[selinux-policy: 1164/3172] remove all class remaining lines with kernel object classes.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 20:45:37 UTC 2010
commit 6ada253855147ef474ef440e2a0f98848d421931
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Mon Jan 30 16:36:00 2006 +0000
remove all class remaining lines with kernel object classes.
refpolicy/policy/modules/admin/acct.if | 6 -
refpolicy/policy/modules/admin/consoletype.if | 3 -
refpolicy/policy/modules/admin/kudzu.if | 4 -
refpolicy/policy/modules/admin/netutils.if | 11 --
refpolicy/policy/modules/admin/quota.if | 7 -
refpolicy/policy/modules/admin/rpm.if | 9 --
refpolicy/policy/modules/admin/usermanage.if | 17 ---
refpolicy/policy/modules/kernel/corecommands.if | 29 -----
refpolicy/policy/modules/kernel/domain.if | 33 -----
refpolicy/policy/modules/kernel/files.if | 142 -----------------------
refpolicy/policy/modules/kernel/filesystem.if | 126 --------------------
refpolicy/policy/modules/kernel/kernel.te | 4 +-
refpolicy/policy/modules/kernel/storage.if | 18 ---
refpolicy/policy/modules/kernel/terminal.if | 26 ----
refpolicy/policy/modules/services/arpwatch.if | 1 -
refpolicy/policy/modules/services/cron.if | 8 --
refpolicy/policy/modules/services/dhcp.if | 1 -
refpolicy/policy/modules/services/dictd.if | 1 -
refpolicy/policy/modules/services/dovecot.if | 3 -
refpolicy/policy/modules/services/inetd.if | 12 --
refpolicy/policy/modules/services/inn.if | 13 --
refpolicy/policy/modules/services/ldap.if | 2 -
refpolicy/policy/modules/services/mta.if | 14 ---
refpolicy/policy/modules/services/ntp.if | 6 -
refpolicy/policy/modules/services/portmap.if | 5 -
refpolicy/policy/modules/services/rshd.if | 3 -
refpolicy/policy/modules/services/zebra.if | 3 -
refpolicy/policy/modules/system/authlogin.if | 34 ------
refpolicy/policy/modules/system/clock.if | 4 -
refpolicy/policy/modules/system/fstools.if | 4 -
refpolicy/policy/modules/system/hostname.if | 4 -
refpolicy/policy/modules/system/hotplug.if | 11 --
refpolicy/policy/modules/system/init.if | 37 ------
refpolicy/policy/modules/system/ipsec.if | 10 --
refpolicy/policy/modules/system/libraries.if | 16 ---
refpolicy/policy/modules/system/locallogin.if | 3 -
refpolicy/policy/modules/system/logging.if | 27 -----
refpolicy/policy/modules/system/mount.if | 6 -
refpolicy/policy/modules/system/raid.if | 4 -
refpolicy/policy/modules/system/selinuxutil.if | 41 -------
refpolicy/policy/modules/system/unconfined.if | 8 --
41 files changed, 2 insertions(+), 714 deletions(-)
---
diff --git a/refpolicy/policy/modules/admin/acct.if b/refpolicy/policy/modules/admin/acct.if
index fe69889..87aaa03 100644
--- a/refpolicy/policy/modules/admin/acct.if
+++ b/refpolicy/policy/modules/admin/acct.if
@@ -11,9 +11,6 @@
interface(`acct_domtrans',`
gen_require(`
type acct_t, acct_exec_t;
- class process sigchld;
- class fd use;
- class fifo_file rw_file_perms;
')
corecmd_search_sbin($1)
@@ -72,9 +69,6 @@ interface(`acct_exec_data',`
interface(`acct_manage_data',`
gen_require(`
type acct_data_t;
- class dir rw_dir_perms;
- class file create_file_perms;
- class lnk_file create_lnk_perms;
')
files_search_var($1)
diff --git a/refpolicy/policy/modules/admin/consoletype.if b/refpolicy/policy/modules/admin/consoletype.if
index 42a741b..eb88ef3 100644
--- a/refpolicy/policy/modules/admin/consoletype.if
+++ b/refpolicy/policy/modules/admin/consoletype.if
@@ -13,9 +13,6 @@
interface(`consoletype_domtrans',`
gen_require(`
type consoletype_t, consoletype_exec_t;
- class process sigchld;
- class fd use;
- class fifo_file rw_file_perms;
')
corecmd_search_sbin($1)
diff --git a/refpolicy/policy/modules/admin/kudzu.if b/refpolicy/policy/modules/admin/kudzu.if
index f40c5f3..f81349f 100644
--- a/refpolicy/policy/modules/admin/kudzu.if
+++ b/refpolicy/policy/modules/admin/kudzu.if
@@ -11,9 +11,6 @@
interface(`kudzu_domtrans',`
gen_require(`
type kudzu_t, kudzu_exec_t;
- class process sigchld;
- class fd use;
- class fifo_file rw_file_perms;
')
domain_auto_trans($1,kudzu_exec_t,kudzu_t)
@@ -42,7 +39,6 @@ interface(`kudzu_domtrans',`
interface(`kudzu_run',`
gen_require(`
type kudzu_t;
- class chr_file rw_term_perms;
')
kudzu_domtrans($1)
diff --git a/refpolicy/policy/modules/admin/netutils.if b/refpolicy/policy/modules/admin/netutils.if
index 1738f27..9e9b2dd 100644
--- a/refpolicy/policy/modules/admin/netutils.if
+++ b/refpolicy/policy/modules/admin/netutils.if
@@ -11,9 +11,6 @@
interface(`netutils_domtrans',`
gen_require(`
type netutils_t, netutils_exec_t;
- class process sigchld;
- class fd use;
- class fifo_file rw_file_perms;
')
domain_auto_trans($1,netutils_exec_t,netutils_t)
@@ -42,7 +39,6 @@ interface(`netutils_domtrans',`
interface(`netutils_run',`
gen_require(`
type netutils_t;
- class chr_file rw_term_perms;
')
netutils_domtrans($1)
@@ -77,9 +73,6 @@ interface(`netutils_exec',`
interface(`netutils_domtrans_ping',`
gen_require(`
type ping_t, ping_exec_t;
- class process sigchld;
- class fd use;
- class fifo_file rw_file_perms;
')
domain_auto_trans($1,ping_exec_t,ping_t)
@@ -171,9 +164,6 @@ interface(`netutils_exec_ping',`
interface(`netutils_domtrans_traceroute',`
