[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/ - gentoo-commits

From:	Jason Zaman <perfinion@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/
Date:	Thu, 30 Mar 2017 17:06:25
Message-Id:	`1490882318.573e8b4182c51b02e9a80369e5e1d319431461c9.perfinion@gentoo`

1

commit:     573e8b4182c51b02e9a80369e5e1d319431461c9

2

Author:     cgzones <cgzones <AT> googlemail <DOT> com>

3

AuthorDate: Fri Mar  3 11:05:49 2017 +0000

4

Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>

5

CommitDate: Thu Mar 30 13:58:38 2017 +0000

6

URL:        https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=573e8b41

7

8

corecmd_read_bin_symlinks(): remove deprecated and redundant calls

9

10

after the changes to corecmd_search_bin() corecmd_read_bin_symlinks() is deprecated

11

12

 policy/modules/contrib/dbus.te        | 1 -

13

 policy/modules/contrib/mailman.te     | 1 -

14

 policy/modules/contrib/nagios.te      | 2 --

15

 policy/modules/contrib/postfix.te     | 1 -

16

 policy/modules/contrib/ppp.te         | 1 -

17

 policy/modules/contrib/prelink.te     | 1 -

18

 policy/modules/contrib/remotelogin.te | 1 -

19

 policy/modules/contrib/rshd.te        | 4 ++--

20

 policy/modules/contrib/samhain.te     | 1 -

21

 policy/modules/contrib/screen.te      | 1 -

22

 policy/modules/contrib/vlock.te       | 1 -

23

 11 files changed, 2 insertions(+), 13 deletions(-)

24

25

diff --git a/policy/modules/contrib/dbus.te b/policy/modules/contrib/dbus.te

26

index 78de2022..551fd2db 100644

27

--- a/policy/modules/contrib/dbus.te

28

+++ b/policy/modules/contrib/dbus.te

29

@@ -201,7 +201,6 @@ kernel_read_system_state(session_bus_type)

30

 kernel_read_kernel_sysctls(session_bus_type)

31

32

 corecmd_list_bin(session_bus_type)

33

-corecmd_read_bin_symlinks(session_bus_type)

34

 corecmd_read_bin_files(session_bus_type)

35

 corecmd_read_bin_pipes(session_bus_type)

36

 corecmd_read_bin_sockets(session_bus_type)

37

38

diff --git a/policy/modules/contrib/mailman.te b/policy/modules/contrib/mailman.te

39

index 3de43d20..8282fcc4 100644

40

--- a/policy/modules/contrib/mailman.te

41

+++ b/policy/modules/contrib/mailman.te

42

@@ -241,7 +241,6 @@ kernel_read_system_state(mailman_queue_t)

43

 auth_domtrans_chk_passwd(mailman_queue_t)

44

45

 corecmd_read_bin_files(mailman_queue_t)

46

-corecmd_read_bin_symlinks(mailman_queue_t)

47

 corenet_sendrecv_innd_client_packets(mailman_queue_t)

48

 corenet_tcp_connect_innd_port(mailman_queue_t)

49

 corenet_tcp_sendrecv_innd_port(mailman_queue_t)

50

51

diff --git a/policy/modules/contrib/nagios.te b/policy/modules/contrib/nagios.te

52

index de6a62cf..3f3a60ed 100644

53

--- a/policy/modules/contrib/nagios.te

54

+++ b/policy/modules/contrib/nagios.te

55

@@ -297,7 +297,6 @@ optional_policy(`

56

#

57

58

 corecmd_read_bin_files(nagios_admin_plugin_t)

59

-corecmd_read_bin_symlinks(nagios_admin_plugin_t)

60

61

 dev_getattr_all_chr_files(nagios_admin_plugin_t)

62

 dev_getattr_all_blk_files(nagios_admin_plugin_t)

63

@@ -320,7 +319,6 @@ allow nagios_mail_plugin_t self:tcp_socket { accept listen };

