1 |
commit: 892145a3471364d8e677878406a7884e6557ec2d |
2 |
Author: Daniel Burgener <dburgener <AT> linux <DOT> microsoft <DOT> com> |
3 |
AuthorDate: Tue Jul 19 21:47:43 2022 +0000 |
4 |
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> |
5 |
CommitDate: Sat Sep 3 18:41:55 2022 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=892145a3 |
7 |
|
8 |
Drop explicit calls to seutil and kernel module interfaces in broad files interfaces |
9 |
|
10 |
Historically, these calls were needed because the interfaces provided an |
11 |
attribute used to check various assertions. However, that attribute was |
12 |
dropped in 2005 with commit 15fefa4. |
13 |
|
14 |
Keeping these calls in prevents removing these permissions from a call |
15 |
to files_manage_all_files() with the $2 argument. |
16 |
|
17 |
Signed-off-by: Daniel Burgener <dburgener <AT> linux.microsoft.com> |
18 |
Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org> |
19 |
|
20 |
policy/modules/kernel/files.if | 8 -------- |
21 |
1 file changed, 8 deletions(-) |
22 |
|
23 |
diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if |
24 |
index 6a082670..fb27ed18 100644 |
25 |
--- a/policy/modules/kernel/files.if |
26 |
+++ b/policy/modules/kernel/files.if |
27 |
@@ -1239,10 +1239,6 @@ interface(`files_manage_all_files',` |
28 |
manage_lnk_files_pattern($1, { file_type $2 }, { file_type $2 }) |
29 |
manage_fifo_files_pattern($1, { file_type $2 }, { file_type $2 }) |
30 |
manage_sock_files_pattern($1, { file_type $2 }, { file_type $2 }) |
31 |
- |
32 |
- # satisfy the assertions: |
33 |
- seutil_create_bin_policy($1) |
34 |
- files_manage_kernel_modules($1) |
35 |
') |
36 |
|
37 |
######################################## |
38 |
@@ -1513,10 +1509,6 @@ interface(`files_manage_non_auth_files',` |
39 |
manage_lnk_files_pattern($1, non_auth_file_type, non_auth_file_type) |
40 |
manage_fifo_files_pattern($1, non_auth_file_type, non_auth_file_type) |
41 |
manage_sock_files_pattern($1, non_auth_file_type, non_auth_file_type) |
42 |
- |
43 |
- # satisfy the assertions: |
44 |
- seutil_create_bin_policy($1) |
45 |
- files_manage_kernel_modules($1) |
46 |
') |
47 |
|
48 |
######################################## |