gen_require(`
type traceroute_t, traceroute_exec_t;
- class process sigchld;
- class fd use;
- class fifo_file rw_file_perms;
')
domain_auto_trans($1,traceroute_exec_t,traceroute_t)
@@ -202,7 +192,6 @@ interface(`netutils_domtrans_traceroute',`
interface(`netutils_run_traceroute',`
gen_require(`
type traceroute_t;
- class chr_file rw_term_perms;
')
netutils_domtrans_traceroute($1)
diff --git a/refpolicy/policy/modules/admin/quota.if b/refpolicy/policy/modules/admin/quota.if
index ed0e637..fd42285 100644
--- a/refpolicy/policy/modules/admin/quota.if
+++ b/refpolicy/policy/modules/admin/quota.if
@@ -11,9 +11,6 @@
interface(`quota_domtrans',`
gen_require(`
type quota_t, quota_exec_t;
- class process sigchld;
- class fd use;
- class fifo_file rw_file_perms;
')
domain_auto_trans($1,quota_exec_t,quota_t)
@@ -42,7 +39,6 @@ interface(`quota_domtrans',`
interface(`quota_run',`
gen_require(`
type quota_t;
- class chr_file rw_term_perms;
')
quota_domtrans($1)
@@ -62,7 +58,6 @@ interface(`quota_run',`
interface(`quota_dontaudit_getattr_db',`
gen_require(`
type quota_db_t;
- class file getattr;
')
dontaudit $1 quota_db_t:file getattr;
@@ -71,8 +66,6 @@ interface(`quota_dontaudit_getattr_db',`
interface(`quota_manage_flags',`
gen_require(`
type quota_flag_t;
- class dir rw_dir_perms;
- class file create_file_perms;
')
files_search_var_lib($1)
diff --git a/refpolicy/policy/modules/admin/rpm.if b/refpolicy/policy/modules/admin/rpm.if
index af76502..6fcb7fc 100644
--- a/refpolicy/policy/modules/admin/rpm.if
+++ b/refpolicy/policy/modules/admin/rpm.if
@@ -11,9 +11,6 @@
interface(`rpm_domtrans',`
gen_require(`
type rpm_t, rpm_exec_t;
- class process sigchld;
- class fd use;
- class fifo_file rw_file_perms;
')
files_search_usr($1)
@@ -65,7 +62,6 @@ interface(`rpm_script_domtrans',`
interface(`rpm_run',`
gen_require(`
type rpm_t, rpm_script_t;
- class chr_file rw_term_perms;
')
rpm_domtrans($1)
@@ -86,7 +82,6 @@ interface(`rpm_run',`
interface(`rpm_use_fd',`
gen_require(`
type rpm_t;
- class fd use;
')
allow $1 rpm_t:fd use;
@@ -103,7 +98,6 @@ interface(`rpm_use_fd',`
interface(`rpm_read_pipe',`
gen_require(`
type rpm_t;
- class fifo_file r_file_perms;
')
allow $1 rpm_t:fifo_file r_file_perms;
@@ -120,7 +114,6 @@ interface(`rpm_read_pipe',`
interface(`rpm_rw_pipe',`
gen_require(`
type rpm_t;
- class fifo_file rw_file_perms;
')
allow $1 rpm_t:fifo_file rw_file_perms;
@@ -137,7 +130,6 @@ interface(`rpm_rw_pipe',`
interface(`rpm_manage_log',`
gen_require(`
type rpm_log_t;
- class file create_file_perms;
')
logging_rw_log_dir($1)
@@ -155,7 +147,6 @@ interface(`rpm_manage_log',`
interface(`rpm_use_script_fd',`
gen_require(`
type rpm_script_t;
- class fd use;
')
allow $1 rpm_script_t:fd use;
diff --git a/refpolicy/policy/modules/admin/usermanage.if b/refpolicy/policy/modules/admin/usermanage.if
index 77d92bc..533d203 100644
--- a/refpolicy/policy/modules/admin/usermanage.if
+++ b/refpolicy/policy/modules/admin/usermanage.if
@@ -11,9 +11,6 @@
interface(`usermanage_domtrans_chfn',`
gen_require(`
type chfn_t, chfn_exec_t;
- class process sigchld;
- class fd use;
- class fifo_file rw_file_perms;
')
files_search_usr($1)
@@ -44,7 +41,6 @@ interface(`usermanage_domtrans_chfn',`
interface(`usermanage_run_chfn',`
gen_require(`
type chfn_t;
- class chr_file rw_term_perms;
')
usermanage_domtrans_chfn($1)
@@ -63,9 +59,6 @@ interface(`usermanage_run_chfn',`
interface(`usermanage_domtrans_groupadd',`
gen_require(`
type groupadd_t, groupadd_exec_t;
- class process sigchld;
- class fd use;
- class fifo_file rw_file_perms;
')
files_search_usr($1)
@@ -96,7 +89,6 @@ interface(`usermanage_domtrans_groupadd',`
interface(`usermanage_run_groupadd',`
gen_require(`
type groupadd_t;
- class chr_file rw_term_perms;
')
usermanage_domtrans_groupadd($1)
@@ -115,9 +107,6 @@ interface(`usermanage_run_groupadd',`
interface(`usermanage_domtrans_passwd',`
gen_require(`
type passwd_t, passwd_exec_t;
- class process sigchld;
- class fd use;
- class fifo_file rw_file_perms;
')
files_search_usr($1)
@@ -148,7 +137,6 @@ interface(`usermanage_domtrans_passwd',`
interface(`usermanage_run_passwd',`
gen_require(`
type passwd_t;
- class chr_file rw_term_perms;
')
usermanage_domtrans_passwd($1)
@@ -217,9 +205,6 @@ interface(`usermanage_run_admin_passwd',`
interface(`usermanage_domtrans_useradd',`
gen_require(`
type useradd_t, useradd_exec_t;
- class process sigchld;
- class fd use;
- class fifo_file rw_file_perms;
')
files_search_usr($1)
@@ -250,7 +235,6 @@ interface(`usermanage_domtrans_useradd',`
interface(`usermanage_run_useradd',`
gen_require(`
type useradd_t;
- class chr_file rw_term_perms;
')
usermanage_domtrans_useradd($1)
@@ -269,7 +253,6 @@ interface(`usermanage_run_useradd',`
interface(`usermanage_read_crack_db',`
gen_require(`
type crack_db_t;
- class file r_file_perms;
')
allow $1 crack_db_t:file r_file_perms;
diff --git a/refpolicy/policy/modules/kernel/corecommands.if b/refpolicy/policy/modules/kernel/corecommands.if
index 8e9100a..0eff2f0 100644
--- a/refpolicy/policy/modules/kernel/corecommands.if
+++ b/refpolicy/policy/modules/kernel/corecommands.if
@@ -59,7 +59,6 @@ interface(`corecmd_shell_entry_type',`
