diff mbox series

[meta-selinux] seatd: allow seatd to use unallocated TTYs

Message ID 20260528040958.2201296-1-sasikuma@qti.qualcomm.com
State New
Headers show
Series [meta-selinux] seatd: allow seatd to use unallocated TTYs | expand

Commit Message

Sasi Kumar Maddineni May 28, 2026, 4:09 a.m. UTC 
seatd requires access to unallocated TTY devices such as /dev/tty0
to manage seat activation and VT handling for Wayland compositors.

Added policies to allow seatd to access unallocated TTY devices.

Signed-off-by: Jaihind Yadav <jaihindy@qti.qualcomm.com>
Signed-off-by: Sasi Kumar Maddineni <sasikuma@qti.qualcomm.com>
---
 ...-allow-seatd-to-use-unallocated-TTYs.patch | 33 +++++++++++++++++++
 .../refpolicy/refpolicy_common.inc            |  1 +
 2 files changed, 34 insertions(+)
 create mode 100644 recipes-security/refpolicy/refpolicy/0062-selinux-allow-seatd-to-use-unallocated-TTYs.patch
diff mbox series

Patch

diff --git a/recipes-security/refpolicy/refpolicy/0062-selinux-allow-seatd-to-use-unallocated-TTYs.patch b/recipes-security/refpolicy/refpolicy/0062-selinux-allow-seatd-to-use-unallocated-TTYs.patch
new file mode 100644
index 0000000..3554295
--- /dev/null
+++ b/recipes-security/refpolicy/refpolicy/0062-selinux-allow-seatd-to-use-unallocated-TTYs.patch
@@ -0,0 +1,33 @@ 
+From ebafd639e8d3847d0c8c2313c71994c4ea5e1501 Mon Sep 17 00:00:00 2001
+From: Jaihind Yadav <jaihindy@qti.qualcomm.com>
+Date: Tue, 12 May 2026 11:23:17 +0530
+Subject: [PATCH] selinux: allow seatd to use unallocated TTYs
+
+seatd requires access to unallocated TTY devices such as /dev/tty0
+to manage seat activation and VT handling for Wayland compositors.
+
+Added policies to allow seatd to access unallocated TTY devices.
+
+Upstream-Status: Backport [https://github.com/SELinuxProject/refpolicy/pull/1114]
+
+Signed-off-by: Jaihind Yadav <jaihindy@qti.qualcomm.com>
+Signed-off-by: Sasi Kumar Maddineni <sasikuma@qti.qualcomm.com>
+---
+ policy/modules/services/seatd.te | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/policy/modules/services/seatd.te b/policy/modules/services/seatd.te
+index 44ba85ee7..d539dc446 100644
+--- a/policy/modules/services/seatd.te
++++ b/policy/modules/services/seatd.te
+@@ -32,3 +32,7 @@ auth_use_nsswitch(seatd_t)
+ 
+ dev_rw_dri(seatd_t)
+ dev_rw_input_dev(seatd_t)
++
++# seatd requires access to unallocated TTYs (e.g. /dev/tty0) to manage
++# seat activation and VT handling for Wayland compositors.
++term_use_unallocated_ttys(seatd_t)
+-- 
+2.43.0
+
diff --git a/recipes-security/refpolicy/refpolicy_common.inc b/recipes-security/refpolicy/refpolicy_common.inc
index 014714c..87c9e39 100644
--- a/recipes-security/refpolicy/refpolicy_common.inc
+++ b/recipes-security/refpolicy/refpolicy_common.inc
@@ -74,6 +74,7 @@  SRC_URI += " \
         file://0056-policy-modules-system-setrans-allow-setrans_t-use-fd.patch \
         file://0057-policy-modules-system-systemd-make-_systemd_t-MLS-tr.patch \
         file://0058-policy-modules-system-logging-make-syslogd_runtime_t.patch \
+        file://0062-selinux-allow-seatd-to-use-unallocated-TTYs.patch \
         "
 
 S = "${UNPACKDIR}/refpolicy"