[yocto] [PATCH][meta-selinux] refpolicy-targeted: remove duplicate type rules

Tue Aug 2 03:32:40 PDT 2016

From: Wenzong Fan <wenzong.fan at windriver.com>

Remove duplicate type rules from init_t to init_script_file_type,
they have been included by systemd policies. This also fixes the
errors while installing modules for refpolicy-targeted if systemd
support is enabled:

| Conflicting type rules
| Binary policy creation failed at line 327 of \
  .../tmp/work/qemux86-poky-linux/refpolicy-targeted/git-r0/image\
  /var/lib/selinux/targeted/tmp/modules/100/init/cil
| Failed to generate binary
| semodule:  Failed!

Signed-off-by: Wenzong Fan <wenzong.fan at windriver.com>
---
 ...efpolicy-remove-duplicate-type_transition.patch | 46 ++++++++++++++++++++++
 .../refpolicy/refpolicy-targeted_2.20151208.bb     |  1 +
 .../refpolicy/refpolicy-targeted_git.bb            |  1 +
 3 files changed, 48 insertions(+)
 create mode 100644 recipes-security/refpolicy/refpolicy-targeted/refpolicy-remove-duplicate-type_transition.patch

diff --git a/recipes-security/refpolicy/refpolicy-targeted/refpolicy-remove-duplicate-type_transition.patch b/recipes-security/refpolicy/refpolicy-targeted/refpolicy-remove-duplicate-type_transition.patch
new file mode 100644
index 0000000..b6c64c6
--- /dev/null
+++ b/recipes-security/refpolicy/refpolicy-targeted/refpolicy-remove-duplicate-type_transition.patch
@@ -0,0 +1,46 @@
+From e1693b640f889818091c976a90041ea6a843fafd Mon Sep 17 00:00:00 2001
+From: Wenzong Fan <wenzong.fan at windriver.com>
+Date: Wed, 17 Feb 2016 08:35:51 -0500
+Subject: [PATCH] remove duplicate type_transition
+
+Remove duplicate type rules from init_t to init_script_file_type,
+they have been included by systemd policies. This also fixes the
+errors while installing modules for refpolicy-targeted if systemd
+support is enabled:
+
+| Conflicting type rules
+| Binary policy creation failed at line 327 of \
+  .../tmp/work/qemux86-poky-linux/refpolicy-targeted/git-r0/image\
+  /var/lib/selinux/targeted/tmp/modules/100/init/cil
+| Failed to generate binary
+| semodule:  Failed!
+
+Upstream-Status: Inappropriate
+
+Signed-off-by: Wenzong Fan <wenzong.fan at windriver.com>
+---
+ policy/modules/system/init.if | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if
+index f50c6e1..b445886 100644
+--- a/policy/modules/system/init.if
++++ b/policy/modules/system/init.if
+@@ -1307,12 +1307,12 @@ interface(`init_spec_domtrans_script',`
+ #
+ interface(`init_domtrans_script',`
+ 	gen_require(`
+-		type initrc_t;
++		type initrc_t, initrc_exec_t;
+ 		attribute init_script_file_type;
+ 	')
+ 
+ 	files_list_etc($1)
+-	domtrans_pattern($1, init_script_file_type, initrc_t)
++	domtrans_pattern($1, initrc_exec_t, initrc_t)
+ 
+ 	ifdef(`enable_mcs',`
+ 		range_transition $1 init_script_file_type:process s0;
+-- 
+1.9.1
+
diff --git a/recipes-security/refpolicy/refpolicy-targeted_2.20151208.bb b/recipes-security/refpolicy/refpolicy-targeted_2.20151208.bb
index b169604..f795bf7 100644
--- a/recipes-security/refpolicy/refpolicy-targeted_2.20151208.bb
+++ b/recipes-security/refpolicy/refpolicy-targeted_2.20151208.bb
@@ -17,4 +17,5 @@ include refpolicy_${PV}.inc
 SRC_URI += " \
             file://refpolicy-fix-optional-issue-on-sysadm-module.patch \
             file://refpolicy-unconfined_u-default-user.patch \
+            ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'file://refpolicy-remove-duplicate-type_transition.patch', '', d)} \
            "
diff --git a/recipes-security/refpolicy/refpolicy-targeted_git.bb b/recipes-security/refpolicy/refpolicy-targeted_git.bb
index b169604..f795bf7 100644
--- a/recipes-security/refpolicy/refpolicy-targeted_git.bb
+++ b/recipes-security/refpolicy/refpolicy-targeted_git.bb
@@ -17,4 +17,5 @@ include refpolicy_${PV}.inc
 SRC_URI += " \
             file://refpolicy-fix-optional-issue-on-sysadm-module.patch \
             file://refpolicy-unconfined_u-default-user.patch \
+            ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'file://refpolicy-remove-duplicate-type_transition.patch', '', d)} \
            "
-- 
2.8.1


