[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/apps/, policy/modules/admin/, policy/modules/services/

Tue, 13 Dec 2022 12:55:21 -0800 

commit:     edc91c3a2edac1ca2915691a16060d6b53704b40
Author:     Kenton Groombridge <me <AT> concord <DOT> sh>
AuthorDate: Mon Dec 12 15:35:32 2022 +0000
Commit:     Kenton Groombridge <concord <AT> gentoo <DOT> org>
CommitDate: Tue Dec 13 19:07:47 2022 +0000
URL:        
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=edc91c3a

various: use mmap_manage_file_perms

Replace instances of manage_file_perms and map with
mmap_manage_file_perms

Signed-off-by: Kenton Groombridge <me <AT> concord.sh>
Signed-off-by: Kenton Groombridge <concord <AT> gentoo.org>

 policy/modules/admin/alsa.te         | 2 +-
 policy/modules/admin/apt.if          | 2 +-
 policy/modules/apps/mozilla.te       | 2 +-
 policy/modules/apps/pulseaudio.if    | 2 +-
 policy/modules/apps/pulseaudio.te    | 2 +-
 policy/modules/services/aptcacher.te | 2 +-
 policy/modules/services/mailman.te   | 8 ++++----
 policy/modules/services/matrixd.te   | 2 +-
 policy/modules/services/nsd.te       | 2 +-
 policy/modules/services/postfix.te   | 2 +-
 10 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/policy/modules/admin/alsa.te b/policy/modules/admin/alsa.te
index 2f6efcbeb..3b6a129c1 100644
--- a/policy/modules/admin/alsa.te
+++ b/policy/modules/admin/alsa.te
@@ -68,7 +68,7 @@ manage_files_pattern(alsa_t, alsa_tmp_t, alsa_tmp_t)
 files_tmp_filetrans(alsa_t, alsa_tmp_t, { dir file })
 userdom_user_tmp_filetrans(alsa_t, alsa_tmp_t, { dir file })
 
-allow alsa_t alsa_tmpfs_t:file { manage_file_perms map };
+allow alsa_t alsa_tmpfs_t:file mmap_manage_file_perms;
 fs_tmpfs_filetrans(alsa_t, alsa_tmpfs_t, file)
 
 manage_dirs_pattern(alsa_t, alsa_var_lib_t, alsa_var_lib_t)

diff --git a/policy/modules/admin/apt.if b/policy/modules/admin/apt.if
index 6d5d3f33a..5787e9804 100644
--- a/policy/modules/admin/apt.if
+++ b/policy/modules/admin/apt.if
@@ -191,7 +191,7 @@ interface(`apt_manage_cache',`
 
        files_search_var($1)
        allow $1 apt_var_cache_t:dir manage_dir_perms;
-       allow $1 apt_var_cache_t:file { manage_file_perms map };
+       allow $1 apt_var_cache_t:file mmap_manage_file_perms;
 ')
 
 ########################################

diff --git a/policy/modules/apps/mozilla.te b/policy/modules/apps/mozilla.te
index 03a9b9d6e..ba6b2376c 100644
--- a/policy/modules/apps/mozilla.te
+++ b/policy/modules/apps/mozilla.te
@@ -86,7 +86,7 @@ allow mozilla_t mozilla_plugin_t:unix_stream_socket 
rw_socket_perms;
 allow mozilla_t mozilla_plugin_t:fd use;
 
 allow mozilla_t { mozilla_home_t mozilla_plugin_home_t }:dir manage_dir_perms;
-allow mozilla_t { mozilla_home_t mozilla_plugin_home_t }:file { 
manage_file_perms map };
+allow mozilla_t { mozilla_home_t mozilla_plugin_home_t }:file 
mmap_manage_file_perms;
 allow mozilla_t mozilla_home_t:lnk_file manage_lnk_file_perms;
 userdom_user_home_dir_filetrans(mozilla_t, mozilla_home_t, dir, ".galeon")
 userdom_user_home_dir_filetrans(mozilla_t, mozilla_home_t, dir, ".mozilla")

