1 files changed, 0 insertions, 149 deletions
diff --git a/recipes-security/refpolicy/refpolicy-2.20170204/poky-policy-add-rules-for-bsdpty_device_t.patch b/recipes-security/refpolicy/refpolicy-2.20170204/poky-policy-add-rules-for-bsdpty_device_t.patch
deleted file mode 100644
index 7be7147..0000000
--- a/recipes-security/refpolicy/refpolicy-2.20170204/poky-policy-add-rules-for-bsdpty_device_t.patch
+++ /dev/null
@@ -1,149 +0,0 @@
-From c0b65c327b9354ee5c403cbde428e762ce3f327e Mon Sep 17 00:00:00 2001
-From: Xin Ouyang <Xin.Ouyang@windriver.com>
-Date: Thu, 22 Aug 2013 13:37:23 +0800
-Subject: [PATCH 5/6] add rules for bsdpty_device_t to complete pty devices.
-Upstream-Status: Pending
-Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
-Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
---
- policy/modules/kernel/terminal.if |   16 ++++++++++++++++
- 1 file changed, 16 insertions(+)
--- a/policy/modules/kernel/terminal.if
-+++ b/policy/modules/kernel/terminal.if
-@@ -585,13 +585,15 @@ interface(`term_getattr_generic_ptys',`
- ## </param>
- #
- interface(`term_dontaudit_getattr_generic_ptys',`
-        gen_require(`
-                type devpts_t;
-+               type bsdpty_device_t;
-        ')
- 
-        dontaudit $1 devpts_t:chr_file getattr;
-+       dontaudit $1 bsdpty_device_t:chr_file getattr;
- ')
- ########################################
- ## <summary>
- ##     ioctl of generic pty devices.
- ## </summary>
-@@ -603,15 +605,17 @@ interface(`term_dontaudit_getattr_generi
- #
- # cjp: added for ppp
- interface(`term_ioctl_generic_ptys',`
-        gen_require(`
-                type devpts_t;
-+               type bsdpty_device_t;
-        ')
- 
-        dev_list_all_dev_nodes($1)
-        allow $1 devpts_t:dir search;
-        allow $1 devpts_t:chr_file ioctl;
-+       allow $1 bsdpty_device_t:chr_file ioctl;
- ')
- 
- ########################################
- ## <summary>
- ##     Allow setting the attributes of
-@@ -625,13 +629,15 @@ interface(`term_ioctl_generic_ptys',`
- #
- # dwalsh: added for rhgb
- interface(`term_setattr_generic_ptys',`
-        gen_require(`
-                type devpts_t;
-+               type bsdpty_device_t;
-        ')
- 
-        allow $1 devpts_t:chr_file setattr;
-+       allow $1 bsdpty_device_t:chr_file setattr;
- ')
- 
- ########################################
- ## <summary>
- ##     Dontaudit setting the attributes of
-@@ -645,13 +651,15 @@ interface(`term_setattr_generic_ptys',`
- #
- # dwalsh: added for rhgb
- interface(`term_dontaudit_setattr_generic_ptys',`
-        gen_require(`
-                type devpts_t;
-+               type bsdpty_device_t;
-        ')
- 
-        dontaudit $1 devpts_t:chr_file setattr;
-+       dontaudit $1 bsdpty_device_t:chr_file setattr;
- ')
- 
- ########################################
- ## <summary>
- ##     Read and write the generic pty
-@@ -665,15 +673,17 @@ interface(`term_dontaudit_setattr_generi
- ## </param>
- #
- interface(`term_use_generic_ptys',`
-        gen_require(`
-                type devpts_t;
-+               type bsdpty_device_t;
-        ')
- 
-        dev_list_all_dev_nodes($1)
-        allow $1 devpts_t:dir list_dir_perms;
-        allow $1 devpts_t:chr_file { rw_term_perms lock append };
-+       allow $1 bsdpty_device_t:chr_file { rw_term_perms lock append };
- ')
- 
- ########################################
- ## <summary>
- ##     Dot not audit attempts to read and
-@@ -687,13 +697,15 @@ interface(`term_use_generic_ptys',`
- ## </param>
- #
- interface(`term_dontaudit_use_generic_ptys',`
-        gen_require(`
-                type devpts_t;
-+               type bsdpty_device_t;
-        ')
- 
-        dontaudit $1 devpts_t:chr_file { getattr read write ioctl };
-+       dontaudit $1 bsdpty_device_t:chr_file { getattr read write ioctl };
- ')
- 
- #######################################
- ## <summary>
- ##     Set the attributes of the tty device
-@@ -705,14 +717,16 @@ interface(`term_dontaudit_use_generic_pt
- ## </param>
- #
- interface(`term_setattr_controlling_term',`
-        gen_require(`
-                type devtty_t;
-+               type bsdpty_device_t;
-        ')
- 
-        dev_list_all_dev_nodes($1)
-        allow $1 devtty_t:chr_file setattr;
-+       allow $1 bsdpty_device_t:chr_file setattr;
- ')
- 
- ########################################
- ## <summary>
- ##     Read and write the controlling
-@@ -725,14 +739,16 @@ interface(`term_setattr_controlling_term
- ## </param>
- #
- interface(`term_use_controlling_term',`
-        gen_require(`
-                type devtty_t;
-+               type bsdpty_device_t;
-        ')
- 
-        dev_list_all_dev_nodes($1)
-        allow $1 devtty_t:chr_file { rw_term_perms lock append };
-+       allow $1 bsdpty_device_t:chr_file { rw_term_perms lock append };
- ')
- 
- #######################################
- ## <summary>
- ##     Get the attributes of the pty multiplexor (/dev/ptmx).

