support usec and umount control

debian/Makefile.devel

@@ -16,6 +16,10 @@ ifeq ($(NAME),mls)
 	NTYPE = mls
 endif
 
+ifeq ($(NAME),usec)
+	NTYPE = usec
+endif
+
 TYPE ?= $(NTYPE)
 
 HEADERDIR := $(SHAREDIR)/devel/include

debian/build.conf.usec

@@ -0,0 +1,74 @@
+########################################
+#
+# Policy build options
+#
+
+# Policy version
+# By default, checkpolicy will create the highest
+# version policy it supports.  Setting this will
+# override the version.  This only has an
+# effect for monolithic policies.
+#OUTPUT_POLICY = 21
+
+# Policy Type
+# standard, mls, mcs
+TYPE = mcs
+
+# Policy Name
+# If set, this will be used as the policy
+# name.  Otherwise the policy type will be
+# used for the name.
+NAME = usec
+
+# Distribution
+# Some distributions have portions of policy
+# for programs or configurations specific to the
+# distribution.  Setting this will enable options
+# for the distribution.
+# redhat, gentoo, debian, suse, and rhel4 are current options.
+# Fedora users should enable redhat.
+DISTRO = debian
+
+# Unknown Permissions Handling
+# The behavior for handling permissions defined in the
+# kernel but missing from the policy.  The permissions
+# can either be allowed, denied, or the policy loading
+# can be rejected.
+# allow, deny, and reject are current options.
+UNK_PERMS = deny
+
+# Direct admin init
+# Setting this will allow sysadm to directly
+# run init scripts, instead of requring run_init.
+# This is a build option, as role transitions do
+# not work in conditional policy.
+DIRECT_INITRC = y
+
+# Build monolithic policy.  Putting n here
+# will build a loadable module policy.
+MONOLITHIC = n
+
+# User-based access control (UBAC)
+# Enable UBAC for role separations.
+UBAC = y
+
+# Number of MLS Sensitivities
+# The sensitivities will be s0 to s(MLS_SENS-1).
+# Dominance will be in increasing numerical order
+# with s0 being lowest.
+MLS_SENS = 16
+
+# Number of MLS Categories
+# The categories will be c0 to c(MLS_CATS-1).
+MLS_CATS = 1024
+
+# Number of MCS Categories
+# The categories will be c0 to c(MLS_CATS-1).
+MCS_CATS = 1024
+
+# Set this to y to only display status messages
+# during build.
+QUIET = n
+
+# arch-tag: ec64afa6-f6f8-4b08-b002-6025ada3a269
+

debian/changelog

@@ -1,3 +1,10 @@
+refpolicy (2:2.20240723-2deepin3) unstable; urgency=medium
+
+  * change to support umount control.                            
+
+ -- xiongyingrong <[email protected]> Thu, 31 Oct 2024 15:37:26 +0800
+
+
 refpolicy (2:2.20240723-2deepin2) unstable; urgency=medium
 
   * usec support process unkill boolean

debian/control

@@ -59,6 +59,20 @@ Description: MLS (Multi Level Security) variant of the SELinux policy
  probably never be well supported in Debian and is only recommended for
  students who want to learn about the security features used by the military.
 
+Package: selinux-policy-usec
+Architecture: all
+Depends: libselinux1 (>= 3.5),
+         libsemanage2 (>= 3.5),
+         libsepol2 (>= 3.5),
+         policycoreutils (>= 3.5-2),
+         selinux-utils (>= 3.5),
+         ${misc:Depends}
+Recommends: checkpolicy, setools
+Suggests: logcheck, syslog-summary
+Breaks: selinux-basics (<< 0.5.2~)
+Conflicts: mcstrans
+Description: usec
+
 Package: selinux-policy-src
 Architecture: all
 Depends: checkpolicy (>= 3.5),