64

 kernel_read_kernel_sysctls(nagios_mail_plugin_t)

65

66

 corecmd_read_bin_files(nagios_mail_plugin_t)

67

-corecmd_read_bin_symlinks(nagios_mail_plugin_t)

68

69

 files_read_etc_files(nagios_mail_plugin_t)

70

71

72

diff --git a/policy/modules/contrib/postfix.te b/policy/modules/contrib/postfix.te

73

index 94ac8471..564dd300 100644

74

--- a/policy/modules/contrib/postfix.te

75

+++ b/policy/modules/contrib/postfix.te

76

@@ -510,7 +510,6 @@ corenet_tcp_connect_all_ports(postfix_map_t)

77

 corenet_tcp_sendrecv_all_ports(postfix_map_t)

78

79

 corecmd_list_bin(postfix_map_t)

80

-corecmd_read_bin_symlinks(postfix_map_t)

81

 corecmd_read_bin_files(postfix_map_t)

82

 corecmd_read_bin_pipes(postfix_map_t)

83

 corecmd_read_bin_sockets(postfix_map_t)

84

85

diff --git a/policy/modules/contrib/ppp.te b/policy/modules/contrib/ppp.te

86

index 1015b4ee..740e03fc 100644

87

--- a/policy/modules/contrib/ppp.te

88

+++ b/policy/modules/contrib/ppp.te

89

@@ -257,7 +257,6 @@ kernel_read_system_state(pptp_t)

90

 kernel_signal(pptp_t)

91

92

 corecmd_exec_shell(pptp_t)

93

-corecmd_read_bin_symlinks(pptp_t)

94

95

 corenet_all_recvfrom_unlabeled(pptp_t)

96

 corenet_all_recvfrom_netlabel(pptp_t)

97

98

diff --git a/policy/modules/contrib/prelink.te b/policy/modules/contrib/prelink.te

99

index 8e262163..d17ba24d 100644

100

--- a/policy/modules/contrib/prelink.te

101

+++ b/policy/modules/contrib/prelink.te

102

@@ -72,7 +72,6 @@ kernel_read_kernel_sysctls(prelink_t)

103

 corecmd_manage_all_executables(prelink_t)

104

 corecmd_relabel_all_executables(prelink_t)

105

 corecmd_mmap_all_executables(prelink_t)

106

-corecmd_read_bin_symlinks(prelink_t)

107

108

 dev_read_urand(prelink_t)

109

110

111

diff --git a/policy/modules/contrib/remotelogin.te b/policy/modules/contrib/remotelogin.te

112

index 3130db86..f88134ce 100644

113

--- a/policy/modules/contrib/remotelogin.te

114

+++ b/policy/modules/contrib/remotelogin.te

115

@@ -48,7 +48,6 @@ auth_rw_login_records(remote_login_t)

116

 auth_rw_faillog(remote_login_t)

117

118

 corecmd_list_bin(remote_login_t)

119

-corecmd_read_bin_symlinks(remote_login_t)

120

121

 domain_read_all_entry_files(remote_login_t)

122

123

124

diff --git a/policy/modules/contrib/rshd.te b/policy/modules/contrib/rshd.te

125

index dc327424..1100ec75 100644

126

--- a/policy/modules/contrib/rshd.te

127

+++ b/policy/modules/contrib/rshd.te

128

@@ -27,6 +27,8 @@ allow rshd_t rshd_keytab_t:file read_file_perms;

129

130

 kernel_read_kernel_sysctls(rshd_t)

131

132

+corecmd_search_bin(rshd_t)

133

+

134

 corenet_all_recvfrom_unlabeled(rshd_t)

135

 corenet_all_recvfrom_netlabel(rshd_t)

136

 corenet_tcp_sendrecv_generic_if(rshd_t)

137

@@ -40,8 +42,6 @@ corenet_tcp_bind_all_rpc_ports(rshd_t)

138

 corenet_tcp_connect_all_ports(rshd_t)

