-diff --git a/policy/modules/kernel/filesystem.te b/policy/modules/kernel/filesystem.te
-index 376bae8..310d992 100644
---- a/policy/modules/kernel/filesystem.te
-+++ b/policy/modules/kernel/filesystem.te
-@@ -118,6 +118,7 @@ genfscon mvfs / gen_context(system_u:object_r:mvfs_t,s0)
- 
- type nfsd_fs_t;
- fs_type(nfsd_fs_t)
-+files_mountpoint(nfsd_fs_t)
- genfscon nfsd / gen_context(system_u:object_r:nfsd_fs_t,s0)
- 
- type oprofilefs_t;
-diff --git a/policy/modules/kernel/kernel.te b/policy/modules/kernel/kernel.te
-index ab9b6cd..15d3814 100644
---- a/policy/modules/kernel/kernel.te
-+++ b/policy/modules/kernel/kernel.te
-@@ -284,6 +284,8 @@ mls_process_read_up(kernel_t)
- mls_process_write_down(kernel_t)
- mls_file_write_all_levels(kernel_t)
- mls_file_read_all_levels(kernel_t)
-+mls_socket_write_all_levels(kernel_t)
-+mls_fd_use_all_levels(kernel_t)
- 
- ifdef(`distro_redhat',`
-        # Bugzilla 222337
--- 
-1.7.5.4
-
diff --git a/recipes-security/refpolicy/refpolicy-2.20120725/poky-policy-fix-seutils-manage-config-files.patch b/recipes-security/refpolicy/refpolicy-2.20120725/poky-policy-fix-seutils-manage-config-files.patch
deleted file mode 100644
index bd76004..0000000
--- a/recipes-security/refpolicy/refpolicy-2.20120725/poky-policy-fix-seutils-manage-config-files.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-Subject: [PATCH] refpolicy: fix selinux utils to manage config files
-
-Upstream-Status: Pending
-
-Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
----
- policy/modules/system/selinuxutil.if |    1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/policy/modules/system/selinuxutil.if b/policy/modules/system/selinuxutil.if
-index 3822072..db03ca1 100644
---- a/policy/modules/system/selinuxutil.if
-+++ b/policy/modules/system/selinuxutil.if
-@@ -680,6 +680,7 @@ interface(`seutil_manage_config',`
-        ')
- 
-        files_search_etc($1)
-+       manage_dirs_pattern($1, selinux_config_t, selinux_config_t)
-        manage_files_pattern($1, selinux_config_t, selinux_config_t)
-        read_lnk_files_pattern($1, selinux_config_t, selinux_config_t)
- ')
-diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
-index e720dcd..6b6a5b3 100644
---- a/policy/modules/system/userdomain.if
-+++ b/policy/modules/system/userdomain.if
-@@ -1235,6 +1235,10 @@ template(`userdom_security_admin_template',`
-        logging_read_audit_config($1)
- 
-        seutil_manage_bin_policy($1)
-+       seutil_manage_default_contexts($1)
-+       seutil_manage_file_contexts($1)
-+       seutil_manage_module_store($1)
-+       seutil_manage_config($1)
-        seutil_run_checkpolicy($1, $2)
-        seutil_run_loadpolicy($1, $2)
-        seutil_run_semanage($1, $2)
--- 
-1.7.9.5
-
diff --git a/recipes-security/refpolicy/refpolicy-2.20120725/poky-policy-fix-xconsole_device_t-as-a-dev_node.patch b/recipes-security/refpolicy/refpolicy-2.20120725/poky-policy-fix-xconsole_device_t-as-a-dev_node.patch
deleted file mode 100644
index 87ac790..0000000
--- a/recipes-security/refpolicy/refpolicy-2.20120725/poky-policy-fix-xconsole_device_t-as-a-dev_node.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-Subject: [PATCH] fix xconsole_device_t as a dev_node.
-
-Upstream-Status: Inappropriate [only for Poky]
-
-Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
----
- policy/modules/services/xserver.te |    1 +
- 1 files changed, 1 insertions(+), 0 deletions(-)
-
-diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
-index d40f750..5bb97e9 100644
---- a/policy/modules/services/xserver.te
-+++ b/policy/modules/services/xserver.te
-@@ -151,6 +151,7 @@ userdom_user_tmp_file(xauth_tmp_t)
- # this is not actually a device, its a pipe
- type xconsole_device_t;
- files_type(xconsole_device_t)
-+dev_node(xconsole_device_t)
- fs_associate_tmpfs(xconsole_device_t)
- files_associate_tmp(xconsole_device_t)
- 
--- 
-1.7.5.4
-
diff --git a/recipes-security/refpolicy/refpolicy-mls_2.20120725.bb b/recipes-security/refpolicy/refpolicy-mls_2.20120725.bb
deleted file mode 100644
index 4d75322..0000000
--- a/recipes-security/refpolicy/refpolicy-mls_2.20120725.bb
+++ /dev/null
@@ -1,24 +0,0 @@
-SUMMARY = "MLS (Multi Level Security) variant of the SELinux policy"
-DESCRIPTION = "\
-This is the reference policy for SE Linux built with MLS support. \
-It allows giving data labels such as \"Top Secret\" and preventing \
-such data from leaking to processes or files with lower classification. \
-"
-
-PR = "r3"
-
-POLICY_NAME = "mls"
-POLICY_TYPE = "mls"
-POLICY_DISTRO = "redhat"
-POLICY_UBAC = "n"
-POLICY_UNK_PERMS = "allow"
-POLICY_DIRECT_INITRC = "n"
-POLICY_MONOLITHIC = "n"
-POLICY_CUSTOM_BUILDOPT = ""
-POLICY_QUIET = "y"
-
-POLICY_MLS_SENS = "16"
-POLICY_MLS_CATS = "1024"
-POLICY_MCS_CATS = "1024"
-
-include refpolicy_${PV}.inc
diff --git a/recipes-security/refpolicy/refpolicy-standard_2.20120725.bb b/recipes-security/refpolicy/refpolicy-standard_2.20120725.bb
deleted file mode 100644
index 1f3030a..0000000
--- a/recipes-security/refpolicy/refpolicy-standard_2.20120725.bb
+++ /dev/null
@@ -1,18 +0,0 @@
-SUMMARY = "Standard variants of the SELinux policy"
-DESCRIPTION = "\
-This is the reference policy for SELinux built with type enforcement \
-only."