interface(`corecmd_search_bin',`
gen_require(`
type bin_t;
- class dir search;
')
allow $1 bin_t:dir search;
@@ -72,7 +71,6 @@ interface(`corecmd_search_bin',`
interface(`corecmd_list_bin',`
gen_require(`
type bin_t;
- class dir r_dir_perms;
')
allow $1 bin_t:dir r_dir_perms;
@@ -89,7 +87,6 @@ interface(`corecmd_list_bin',`
interface(`corecmd_getattr_bin_file',`
gen_require(`
type bin_t;
- class file getattr;
')
allow $1 bin_t:file getattr;
@@ -106,8 +103,6 @@ interface(`corecmd_getattr_bin_file',`
interface(`corecmd_read_bin_file',`
gen_require(`
type bin_t;
- class dir search;
- class file r_file_perms;
')
allow $1 bin_t:dir search;
@@ -125,8 +120,6 @@ interface(`corecmd_read_bin_file',`
interface(`corecmd_read_bin_symlink',`
gen_require(`
type bin_t;
- class dir search;
- class lnk_file r_file_perms;
')
allow $1 bin_t:dir search;
@@ -144,8 +137,6 @@ interface(`corecmd_read_bin_symlink',`
interface(`corecmd_read_bin_pipe',`
gen_require(`
type bin_t;
- class dir search;
- class fifo_file r_file_perms;
')
allow $1 bin_t:dir search;
@@ -163,8 +154,6 @@ interface(`corecmd_read_bin_pipe',`
interface(`corecmd_read_bin_socket',`
gen_require(`
type bin_t;
- class dir search;
- class sock_file r_file_perms;
')
allow $1 bin_t:dir search;
@@ -178,8 +167,6 @@ interface(`corecmd_read_bin_socket',`
interface(`corecmd_exec_bin',`
gen_require(`
type bin_t;
- class dir r_dir_perms;
- class lnk_file r_file_perms;
')
allow $1 bin_t:dir r_dir_perms;
@@ -357,7 +344,6 @@ interface(`corecmd_dontaudit_search_sbin',`
interface(`corecmd_list_sbin',`
gen_require(`
type sbin_t;
- class dir r_dir_perms;
')
allow $1 sbin_t:dir r_dir_perms;
@@ -370,7 +356,6 @@ interface(`corecmd_list_sbin',`
interface(`corecmd_getattr_sbin_file',`
gen_require(`
type sbin_t;
- class file getattr;
')
allow $1 sbin_t:file getattr;
@@ -383,7 +368,6 @@ interface(`corecmd_getattr_sbin_file',`
interface(`corecmd_dontaudit_getattr_sbin_file',`
gen_require(`
type sbin_t;
- class file getattr;
')
dontaudit $1 sbin_t:file getattr;
@@ -400,8 +384,6 @@ interface(`corecmd_dontaudit_getattr_sbin_file',`
interface(`corecmd_read_sbin_file',`
gen_require(`
type sbin_t;
- class dir search;
- class file r_file_perms;
')
allow $1 sbin_t:dir search;
@@ -419,8 +401,6 @@ interface(`corecmd_read_sbin_file',`
interface(`corecmd_read_sbin_symlink',`
gen_require(`
type sbin_t;
- class dir search;
- class lnk_file r_file_perms;
')
allow $1 sbin_t:dir search;
@@ -438,8 +418,6 @@ interface(`corecmd_read_sbin_symlink',`
interface(`corecmd_read_sbin_pipe',`
gen_require(`
type sbin_t;
- class dir search;
- class fifo_file r_file_perms;
')
allow $1 sbin_t:dir search;
@@ -457,8 +435,6 @@ interface(`corecmd_read_sbin_pipe',`
interface(`corecmd_read_sbin_socket',`
gen_require(`
type sbin_t;
- class dir search;
- class sock_file r_file_perms;
')
allow $1 sbin_t:dir search;
@@ -472,8 +448,6 @@ interface(`corecmd_read_sbin_socket',`
interface(`corecmd_exec_sbin',`
gen_require(`
type sbin_t;
- class dir r_dir_perms;
- class lnk_file r_file_perms;
')
allow $1 sbin_t:dir r_dir_perms;
@@ -568,8 +542,6 @@ interface(`corecmd_mmap_sbin_files',`
interface(`corecmd_sbin_domtrans',`
gen_require(`
type sbin_t;
- class dir search;
- class lnk_file { getattr read };
')
allow $1 sbin_t:dir search;
@@ -740,7 +712,6 @@ interface(`corecmd_shell_domtrans',`
interface(`corecmd_exec_chroot',`
gen_require(`
type chroot_exec_t;
- class capability sys_chroot;
')
can_exec($1,chroot_exec_t)
diff --git a/refpolicy/policy/modules/kernel/domain.if b/refpolicy/policy/modules/kernel/domain.if
index 15fcea5..563a422 100644
--- a/refpolicy/policy/modules/kernel/domain.if
+++ b/refpolicy/policy/modules/kernel/domain.if
@@ -24,10 +24,6 @@
interface(`domain_base_type',`
gen_require(`
attribute domain;
- class dir r_dir_perms;
- class lnk_file r_file_perms;
- class file rw_file_perms;
- class process { fork sigchld };
')
# mark as a domain
@@ -121,7 +117,6 @@ interface(`domain_type',`
interface(`domain_entry_file',`
gen_require(`
attribute entry_type;
- class file entrypoint;
')
files_type($2)
@@ -331,7 +326,6 @@ interface(`domain_cron_exemption_target',`
interface(`domain_use_wide_inherit_fd',`
gen_require(`
attribute privfd;
- class fd use;
')
allow $1 privfd:fd use;
@@ -344,7 +338,6 @@ interface(`domain_use_wide_inherit_fd',`
interface(`domain_dontaudit_use_wide_inherit_fd',`
gen_require(`
attribute privfd;
- class fd use;
')
dontaudit $1 privfd:fd use;
@@ -375,7 +368,6 @@ interface(`domain_sigchld_wide_inherit_fd',`
interface(`domain_setpriority_all_domains',`
gen_require(`
attribute domain;
- class process setsched;
')
allow $1 domain:process setsched;
@@ -392,7 +384,6 @@ interface(`domain_setpriority_all_domains',`
interface(`domain_signal_all_domains',`
gen_require(`
attribute domain;
- class process signal;
')
allow $1 domain:process signal;
@@ -409,7 +400,6 @@ interface(`domain_signal_all_domains',`
interface(`domain_signull_all_domains',`
gen_require(`
attribute domain;
- class process signull;
')
allow $1 domain:process signull;
@@ -426,7 +416,6 @@ interface(`domain_signull_all_domains',`
interface(`domain_sigstop_all_domains',`
gen_require(`