139

 corenet_tcp_connect_all_rpc_ports(rshd_t)

140

141

-corecmd_read_bin_symlinks(rshd_t)

142

-

143

 files_list_home(rshd_t)

144

145

 logging_search_logs(rshd_t)

146

147

diff --git a/policy/modules/contrib/samhain.te b/policy/modules/contrib/samhain.te

148

index 865f9563..ef74778d 100644

149

--- a/policy/modules/contrib/samhain.te

150

+++ b/policy/modules/contrib/samhain.te

151

@@ -65,7 +65,6 @@ files_pid_filetrans(samhain_domain, samhain_var_run_t, file)

152

 kernel_getattr_core_if(samhain_domain)

153

154

 corecmd_list_bin(samhain_domain)

155

-corecmd_read_bin_symlinks(samhain_domain)

156

157

 dev_read_urand(samhain_domain)

158

 dev_dontaudit_read_rand(samhain_domain)

159

160

diff --git a/policy/modules/contrib/screen.te b/policy/modules/contrib/screen.te

161

index e376da59..e5b73a92 100644

162

--- a/policy/modules/contrib/screen.te

163

+++ b/policy/modules/contrib/screen.te

164

@@ -58,7 +58,6 @@ kernel_read_kernel_sysctls(screen_domain)

165

166

 corecmd_list_bin(screen_domain)

167

 corecmd_read_bin_files(screen_domain)

168

-corecmd_read_bin_symlinks(screen_domain)

169

 corecmd_read_bin_pipes(screen_domain)

170

 corecmd_read_bin_sockets(screen_domain)

171

172

173

diff --git a/policy/modules/contrib/vlock.te b/policy/modules/contrib/vlock.te

174

index d4094916..4c9ca7af 100644

175

--- a/policy/modules/contrib/vlock.te

176

+++ b/policy/modules/contrib/vlock.te

177

@@ -24,7 +24,6 @@ allow vlock_t self:fifo_file rw_fifo_file_perms;

178

 kernel_read_system_state(vlock_t)

179

180

 corecmd_list_bin(vlock_t)

181

-corecmd_read_bin_symlinks(vlock_t)

182

183

 domain_use_interactive_fds(vlock_t)