diff --git a/recipes-security/refpolicy/refpolicy-2.20170204/poky-policy-add-rules-for-bsdpty_device_t.patch b/recipes-security/refpolicy/refpolicy-2.20170204/poky-policy-add-rules-for-bsdpty_device_t.patch deleted file mode 100644 index 7be7147..0000000 --- a/recipes-security/refpolicy/refpolicy-2.20170204/poky-policy-add-rules-for-bsdpty_device_t.patch +++ /dev/null
@@ -1,149 +0,0 @@
1	From c0b65c327b9354ee5c403cbde428e762ce3f327e Mon Sep 17 00:00:00 2001
2	From: Xin Ouyang <Xin.Ouyang@windriver.com>
3	Date: Thu, 22 Aug 2013 13:37:23 +0800
4	Subject: [PATCH 5/6] add rules for bsdpty_device_t to complete pty devices.
5
6	Upstream-Status: Pending
7
8	Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
9	Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
10	---
11	policy/modules/kernel/terminal.if \| 16 ++++++++++++++++
12	1 file changed, 16 insertions(+)
13
14	--- a/policy/modules/kernel/terminal.if
15	+++ b/policy/modules/kernel/terminal.if
16	@@ -585,13 +585,15 @@ interface(`term_getattr_generic_ptys',`
17	## </param>
18	#
19	interface(`term_dontaudit_getattr_generic_ptys',`
20	gen_require(`
21	type devpts_t;
22	+ type bsdpty_device_t;
23	')
24
25	dontaudit $1 devpts_t:chr_file getattr;
26	+ dontaudit $1 bsdpty_device_t:chr_file getattr;
27	')
28	########################################
29	## <summary>
30	## ioctl of generic pty devices.
31	## </summary>
32	@@ -603,15 +605,17 @@ interface(`term_dontaudit_getattr_generi
33	#
34	# cjp: added for ppp
35	interface(`term_ioctl_generic_ptys',`
36	gen_require(`
37	type devpts_t;
38	+ type bsdpty_device_t;
39	')
40
41	dev_list_all_dev_nodes($1)
42	allow $1 devpts_t:dir search;
43	allow $1 devpts_t:chr_file ioctl;
44	+ allow $1 bsdpty_device_t:chr_file ioctl;
45	')
46
47	########################################
48	## <summary>
49	## Allow setting the attributes of
50	@@ -625,13 +629,15 @@ interface(`term_ioctl_generic_ptys',`
51	#
52	# dwalsh: added for rhgb
53	interface(`term_setattr_generic_ptys',`
54	gen_require(`
55	type devpts_t;
56	+ type bsdpty_device_t;
57	')
58
59	allow $1 devpts_t:chr_file setattr;
60	+ allow $1 bsdpty_device_t:chr_file setattr;
61	')
62
63	########################################
64	## <summary>
65	## Dontaudit setting the attributes of
66	@@ -645,13 +651,15 @@ interface(`term_setattr_generic_ptys',`
67	#
68	# dwalsh: added for rhgb
69	interface(`term_dontaudit_setattr_generic_ptys',`
70	gen_require(`
71	type devpts_t;
72	+ type bsdpty_device_t;
73	')
74
75	dontaudit $1 devpts_t:chr_file setattr;
76	+ dontaudit $1 bsdpty_device_t:chr_file setattr;
77	')
78
79	########################################
80	## <summary>
81	## Read and write the generic pty
82	@@ -665,15 +673,17 @@ interface(`term_dontaudit_setattr_generi
83	## </param>
84	#
85	interface(`term_use_generic_ptys',`
86	gen_require(`
87	type devpts_t;
88	+ type bsdpty_device_t;
89	')
90
91	dev_list_all_dev_nodes($1)
92	allow $1 devpts_t:dir list_dir_perms;
93	allow $1 devpts_t:chr_file { rw_term_perms lock append };
94	+ allow $1 bsdpty_device_t:chr_file { rw_term_perms lock append };
95	')
96
97	########################################
98	## <summary>
99	## Dot not audit attempts to read and
100	@@ -687,13 +697,15 @@ interface(`term_use_generic_ptys',`
101	## </param>
102	#
103	interface(`term_dontaudit_use_generic_ptys',`
104	gen_require(`
105	type devpts_t;
106	+ type bsdpty_device_t;
107	')
108
109	dontaudit $1 devpts_t:chr_file { getattr read write ioctl };
110	+ dontaudit $1 bsdpty_device_t:chr_file { getattr read write ioctl };
111	')
112
113	#######################################
114	## <summary>
115	## Set the attributes of the tty device
116	@@ -705,14 +717,16 @@ interface(`term_dontaudit_use_generic_pt
117	## </param>
118	#
119	interface(`term_setattr_controlling_term',`
120	gen_require(`
121	type devtty_t;
122	+ type bsdpty_device_t;
123	')
124
125	dev_list_all_dev_nodes($1)
126	allow $1 devtty_t:chr_file setattr;
127	+ allow $1 bsdpty_device_t:chr_file setattr;
128	')
129
130	########################################
131	## <summary>
132	## Read and write the controlling
133	@@ -725,14 +739,16 @@ interface(`term_setattr_controlling_term
134	## </param>
135	#
136	interface(`term_use_controlling_term',`
137	gen_require(`
138	type devtty_t;
139	+ type bsdpty_device_t;
140	')
141
142	dev_list_all_dev_nodes($1)
143	allow $1 devtty_t:chr_file { rw_term_perms lock append };
144	+ allow $1 bsdpty_device_t:chr_file { rw_term_perms lock append };
145	')
146
147	#######################################
148	## <summary>
149	## Get the attributes of the pty multiplexor (/dev/ptmx).