attribute domain;
- class process sigstop;
')
allow $1 domain:process sigstop;
@@ -443,7 +432,6 @@ interface(`domain_sigstop_all_domains',`
interface(`domain_sigchld_all_domains',`
gen_require(`
attribute domain;
- class process sigchld;
')
allow $1 domain:process sigchld;
@@ -460,8 +448,6 @@ interface(`domain_sigchld_all_domains',`
interface(`domain_kill_all_domains',`
gen_require(`
attribute domain;
- class process sigkill;
- class capability kill;
')
allow $1 domain:process sigkill;
@@ -479,7 +465,6 @@ interface(`domain_kill_all_domains',`
interface(`domain_search_all_domains_state',`
gen_require(`
attribute domain;
- class dir search;
')
kernel_search_proc($1)
@@ -514,9 +499,6 @@ interface(`domain_dontaudit_search_all_domains_state',`
interface(`domain_read_all_domains_state',`
gen_require(`
attribute domain;
- class dir r_dir_perms;
- class lnk_file r_file_perms;
- class file r_file_perms;
')
kernel_search_proc($1)
@@ -536,7 +518,6 @@ interface(`domain_read_all_domains_state',`
interface(`domain_getattr_all_domains',`
gen_require(`
attribute domain;
- class process getattr;
')
allow $1 domain:process getattr;
@@ -591,7 +572,6 @@ interface(`domain_read_confined_domains_state',`
interface(`domain_getattr_confined_domains',`
gen_require(`
attribute domain, unconfined_domain;
- class process getattr;
')
allow $1 { domain -unconfined_domain }:process getattr;
@@ -661,7 +641,6 @@ interface(`domain_dontaudit_ptrace_all_domains',`
interface(`domain_dontaudit_ptrace_confined_domains',`
gen_require(`
attribute domain, unconfined_domain;
- class process ptrace;
')
dontaudit $1 { domain -unconfined_domain }:process ptrace;
@@ -702,7 +681,6 @@ interface(`domain_dontaudit_read_all_domains_state',`
interface(`domain_dontaudit_list_all_domains_proc',`
gen_require(`
attribute domain;
- class dir r_dir_perms;
')
dontaudit $1 domain:dir r_dir_perms;
@@ -719,7 +697,6 @@ interface(`domain_dontaudit_list_all_domains_proc',`
interface(`domain_getsession_all_domains',`
gen_require(`
attribute domain;
- class process getsession;
')
allow $1 domain:process getsession;
@@ -737,7 +714,6 @@ interface(`domain_getsession_all_domains',`
interface(`domain_dontaudit_getsession_all_domains',`
gen_require(`
attribute domain;
- class process getsession;
')
dontaudit $1 domain:process getsession;
@@ -809,7 +785,6 @@ interface(`domain_dontaudit_getattr_all_sockets',`
interface(`domain_dontaudit_getattr_all_tcp_sockets',`
gen_require(`
attribute domain;
- class tcp_socket getattr;
')
dontaudit $1 domain:tcp_socket getattr;
@@ -827,7 +802,6 @@ interface(`domain_dontaudit_getattr_all_tcp_sockets',`
interface(`domain_dontaudit_getattr_all_udp_sockets',`
gen_require(`
attribute domain;
- class udp_socket getattr;
')
dontaudit $1 domain:udp_socket getattr;
@@ -845,7 +819,6 @@ interface(`domain_dontaudit_getattr_all_udp_sockets',`
interface(`domain_dontaudit_rw_all_udp_sockets',`
gen_require(`
attribute domain;
- class udp_socket { read write };
')
dontaudit $1 domain:udp_socket { read write };
@@ -914,7 +887,6 @@ interface(`domain_dontaudit_getattr_all_raw_sockets',`
interface(`domain_dontaudit_rw_all_key_sockets',`
gen_require(`
attribute domain;
- class key_socket { read write };
')
dontaudit $1 domain:key_socket { read write };
@@ -966,7 +938,6 @@ interface(`domain_dontaudit_getattr_all_stream_sockets',`
interface(`domain_dontaudit_getattr_all_pipes',`
gen_require(`
attribute domain;
- class fifo_file getattr;
')
dontaudit $1 domain:fifo_file getattr;
@@ -984,8 +955,6 @@ interface(`domain_dontaudit_getattr_all_pipes',`
interface(`domain_getattr_all_entry_files',`
gen_require(`
attribute entry_type;
- class file getattr;
- class lnk_file r_file_perms;
')
allow $1 entry_type:lnk_file getattr;
@@ -999,8 +968,6 @@ interface(`domain_getattr_all_entry_files',`
interface(`domain_read_all_entry_files',`
gen_require(`
attribute entry_type;
- class file r_file_perms;
- class lnk_file r_file_perms;
')
allow $1 entry_type:lnk_file r_file_perms;
diff --git a/refpolicy/policy/modules/kernel/files.if b/refpolicy/policy/modules/kernel/files.if
index 9d9a127..e3264e0 100644
--- a/refpolicy/policy/modules/kernel/files.if
+++ b/refpolicy/policy/modules/kernel/files.if
@@ -252,7 +252,6 @@ interface(`files_tmpfs_file',`
interface(`files_getattr_all_dirs',`
gen_require(`
attribute file_type;
- class dir { getattr search };
')
allow $1 file_type:dir { getattr search };
@@ -270,7 +269,6 @@ interface(`files_getattr_all_dirs',`
interface(`files_dontaudit_getattr_all_dirs',`
gen_require(`
attribute file_type;
- class dir getattr;
')
dontaudit $1 file_type:dir getattr;
@@ -423,8 +421,6 @@ interface(`files_dontaudit_getattr_non_security_files',`
interface(`files_read_all_files',`
gen_require(`
attribute file_type;
- class dir search;
- class file r_file_perms;
')
allow $1 file_type:dir search;
@@ -531,8 +527,6 @@ interface(`files_read_all_symlinks_except',`
interface(`files_getattr_all_symlinks',`
gen_require(`
attribute file_type;
- class dir search;
- class lnk_file getattr;
')
allow $1 file_type:dir search;
@@ -551,7 +545,6 @@ interface(`files_getattr_all_symlinks',`
interface(`files_dontaudit_getattr_all_symlinks',`
