[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/

Jason Zaman Wed, 13 Dec 2017 21:16:00 -0800

commit:     5e18d3eb437717c6ad25e614c617b0cad5700879
Author:     Chris PeBenito <pebenito <AT> ieee <DOT> org>
AuthorDate: Wed Dec 13 23:55:43 2017 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Thu Dec 14 05:09:40 2017 +0000
URL:        
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=5e18d3eb


Replace deprecated mmap perm sets and pattern usage.

 policy/modules/contrib/apache.te    | 2 +-
 policy/modules/contrib/cobbler.te   | 2 +-
 policy/modules/contrib/dpkg.te      | 2 +-
 policy/modules/contrib/firewalld.te | 2 +-
 policy/modules/contrib/ftp.if       | 2 +-
 policy/modules/contrib/gnome.if     | 2 +-
 policy/modules/contrib/pingd.te     | 2 +-
 policy/modules/contrib/portage.te   | 2 +-
 policy/modules/contrib/postfix.te   | 4 ++--
 policy/modules/contrib/prelink.te   | 6 +++---
 policy/modules/contrib/samba.te     | 2 +-
 policy/modules/contrib/ulogd.te     | 2 +-
 12 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/policy/modules/contrib/apache.te b/policy/modules/contrib/apache.te
index d28f4c2f..be12966a 100644
--- a/policy/modules/contrib/apache.te
+++ b/policy/modules/contrib/apache.te
@@ -415,7 +415,7 @@ read_lnk_files_pattern(httpd_t, httpd_log_t, httpd_log_t)
 logging_log_filetrans(httpd_t, httpd_log_t, file)
 
 allow httpd_t httpd_modules_t:dir list_dir_perms;
-mmap_files_pattern(httpd_t, httpd_modules_t, httpd_modules_t)
+mmap_exec_files_pattern(httpd_t, httpd_modules_t, httpd_modules_t)
 read_files_pattern(httpd_t, httpd_modules_t, httpd_modules_t)
 read_lnk_files_pattern(httpd_t, httpd_modules_t, httpd_modules_t)
 

diff --git a/policy/modules/contrib/cobbler.te 
b/policy/modules/contrib/cobbler.te
index 6177ef41..a3a4453a 100644
--- a/policy/modules/contrib/cobbler.te
+++ b/policy/modules/contrib/cobbler.te
@@ -72,7 +72,7 @@ allow cobblerd_t cobbler_etc_t:dir list_dir_perms;
 allow cobblerd_t cobbler_etc_t:file read_file_perms;
 allow cobblerd_t cobbler_etc_t:lnk_file read_lnk_file_perms;
 
-allow cobblerd_t cobbler_tmp_t:file mmap_file_perms;
+allow cobblerd_t cobbler_tmp_t:file mmap_exec_file_perms;
 manage_dirs_pattern(cobblerd_t, cobbler_tmp_t, cobbler_tmp_t)
 manage_files_pattern(cobblerd_t, cobbler_tmp_t, cobbler_tmp_t)
 files_tmp_filetrans(cobblerd_t, cobbler_tmp_t, { dir file })

diff --git a/policy/modules/contrib/dpkg.te b/policy/modules/contrib/dpkg.te
index e165fec3..0ff59b94 100644
--- a/policy/modules/contrib/dpkg.te
+++ b/policy/modules/contrib/dpkg.te
@@ -84,7 +84,7 @@ manage_sock_files_pattern(dpkg_t, dpkg_tmpfs_t, dpkg_tmpfs_t)
 manage_fifo_files_pattern(dpkg_t, dpkg_tmpfs_t, dpkg_tmpfs_t)
 fs_tmpfs_filetrans(dpkg_t, dpkg_tmpfs_t, { dir file lnk_file sock_file 
fifo_file })
 
