From ce4e53c392075f01176743a66d6f55026d3a1aba Mon Sep 17 00:00:00 2001
From: guoxiaoqi <guoxiaoqi2@huawei.com>
Date: Tue, 25 Feb 2020 19:03:50 +0800
Subject: [PATCH] Allow local_login to be access to var run files and rasdaemon
 to write sysfs files

Signed-off-by: guoxiaoqi <guoxiaoqi2@huawei.com>
---
 policy/modules/contrib/rasdaemon.te | 2 ++
 policy/modules/system/locallogin.te | 4 ++++
 2 files changed, 6 insertions(+)

diff --git a/policy/modules/contrib/rasdaemon.te b/policy/modules/contrib/rasdaemon.te
index dcdca44..c4c46b5 100644
--- a/policy/modules/contrib/rasdaemon.te
+++ b/policy/modules/contrib/rasdaemon.te
@@ -49,3 +49,5 @@ optional_policy(`
     dmidecode_exec(rasdaemon_t)
 ')
 
+# avc for openEuler
+allow rasdaemon_t sysfs_t:file write;
diff --git a/policy/modules/system/locallogin.te b/policy/modules/system/locallogin.te
index 5412cfe..ce749ce 100644
--- a/policy/modules/system/locallogin.te
+++ b/policy/modules/system/locallogin.te
@@ -201,6 +201,9 @@ optional_policy(`
     xserver_rw_xdm_keys(local_login_t)
 ')
 
+# avc for openEuler
+allow local_login_t var_run_t:file { getattr open read };
+
 #################################
 #
 # Sulogin local policy
@@ -287,3 +290,4 @@ ifdef(`sulogin_no_pam', `
 optional_policy(`
 	plymouthd_exec_plymouth(sulogin_t)
 ')
+
-- 
1.8.3.1