gen_require(`
attribute file_type;
- class lnk_file getattr;
')
dontaudit $1 file_type:lnk_file getattr;
@@ -619,8 +612,6 @@ interface(`files_dontaudit_getattr_non_security_chr_dev',`
interface(`files_read_all_symlinks',`
gen_require(`
attribute file_type;
- class dir search;
- class lnk_file { getattr read };
')
allow $1 file_type:dir search;
@@ -638,8 +629,6 @@ interface(`files_read_all_symlinks',`
interface(`files_getattr_all_pipes',`
gen_require(`
attribute file_type;
- class dir search;
- class fifo_file getattr;
')
allow $1 file_type:dir search;
@@ -658,7 +647,6 @@ interface(`files_getattr_all_pipes',`
interface(`files_dontaudit_getattr_all_pipes',`
gen_require(`
attribute file_type;
- class fifo_file getattr;
')
dontaudit $1 file_type:fifo_file getattr;
@@ -692,8 +680,6 @@ interface(`files_dontaudit_getattr_non_security_pipes',`
interface(`files_getattr_all_sockets',`
gen_require(`
attribute file_type;
- class dir search;
- class sock_file getattr;
')
allow $1 file_type:dir search;
@@ -712,7 +698,6 @@ interface(`files_getattr_all_sockets',`
interface(`files_dontaudit_getattr_all_sockets',`
gen_require(`
attribute file_type;
- class sock_file getattr;
')
dontaudit $1 file_type:sock_file getattr;
@@ -785,13 +770,6 @@ interface(`files_read_all_chr_nodes',`
interface(`files_relabel_all_files',`
gen_require(`
attribute file_type;
- class dir { r_dir_perms relabelfrom relabelto };
- class file { relabelfrom relabelto };
- class lnk_file { relabelfrom relabelto };
- class fifo_file { relabelfrom relabelto };
- class sock_file { relabelfrom relabelto };
- class blk_file relabelfrom;
- class chr_file relabelfrom;
')
allow $1 { file_type $2 }:dir { r_dir_perms relabelfrom relabelto };
@@ -822,11 +800,6 @@ interface(`files_relabel_all_files',`
interface(`files_manage_all_files',`
gen_require(`
attribute file_type;
- class dir create_dir_perms;
- class file create_file_perms;
- class lnk_file create_lnk_perms;
- class fifo_file create_file_perms;
- class sock_file create_file_perms;
')
allow $1 { file_type $2 }:dir create_dir_perms;
@@ -847,7 +820,6 @@ interface(`files_manage_all_files',`
interface(`files_search_all_dirs',`
gen_require(`
attribute file_type;
- class dir search;
')
allow $1 file_type:dir search;
@@ -860,7 +832,6 @@ interface(`files_search_all_dirs',`
interface(`files_list_all_dirs',`
gen_require(`
attribute file_type;
- class dir r_dir_perms;
')
allow $1 file_type:dir r_dir_perms;
@@ -873,7 +844,6 @@ interface(`files_list_all_dirs',`
interface(`files_dontaudit_search_all_dirs',`
gen_require(`
attribute file_type;
- class dir search;
')
dontaudit $1 file_type:dir search;
@@ -886,7 +856,6 @@ interface(`files_dontaudit_search_all_dirs',`
interface(`files_relabelto_all_file_type_fs',`
gen_require(`
attribute file_type;
- class filesystem relabelto;
')
allow $1 file_type:filesystem relabelto;
@@ -899,7 +868,6 @@ interface(`files_relabelto_all_file_type_fs',`
interface(`files_mount_all_file_type_fs',`
gen_require(`
attribute file_type;
- class filesystem mount;
')
allow $1 file_type:filesystem mount;
@@ -912,7 +880,6 @@ interface(`files_mount_all_file_type_fs',`
interface(`files_unmount_all_file_type_fs',`
gen_require(`
attribute file_type;
- class filesystem unmount;
')
allow $1 file_type:filesystem unmount;
@@ -925,8 +892,6 @@ interface(`files_unmount_all_file_type_fs',`
interface(`files_mounton_all_mountpoints',`
gen_require(`
attribute mountpoint;
- class dir { getattr search mounton };
- class file { getattr mounton };
')
allow $1 mountpoint:dir { getattr search mounton };
@@ -940,8 +905,6 @@ interface(`files_mounton_all_mountpoints',`
interface(`files_list_root',`
gen_require(`
type root_t;
- class dir r_dir_perms;
- class lnk_file r_file_perms;
')
allow $1 root_t:dir r_dir_perms;
@@ -967,7 +930,6 @@ interface(`files_list_root',`
interface(`files_filetrans_root',`
gen_require(`
type root_t;
- class dir create_dir_perms;
')
allow $1 root_t:dir rw_dir_perms;
@@ -998,7 +960,6 @@ interface(`files_dontaudit_read_root_file',`
interface(`files_dontaudit_rw_root_file',`
gen_require(`
type root_t;
- class file { read write };
')
dontaudit $1 root_t:file { read write };
@@ -1011,7 +972,6 @@ interface(`files_dontaudit_rw_root_file',`
interface(`files_dontaudit_rw_root_chr_dev',`
gen_require(`
type root_t;
- class chr_file { read write };
')
dontaudit $1 root_t:chr_file { read write };
@@ -1024,7 +984,6 @@ interface(`files_dontaudit_rw_root_chr_dev',`
interface(`files_delete_root_dir_entry',`
gen_require(`
type root_t;
- class dir rw_dir_perms;
')
allow $1 root_t:dir rw_dir_perms;
@@ -1037,7 +996,6 @@ interface(`files_delete_root_dir_entry',`
interface(`files_unmount_rootfs',`
gen_require(`
type root_t;
- class filesystem unmount;
')
allow $1 root_t:filesystem unmount;
@@ -1202,7 +1160,6 @@ interface(`files_dontaudit_read_default_files',`
interface(`files_read_default_symlinks',`
gen_require(`
type default_t;
- class lnk_file r_file_perms;
')
allow $1 default_t:lnk_file r_file_perms;
@@ -1219,7 +1176,6 @@ interface(`files_read_default_symlinks',`
interface(`files_read_default_sockets',`
gen_require(`
type default_t;
- class sock_file r_file_perms;
