commit: 248905080e2e9840c120f1bb12d589bbec3c89bb Author: Jason Zaman <jason <AT> perfinion <DOT> com> AuthorDate: Sun Apr 30 09:57:08 2017 +0000 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> CommitDate: Sun Apr 30 14:17:45 2017 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=24890508
Remove interfaces added upstream policy/modules/contrib/gnome.if | 29 ----------------------------- policy/modules/kernel/files.if | 20 -------------------- policy/modules/system/init.te | 1 - 3 files changed, 50 deletions(-) diff --git a/policy/modules/contrib/gnome.if b/policy/modules/contrib/gnome.if index ce436cfd..4fcc6905 100644 --- a/policy/modules/contrib/gnome.if +++ b/policy/modules/contrib/gnome.if @@ -124,12 +124,6 @@ template(`gnome_role_template',` wm_dbus_chat($1, $1_gkeyringd_t) ') ') - - ifdef(`distro_gentoo',` - optional_policy(` - gnome_dbus_chat_gconfd($3) - ') - ') ') ######################################## @@ -841,29 +835,6 @@ interface(`gnome_stream_connect_all_gkeyringd',` stream_connect_pattern($1, gnome_keyring_tmp_t, gnome_keyring_tmp_t, gkeyringd_domain) ') -# From here Gentoo specific but cannot use ifdef distro_gentoo here - -######################################### -## <summary> -## Send and receive messages from the gconf daemon -## over dbus. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -# -interface(`gnome_dbus_chat_gconfd',` - gen_require(` - type gconfd_t; - class dbus send_msg; - ') - - allow $1 gconfd_t:dbus send_msg; - allow gconfd_t $1:dbus send_msg; -') - ######################################## ## <summary> ## Manage gstreamer ORC optimized diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if index ef969a95..a74f7913 100644 --- a/policy/modules/kernel/files.if +++ b/policy/modules/kernel/files.if @@ -7232,26 +7232,6 @@ interface(`files_unconfined',` ######################################## ## <summary> -## Create PID directories. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -# -interface(`files_create_pid_dirs',` - gen_require(` - type var_t, var_run_t; - ') - - allow $1 var_t:dir search_dir_perms; - allow $1 var_run_t:lnk_file read_lnk_file_perms; - create_dirs_pattern($1, var_run_t, var_run_t) -') - -######################################## -## <summary> ## Create, read, write, and delete symbolic links in ## /etc that are dynamically created on boot. ## </summary> diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te index 5c6830f2..07238399 100644 --- a/policy/modules/system/init.te +++ b/policy/modules/system/init.te @@ -1350,7 +1350,6 @@ ifdef(`distro_gentoo',` # needs to chmod some devices in early boot dev_setattr_generic_chr_files(initrc_t) - files_create_pid_dirs(initrc_t) files_dontaudit_write_usr_dirs(initrc_t) files_manage_generic_tmp_dirs(initrc_t) files_manage_generic_tmp_files(initrc_t)