1 |
commit: 573e8b4182c51b02e9a80369e5e1d319431461c9 |
2 |
Author: cgzones <cgzones <AT> googlemail <DOT> com> |
3 |
AuthorDate: Fri Mar 3 11:05:49 2017 +0000 |
4 |
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu Mar 30 13:58:38 2017 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=573e8b41 |
7 |
|
8 |
corecmd_read_bin_symlinks(): remove deprecated and redundant calls |
9 |
|
10 |
after the changes to corecmd_search_bin() corecmd_read_bin_symlinks() is deprecated |
11 |
|
12 |
policy/modules/contrib/dbus.te | 1 - |
13 |
policy/modules/contrib/mailman.te | 1 - |
14 |
policy/modules/contrib/nagios.te | 2 -- |
15 |
policy/modules/contrib/postfix.te | 1 - |
16 |
policy/modules/contrib/ppp.te | 1 - |
17 |
policy/modules/contrib/prelink.te | 1 - |
18 |
policy/modules/contrib/remotelogin.te | 1 - |
19 |
policy/modules/contrib/rshd.te | 4 ++-- |
20 |
policy/modules/contrib/samhain.te | 1 - |
21 |
policy/modules/contrib/screen.te | 1 - |
22 |
policy/modules/contrib/vlock.te | 1 - |
23 |
11 files changed, 2 insertions(+), 13 deletions(-) |
24 |
|
25 |
diff --git a/policy/modules/contrib/dbus.te b/policy/modules/contrib/dbus.te |
26 |
index 78de2022..551fd2db 100644 |
27 |
--- a/policy/modules/contrib/dbus.te |
28 |
+++ b/policy/modules/contrib/dbus.te |
29 |
@@ -201,7 +201,6 @@ kernel_read_system_state(session_bus_type) |
30 |
kernel_read_kernel_sysctls(session_bus_type) |
31 |
|
32 |
corecmd_list_bin(session_bus_type) |
33 |
-corecmd_read_bin_symlinks(session_bus_type) |
34 |
corecmd_read_bin_files(session_bus_type) |
35 |
corecmd_read_bin_pipes(session_bus_type) |
36 |
corecmd_read_bin_sockets(session_bus_type) |
37 |
|
38 |
diff --git a/policy/modules/contrib/mailman.te b/policy/modules/contrib/mailman.te |
39 |
index 3de43d20..8282fcc4 100644 |
40 |
--- a/policy/modules/contrib/mailman.te |
41 |
+++ b/policy/modules/contrib/mailman.te |
42 |
@@ -241,7 +241,6 @@ kernel_read_system_state(mailman_queue_t) |
43 |
auth_domtrans_chk_passwd(mailman_queue_t) |
44 |
|
45 |
corecmd_read_bin_files(mailman_queue_t) |
46 |
-corecmd_read_bin_symlinks(mailman_queue_t) |
47 |
corenet_sendrecv_innd_client_packets(mailman_queue_t) |
48 |
corenet_tcp_connect_innd_port(mailman_queue_t) |
49 |
corenet_tcp_sendrecv_innd_port(mailman_queue_t) |
50 |
|
51 |
diff --git a/policy/modules/contrib/nagios.te b/policy/modules/contrib/nagios.te |
52 |
index de6a62cf..3f3a60ed 100644 |
53 |
--- a/policy/modules/contrib/nagios.te |
54 |
+++ b/policy/modules/contrib/nagios.te |
55 |
@@ -297,7 +297,6 @@ optional_policy(` |
56 |
# |
57 |
|
58 |
corecmd_read_bin_files(nagios_admin_plugin_t) |
59 |
-corecmd_read_bin_symlinks(nagios_admin_plugin_t) |
60 |
|
61 |
dev_getattr_all_chr_files(nagios_admin_plugin_t) |
62 |
dev_getattr_all_blk_files(nagios_admin_plugin_t) |
63 |
@@ -320,7 +319,6 @@ allow nagios_mail_plugin_t self:tcp_socket { accept listen }; |
64 |
kernel_read_kernel_sysctls(nagios_mail_plugin_t) |
65 |
|
66 |
corecmd_read_bin_files(nagios_mail_plugin_t) |
67 |
-corecmd_read_bin_symlinks(nagios_mail_plugin_t) |
68 |
|
69 |
files_read_etc_files(nagios_mail_plugin_t) |
70 |
|
71 |
|
72 |
diff --git a/policy/modules/contrib/postfix.te b/policy/modules/contrib/postfix.te |
73 |
index 94ac8471..564dd300 100644 |
74 |
--- a/policy/modules/contrib/postfix.te |
75 |
+++ b/policy/modules/contrib/postfix.te |
76 |
@@ -510,7 +510,6 @@ corenet_tcp_connect_all_ports(postfix_map_t) |
77 |
corenet_tcp_sendrecv_all_ports(postfix_map_t) |
78 |
|
79 |
corecmd_list_bin(postfix_map_t) |
80 |
-corecmd_read_bin_symlinks(postfix_map_t) |
81 |
corecmd_read_bin_files(postfix_map_t) |
82 |
corecmd_read_bin_pipes(postfix_map_t) |
83 |
corecmd_read_bin_sockets(postfix_map_t) |
84 |
|
85 |
diff --git a/policy/modules/contrib/ppp.te b/policy/modules/contrib/ppp.te |
86 |
index 1015b4ee..740e03fc 100644 |
87 |