')
allow $1 default_t:sock_file r_file_perms;
@@ -1236,7 +1192,6 @@ interface(`files_read_default_sockets',`
interface(`files_read_default_pipes',`
gen_require(`
type default_t;
- class fifo_file r_file_perms;
')
allow $1 default_t:fifo_file r_file_perms;
@@ -1249,7 +1204,6 @@ interface(`files_read_default_pipes',`
interface(`files_search_etc',`
gen_require(`
type etc_t;
- class dir search;
')
allow $1 etc_t:dir search;
@@ -1266,7 +1220,6 @@ interface(`files_search_etc',`
interface(`files_setattr_etc_dir',`
gen_require(`
type etc_t;
- class dir setattr;
')
allow $1 etc_t:dir setattr;
@@ -1279,7 +1232,6 @@ interface(`files_setattr_etc_dir',`
interface(`files_list_etc',`
gen_require(`
type etc_t;
- class dir r_dir_perms;
')
allow $1 etc_t:dir r_dir_perms;
@@ -1292,9 +1244,6 @@ interface(`files_list_etc',`
interface(`files_read_etc_files',`
gen_require(`
type etc_t;
- class dir r_dir_perms;
- class file r_file_perms;
- class lnk_file r_file_perms;
')
allow $1 etc_t:dir r_dir_perms;
@@ -1309,9 +1258,6 @@ interface(`files_read_etc_files',`
interface(`files_rw_etc_files',`
gen_require(`
type etc_t;
- class dir r_dir_perms;
- class file rw_file_perms;
- class lnk_file r_file_perms;
')
allow $1 etc_t:dir r_dir_perms;
@@ -1326,9 +1272,6 @@ interface(`files_rw_etc_files',`
interface(`files_manage_etc_files',`
gen_require(`
type etc_t;
- class dir rw_dir_perms;
- class file create_file_perms;
- class lnk_file r_file_perms;
')
allow $1 etc_t:dir rw_dir_perms;
@@ -1347,8 +1290,6 @@ interface(`files_manage_etc_files',`
interface(`files_delete_etc_files',`
gen_require(`
type etc_t;
- class dir rw_dir_perms;
- class file unlink;
')
allow $1 etc_t:dir rw_dir_perms;
@@ -1362,8 +1303,6 @@ interface(`files_delete_etc_files',`
interface(`files_exec_etc_files',`
gen_require(`
type etc_t;
- class dir r_dir_perms;
- class lnk_file r_file_perms;
')
allow $1 etc_t:dir r_dir_perms;
@@ -1398,8 +1337,6 @@ interface(`files_relabel_etc_files',`
interface(`files_create_boot_flag',`
gen_require(`
type root_t, etc_runtime_t;
- class dir rw_dir_perms;
- class file { create read write setattr unlink};
')
allow $1 root_t:dir rw_dir_perms;
@@ -1439,7 +1376,6 @@ interface(`files_read_etc_runtime_files',`
interface(`files_dontaudit_read_etc_runtime_files',`
gen_require(`
type etc_runtime_t;
- class file { getattr read };
')
dontaudit $1 etc_runtime_t:file { getattr read };
@@ -1457,8 +1393,6 @@ interface(`files_dontaudit_read_etc_runtime_files',`
interface(`files_rw_etc_runtime_files',`
gen_require(`
type etc_t, etc_runtime_t;
- class dir r_dir_perms;
- class file rw_file_perms;
')
allow $1 etc_t:dir r_dir_perms;
@@ -1478,8 +1412,6 @@ interface(`files_rw_etc_runtime_files',`
interface(`files_manage_etc_runtime_files',`
gen_require(`
type etc_t, etc_runtime_t;
- class dir rw_dir_perms;
- class file create_file_perms;
')
allow $1 etc_t:dir rw_dir_perms;
@@ -1494,7 +1426,6 @@ interface(`files_manage_etc_runtime_files',`
interface(`files_filetrans_etc',`
gen_require(`
type etc_t;
- class dir rw_dir_perms;
')
allow $1 etc_t:dir rw_dir_perms;
@@ -1551,7 +1482,6 @@ interface(`files_dontaudit_search_isid_type_dir',`
interface(`files_list_isid_type_dir',`
gen_require(`
type file_t;
- class dir r_dir_perms;
')
allow $1 file_t:dir r_dir_perms;
@@ -1569,7 +1499,6 @@ interface(`files_list_isid_type_dir',`
interface(`files_rw_isid_type_dir',`
gen_require(`
type file_t;
- class dir rw_dir_perms;
')
allow $1 file_t:dir rw_dir_perms;
@@ -1587,7 +1516,6 @@ interface(`files_rw_isid_type_dir',`
interface(`files_manage_isid_type_dir',`
gen_require(`
type file_t;
- class dir create_dir_perms;
')
allow $1 file_t:dir create_dir_perms;
@@ -1605,7 +1533,6 @@ interface(`files_manage_isid_type_dir',`
interface(`files_mounton_isid_type_dir',`
gen_require(`
type file_t;
- class dir { getattr search mounton };
')
allow $1 file_t:dir { getattr search mounton };
@@ -1623,8 +1550,6 @@ interface(`files_mounton_isid_type_dir',`
interface(`files_read_isid_type_file',`
gen_require(`
type file_t;
- class dir search;
- class file r_file_perms;
')
allow $1 file_t:dir search;
@@ -1643,8 +1568,6 @@ interface(`files_read_isid_type_file',`
interface(`files_manage_isid_type_file',`
gen_require(`
type file_t;
- class dir rw_dir_perms;
- class file create_file_perms;
')
allow $1 file_t:dir rw_dir_perms;
@@ -1663,8 +1586,6 @@ interface(`files_manage_isid_type_file',`
interface(`files_manage_isid_type_symlink',`
gen_require(`
type file_t;
- class dir rw_dir_perms;
- class lnk_file create_lnk_perms;
')
allow $1 file_t:dir rw_dir_perms;
@@ -1683,8 +1604,6 @@ interface(`files_manage_isid_type_symlink',`
interface(`files_rw_isid_type_blk_node',`
gen_require(`
type file_t;
- class dir search;
- class blk_file rw_file_perms;
')
allow $1 file_t:dir search;
@@ -1703,8 +1622,6 @@ interface(`files_rw_isid_type_blk_node',`
interface(`files_manage_isid_type_blk_node',`
gen_require(`
type file_t;
- class dir rw_dir_perms;
- class blk_file create_file_perms;
')
allow $1 file_t:dir rw_dir_perms;
@@ -1723,8 +1640,6 @@ interface(`files_manage_isid_type_blk_node',`
interface(`files_manage_isid_type_chr_node',`
gen_require(`
type file_t;
