From 15290159a729aad791a58b03d3f930acd35ef1fa Mon Sep 17 00:00:00 2001
From: lvzhonglin <lvzhonglin@inspur.com>
Date: Thu, 19 Sep 2024 10:35:37 +0800
Subject: [PATCH 1/5] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E4=B8=8A=E5=86=99?=
 =?UTF-8?q?=E4=B8=8B=E8=AF=BB=E7=AD=96=E7=95=A5BUG?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 fix-selinux-writeup-readdown.patch | 26 ++++++++++++++++++++++++++
 selinux-policy.spec                |  1 +
 2 files changed, 27 insertions(+)
 create mode 100644 fix-selinux-writeup-readdown.patch

diff --git a/fix-selinux-writeup-readdown.patch b/fix-selinux-writeup-readdown.patch
new file mode 100644
index 0000000..0c61b38
--- /dev/null
+++ b/fix-selinux-writeup-readdown.patch
@@ -0,0 +1,26 @@
+From 40ed42d4663f10b2dc4b38d6fe7a8c24b0828c77 Mon Sep 17 00:00:00 2001
+From: lvzhonglin <lvzhonglin@inspur.com>
+Date: Thu, 19 Sep 2024 10:25:11 +0800
+Subject: [PATCH] write up read down
+
+---
+ policy/mls | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/policy/mls b/policy/mls
+index c862bbe..011805b 100644
+--- a/policy/mls
++++ b/policy/mls
+@@ -90,6 +90,9 @@ mlsconstrain dir search
+ # the "single level" file "write" ops
+ mlsconstrain { file lnk_file fifo_file dir chr_file blk_file sock_file } { write create setattr relabelfrom append unlink link rename mounton }
+ 	(( l1 eq l2 ) or
++	 ( l1 eq h2 ) or
++	 ( l1 domby l2 ) or
++	 ( l1 domby h2 ) or
+ 	 (( t1 == mlsfilewritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
+ 	 (( t2 == mlsfilewriteinrange ) and ( l1 dom l2 ) and ( h1 domby h2 )) or
+ 	 ( t1 == mlsfilewrite ) or
+-- 
+2.33.0
+
diff --git a/selinux-policy.spec b/selinux-policy.spec
index c3eb3cd..7feda99 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -284,6 +284,7 @@ Patch9003: allow-httpd-to-put-files-in-httpd-config-dir.patch
 Patch9004: allow-map-postfix_master_t.patch
 Patch9005: add-rule-for-hostnamed-to-rpmscript-dbus-chat.patch
 Patch9006: allow-init_t-create-fifo-file-in-net_conf-dir.patch
+Patch9007: fix-selinux-writeup-readdown.patch
 
 BuildArch: noarch
 BuildRequires:  python3 gawk checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils-devel >= %{POLICYCOREUTILSVER} bzip2 gcc
-- 
Gitee


From ff63d10aca4a8683a7c83b27caadba286a68c6a5 Mon Sep 17 00:00:00 2001
From: lvzhonglin <lvzhonglin@inspur.com>
Date: Thu, 19 Sep 2024 11:14:01 +0800
Subject: [PATCH 2/5] add changelog

---
 selinux-policy.spec | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/selinux-policy.spec b/selinux-policy.spec
index 7feda99..02df506 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -953,6 +953,9 @@ exit 0
 %endif
 
 %changelog
+* Thu Sep 19 2024 lvzhonglin <lvzhonglin@inspur.com> - 35.5-22
+- fix selinux writeup readdown bug
+
 * Mon Mar 25 2024 gengqihu <gengqihu2@h-partners.com> - 35.5-22
 - fix semodule_package fail
 
-- 
Gitee


From 6a8ae835dfda657510b25dd6e493e828d771198a Mon Sep 17 00:00:00 2001
From: lvzhonglin <lvzhonglin@inspur.com>
Date: Thu, 19 Sep 2024 14:00:18 +0800
Subject: [PATCH 3/5] update changelog version

---
 selinux-policy.spec | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/selinux-policy.spec b/selinux-policy.spec
index 02df506..cdd3fe7 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -953,7 +953,7 @@ exit 0
 %endif
 
 %changelog
-* Thu Sep 19 2024 lvzhonglin <lvzhonglin@inspur.com> - 35.5-22
+* Thu Sep 19 2024 lvzhonglin <lvzhonglin@inspur.com> - 35.5-23
 - fix selinux writeup readdown bug
 
 * Mon Mar 25 2024 gengqihu <gengqihu2@h-partners.com> - 35.5-22
-- 
Gitee


From d19ec188bae94bc00de586fa44d6bc3856f81f5a Mon Sep 17 00:00:00 2001
From: lvzhonglin <lvzhonglin@inspur.com>
Date: Fri, 20 Sep 2024 14:37:43 +0800
Subject: [PATCH 4/5] fix

---
 selinux-policy.spec | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/selinux-policy.spec b/selinux-policy.spec
index cdd3fe7..181e9b0 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -953,7 +953,7 @@ exit 0
 %endif
 
 %changelog
-* Thu Sep 19 2024 lvzhonglin <lvzhonglin@inspur.com> - 35.5-23
+* Thu Sep 19 2024 lvzhonglin <lvzhonglin@inspur.com> - 35.5-r22
 - fix selinux writeup readdown bug
 
 * Mon Mar 25 2024 gengqihu <gengqihu2@h-partners.com> - 35.5-22
-- 
Gitee


From b8d7643dfb7dcb60ddd14c58a18af567dcf84fdf Mon Sep 17 00:00:00 2001
From: lvzhonglin <lvzhonglin@inspur.com>
Date: Fri, 20 Sep 2024 17:18:21 +0800
Subject: [PATCH 5/5] update version

---
 selinux-policy.spec | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/selinux-policy.spec b/selinux-policy.spec
index 181e9b0..d3443bc 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -12,7 +12,7 @@
 Summary: SELinux policy configuration
 Name:    selinux-policy
 Version: 35.5
-Release: 22
+Release: 23
 License: GPLv2+
 URL:     https://github.com/fedora-selinux/selinux-policy/
 
@@ -953,7 +953,7 @@ exit 0
 %endif
 
 %changelog
-* Thu Sep 19 2024 lvzhonglin <lvzhonglin@inspur.com> - 35.5-r22
+* Thu Sep 19 2024 lvzhonglin <lvzhonglin@inspur.com> - 35.5-23
 - fix selinux writeup readdown bug
 
 * Mon Mar 25 2024 gengqihu <gengqihu2@h-partners.com> - 35.5-22
-- 
Gitee