commit: b1b6e9dfd6982086f38e0e4e008d31777ee94255 Author: Jason Zaman <jason <AT> perfinion <DOT> com> AuthorDate: Sun Feb 10 06:09:02 2019 +0000 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> CommitDate: Sun Feb 10 06:09:02 2019 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=b1b6e9df
remove duplicated dev_dontaudit_read_sysfs files_dontaudit_read_etc_files Signed-off-by: Jason Zaman <jason <AT> perfinion.com> policy/modules/kernel/devices.if | 20 -------------------- policy/modules/kernel/files.if | 20 -------------------- 2 files changed, 40 deletions(-) diff --git a/policy/modules/kernel/devices.if b/policy/modules/kernel/devices.if index 84b9d8fb..87fabe6f 100644 --- a/policy/modules/kernel/devices.if +++ b/policy/modules/kernel/devices.if @@ -5236,26 +5236,6 @@ interface(`dev_unconfined',` # We cannot use ifdef distro_gentoo for interfaces -######################################## -## <summary> -## Dont audit attempts to read hardware state information -## </summary> -## <param name="domain"> -## <summary> -## Domain for which the attempts do not need to be audited -## </summary> -## </param> -# -interface(`dev_dontaudit_read_sysfs',` - gen_require(` - type sysfs_t; - ') - - dontaudit $1 sysfs_t:file read_file_perms; - dontaudit $1 sysfs_t:dir list_dir_perms; - dontaudit $1 sysfs_t:lnk_file read_lnk_file_perms; -') - ######################################## ## <summary> ## Relabel cpu online hardware state information. diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if index 0ace4966..b4db9c89 100644 --- a/policy/modules/kernel/files.if +++ b/policy/modules/kernel/files.if @@ -7111,26 +7111,6 @@ interface(`files_dontaudit_read_etc_runtime',` dontaudit $1 etc_runtime_t:file read_file_perms; ') -######################################## -## <summary> -## Do not audit attempts to read files -## in /etc -## </summary> -## <param name="domain"> -## <summary> -## Domain to not audit. -## </summary> -## </param> -# -interface(`files_dontaudit_read_etc_files',` - gen_require(` - type etc_t; - ') - - dontaudit $1 etc_t:file { getattr read }; -') - - ######################################### ## <summary> ## List usr/src files