- class dir rw_dir_perms;
- class chr_file create_file_perms;
')
allow $1 file_t:dir rw_dir_perms;
@@ -1827,7 +1742,6 @@ interface(`files_dontaudit_list_home',`
interface(`files_list_home',`
gen_require(`
type home_root_t;
- class dir r_dir_perms;
')
allow $1 home_root_t:dir r_dir_perms;
@@ -1875,11 +1789,6 @@ interface(`files_filetrans_home',`
interface(`files_manage_lost_found',`
gen_require(`
type lost_found_t;
- class dir create_dir_perms;
- class file create_file_perms;
- class sock_file create_file_perms;
- class fifo_file create_file_perms;
- class lnk_file create_lnk_perms;
')
allow $1 lost_found_t:dir create_dir_perms;
@@ -1908,7 +1817,6 @@ interface(`files_search_mnt',`
interface(`files_list_mnt',`
gen_require(`
type mnt_t;
- class dir r_dir_perms;
')
allow $1 mnt_t:dir r_dir_perms;
@@ -1925,7 +1833,6 @@ interface(`files_list_mnt',`
interface(`files_mounton_mnt',`
gen_require(`
type mnt_t;
- class dir { search mounton };
')
allow $1 mnt_t:dir { search mounton };
@@ -1942,7 +1849,6 @@ interface(`files_mounton_mnt',`
interface(`files_manage_mnt_dirs',`
gen_require(`
type mnt_t;
- class dir create_dir_perms;
')
allow $1 mnt_t:dir create_dir_perms;
@@ -1959,8 +1865,6 @@ interface(`files_manage_mnt_dirs',`
interface(`files_manage_mnt_files',`
gen_require(`
type mnt_t;
- class dir rw_dir_perms;
- class file create_file_perms;
')
allow $1 mnt_t:dir rw_dir_perms;
@@ -1978,8 +1882,6 @@ interface(`files_manage_mnt_files',`
interface(`files_manage_mnt_symlinks',`
gen_require(`
type mnt_t;
- class dir rw_dir_perms;
- class lnk_file create_lnk_perms;
')
allow $1 mnt_t:dir rw_dir_perms;
@@ -1997,7 +1899,6 @@ interface(`files_manage_mnt_symlinks',`
interface(`files_list_world_readable',`
gen_require(`
type readable_t;
- class dir r_dir_perms;
')
allow $1 readable_t:dir r_dir_perms;
@@ -2014,7 +1915,6 @@ interface(`files_list_world_readable',`
interface(`files_read_world_readable_files',`
gen_require(`
type readable_t;
- class file r_file_perms;
')
allow $1 readable_t:file r_file_perms;
@@ -2031,7 +1931,6 @@ interface(`files_read_world_readable_files',`
interface(`files_read_world_readable_symlinks',`
gen_require(`
type readable_t;
- class lnk_file r_file_perms;
')
allow $1 readable_t:lnk_file r_file_perms;
@@ -2048,7 +1947,6 @@ interface(`files_read_world_readable_symlinks',`
interface(`files_read_world_readable_pipes',`
gen_require(`
type readable_t;
- class fifo_file r_file_perms;
')
allow $1 readable_t:fifo_file r_file_perms;
@@ -2065,7 +1963,6 @@ interface(`files_read_world_readable_pipes',`
interface(`files_read_world_readable_sockets',`
gen_require(`
type readable_t;
- class sock_file r_file_perms;
')
allow $1 readable_t:sock_file r_file_perms;
@@ -2117,7 +2014,6 @@ interface(`files_getattr_tmp_dir',`
interface(`files_dontaudit_getattr_tmp_dir',`
gen_require(`
type tmp_t;
- class dir getattr;
')
dontaudit $1 tmp_t:dir getattr;
@@ -2233,7 +2129,6 @@ interface(`files_rw_generic_tmp_sockets',`
interface(`files_setattr_all_tmp_dirs',`
gen_require(`
attribute tmpfile;
- class dir { search setattr };
')
allow $1 tmpfile:dir { search getattr };
@@ -2246,7 +2141,6 @@ interface(`files_setattr_all_tmp_dirs',`
interface(`files_filetrans_tmp',`
gen_require(`
type tmp_t;
- class dir rw_dir_perms;
')
allow $1 tmp_t:dir rw_dir_perms;
@@ -2265,7 +2159,6 @@ interface(`files_filetrans_tmp',`
interface(`files_purge_tmp',`
gen_require(`
attribute tmpfile;
- class dir { rw_dir_perms rmdir };
gen_require_set({ getattr unlink },notdevfile_class_set)
')
@@ -2280,7 +2173,6 @@ interface(`files_purge_tmp',`
interface(`files_search_usr',`
gen_require(`
type usr_t;
- class dir search;
')
allow $1 usr_t:dir search;
@@ -2298,7 +2190,6 @@ interface(`files_search_usr',`
interface(`files_list_usr',`
gen_require(`
type usr_t;
- class dir r_dir_perms;
')
allow $1 usr_t:dir r_dir_perms;
@@ -2315,8 +2206,6 @@ interface(`files_list_usr',`
interface(`files_getattr_usr_files',`
gen_require(`
type usr_t;
- class dir search;
- class file getattr;
')
allow $1 usr_t:dir search;
@@ -2330,9 +2219,6 @@ interface(`files_getattr_usr_files',`
interface(`files_read_usr_files',`
gen_require(`
type usr_t;
- class dir r_dir_perms;
- class file r_file_perms;
- class lnk_file r_file_perms;
')
allow $1 usr_t:dir r_dir_perms;
@@ -2369,7 +2255,6 @@ interface(`files_exec_usr_files',`
interface(`files_relabelto_usr_files',`
gen_require(`
type usr_t;
- class file relabelto;
')
allow $1 usr_t:file relabelto;
@@ -2386,8 +2271,6 @@ interface(`files_relabelto_usr_files',`
interface(`files_read_usr_symlinks',`
gen_require(`
type usr_t;
- class dir search;
- class file r_file_perms;
')
allow $1 usr_t:dir search;
@@ -2411,7 +2294,6 @@ interface(`files_read_usr_symlinks',`
interface(`files_filetrans_usr',`
gen_require(`
type usr_t;
- class dir rw_dir_perms;
')
allow $1 usr_t:dir rw_dir_perms;
@@ -2545,7 +2427,6 @@ interface(`files_list_var',`
interface(`files_manage_var_dirs',`
gen_require(`
type var_t;
- class dir create_dir_perms;
')
allow $1 var_t:dir create_dir_perms;
@@ -2579,8 +2460,6 @@ interface(`files_read_var_files',`
interface(`files_manage_var_files',`
gen_require(`
type var_t;
- class dir rw_dir_perms;