-allow dpkg_t dpkg_var_lib_t:file mmap_file_perms;
+allow dpkg_t dpkg_var_lib_t:file mmap_exec_file_perms;
 manage_files_pattern(dpkg_t, dpkg_var_lib_t, dpkg_var_lib_t)
 files_var_lib_filetrans(dpkg_t, dpkg_var_lib_t, dir)
 

diff --git a/policy/modules/contrib/firewalld.te 
b/policy/modules/contrib/firewalld.te
index 2c930fe5..aa1c637d 100644
--- a/policy/modules/contrib/firewalld.te
+++ b/policy/modules/contrib/firewalld.te
@@ -47,7 +47,7 @@ logging_log_filetrans(firewalld_t, firewalld_var_log_t, file)
 
 manage_files_pattern(firewalld_t, firewalld_tmp_t, firewalld_tmp_t)
 files_tmp_filetrans(firewalld_t, firewalld_tmp_t, file)
-allow firewalld_t firewalld_tmp_t:file mmap_file_perms;
+allow firewalld_t firewalld_tmp_t:file mmap_exec_file_perms;
 
 manage_dirs_pattern(firewalld_t, firewalld_var_run_t, firewalld_var_run_t)
 manage_files_pattern(firewalld_t, firewalld_var_run_t, firewalld_var_run_t)

diff --git a/policy/modules/contrib/ftp.if b/policy/modules/contrib/ftp.if
index 349d1b3b..3bfe581d 100644
--- a/policy/modules/contrib/ftp.if
+++ b/policy/modules/contrib/ftp.if
@@ -53,7 +53,7 @@ interface(`ftp_check_exec',`
        ')
 
        corecmd_search_bin($1)
-       allow $1 ftpd_exec_t:file mmap_file_perms;
+       allow $1 ftpd_exec_t:file mmap_exec_file_perms;
 ')
 
 ########################################

diff --git a/policy/modules/contrib/gnome.if b/policy/modules/contrib/gnome.if
index 8ed95ee2..8b27d15a 100644
--- a/policy/modules/contrib/gnome.if
+++ b/policy/modules/contrib/gnome.if
@@ -805,5 +805,5 @@ interface(`gnome_mmap_gstreamer_orcexec',`
                type gstreamer_orcexec_t;
        ')
 
-       allow $1 gstreamer_orcexec_t:file mmap_file_perms;
+       allow $1 gstreamer_orcexec_t:file mmap_exec_file_perms;
 ')

diff --git a/policy/modules/contrib/pingd.te b/policy/modules/contrib/pingd.te
index 8dad7633..e20b15f8 100644
--- a/policy/modules/contrib/pingd.te
+++ b/policy/modules/contrib/pingd.te
@@ -30,7 +30,7 @@ allow pingd_t self:rawip_socket create_socket_perms;
 allow pingd_t pingd_etc_t:file read_file_perms;
 
 read_files_pattern(pingd_t, pingd_modules_t, pingd_modules_t)
-mmap_files_pattern(pingd_t, pingd_modules_t, pingd_modules_t)
+mmap_exec_files_pattern(pingd_t, pingd_modules_t, pingd_modules_t)
 
 corenet_all_recvfrom_unlabeled(pingd_t)
 corenet_all_recvfrom_netlabel(pingd_t)

diff --git a/policy/modules/contrib/portage.te 
b/policy/modules/contrib/portage.te
index 5905d4dc..067afc97 100644
--- a/policy/modules/contrib/portage.te
+++ b/policy/modules/contrib/portage.te
@@ -103,7 +103,7 @@ read_files_pattern(gcc_config_t, portage_conf_t, 
portage_conf_t)
 allow gcc_config_t portage_ebuild_t:dir list_dir_perms;
 read_files_pattern(gcc_config_t, portage_ebuild_t, portage_ebuild_t)
 
-allow gcc_config_t portage_exec_t:file mmap_file_perms;
+allow gcc_config_t portage_exec_t:file mmap_exec_file_perms;
 
 kernel_read_system_state(gcc_config_t)
 kernel_read_kernel_sysctls(gcc_config_t)

diff --git a/policy/modules/contrib/postfix.te 
b/policy/modules/contrib/postfix.te
index 383be1fc..eba65a15 100644
--- a/policy/modules/contrib/postfix.te
+++ b/policy/modules/contrib/postfix.te
@@ -120,7 +120,7 @@ allow postfix_domain postfix_etc_t:lnk_file 
read_lnk_file_perms;
 
 allow postfix_domain postfix_master_t:file read_file_perms;
 
-allow postfix_domain postfix_exec_t:file { mmap_file_perms lock };
+allow postfix_domain postfix_exec_t:file { mmap_exec_file_perms lock };
 
 allow postfix_domain postfix_master_t:process sigchld;
 
