2 files changed, 30 insertions, 0 deletions
diff --git a/recipes-security/refpolicy/refpolicy/0069-fc-fstools-apply-policy-to-findfs-alternative.patch b/recipes-security/refpolicy/refpolicy/0069-fc-fstools-apply-policy-to-findfs-alternative.patch
new file mode 100644
index 0000000..6535a4b
--- /dev/null
+++ b/recipes-security/refpolicy/refpolicy/0069-fc-fstools-apply-policy-to-findfs-alternative.patch
@@ -0,0 +1,29 @@
+From 3e3ec39659ae068d20efbb5f13054d90960c3c3f Mon Sep 17 00:00:00 2001
+From: Yi Zhao <yi.zhao@windriver.com>
+Date: Thu, 19 May 2022 16:51:49 +0800
+Subject: [PATCH] fc/fstools: apply policy to findfs alternative
+Add file context for findfs alternative which is provided by util-linux.
+Upstream-Status: Inappropriate [embedded specific]
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ policy/modules/system/fstools.fc | 1 +
+ 1 file changed, 1 insertion(+)
+diff --git a/policy/modules/system/fstools.fc b/policy/modules/system/fstools.fc
+index bef711850..91be0ef3d 100644
+--- a/policy/modules/system/fstools.fc
+++ b/policy/modules/system/fstools.fc
+@@ -77,6 +77,7 @@
+ /usr/sbin/fdisk                        --      gen_context(system_u:object_r:fsadm_exec_t,s0)
+ /usr/sbin/fdisk\.util-linux                    --      gen_context(system_u:object_r:fsadm_exec_t,s0)
+ /usr/sbin/findfs               --      gen_context(system_u:object_r:fsadm_exec_t,s0)
+/usr/sbin/findfs\.util-linux           --      gen_context(system_u:object_r:fsadm_exec_t,s0)
+ /usr/sbin/fsck.*               --      gen_context(system_u:object_r:fsadm_exec_t,s0)
+ /usr/sbin/gdisk                        --      gen_context(system_u:object_r:fsadm_exec_t,s0)
+ /usr/sbin/hdparm               --      gen_context(system_u:object_r:fsadm_exec_t,s0)
+-- 
+2.25.1
diff --git a/recipes-security/refpolicy/refpolicy_common.inc b/recipes-security/refpolicy/refpolicy_common.inc
index 1d5a5c0..bb0c0dd 100644
--- a/recipes-security/refpolicy/refpolicy_common.inc
+++ b/recipes-security/refpolicy/refpolicy_common.inc
@@ -84,6 +84,7 @@ SRC_URI += " \
        file://0066-systemd-add-missing-file-context-for-run-systemd-net.patch \
        file://0067-systemd-add-file-contexts-for-systemd-network-genera.patch \
        file://0068-systemd-udev-allow-udev-to-read-systemd-networkd-run.patch \
+        file://0069-fc-fstools-apply-policy-to-findfs-alternative.patch \
        "
 S = "${WORKDIR}/refpolicy"

diff --git a/recipes-security/refpolicy/refpolicy/0069-fc-fstools-apply-policy-to-findfs-alternative.patch b/recipes-security/refpolicy/refpolicy/0069-fc-fstools-apply-policy-to-findfs-alternative.patch new file mode 100644 index 0000000..6535a4b --- /dev/null +++ b/recipes-security/refpolicy/refpolicy/0069-fc-fstools-apply-policy-to-findfs-alternative.patch
@@ -0,0 +1,29 @@
		1	From 3e3ec39659ae068d20efbb5f13054d90960c3c3f Mon Sep 17 00:00:00 2001
		2	From: Yi Zhao <yi.zhao@windriver.com>
		3	Date: Thu, 19 May 2022 16:51:49 +0800
		4	Subject: [PATCH] fc/fstools: apply policy to findfs alternative
		5
		6	Add file context for findfs alternative which is provided by util-linux.
		7
		8	Upstream-Status: Inappropriate [embedded specific]
		9
		10	Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
		11	---
		12	policy/modules/system/fstools.fc \| 1 +
		13	1 file changed, 1 insertion(+)
		14
		15	diff --git a/policy/modules/system/fstools.fc b/policy/modules/system/fstools.fc
		16	index bef711850..91be0ef3d 100644
		17	--- a/policy/modules/system/fstools.fc
		18	+++ b/policy/modules/system/fstools.fc
		19	@@ -77,6 +77,7 @@
		20	/usr/sbin/fdisk -- gen_context(system_u:object_r:fsadm_exec_t,s0)
		21	/usr/sbin/fdisk\.util-linux -- gen_context(system_u:object_r:fsadm_exec_t,s0)
		22	/usr/sbin/findfs -- gen_context(system_u:object_r:fsadm_exec_t,s0)
		23	+/usr/sbin/findfs\.util-linux -- gen_context(system_u:object_r:fsadm_exec_t,s0)
		24	/usr/sbin/fsck.* -- gen_context(system_u:object_r:fsadm_exec_t,s0)
		25	/usr/sbin/gdisk -- gen_context(system_u:object_r:fsadm_exec_t,s0)
		26	/usr/sbin/hdparm -- gen_context(system_u:object_r:fsadm_exec_t,s0)
		27	--
		28	2.25.1
		29


diff --git a/recipes-security/refpolicy/refpolicy_common.inc b/recipes-security/refpolicy/refpolicy_common.inc index 1d5a5c0..bb0c0dd 100644 --- a/recipes-security/refpolicy/refpolicy_common.inc +++ b/recipes-security/refpolicy/refpolicy_common.inc
@@ -84,6 +84,7 @@ SRC_URI += " \
84	file://0066-systemd-add-missing-file-context-for-run-systemd-net.patch \	84	file://0066-systemd-add-missing-file-context-for-run-systemd-net.patch \
85	file://0067-systemd-add-file-contexts-for-systemd-network-genera.patch \	85	file://0067-systemd-add-file-contexts-for-systemd-network-genera.patch \
86	file://0068-systemd-udev-allow-udev-to-read-systemd-networkd-run.patch \	86	file://0068-systemd-udev-allow-udev-to-read-systemd-networkd-run.patch \
		87	file://0069-fc-fstools-apply-policy-to-findfs-alternative.patch \
87	"	88	"
88		89
89	S = "${WORKDIR}/refpolicy"	90	S = "${WORKDIR}/refpolicy"