1	commit: 573e8b4182c51b02e9a80369e5e1d319431461c9
2	Author: cgzones <cgzones <AT> googlemail <DOT> com>
3	AuthorDate: Fri Mar 3 11:05:49 2017 +0000
4	Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
5	CommitDate: Thu Mar 30 13:58:38 2017 +0000
6	URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=573e8b41
7
8	corecmd_read_bin_symlinks(): remove deprecated and redundant calls
9
10	after the changes to corecmd_search_bin() corecmd_read_bin_symlinks() is deprecated
11
12	policy/modules/contrib/dbus.te \| 1 -
13	policy/modules/contrib/mailman.te \| 1 -
14	policy/modules/contrib/nagios.te \| 2 --
15	policy/modules/contrib/postfix.te \| 1 -
16	policy/modules/contrib/ppp.te \| 1 -
17	policy/modules/contrib/prelink.te \| 1 -
18	policy/modules/contrib/remotelogin.te \| 1 -
19	policy/modules/contrib/rshd.te \| 4 ++--
20	policy/modules/contrib/samhain.te \| 1 -
21	policy/modules/contrib/screen.te \| 1 -
22	policy/modules/contrib/vlock.te \| 1 -
23	11 files changed, 2 insertions(+), 13 deletions(-)
24
25	diff --git a/policy/modules/contrib/dbus.te b/policy/modules/contrib/dbus.te
26	index 78de2022..551fd2db 100644
27	--- a/policy/modules/contrib/dbus.te
28	+++ b/policy/modules/contrib/dbus.te
29	@@ -201,7 +201,6 @@ kernel_read_system_state(session_bus_type)
30	kernel_read_kernel_sysctls(session_bus_type)
31
32	corecmd_list_bin(session_bus_type)
33	-corecmd_read_bin_symlinks(session_bus_type)
34	corecmd_read_bin_files(session_bus_type)
35	corecmd_read_bin_pipes(session_bus_type)
36	corecmd_read_bin_sockets(session_bus_type)
37
38	diff --git a/policy/modules/contrib/mailman.te b/policy/modules/contrib/mailman.te
39	index 3de43d20..8282fcc4 100644
40	--- a/policy/modules/contrib/mailman.te
41	+++ b/policy/modules/contrib/mailman.te
42	@@ -241,7 +241,6 @@ kernel_read_system_state(mailman_queue_t)
43	auth_domtrans_chk_passwd(mailman_queue_t)
44
45	corecmd_read_bin_files(mailman_queue_t)
46	-corecmd_read_bin_symlinks(mailman_queue_t)
47	corenet_sendrecv_innd_client_packets(mailman_queue_t)
48	corenet_tcp_connect_innd_port(mailman_queue_t)
49	corenet_tcp_sendrecv_innd_port(mailman_queue_t)
50
51	diff --git a/policy/modules/contrib/nagios.te b/policy/modules/contrib/nagios.te
52	index de6a62cf..3f3a60ed 100644
53	--- a/policy/modules/contrib/nagios.te
54	+++ b/policy/modules/contrib/nagios.te
55	@@ -297,7 +297,6 @@ optional_policy(`
56	#
57
58	corecmd_read_bin_files(nagios_admin_plugin_t)
59	-corecmd_read_bin_symlinks(nagios_admin_plugin_t)
60
61	dev_getattr_all_chr_files(nagios_admin_plugin_t)
62	dev_getattr_all_blk_files(nagios_admin_plugin_t)
63	@@ -320,7 +319,6 @@ allow nagios_mail_plugin_t self:tcp_socket { accept listen };
64	kernel_read_kernel_sysctls(nagios_mail_plugin_t)
65
66	corecmd_read_bin_files(nagios_mail_plugin_t)
67	-corecmd_read_bin_symlinks(nagios_mail_plugin_t)
68
69	files_read_etc_files(nagios_mail_plugin_t)
70
71
72	diff --git a/policy/modules/contrib/postfix.te b/policy/modules/contrib/postfix.te
73	index 94ac8471..564dd300 100644
74	--- a/policy/modules/contrib/postfix.te
75	+++ b/policy/modules/contrib/postfix.te
76	@@ -510,7 +510,6 @@ corenet_tcp_connect_all_ports(postfix_map_t)
77	corenet_tcp_sendrecv_all_ports(postfix_map_t)
78
79	corecmd_list_bin(postfix_map_t)
80	-corecmd_read_bin_symlinks(postfix_map_t)
81	corecmd_read_bin_files(postfix_map_t)
82	corecmd_read_bin_pipes(postfix_map_t)
83	corecmd_read_bin_sockets(postfix_map_t)
84
85	diff --git a/policy/modules/contrib/ppp.te b/policy/modules/contrib/ppp.te
86	index 1015b4ee..740e03fc 100644
