diff options
| author |   Jan-Simon Möller <jsmoeller@linuxfoundation.org> | 2018-02-14 10:55:35 +0100 |
|---|---|---|
| committer | Jan-Simon Möller <jsmoeller@linuxfoundation.org> | 2018-02-14 10:55:35 +0100 |
| commit | 317c8a08a6b5943517e67c5ea80b0a9a83a10d63 (patch) | |
| tree | bf2b27dc9068924b59b46d2e153936c77be954c3 /meta-security/recipes-core/systemd/systemd/0004-tizen-smack-Handling-of-dev-v216.patch | |
| parent | b6dc44f585b839ab1a2f0133b74958037fe1cb64 (diff) | |
| parent | c9ce37905acd879db107eafe309678053073e086 (diff) | |
Merge remote-tracking branch 'agl/sandbox/ronan/rocko' into HEAD
* agl/sandbox/ronan/rocko: (58 commits)
Update ulcb conf file
Remove unsed gstreamer backport
[GEN3] add preferred version on omx package
run-(agl-)postinst: Emit progress to console
meta-security: Remove unused content
Upgrade wayland-ivi-extension
Revert "Fix kernel gcc7 issue"
remove backport commit
Revert "Fix CVE-2017-1000364 by backporting the patches for gen3"
Remove fix for optee-os
Remove gcc 6 fix
Update rcar gen3 kernel bbappend version
Update rcar gen3 driver
Remove porter machine
dbus-cynara: Upgrade to 1.10.20
xmlsec1: switch to meta-security version
systemd: earlier smack label switch
cynara: upgrade to 0.14.10
Remove smack recipe
Integrate parts of meta-intel-iot-security
...
Bug-AGL: SPEC-1181
Signed-off-by: Jan-Simon Möller <jsmoeller@linuxfoundation.org>
Conflicts:
meta-app-framework/recipes-security/cynara/cynara_git.bbappend
Change-Id: I9875fcb31e960038ce6c23165c99b52a3bd1a1c0
Diffstat (limited to 'meta-security/recipes-core/systemd/systemd/0004-tizen-smack-Handling-of-dev-v216.patch')
| -rw-r--r-- | meta-security/recipes-core/systemd/systemd/0004-tizen-smack-Handling-of-dev-v216.patch | 82 |
1 files changed, 82 insertions, 0 deletions
diff --git a/meta-security/recipes-core/systemd/systemd/0004-tizen-smack-Handling-of-dev-v216.patch b/meta-security/recipes-core/systemd/systemd/0004-tizen-smack-Handling-of-dev-v216.patch new file mode 100644 index 000000000..88c100fed --- /dev/null +++ b/meta-security/recipes-core/systemd/systemd/0004-tizen-smack-Handling-of-dev-v216.patch @@ -0,0 +1,82 @@ +From 468ef790a7a0e53c390cec9c63090a0ae04a4d58 Mon Sep 17 00:00:00 2001 +From: Michael Demeter <michael.demeter@intel.com> +Date: Fri, 11 Oct 2013 15:37:57 -0700 +Subject: [PATCH 4/9] tizen-smack: Handling of /dev + +Smack enabled systems need /dev special devices correctly labeled + +- Add AC_DEFINE for HAVE_SMACK to configure.ac +- Add Check for smack in Makefile.am to include smack default rules +- Add smack default rules to label /dev/xxx correctly for access + +Upstream-Status: Inappropriate [configuration] + +Change-Id: Iebe2e349cbedb3013abdf32edb55e9310f1d17f5 +--- + configure.ac | 2 ++ + Makefile.am | 5 +++++ + rules/55-udev-smack-default.rules | 23 +++++++++++++++++++++++ + 3 files changed, 30 insertions(+) + create mode 100644 rules/55-udev-smack-default.rules + +diff --git a/configure.ac b/configure.ac +index 18b7198..05f49ed 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -635,6 +635,8 @@ if test "x${have_smack}" = xyes ; then + AC_DEFINE(HAVE_SMACK, 1, [Define if SMACK is available]) + fi + ++AM_CONDITIONAL([HAVE_SMACK], [test "x$have_smack" = "xyes"]) ++ + # ------------------------------------------------------------------------------ + AC_ARG_ENABLE([gcrypt], + AS_HELP_STRING([--disable-gcrypt],[Disable optional GCRYPT support]), +diff --git a/Makefile.am b/Makefile.am +index bf04d31..1a05607 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -3108,6 +3108,11 @@ dist_udevrules_DATA += \ + nodist_udevrules_DATA += \ + rules/99-systemd.rules + ++if HAVE_SMACK ++dist_udevrules_DATA += \ ++ rules/55-udev-smack-default.rules ++endif ++ + dist_udevhwdb_DATA = \ + hwdb/20-pci-vendor-model.hwdb \ + hwdb/20-pci-classes.hwdb \ +diff --git a/rules/55-udev-smack-default.rules b/rules/55-udev-smack-default.rules +new file mode 100644 +index 0000000..3829019 +--- /dev/null ++++ b/rules/55-udev-smack-default.rules +@@ -0,0 +1,23 @@ ++# do not edit this file, it will be overwritten on update ++ ++KERNEL=="null", SECLABEL{smack}="*" ++KERNEL=="zero", SECLABEL{smack}="*" ++KERNEL=="console", SECLABEL{smack}="*" ++KERNEL=="kmsg", SECLABEL{smack}="*" ++KERNEL=="video*", SECLABEL{smack}="*" ++KERNEL=="card*", SECLABEL{smack}="*" ++KERNEL=="ptmx", SECLABEL{smack}="*" ++KERNEL=="tty", SECLABEL{smack}="*" ++ ++SUBSYSTEM=="graphics", GROUP="video", SECLABEL{smack}="*" ++SUBSYSTEM=="drm", GROUP="video", SECLABEL{smack}="*" ++SUBSYSTEM=="dvb", GROUP="video", SECLABEL{smack}="*" ++ ++SUBSYSTEM=="tty", KERNEL=="ptmx", GROUP="tty", MODE="0666", SECLABEL{smack}="*" ++SUBSYSTEM=="tty", KERNEL=="tty", GROUP="tty", MODE="0666", SECLABEL{smack}="*" ++SUBSYSTEM=="tty", KERNEL=="tty[0-9]*", GROUP="tty", MODE="0620", SECLABEL{smack}="*" ++SUBSYSTEM=="vc", KERNEL=="vcs*|vcsa*", GROUP="tty", SECLABEL{smack}="*" ++KERNEL=="tty[A-Z]*[0-9]|pppox[0-9]*|ircomm[0-9]*|noz[0-9]*|rfcomm[0-9]*", GROUP="dialout", SECLABEL{smack}="*" ++ ++SUBSYSTEM=="input", KERNEL=="mouse*|mice|event*", MODE="0640", SECLABEL{smack}="*" ++SUBSYSTEM=="input", KERNEL=="ts[0-9]*|uinput", MODE="0640", SECLABEL{smack}="*" +-- +1.8.4.5 + |