diff --git a/policy/modules/apps/pulseaudio.if 
b/policy/modules/apps/pulseaudio.if
index b2d2f1d43..c7df8b8a7 100644
--- a/policy/modules/apps/pulseaudio.if
+++ b/policy/modules/apps/pulseaudio.if
@@ -45,7 +45,7 @@ template(`pulseaudio_role',`
        allow $2 pulseaudio_home_t:lnk_file { manage_lnk_file_perms 
relabel_lnk_file_perms };
 
        allow $2 { pulseaudio_tmpfs_t pulseaudio_tmpfsfile }:dir { 
manage_dir_perms relabel_dir_perms };
-       allow $2 { pulseaudio_tmpfs_t pulseaudio_tmpfsfile }:file { 
manage_file_perms relabel_file_perms map };
+       allow $2 { pulseaudio_tmpfs_t pulseaudio_tmpfsfile }:file { 
mmap_manage_file_perms relabel_file_perms };
 
        allow $2 pulseaudio_tmp_t:dir { manage_dir_perms relabel_dir_perms };
        allow $2 pulseaudio_tmp_t:file { manage_file_perms relabel_file_perms };

diff --git a/policy/modules/apps/pulseaudio.te 
b/policy/modules/apps/pulseaudio.te
index 2bb0ee79e..b26123e86 100644
--- a/policy/modules/apps/pulseaudio.te
+++ b/policy/modules/apps/pulseaudio.te
@@ -59,7 +59,7 @@ allow pulseaudio_t self:tcp_socket { accept listen };
 allow pulseaudio_t self:netlink_kobject_uevent_socket create_socket_perms;
 
 allow pulseaudio_t pulseaudio_home_t:dir manage_dir_perms;
-allow pulseaudio_t pulseaudio_home_t:file { manage_file_perms map };
+allow pulseaudio_t pulseaudio_home_t:file mmap_manage_file_perms;
 allow pulseaudio_t pulseaudio_home_t:lnk_file manage_lnk_file_perms;
 
 userdom_user_home_dir_filetrans(pulseaudio_t, pulseaudio_home_t, dir, ".pulse")

diff --git a/policy/modules/services/aptcacher.te 
b/policy/modules/services/aptcacher.te
index ac29c8728..10a0e54e1 100644
--- a/policy/modules/services/aptcacher.te
+++ b/policy/modules/services/aptcacher.te
@@ -51,7 +51,7 @@ allow aptcacher_t aptcacher_conf_t:file mmap_read_file_perms;
 allow aptcacher_t aptcacher_conf_t:lnk_file read_lnk_file_perms;
 
 allow aptcacher_t aptcacher_cache_t:dir manage_dir_perms;
-allow aptcacher_t aptcacher_cache_t:file { manage_file_perms map };
+allow aptcacher_t aptcacher_cache_t:file mmap_manage_file_perms;
 allow aptcacher_t aptcacher_cache_t:lnk_file manage_lnk_file_perms;
 
 allow aptcacher_t aptcacher_lib_t:file map;

diff --git a/policy/modules/services/mailman.te 
b/policy/modules/services/mailman.te
index 97a000d27..fe52b6fd8 100644
--- a/policy/modules/services/mailman.te
+++ b/policy/modules/services/mailman.te
@@ -109,7 +109,7 @@ allow mailman_cgi_t mailman_archive_t:dir search_dir_perms;
 allow mailman_cgi_t mailman_archive_t:file read_file_perms;
 
 allow mailman_cgi_t mailman_data_t:dir rw_dir_perms;
-allow mailman_cgi_t mailman_data_t:file { map manage_file_perms };
+allow mailman_cgi_t mailman_data_t:file mmap_manage_file_perms;
 allow mailman_cgi_t mailman_data_t:lnk_file read_lnk_file_perms;
 
 allow mailman_cgi_t mailman_lock_t:dir manage_dir_perms;
@@ -123,7 +123,7 @@ allow mailman_cgi_t mailman_runtime_t:file read_file_perms;
 allow mailman_cgi_t mailman_runtime_t:sock_file manage_sock_file_perms;
 
