Added policy fprintd_t for focal fingerprint

1 month ago · 80eb53d3a1
parent 3f95bf6573
commit 80eb53d3a1
2 changed files with 53 additions and 1 deletions
--- a/SOURCES/selinux-policy-focal-moh-spi.patch
+++ b/SOURCES/selinux-policy-focal-moh-spi.patch
@ -0,0 +1,44 @@
+--- selinux-policy-0113b35519369e628e7fcd87af000cfcd4b1fa6c/policy/modules/kernel/devices.if.orig	2024-11-18 22:57:25.780148480 +0300
+++ selinux-policy-0113b35519369e628e7fcd87af000cfcd4b1fa6c/policy/modules/kernel/devices.if	2024-11-18 22:52:43.561598444 +0300
+@@ -6806,6 +6806,7 @@
+ 	type smartcard_device_t;
+ 	type mtrr_device_t;
+ 	type ecryptfs_device_t;
+	type fprintd_device_t;
+     type mptctl_device_t;
+     type hypervkvp_device_t;
+     type hypervvssd_device_t;
+@@ -6988,6 +6989,7 @@
+ 	filetrans_pattern($1, device_t, framebuf_device_t, chr_file, "fb7")
+ 	filetrans_pattern($1, device_t, framebuf_device_t, chr_file, "fb8")
+ 	filetrans_pattern($1, device_t, framebuf_device_t, chr_file, "fb9")
+	filetrans_pattern($1, device_t, fprintd_device_t, chr_file, "focal_moh_spi")
+ 	filetrans_pattern($1, device_t, null_device_t, chr_file, "full")
+ 	filetrans_pattern($1, device_t, usb_device_t, chr_file, "fw0")
+ 	filetrans_pattern($1, device_t, usb_device_t, chr_file, "fw1")
+
+--- selinux-policy-0113b35519369e628e7fcd87af000cfcd4b1fa6c/policy/modules/kernel/devices.fc.orig	2024-11-18 23:04:01.420517717 +0300
+++ selinux-policy-0113b35519369e628e7fcd87af000cfcd4b1fa6c/policy/modules/kernel/devices.fc	2024-11-18 23:04:54.842432548 +0300
+@@ -39,6 +39,7 @@
+ /dev/event.*		-c	gen_context(system_u:object_r:event_device_t,s0)
+ /dev/evtchn		-c	gen_context(system_u:object_r:xen_device_t,s0)
+ /dev/fb[0-9]*		-c	gen_context(system_u:object_r:framebuf_device_t,s0)
+/dev/focal_moh_spi	-c	gen_context(system_u:object_r:fprintd_device_t,s0)
+ /dev/full		-c	gen_context(system_u:object_r:null_device_t,s0)
+ /dev/fw.*		-c	gen_context(system_u:object_r:usb_device_t,s0)
+ /dev/gfx		-c	gen_context(system_u:object_r:xserver_misc_device_t,s0)
+--- selinux-policy-0113b35519369e628e7fcd87af000cfcd4b1fa6c/policy/modules/kernel/devices.te.orig	2024-11-18 23:31:22.140887322 +0300
+++ selinux-policy-0113b35519369e628e7fcd87af000cfcd4b1fa6c/policy/modules/kernel/devices.te	2024-11-18 23:33:28.487683696 +0300
+@@ -132,6 +132,12 @@
+ dev_node(framebuf_device_t)
+ 
+ #
+# Type for fpr /dev/focal_moh_spi
+#
+type fprintd_device_t;
+dev_node(fprintd_device_t)
+
+#
+ # Type for hyperv devices
+ #
+ type hypervkvp_device_t;
--- a/SPECS/selinux-policy.spec
+++ b/SPECS/selinux-policy.spec
@ -24,7 +24,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 38.1.44
-Release: 1%{?dist}
+Release: 1%{?dist}.inferit
 License: GPLv2+
 Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
 Source1: modules-targeted-base.conf
@ -64,6 +64,10 @@ Source36: selinux-check-proper-disable.service
 # Provide rpm macros for packages installing SELinux modules
 Source102: rpm.macros

+# MSVSphere
+# Added policy fprintd_t for facal fingerprint driver
+Patch0: selinux-policy-focal-moh-spi.patch
+
 Url: %{giturl}
 BuildArch: noarch
 BuildRequires: python3 gawk checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils-devel >= %{POLICYCOREUTILSVER} bzip2
@ -404,6 +408,7 @@ end

 %prep
 %setup -n %{name}-%{commit} -q
+%patch -P0 -p1 -b .focal
 tar -C policy/modules/contrib -xf %{SOURCE35}

 mkdir selinux_config
@ -809,6 +814,9 @@ exit 0
 %endif

 %changelog
+* Tue Nov 19 2024 Arkady L. Shane <tigro@msvsphere-os.ru> - 38.1.44-1.inferit
+- Added policy fprintd_t for focal fingerprint
+
 * Mon Aug 12 2024 Zdenek Pytela <zpytela@redhat.com> - 38.1.44-1
 - Allow coreos-installer-generator work with partitions
 Resolves: RHEL-38614