add open permission to files_read_inherited_tmp_file

Add-permission-open-to-files_read_inherited_tmp_file.patch

@@ -0,0 +1,29 @@
+From 9c55448c7d59ea537fe8ee9e89b6196a6562ef5f Mon Sep 17 00:00:00 2001
+From: luhuaxin <luhuaxin1@huawei.com>
+Date: Thu, 28 Apr 2022 17:10:37 +0800
+Subject: [PATCH] Add permission open to files_read_inherited_tmp_file
+
+The open permission is deleted from upstream. We add it for
+compatibility with historical release versions.
+
+Signed-off-by: luhuaxin <luhuaxin1@huawei.com>
+---
+ policy/modules/kernel/files.if | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
+index bca6f15..498c252 100644
+--- a/policy/modules/kernel/files.if
++++ b/policy/modules/kernel/files.if
+@@ -6428,7 +6428,7 @@ interface(`files_read_inherited_tmp_files',`
+ 		attribute tmpfile;
+ 	')
+ 
+-	allow $1 tmpfile:file { append read_inherited_file_perms };
++	allow $1 tmpfile:file { append open read_inherited_file_perms };
+ ')
+ 
+ ########################################
+-- 
+1.8.3.1
+

selinux-policy.spec

@@ -12,7 +12,7 @@
 Summary: SELinux policy configuration
 Name:    selinux-policy
 Version: 35.5
-Release: 3
+Release: 4
 License: GPLv2+
 URL:     https://github.com/fedora-selinux/selinux-policy/
 
@@ -68,6 +68,7 @@ Patch10: add-avc-for-systemd.patch
 
 Patch9000: add-qemu_exec_t-for-stratovirt.patch
 Patch9001: fix-context-of-usr-bin-rpmdb.patch
+Patch9002: Add-permission-open-to-files_read_inherited_tmp_file.patch
 
 BuildArch: noarch
 BuildRequires:  python3 gawk checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils-devel >= %{POLICYCOREUTILSVER} bzip2 gcc
@@ -733,6 +734,9 @@ exit 0
 %endif
 
 %changelog
+* Thu Apr 28 2022 luhuaxin <luhuaxin1@huawei.com> - 35.5-4
+- add open permission to files_read_inherited_tmp_file
+
 * Mon Feb 28 2022 lujie42 <lujie42@huawei.com> - 35.5-3
 - fix context of /usr/bin/rpmdb