-
-PR = "r3"
-
-POLICY_NAME = "standard"
-POLICY_TYPE = "standard"
-POLICY_DISTRO = "redhat"
-POLICY_UBAC = "n"
-POLICY_UNK_PERMS = "allow"
-POLICY_DIRECT_INITRC = "n"
-POLICY_MONOLITHIC = "n"
-POLICY_CUSTOM_BUILDOPT = ""
-POLICY_QUIET = "y"
-
-include refpolicy_${PV}.inc
diff --git a/recipes-security/refpolicy/refpolicy_2.20120725.inc b/recipes-security/refpolicy/refpolicy_2.20120725.inc
deleted file mode 100644
index 5d1868d..0000000
--- a/recipes-security/refpolicy/refpolicy_2.20120725.inc
+++ /dev/null
@@ -1,57 +0,0 @@
-SRC_URI = "http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2;"
-SRC_URI[md5sum] = "8aaa8a23cc1b7b7045f6f134e879ddb7"
-SRC_URI[sha256sum] = "7cd46ed908a4001368e6509d93e306ec6c9af2bfa6b70db88c9eaaefe257c635"
-
-FILESEXTRAPATHS_prepend := "${THISDIR}/refpolicy-${PV}:"
-
-# Fix file contexts for Poky
-SRC_URI += "file://poky-fc-subs_dist.patch \
-            file://poky-fc-update-alternatives_sysvinit.patch \
-            file://poky-fc-update-alternatives_tinylogin.patch \
-            file://poky-fc-update-alternatives_sysklogd.patch \
-            file://poky-fc-update-alternatives_hostname.patch \
-            file://poky-fc-fix-prefix-path_rpc.patch \
-            file://poky-fc-fix-real-path_resolv.conf.patch \
-            file://poky-fc-fix-real-path_login.patch \
-            file://poky-fc-fix-real-path_shadow.patch \
-            file://poky-fc-fix-bind.patch \
-            file://poky-fc-fix-portmap.patch \
-            file://poky-fc-cgroup.patch \
-            file://poky-fc-clock.patch \
-            file://poky-fc-corecommands.patch \
-            file://poky-fc-dmesg.patch \
-            file://poky-fc-fstools.patch \
-            file://poky-fc-iptables.patch \
-            file://poky-fc-mta.patch \
-            file://poky-fc-netutils.patch \
-            file://poky-fc-networkmanager.patch \
-            file://poky-fc-nscd.patch \
-            file://poky-fc-screen.patch \
-            file://poky-fc-ssh.patch \
-            file://poky-fc-su.patch \
-            file://poky-fc-sysnetwork.patch \
-           "
-
-# Specific policy for Poky
-SRC_URI += "file://poky-policy-add-syslogd_t-to-trusted-object.patch \
-            file://poky-policy-add-rules-for-var-log-symlink.patch \
-            file://poky-policy-add-rules-for-var-log-symlink-apache.patch \
-            file://poky-policy-add-rules-for-var-cache-symlink.patch \
-            file://poky-policy-add-rules-for-tmp-symlink.patch \
-            file://poky-policy-add-rules-for-bsdpty_device_t.patch \
-            file://poky-policy-don-t-audit-tty_device_t.patch \
-            file://poky-policy-allow-dbusd-to-setrlimit-itself.patch \
-            file://poky-policy-allow-dbusd-to-exec-shell-commands.patch \
-            file://poky-policy-allow-nfsd-to-exec-shell-commands.patch \
-            file://poky-policy-fix-nfsd_t-to-mount_nfsd_fs_t.patch \
-            file://poky-policy-allow-nfsd-to-bind-nfs-port.patch \
-            file://poky-policy-allow-setfiles_t-to-read-symlinks.patch \
-            file://poky-policy-fix-new-SELINUXMNT-in-sys.patch \
-           "
-
-# Other policy fixes 
-SRC_URI += "file://poky-policy-fix-xconsole_device_t-as-a-dev_node.patch \
-            file://poky-policy-fix-seutils-manage-config-files.patch \
-           "
-
-include refpolicy_common.inc