fix: usec support process unkill boolean

deepin-community · Sep 13, 2024 · dafc813 · dafc813
1 parent c572b5e
commit dafc813
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 6 deletions.
diff --git a/debian/changelog b/debian/changelog
@@ -1,3 +1,9 @@
+refpolicy (2:2.20240723-2deepin2) unstable; urgency=medium
+
+  * usec support process unkill boolean
+
+ -- zhouzilong <[email protected]>  Fri, 13 Sep 2024 15:18:42 +0800
+
 refpolicy (2:2.20240723-2deepin1) unstable; urgency=medium
 
   * add usec policy

diff --git a/debian/patches/support-v25-usec-policy.patch b/debian/patches/support-v25-usec-policy.patch
@@ -4690,7 +4690,7 @@ Index: refpolicy-deepin/policy/modules/services/deepin_perm_control.if
 +#
 +interface(`deepin_process_unkillable',`
 +	gen_require(`
-+		attribute domain;
++		attribute deepin_executable_file_type;
 +		class service { stop reload };
 +	')
 +
@@ -4702,8 +4702,8 @@ Index: refpolicy-deepin/policy/modules/services/deepin_perm_control.if
 +	gen_tunable(`allow_$1_be_unkillable', $2)
 +
 +	tunable_policy(`! allow_$1_be_unkillable',`
-+		allow domain $1_t:process { sigkill sigstop signal };
-+		allow domain $1_t:service { stop reload };
++		allow deepin_executable_file_type $1_t:process { sigkill sigstop signal };
++		allow deepin_executable_file_type $1_t:service { stop reload };
 +	')
 +')
 +
@@ -4719,7 +4719,7 @@ Index: refpolicy-deepin/policy/modules/services/deepin_perm_control.if
 +#
 +interface(`deepin_execfile_protection',`
 +	gen_require(`
-+		attribute domain;
++		attribute deepin_executable_file_type;
 +	')
 +
 +	## <desc>
@@ -4730,7 +4730,7 @@ Index: refpolicy-deepin/policy/modules/services/deepin_perm_control.if
 +	gen_tunable(`allow_$1_execfile_protection', $2)
 +
 +	tunable_policy(`! allow_$1_execfile_protection',`
-+		allow domain $1_t:dir_file_class_set ~{ relabelfrom relabelto };
++		allow deepin_executable_file_type $1_t:dir_file_class_set ~{ relabelfrom relabelto };
 +	')
 +')
 +
@@ -5108,7 +5108,6 @@ Index: refpolicy-deepin/policy/modules/services/deepin_perm_control.if
 +	allow $1 deepin_login_count_t:dbus send_msg;
 +	allow deepin_login_count_t $1:dbus send_msg;
 +')
-\ No newline at end of file
 Index: refpolicy-deepin/policy/modules/services/deepin_perm_control.te
 ===================================================================
 --- /dev/null