@@ -217,7 +217,7 @@ allow postfix_master_t postfix_data_t:file 
manage_file_perms;
 
 allow postfix_master_t postfix_keytab_t:file read_file_perms;
 
-allow postfix_master_t postfix_map_exec_t:file { mmap_file_perms ioctl lock };
+allow postfix_master_t postfix_map_exec_t:file { mmap_exec_file_perms ioctl 
lock };
 
 allow postfix_master_t { postfix_postdrop_exec_t postfix_postqueue_exec_t 
}:file getattr_file_perms;
 

diff --git a/policy/modules/contrib/prelink.te 
b/policy/modules/contrib/prelink.te
index db7d5974..43276472 100644
--- a/policy/modules/contrib/prelink.te
+++ b/policy/modules/contrib/prelink.te
@@ -53,10 +53,10 @@ append_files_pattern(prelink_t, prelink_log_t, 
prelink_log_t)
 read_lnk_files_pattern(prelink_t, prelink_log_t, prelink_log_t)
 logging_log_filetrans(prelink_t, prelink_log_t, file)
 
-allow prelink_t prelink_tmp_t:file { manage_file_perms mmap_file_perms 
relabel_file_perms execmod };
+allow prelink_t prelink_tmp_t:file { manage_file_perms mmap_exec_file_perms 
relabel_file_perms execmod };
 files_tmp_filetrans(prelink_t, prelink_tmp_t, file)
 
-allow prelink_t prelink_tmpfs_t:file { manage_file_perms mmap_file_perms 
relabel_file_perms execmod };
+allow prelink_t prelink_tmpfs_t:file { manage_file_perms mmap_exec_file_perms 
relabel_file_perms execmod };
 fs_tmpfs_filetrans(prelink_t, prelink_tmpfs_t, file)
 
 manage_dirs_pattern(prelink_t, prelink_var_lib_t, prelink_var_lib_t)
@@ -64,7 +64,7 @@ manage_files_pattern(prelink_t, prelink_var_lib_t, 
prelink_var_lib_t)
 relabel_files_pattern(prelink_t, prelink_var_lib_t, prelink_var_lib_t)
 files_var_lib_filetrans(prelink_t, prelink_var_lib_t, { dir file })
 
-allow prelink_t prelink_object:file { manage_file_perms mmap_file_perms 
relabel_file_perms };
+allow prelink_t prelink_object:file { manage_file_perms mmap_exec_file_perms 
relabel_file_perms };
 
 kernel_read_system_state(prelink_t)
 kernel_read_kernel_sysctls(prelink_t)

diff --git a/policy/modules/contrib/samba.te b/policy/modules/contrib/samba.te
index 78af52df..58dc60fb 100644
--- a/policy/modules/contrib/samba.te
+++ b/policy/modules/contrib/samba.te
@@ -763,7 +763,7 @@ manage_files_pattern(swat_t, samba_var_t, samba_var_t)
 manage_lnk_files_pattern(swat_t, samba_var_t, samba_var_t)
 files_var_filetrans(swat_t, samba_var_t, dir, "samba")
 
-allow swat_t smbd_exec_t:file mmap_file_perms ;
+allow swat_t smbd_exec_t:file mmap_exec_file_perms ;
 
 allow swat_t { winbind_t smbd_t }:process { signal signull };
 

diff --git a/policy/modules/contrib/ulogd.te b/policy/modules/contrib/ulogd.te
index ef4c5fa4..18779e5d 100644
--- a/policy/modules/contrib/ulogd.te
+++ b/policy/modules/contrib/ulogd.te
@@ -35,7 +35,7 @@ allow ulogd_t self:tcp_socket create_stream_socket_perms;
 read_files_pattern(ulogd_t, ulogd_etc_t, ulogd_etc_t)
 
 list_dirs_pattern(ulogd_t, ulogd_modules_t, ulogd_modules_t)
-mmap_files_pattern(ulogd_t, ulogd_modules_t, ulogd_modules_t)
+mmap_exec_files_pattern(ulogd_t, ulogd_modules_t, ulogd_modules_t)
 
 append_files_pattern(ulogd_t, ulogd_var_log_t, ulogd_var_log_t)
 create_files_pattern(ulogd_t, ulogd_var_log_t, ulogd_var_log_t)

[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/

Reply via email to