--- a/policy/modules/contrib/ppp.te |
88 |
+++ b/policy/modules/contrib/ppp.te |
89 |
@@ -257,7 +257,6 @@ kernel_read_system_state(pptp_t) |
90 |
kernel_signal(pptp_t) |
91 |
|
92 |
corecmd_exec_shell(pptp_t) |
93 |
-corecmd_read_bin_symlinks(pptp_t) |
94 |
|
95 |
corenet_all_recvfrom_unlabeled(pptp_t) |
96 |
corenet_all_recvfrom_netlabel(pptp_t) |
97 |
|
98 |
diff --git a/policy/modules/contrib/prelink.te b/policy/modules/contrib/prelink.te |
99 |
index 8e262163..d17ba24d 100644 |
100 |
--- a/policy/modules/contrib/prelink.te |
101 |
+++ b/policy/modules/contrib/prelink.te |
102 |
@@ -72,7 +72,6 @@ kernel_read_kernel_sysctls(prelink_t) |
103 |
corecmd_manage_all_executables(prelink_t) |
104 |
corecmd_relabel_all_executables(prelink_t) |
105 |
corecmd_mmap_all_executables(prelink_t) |
106 |
-corecmd_read_bin_symlinks(prelink_t) |
107 |
|
108 |
dev_read_urand(prelink_t) |
109 |
|
110 |
|
111 |
diff --git a/policy/modules/contrib/remotelogin.te b/policy/modules/contrib/remotelogin.te |
112 |
index 3130db86..f88134ce 100644 |
113 |
--- a/policy/modules/contrib/remotelogin.te |
114 |
+++ b/policy/modules/contrib/remotelogin.te |
115 |
@@ -48,7 +48,6 @@ auth_rw_login_records(remote_login_t) |
116 |
auth_rw_faillog(remote_login_t) |
117 |
|
118 |
corecmd_list_bin(remote_login_t) |
119 |
-corecmd_read_bin_symlinks(remote_login_t) |
120 |
|
121 |
domain_read_all_entry_files(remote_login_t) |
122 |
|
123 |
|
124 |
diff --git a/policy/modules/contrib/rshd.te b/policy/modules/contrib/rshd.te |
125 |
index dc327424..1100ec75 100644 |
126 |
--- a/policy/modules/contrib/rshd.te |
127 |
+++ b/policy/modules/contrib/rshd.te |
128 |
@@ -27,6 +27,8 @@ allow rshd_t rshd_keytab_t:file read_file_perms; |
129 |
|
130 |
kernel_read_kernel_sysctls(rshd_t) |
131 |
|
132 |
+corecmd_search_bin(rshd_t) |
133 |
+ |
134 |
corenet_all_recvfrom_unlabeled(rshd_t) |
135 |
corenet_all_recvfrom_netlabel(rshd_t) |
136 |
corenet_tcp_sendrecv_generic_if(rshd_t) |
137 |
@@ -40,8 +42,6 @@ corenet_tcp_bind_all_rpc_ports(rshd_t) |
138 |
corenet_tcp_connect_all_ports(rshd_t) |
139 |
corenet_tcp_connect_all_rpc_ports(rshd_t) |
140 |
|
141 |
-corecmd_read_bin_symlinks(rshd_t) |
142 |
- |
143 |
files_list_home(rshd_t) |
144 |
|
145 |
logging_search_logs(rshd_t) |
146 |
|
147 |
diff --git a/policy/modules/contrib/samhain.te b/policy/modules/contrib/samhain.te |
148 |
index 865f9563..ef74778d 100644 |
149 |
--- a/policy/modules/contrib/samhain.te |
150 |
+++ b/policy/modules/contrib/samhain.te |
151 |
@@ -65,7 +65,6 @@ files_pid_filetrans(samhain_domain, samhain_var_run_t, file) |
152 |
kernel_getattr_core_if(samhain_domain) |
153 |
|
154 |
corecmd_list_bin(samhain_domain) |
155 |
-corecmd_read_bin_symlinks(samhain_domain) |
156 |
|
157 |
dev_read_urand(samhain_domain) |
158 |
dev_dontaudit_read_rand(samhain_domain) |
159 |
|
160 |
diff --git a/policy/modules/contrib/screen.te b/policy/modules/contrib/screen.te |
161 |
index e376da59..e5b73a92 100644 |
162 |
--- a/policy/modules/contrib/screen.te |
163 |
+++ b/policy/modules/contrib/screen.te |
164 |
@@ -58,7 +58,6 @@ kernel_read_kernel_sysctls(screen_domain) |
165 |
|
166 |
corecmd_list_bin(screen_domain) |
167 |
corecmd_read_bin_files(screen_domain) |
168 |
-corecmd_read_bin_symlinks(screen_domain) |
169 |
corecmd_read_bin_pipes(screen_domain) |
170 |
corecmd_read_bin_sockets(screen_domain) |
171 |
|
172 |
|
173 |
diff --git a/policy/modules/contrib/vlock.te b/policy/modules/contrib/vlock.te |
174 |
index d4094916..4c9ca7af 100644 |
175 |
--- a/policy/modules/contrib/vlock.te |
176 |
+++ b/policy/modules/contrib/vlock.te |
177 |
@@ -24,7 +24,6 @@ allow vlock_t self:fifo_file rw_fifo_file_perms; |
178 |
kernel_read_system_state(vlock_t) |
179 |
|
180 |
corecmd_list_bin(vlock_t) |
181 |
-corecmd_read_bin_symlinks(vlock_t) |
182 |
|
183 |
domain_use_interactive_fds(vlock_t) |