Added policy fprintd_t for focal fingerprint

4 weeks ago · 78542e6bfb
parent 4f5124d6c8
commit 78542e6bfb
2 changed files with 57 additions and 1 deletions
--- a/SOURCES/selinux-policy-focal-moh-spi.patch
+++ b/SOURCES/selinux-policy-focal-moh-spi.patch
@ -0,0 +1,49 @@
+diff --git a/policy/modules/kernel/devices.fc b/policy/modules/kernel/devices.fc
+index 99ae622..b9542cc 100644
+--- a/policy/modules/kernel/devices.fc
+++ b/policy/modules/kernel/devices.fc
+@@ -39,6 +39,7 @@
+ /dev/event.*		-c	gen_context(system_u:object_r:event_device_t,s0)
+ /dev/evtchn		-c	gen_context(system_u:object_r:xen_device_t,s0)
+ /dev/fb[0-9]*		-c	gen_context(system_u:object_r:framebuf_device_t,s0)
+/dev/focal_moh_spi		-c	gen_context(system_u:object_r:fprintd_device_t,s0)
+ /dev/full		-c	gen_context(system_u:object_r:null_device_t,s0)
+ /dev/fw.*		-c	gen_context(system_u:object_r:usb_device_t,s0)
+ /dev/gfx		-c	gen_context(system_u:object_r:xserver_misc_device_t,s0)
+diff --git a/policy/modules/kernel/devices.if b/policy/modules/kernel/devices.if
+index b063e34..9365f3d 100644
+--- a/policy/modules/kernel/devices.if
+++ b/policy/modules/kernel/devices.if
+@@ -6841,6 +6841,7 @@ gen_require(`
+ 	type smartcard_device_t;
+ 	type mtrr_device_t;
+ 	type ecryptfs_device_t;
+	type fprintd_device_t;
+     type mptctl_device_t;
+     type hypervkvp_device_t;
+     type hypervvssd_device_t;
+@@ -7023,6 +7024,7 @@ gen_require(`
+ 	filetrans_pattern($1, device_t, framebuf_device_t, chr_file, "fb7")
+ 	filetrans_pattern($1, device_t, framebuf_device_t, chr_file, "fb8")
+ 	filetrans_pattern($1, device_t, framebuf_device_t, chr_file, "fb9")
+	filetrans_pattern($1, device_t, fprintd_device_t, chr_file, "focal_moh_spi")
+ 	filetrans_pattern($1, device_t, null_device_t, chr_file, "full")
+ 	filetrans_pattern($1, device_t, usb_device_t, chr_file, "fw0")
+ 	filetrans_pattern($1, device_t, usb_device_t, chr_file, "fw1")
+diff --git a/policy/modules/kernel/devices.te b/policy/modules/kernel/devices.te
+index 8d414cb..52f4501 100644
+--- a/policy/modules/kernel/devices.te
+++ b/policy/modules/kernel/devices.te
+@@ -131,6 +131,12 @@ dev_node(event_device_t)
+ type framebuf_device_t;
+ dev_node(framebuf_device_t)
+ 
+#
+# Type for fpr /dev/focal_moh_spi
+#
+type fprintd_device_t;
+dev_node(fprintd_device_t)
+
+ #
+ # Type for hyperv devices
+ #
--- a/SPECS/selinux-policy.spec
+++ b/SPECS/selinux-policy.spec
@ -24,7 +24,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 40.13.9
-Release: 1%{?dist}
+Release: 1%{?dist}.inferit
 License: GPL-2.0-or-later
 Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
 Source1: modules-targeted-base.conf
@ -67,6 +67,10 @@ Source37: varrun-convert.sh
 # Provide rpm macros for packages installing SELinux modules
 Source102: rpm.macros

+# MSVSphere
+# Added policy fprintd_t for facal fingerprint driver
+Patch0: selinux-policy-focal-moh-spi.patch
+
 Url: %{giturl}
 BuildArch: noarch
 BuildRequires: python3 gawk checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils-devel >= %{POLICYCOREUTILSVER} bzip2
@ -860,6 +864,9 @@ exit 0
 %endif

 %changelog
+* Wed Jan 29 2025 Sergey Cherevko <s.cherevko@msvsphere-os.ru> - 40.13.9-1.inferit
+- Added policy fprintd_t for focal fingerprint
+
 * Tue Nov 26 2024 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 40.13.9-1
 - Rebuilt for MSVSphere 10