 fs_tmpfs_filetrans(mailman_cgi_t, mailman_cgi_tmpfs_t, file)
-allow mailman_cgi_t mailman_cgi_tmpfs_t:file { map manage_file_perms };
+allow mailman_cgi_t mailman_cgi_tmpfs_t:file mmap_manage_file_perms;
 
 kernel_read_net_sysctls(mailman_cgi_t)
 kernel_read_system_state(mailman_cgi_t)
@@ -283,7 +283,7 @@ allow mailman_queue_t mailman_archive_t:dir 
manage_dir_perms;
 allow mailman_queue_t mailman_archive_t:file manage_file_perms;
 
 allow mailman_queue_t mailman_data_t:dir rw_dir_perms;
-allow mailman_queue_t mailman_data_t:file { map manage_file_perms };
+allow mailman_queue_t mailman_data_t:file mmap_manage_file_perms;
 allow mailman_queue_t mailman_data_t:lnk_file read_lnk_file_perms;
 
 allow mailman_queue_t mailman_lock_t:dir rw_dir_perms;
@@ -293,7 +293,7 @@ allow mailman_queue_t mailman_log_t:dir list_dir_perms;
 allow mailman_queue_t mailman_log_t:file manage_file_perms;
 
 fs_tmpfs_filetrans(mailman_queue_t, mailman_queue_tmpfs_t, file)
-allow mailman_queue_t mailman_queue_tmpfs_t:file { map manage_file_perms };
+allow mailman_queue_t mailman_queue_tmpfs_t:file mmap_manage_file_perms;
 
 kernel_read_network_state(mailman_queue_t)
 kernel_read_system_state(mailman_queue_t)

diff --git a/policy/modules/services/matrixd.te 
b/policy/modules/services/matrixd.te
index 394969cbc..4ac31d901 100644
--- a/policy/modules/services/matrixd.te
+++ b/policy/modules/services/matrixd.te
@@ -51,7 +51,7 @@ allow matrixd_t self:unix_dgram_socket create_socket_perms;
 # https://cffi.readthedocs.io/en/latest/using.html#callbacks
 allow matrixd_t self:process { getsched execmem };
 
-allow matrixd_t matrixd_tmp_t:file { manage_file_perms map };
+allow matrixd_t matrixd_tmp_t:file mmap_manage_file_perms;
 files_tmp_filetrans(matrixd_t, matrixd_tmp_t, file)
 fs_tmpfs_filetrans(matrixd_t, matrixd_tmp_t, file)
 

diff --git a/policy/modules/services/nsd.te b/policy/modules/services/nsd.te
index 3cf2b363a..ee161f791 100644
--- a/policy/modules/services/nsd.te
+++ b/policy/modules/services/nsd.te
@@ -44,7 +44,7 @@ allow nsd_t nsd_conf_t:dir list_dir_perms;
 allow nsd_t nsd_conf_t:file read_file_perms;
 allow nsd_t nsd_conf_t:lnk_file read_lnk_file_perms;
 
-allow nsd_t nsd_db_t:file { manage_file_perms map };
+allow nsd_t nsd_db_t:file mmap_manage_file_perms;
 filetrans_pattern(nsd_t, nsd_zone_t, nsd_db_t, file)
 
 manage_files_pattern(nsd_t, nsd_runtime_t, nsd_runtime_t)

diff --git a/policy/modules/services/postfix.te 
b/policy/modules/services/postfix.te
index c58b11e0b..e546e7e62 100644
--- a/policy/modules/services/postfix.te
+++ b/policy/modules/services/postfix.te
@@ -508,7 +508,7 @@ allow postfix_map_t self:capability { dac_read_search 
dac_override setgid setuid
 allow postfix_map_t self:tcp_socket { accept listen };
 
 allow postfix_map_t postfix_etc_t:dir manage_dir_perms;
-allow postfix_map_t postfix_etc_t:file { manage_file_perms map };
+allow postfix_map_t postfix_etc_t:file mmap_manage_file_perms;
 allow postfix_map_t postfix_etc_t:lnk_file manage_lnk_file_perms;
 
 manage_dirs_pattern(postfix_map_t, postfix_map_tmp_t, postfix_map_tmp_t)

Reply via email to