diff mbox series

[meta-selinux,walnascar] refpolicy: files - add files_delete_var_chr_files interface

Message ID 4d8aa739-2dc3-4de4-8820-ae2f4e0547f7@gmail.com
State New
Headers show
Series [meta-selinux,walnascar] refpolicy: files - add files_delete_var_chr_files interface | expand

Commit Message

Clayton Casciato Oct. 23, 2025, 2:12 p.m. UTC 
Signed-off-by: Clayton Casciato <majortomtosourcecontrol@gmail.com>
---
 ...ernel-files-add-files_delete_var_chr.patch | 44 +++++++++++++++++++
 .../refpolicy/refpolicy_common.inc            |  1 +
 2 files changed, 45 insertions(+)
 create mode 100644 recipes-security/refpolicy/refpolicy/0066-policy-modules-kernel-files-add-files_delete_var_chr.patch
diff mbox series

Patch

diff --git a/recipes-security/refpolicy/refpolicy/0066-policy-modules-kernel-files-add-files_delete_var_chr.patch b/recipes-security/refpolicy/refpolicy/0066-policy-modules-kernel-files-add-files_delete_var_chr.patch
new file mode 100644
index 0000000..9737182
--- /dev/null
+++ b/recipes-security/refpolicy/refpolicy/0066-policy-modules-kernel-files-add-files_delete_var_chr.patch
@@ -0,0 +1,44 @@ 
+From fb889271b4be21f477f279dc688ac491437797f7 Mon Sep 17 00:00:00 2001
+From: Clayton Casciato <ccasciato@21sw.us>
+Date: Mon, 12 May 2025 12:39:10 -0600
+Subject: [PATCH] files: add files_delete_var_chr_files interface
+
+Signed-off-by: Clayton Casciato <ccasciato@21sw.us>
+
+Upstream-Status: Backport [https://github.com/SELinuxProject/refpolicy/commit/605ee571a04d7db29f61dc086ad4675793d94864]
+
+Signed-off-by: Clayton Casciato <majortomtosourcecontrol@gmail.com>
+---
+ policy/modules/kernel/files.if | 19 +++++++++++++++++++
+ 1 file changed, 19 insertions(+)
+
+diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
+index c590d24de..c6fab80a2 100644
+--- a/policy/modules/kernel/files.if
++++ b/policy/modules/kernel/files.if
+@@ -6186,6 +6186,25 @@ interface(`files_manage_var_symlinks',`
+ 	manage_lnk_files_pattern($1, var_t, var_t)
+ ')
+ 
++########################################
++## <summary>
++##	Delete character device nodes in
++##	the var directory.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`files_delete_var_chr_files',`
++	gen_require(`
++		type var_t;
++	')
++
++	delete_chr_files_pattern($1, var_t, var_t)
++')
++
+ ########################################
+ ## <summary>
+ ##	Create objects in the /var directory
diff --git a/recipes-security/refpolicy/refpolicy_common.inc b/recipes-security/refpolicy/refpolicy_common.inc
index 33c3f32..44ac113 100644
--- a/recipes-security/refpolicy/refpolicy_common.inc
+++ b/recipes-security/refpolicy/refpolicy_common.inc
@@ -81,6 +81,7 @@  SRC_URI += " \
         file://0063-policy-modules-services-ssh-allow-sshd_t-userdomain-.patch \
         file://0064-policy-modules-services-dbus-allow-system_dbusd_t-un.patch \
         file://0065-policy-modules-system-systemd-allow-systemd_logind_t.patch \
+        file://0066-policy-modules-kernel-files-add-files_delete_var_chr.patch \
         "
 
 S = "${WORKDIR}/refpolicy"