commit: 248905080e2e9840c120f1bb12d589bbec3c89bb
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Sun Apr 30 09:57:08 2017 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sun Apr 30 14:17:45 2017 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=24890508
Remove interfaces added upstream
policy/modules/contrib/gnome.if | 29 -----------------------------
policy/modules/kernel/files.if | 20 --------------------
policy/modules/system/init.te | 1 -
3 files changed, 50 deletions(-)
diff --git a/policy/modules/contrib/gnome.if b/policy/modules/contrib/gnome.if
index ce436cfd..4fcc6905 100644
--- a/policy/modules/contrib/gnome.if
+++ b/policy/modules/contrib/gnome.if
@@ -124,12 +124,6 @@ template(`gnome_role_template',`
wm_dbus_chat($1, $1_gkeyringd_t)
')
')
-
- ifdef(`distro_gentoo',`
- optional_policy(`
- gnome_dbus_chat_gconfd($3)
- ')
- ')
')
########################################
@@ -841,29 +835,6 @@ interface(`gnome_stream_connect_all_gkeyringd',`
stream_connect_pattern($1, gnome_keyring_tmp_t, gnome_keyring_tmp_t,
gkeyringd_domain)
')
-# From here Gentoo specific but cannot use ifdef distro_gentoo here
-
-#########################################
-## <summary>
-## Send and receive messages from the gconf daemon
-## over dbus.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`gnome_dbus_chat_gconfd',`
- gen_require(`
- type gconfd_t;
- class dbus send_msg;
- ')
-
- allow $1 gconfd_t:dbus send_msg;
- allow gconfd_t $1:dbus send_msg;
-')
-
########################################
## <summary>
## Manage gstreamer ORC optimized
diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
index ef969a95..a74f7913 100644
--- a/policy/modules/kernel/files.if
+++ b/policy/modules/kernel/files.if
@@ -7232,26 +7232,6 @@ interface(`files_unconfined',`
########################################
## <summary>
-## Create PID directories.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`files_create_pid_dirs',`
- gen_require(`
- type var_t, var_run_t;
- ')
-
- allow $1 var_t:dir search_dir_perms;
- allow $1 var_run_t:lnk_file read_lnk_file_perms;
- create_dirs_pattern($1, var_run_t, var_run_t)
-')
-
-########################################
-## <summary>
## Create, read, write, and delete symbolic links in
## /etc that are dynamically created on boot.
## </summary>
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index 5c6830f2..07238399 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -1350,7 +1350,6 @@ ifdef(`distro_gentoo',`
# needs to chmod some devices in early boot
dev_setattr_generic_chr_files(initrc_t)
- files_create_pid_dirs(initrc_t)
files_dontaudit_write_usr_dirs(initrc_t)
files_manage_generic_tmp_dirs(initrc_t)
files_manage_generic_tmp_files(initrc_t)
