[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/kernel/

Sat, 09 Feb 2019 22:19:22 -0800 

commit:     b1b6e9dfd6982086f38e0e4e008d31777ee94255
Author:     Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Sun Feb 10 06:09:02 2019 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sun Feb 10 06:09:02 2019 +0000
URL:        
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=b1b6e9df

remove duplicated dev_dontaudit_read_sysfs files_dontaudit_read_etc_files

Signed-off-by: Jason Zaman <jason <AT> perfinion.com>

 policy/modules/kernel/devices.if | 20 --------------------
 policy/modules/kernel/files.if   | 20 --------------------
 2 files changed, 40 deletions(-)

diff --git a/policy/modules/kernel/devices.if b/policy/modules/kernel/devices.if
index 84b9d8fb..87fabe6f 100644
--- a/policy/modules/kernel/devices.if
+++ b/policy/modules/kernel/devices.if
@@ -5236,26 +5236,6 @@ interface(`dev_unconfined',`
 
 # We cannot use ifdef distro_gentoo for interfaces
 
-########################################
-## <summary>
-##     Dont audit attempts to read hardware state information
-## </summary>
-## <param name="domain">
-##     <summary>
-##     Domain for which the attempts do not need to be audited
-##     </summary>
-## </param>
-#
-interface(`dev_dontaudit_read_sysfs',`
-       gen_require(`
-               type sysfs_t;
-       ')
-
-       dontaudit $1 sysfs_t:file read_file_perms;
-       dontaudit $1 sysfs_t:dir list_dir_perms;
-       dontaudit $1 sysfs_t:lnk_file read_lnk_file_perms;
-')
-
 ########################################
 ## <summary>
 ##     Relabel cpu online hardware state information.

diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
index 0ace4966..b4db9c89 100644
--- a/policy/modules/kernel/files.if
+++ b/policy/modules/kernel/files.if
@@ -7111,26 +7111,6 @@ interface(`files_dontaudit_read_etc_runtime',`
        dontaudit $1 etc_runtime_t:file read_file_perms;
 ')
 
-########################################
-## <summary>
-##     Do not audit attempts to read files
-##     in /etc
-## </summary>
-## <param name="domain">
-##     <summary>
-##     Domain to not audit.
-##     </summary>
-## </param>
-#
-interface(`files_dontaudit_read_etc_files',`
-       gen_require(`
-               type etc_t;
-       ')
-
-       dontaudit $1 etc_t:file { getattr read };
-')
-
-
 #########################################
 ## <summary>
 ##     List usr/src files

Reply via email to