87	--- a/policy/modules/contrib/ppp.te
88	+++ b/policy/modules/contrib/ppp.te
89	@@ -257,7 +257,6 @@ kernel_read_system_state(pptp_t)
90	kernel_signal(pptp_t)
91
92	corecmd_exec_shell(pptp_t)
93	-corecmd_read_bin_symlinks(pptp_t)
94
95	corenet_all_recvfrom_unlabeled(pptp_t)
96	corenet_all_recvfrom_netlabel(pptp_t)
97
98	diff --git a/policy/modules/contrib/prelink.te b/policy/modules/contrib/prelink.te
99	index 8e262163..d17ba24d 100644
100	--- a/policy/modules/contrib/prelink.te
101	+++ b/policy/modules/contrib/prelink.te
102	@@ -72,7 +72,6 @@ kernel_read_kernel_sysctls(prelink_t)
103	corecmd_manage_all_executables(prelink_t)
104	corecmd_relabel_all_executables(prelink_t)
105	corecmd_mmap_all_executables(prelink_t)
106	-corecmd_read_bin_symlinks(prelink_t)
107
108	dev_read_urand(prelink_t)
109
110
111	diff --git a/policy/modules/contrib/remotelogin.te b/policy/modules/contrib/remotelogin.te
112	index 3130db86..f88134ce 100644
113	--- a/policy/modules/contrib/remotelogin.te
114	+++ b/policy/modules/contrib/remotelogin.te
115	@@ -48,7 +48,6 @@ auth_rw_login_records(remote_login_t)
116	auth_rw_faillog(remote_login_t)
117
118	corecmd_list_bin(remote_login_t)
119	-corecmd_read_bin_symlinks(remote_login_t)
120
121	domain_read_all_entry_files(remote_login_t)
122
123
124	diff --git a/policy/modules/contrib/rshd.te b/policy/modules/contrib/rshd.te
125	index dc327424..1100ec75 100644
126	--- a/policy/modules/contrib/rshd.te
127	+++ b/policy/modules/contrib/rshd.te
128	@@ -27,6 +27,8 @@ allow rshd_t rshd_keytab_t:file read_file_perms;
129
130	kernel_read_kernel_sysctls(rshd_t)
131
132	+corecmd_search_bin(rshd_t)
133	+
134	corenet_all_recvfrom_unlabeled(rshd_t)
135	corenet_all_recvfrom_netlabel(rshd_t)
136	corenet_tcp_sendrecv_generic_if(rshd_t)
137	@@ -40,8 +42,6 @@ corenet_tcp_bind_all_rpc_ports(rshd_t)
138	corenet_tcp_connect_all_ports(rshd_t)
139	corenet_tcp_connect_all_rpc_ports(rshd_t)
140
141	-corecmd_read_bin_symlinks(rshd_t)
142	-
143	files_list_home(rshd_t)
144
145	logging_search_logs(rshd_t)
146
147	diff --git a/policy/modules/contrib/samhain.te b/policy/modules/contrib/samhain.te
148	index 865f9563..ef74778d 100644
149	--- a/policy/modules/contrib/samhain.te
150	+++ b/policy/modules/contrib/samhain.te
151	@@ -65,7 +65,6 @@ files_pid_filetrans(samhain_domain, samhain_var_run_t, file)
152	kernel_getattr_core_if(samhain_domain)
153
154	corecmd_list_bin(samhain_domain)
155	-corecmd_read_bin_symlinks(samhain_domain)
156
157	dev_read_urand(samhain_domain)
158	dev_dontaudit_read_rand(samhain_domain)
159
160	diff --git a/policy/modules/contrib/screen.te b/policy/modules/contrib/screen.te
161	index e376da59..e5b73a92 100644
162	--- a/policy/modules/contrib/screen.te
163	+++ b/policy/modules/contrib/screen.te
164	@@ -58,7 +58,6 @@ kernel_read_kernel_sysctls(screen_domain)
165
166	corecmd_list_bin(screen_domain)
167	corecmd_read_bin_files(screen_domain)
168	-corecmd_read_bin_symlinks(screen_domain)
169	corecmd_read_bin_pipes(screen_domain)
170	corecmd_read_bin_sockets(screen_domain)
171
172
173	diff --git a/policy/modules/contrib/vlock.te b/policy/modules/contrib/vlock.te
174	index d4094916..4c9ca7af 100644
175	--- a/policy/modules/contrib/vlock.te
176	+++ b/policy/modules/contrib/vlock.te
177	@@ -24,7 +24,6 @@ allow vlock_t self:fifo_file rw_fifo_file_perms;
178	kernel_read_system_state(vlock_t)
179
180	corecmd_list_bin(vlock_t)
181	-corecmd_read_bin_symlinks(vlock_t)
182
183	domain_use_interactive_fds(vlock_t)

Gentoo Archives: gentoo-commits