Gentoo Archives: gentoo-commits

From: Jason Zaman <perfinion@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/kernel/, policy/modules/system/, policy/modules/contrib/
Date: Sun, 30 Apr 2017 14:20:33
Message-Id: 1493561865.248905080e2e9840c120f1bb12d589bbec3c89bb.perfinion@gentoo
1 commit: 248905080e2e9840c120f1bb12d589bbec3c89bb
2 Author: Jason Zaman <jason <AT> perfinion <DOT> com>
3 AuthorDate: Sun Apr 30 09:57:08 2017 +0000
4 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
5 CommitDate: Sun Apr 30 14:17:45 2017 +0000
6 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=24890508
7
8 Remove interfaces added upstream
9
10 policy/modules/contrib/gnome.if | 29 -----------------------------
11 policy/modules/kernel/files.if | 20 --------------------
12 policy/modules/system/init.te | 1 -
13 3 files changed, 50 deletions(-)
14
15 diff --git a/policy/modules/contrib/gnome.if b/policy/modules/contrib/gnome.if
16 index ce436cfd..4fcc6905 100644
17 --- a/policy/modules/contrib/gnome.if
18 +++ b/policy/modules/contrib/gnome.if
19 @@ -124,12 +124,6 @@ template(`gnome_role_template',`
20 wm_dbus_chat($1, $1_gkeyringd_t)
21 ')
22 ')
23 -
24 - ifdef(`distro_gentoo',`
25 - optional_policy(`
26 - gnome_dbus_chat_gconfd($3)
27 - ')
28 - ')
29 ')
30
31 ########################################
32 @@ -841,29 +835,6 @@ interface(`gnome_stream_connect_all_gkeyringd',`
33 stream_connect_pattern($1, gnome_keyring_tmp_t, gnome_keyring_tmp_t, gkeyringd_domain)
34 ')
35
36 -# From here Gentoo specific but cannot use ifdef distro_gentoo here
37 -
38 -#########################################
39 -## <summary>
40 -## Send and receive messages from the gconf daemon
41 -## over dbus.
42 -## </summary>
43 -## <param name="domain">
44 -## <summary>
45 -## Domain allowed access.
46 -## </summary>
47 -## </param>
48 -#
49 -interface(`gnome_dbus_chat_gconfd',`
50 - gen_require(`
51 - type gconfd_t;
52 - class dbus send_msg;
53 - ')
54 -
55 - allow $1 gconfd_t:dbus send_msg;
56 - allow gconfd_t $1:dbus send_msg;
57 -')
58 -
59 ########################################
60 ## <summary>
61 ## Manage gstreamer ORC optimized
62
63 diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
64 index ef969a95..a74f7913 100644
65 --- a/policy/modules/kernel/files.if
66 +++ b/policy/modules/kernel/files.if
67 @@ -7232,26 +7232,6 @@ interface(`files_unconfined',`
68
69 ########################################
70 ## <summary>
71 -## Create PID directories.
72 -## </summary>
73 -## <param name="domain">
74 -## <summary>
75 -## Domain allowed access.
76 -## </summary>
77 -## </param>
78 -#
79 -interface(`files_create_pid_dirs',`
80 - gen_require(`
81 - type var_t, var_run_t;
82 - ')
83 -
84 - allow $1 var_t:dir search_dir_perms;
85 - allow $1 var_run_t:lnk_file read_lnk_file_perms;
86 - create_dirs_pattern($1, var_run_t, var_run_t)
87 -')
88 -
89 -########################################
90 -## <summary>
91 ## Create, read, write, and delete symbolic links in
92 ## /etc that are dynamically created on boot.
93 ## </summary>
94
95 diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
96 index 5c6830f2..07238399 100644
97 --- a/policy/modules/system/init.te
98 +++ b/policy/modules/system/init.te
99 @@ -1350,7 +1350,6 @@ ifdef(`distro_gentoo',`
100 # needs to chmod some devices in early boot
101 dev_setattr_generic_chr_files(initrc_t)
102
103 - files_create_pid_dirs(initrc_t)
104 files_dontaudit_write_usr_dirs(initrc_t)
105 files_manage_generic_tmp_dirs(initrc_t)
106 files_manage_generic_tmp_files(initrc_t)