2 files changed, 35 insertions, 0 deletions
diff --git a/recipes-security/refpolicy/refpolicy/0091-fc-usermanage-update-file-context-for-chfn-chsh.patch b/recipes-security/refpolicy/refpolicy/0091-fc-usermanage-update-file-context-for-chfn-chsh.patch
new file mode 100644
index 0000000..370bc64
--- /dev/null
+++ b/recipes-security/refpolicy/refpolicy/0091-fc-usermanage-update-file-context-for-chfn-chsh.patch
@@ -0,0 +1,34 @@
+From 311d4759340f2af1e1e157d571802e4367e0a46b Mon Sep 17 00:00:00 2001
+From: Yi Zhao <yi.zhao@windriver.com>
+Date: Mon, 2 Aug 2021 09:38:39 +0800
+Subject: [PATCH] fc/usermanage: update file context for chfn/chsh
+The util-linux has provided chfn and chsh since oe-core commit
+804c6b5bd3d398d5ea2a45d6bcc23c76e328ea3f. Update the file context for
+them.
+Upstream-Status: Inappropriate [embedded specific]
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ policy/modules/admin/usermanage.fc | 2 ++
+ 1 file changed, 2 insertions(+)
+diff --git a/policy/modules/admin/usermanage.fc b/policy/modules/admin/usermanage.fc
+index 6a051f8a5..bf1ff09ab 100644
+--- a/policy/modules/admin/usermanage.fc
+++ b/policy/modules/admin/usermanage.fc
+@@ -5,8 +5,10 @@ ifdef(`distro_debian',`
+ /usr/bin/chage         --      gen_context(system_u:object_r:passwd_exec_t,s0)
+ /usr/bin/chfn          --      gen_context(system_u:object_r:chfn_exec_t,s0)
+ /usr/bin/chfn\.shadow          --      gen_context(system_u:object_r:chfn_exec_t,s0)
+/usr/bin/chfn\.util-linux              --      gen_context(system_u:object_r:chfn_exec_t,s0)
+ /usr/bin/chsh          --      gen_context(system_u:object_r:chfn_exec_t,s0)
+ /usr/bin/chsh\.shadow          --      gen_context(system_u:object_r:chfn_exec_t,s0)
+/usr/bin/chsh\.util-linux              --      gen_context(system_u:object_r:chfn_exec_t,s0)
+ /usr/bin/crack_[a-z]*  --      gen_context(system_u:object_r:crack_exec_t,s0)
+ /usr/bin/cracklib-[a-z]* --    gen_context(system_u:object_r:crack_exec_t,s0)
+ /usr/bin/gpasswd       --      gen_context(system_u:object_r:groupadd_exec_t,s0)
+-- 
+2.17.1
diff --git a/recipes-security/refpolicy/refpolicy_common.inc b/recipes-security/refpolicy/refpolicy_common.inc
index 6e460cb..1bacaa9 100644
--- a/recipes-security/refpolicy/refpolicy_common.inc
+++ b/recipes-security/refpolicy/refpolicy_common.inc
@@ -108,6 +108,7 @@ SRC_URI += " \
        file://0088-policy-modules-services-bind-make-named_t-domain-MLS.patch \
        file://0089-policy-modules-services-rpc-make-rpcd_t-MLS-trusted-.patch \
        file://0090-policy-modules-system-systemd-make-_systemd_t-MLS-tr.patch \
+        file://0091-fc-usermanage-update-file-context-for-chfn-chsh.patch \
        "
 S = "${WORKDIR}/refpolicy"

diff --git a/recipes-security/refpolicy/refpolicy/0091-fc-usermanage-update-file-context-for-chfn-chsh.patch b/recipes-security/refpolicy/refpolicy/0091-fc-usermanage-update-file-context-for-chfn-chsh.patch new file mode 100644 index 0000000..370bc64 --- /dev/null +++ b/recipes-security/refpolicy/refpolicy/0091-fc-usermanage-update-file-context-for-chfn-chsh.patch
@@ -0,0 +1,34 @@
		1	From 311d4759340f2af1e1e157d571802e4367e0a46b Mon Sep 17 00:00:00 2001
		2	From: Yi Zhao <yi.zhao@windriver.com>
		3	Date: Mon, 2 Aug 2021 09:38:39 +0800
		4	Subject: [PATCH] fc/usermanage: update file context for chfn/chsh
		5
		6	The util-linux has provided chfn and chsh since oe-core commit
		7	804c6b5bd3d398d5ea2a45d6bcc23c76e328ea3f. Update the file context for
		8	them.
		9
		10	Upstream-Status: Inappropriate [embedded specific]
		11
		12	Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
		13	---
		14	policy/modules/admin/usermanage.fc \| 2 ++
		15	1 file changed, 2 insertions(+)
		16
		17	diff --git a/policy/modules/admin/usermanage.fc b/policy/modules/admin/usermanage.fc
		18	index 6a051f8a5..bf1ff09ab 100644
		19	--- a/policy/modules/admin/usermanage.fc
		20	+++ b/policy/modules/admin/usermanage.fc
		21	@@ -5,8 +5,10 @@ ifdef(`distro_debian',`
		22	/usr/bin/chage -- gen_context(system_u:object_r:passwd_exec_t,s0)
		23	/usr/bin/chfn -- gen_context(system_u:object_r:chfn_exec_t,s0)
		24	/usr/bin/chfn\.shadow -- gen_context(system_u:object_r:chfn_exec_t,s0)
		25	+/usr/bin/chfn\.util-linux -- gen_context(system_u:object_r:chfn_exec_t,s0)
		26	/usr/bin/chsh -- gen_context(system_u:object_r:chfn_exec_t,s0)
		27	/usr/bin/chsh\.shadow -- gen_context(system_u:object_r:chfn_exec_t,s0)
		28	+/usr/bin/chsh\.util-linux -- gen_context(system_u:object_r:chfn_exec_t,s0)
		29	/usr/bin/crack_[a-z]* -- gen_context(system_u:object_r:crack_exec_t,s0)
		30	/usr/bin/cracklib-[a-z]* -- gen_context(system_u:object_r:crack_exec_t,s0)
		31	/usr/bin/gpasswd -- gen_context(system_u:object_r:groupadd_exec_t,s0)
		32	--
		33	2.17.1
		34


diff --git a/recipes-security/refpolicy/refpolicy_common.inc b/recipes-security/refpolicy/refpolicy_common.inc index 6e460cb..1bacaa9 100644 --- a/recipes-security/refpolicy/refpolicy_common.inc +++ b/recipes-security/refpolicy/refpolicy_common.inc
@@ -108,6 +108,7 @@ SRC_URI += " \
108	file://0088-policy-modules-services-bind-make-named_t-domain-MLS.patch \	108	file://0088-policy-modules-services-bind-make-named_t-domain-MLS.patch \
109	file://0089-policy-modules-services-rpc-make-rpcd_t-MLS-trusted-.patch \	109	file://0089-policy-modules-services-rpc-make-rpcd_t-MLS-trusted-.patch \
110	file://0090-policy-modules-system-systemd-make-_systemd_t-MLS-tr.patch \	110	file://0090-policy-modules-system-systemd-make-_systemd_t-MLS-tr.patch \
		111	file://0091-fc-usermanage-update-file-context-for-chfn-chsh.patch \
111	"	112	"
112		113
113	S = "${WORKDIR}/refpolicy"	114	S = "${WORKDIR}/refpolicy"