- class file create_file_perms;
')
allow $1 var_t:dir rw_dir_perms;
@@ -2639,7 +2518,6 @@ interface(`files_manage_var_symlinks',`
interface(`files_filetrans_var',`
gen_require(`
type var_t;
- class dir rw_dir_perms;
')
allow $1 var_t:dir rw_dir_perms;
@@ -2662,7 +2540,6 @@ interface(`files_filetrans_var',`
interface(`files_search_var_lib_dir',`
gen_require(`
type var_t, var_lib_t;
- class dir search;
')
allow $1 var_t:dir search;
@@ -2736,7 +2613,6 @@ interface(`files_list_var_lib',`
interface(`files_filetrans_var_lib',`
gen_require(`
type var_t, var_lib_t;
- class dir rw_dir_perms;
')
allow $1 var_t:dir search_dir_perms;
@@ -2900,8 +2776,6 @@ interface(`files_manage_generic_locks',`
interface(`files_delete_all_locks',`
gen_require(`
attribute lockfile;
- class dir rw_dir_perms;
- class file { getattr unlink };
')
allow $1 lockfile:dir rw_dir_perms;
@@ -2935,7 +2809,6 @@ interface(`files_read_all_locks',`
interface(`files_filetrans_lock',`
gen_require(`
type var_t, var_lock_t;
- class dir rw_dir_perms;
')
allow $1 var_t:dir search;
@@ -2960,7 +2833,6 @@ interface(`files_filetrans_lock',`
interface(`files_dontaudit_getattr_pid_dir',`
gen_require(`
type var_run_t;
- class dir getattr;
')
dontaudit $1 var_run_t:dir getattr;
@@ -3003,7 +2875,6 @@ interface(`files_dontaudit_search_pids',`
interface(`files_list_pids',`
gen_require(`
type var_t, var_run_t;
- class dir r_dir_perms;
')
allow $1 var_t:dir search_dir_perms;
@@ -3017,7 +2888,6 @@ interface(`files_list_pids',`
interface(`files_filetrans_pid',`
gen_require(`
type var_t, var_run_t;
- class dir rw_dir_perms;
')
allow $1 var_t:dir search_dir_perms;
@@ -3037,8 +2907,6 @@ interface(`files_filetrans_pid',`
interface(`files_rw_generic_pids',`
gen_require(`
type var_t, var_run_t;
- class dir r_dir_perms;
- class file rw_file_perms;
')
allow $1 var_t:dir search;
@@ -3118,10 +2986,6 @@ interface(`files_delete_all_pids',`
gen_require(`
attribute pidfile;
type var_t, var_run_t;
- class dir rw_dir_perms;
- class file { getattr unlink };
- class lnk_file { getattr unlink };
- class sock_file { getattr unlink };
')
allow $1 var_t:dir search;
@@ -3166,7 +3030,6 @@ interface(`files_search_spool',`
interface(`files_list_spool',`
gen_require(`
type var_t, var_spool_t;
- class dir r_dir_perms;
')
allow $1 var_t:dir search;
@@ -3180,7 +3043,6 @@ interface(`files_list_spool',`
interface(`files_manage_generic_spool_dirs',`
gen_require(`
type var_t, var_spool_t;
- class dir create_dir_perms;
')
allow $1 var_t:dir search;
@@ -3194,8 +3056,6 @@ interface(`files_manage_generic_spool_dirs',`
interface(`files_read_generic_spools',`
gen_require(`
type var_t, var_spool_t;
- class dir r_dir_perms;
- class file r_file_perms;
')
allow $1 var_t:dir search;
@@ -3210,8 +3070,6 @@ interface(`files_read_generic_spools',`
interface(`files_manage_generic_spools',`
gen_require(`
type var_t, var_spool_t;
- class dir rw_dir_perms;
- class file create_file_perms;
')
allow $1 var_t:dir search;
diff --git a/refpolicy/policy/modules/kernel/filesystem.if b/refpolicy/policy/modules/kernel/filesystem.if
index 38358ae..756b542 100644
--- a/refpolicy/policy/modules/kernel/filesystem.if
+++ b/refpolicy/policy/modules/kernel/filesystem.if
@@ -55,7 +55,6 @@ interface(`fs_make_noxattr_fs',`
interface(`fs_associate',`
gen_require(`
type fs_t;
- class filesystem associate;
')
allow $1 fs_t:filesystem associate;
@@ -76,7 +75,6 @@ interface(`fs_associate',`
interface(`fs_associate_noxattr',`
gen_require(`
attribute noxattrfs;
- class filesystem associate;
')
allow $1 noxattrfs:filesystem associate;
@@ -112,7 +110,6 @@ interface(`fs_exec_noxattr',`
interface(`fs_mount_xattr_fs',`
gen_require(`
type fs_t;
- class filesystem mount;
')
allow $1 fs_t:filesystem mount;
@@ -132,7 +129,6 @@ interface(`fs_mount_xattr_fs',`
interface(`fs_remount_xattr_fs',`
gen_require(`
type fs_t;
- class filesystem remount;
')
allow $1 fs_t:filesystem remount;
@@ -151,7 +147,6 @@ interface(`fs_remount_xattr_fs',`
interface(`fs_unmount_xattr_fs',`
gen_require(`
type fs_t;
- class filesystem unmount;
')
allow $1 fs_t:filesystem mount;
@@ -171,7 +166,6 @@ interface(`fs_unmount_xattr_fs',`
interface(`fs_getattr_xattr_fs',`
gen_require(`
type fs_t;
- class filesystem getattr;
')
allow $1 fs_t:filesystem getattr;
@@ -209,7 +203,6 @@ interface(`fs_get_xattr_fs_quotas',`
interface(`fs_dontaudit_getattr_xattr_fs',`
gen_require(`
type fs_t;
- class filesystem getattr;
')
dontaudit $1 fs_t:filesystem getattr;
@@ -228,7 +221,6 @@ interface(`fs_dontaudit_getattr_xattr_fs',`
interface(`fs_relabelfrom_xattr_fs',`
gen_require(`
type fs_t;
- class filesystem relabelfrom;
')
allow $1 fs_t:filesystem relabelfrom;
@@ -246,7 +238,6 @@ interface(`fs_relabelfrom_xattr_fs',`
interface(`fs_get_xattr_fs_quota',`
gen_require(`
type fs_t;
- class filesystem quotaget;
')
allow $1 fs_t:filesystem quotaget;
@@ -264,7 +255,6 @@ interface(`fs_get_xattr_fs_quota',`
interface(`fs_set_xattr_fs_quota',`
gen_require(`
type fs_t;
- class filesystem quotamod;
')
allow $1 fs_t:filesystem quotamod;
@@ -281,7 +271,6 @@ interface(`fs_set_xattr_fs_quota',`
interface(`fs_mount_autofs',`
gen_require(`
type autofs_t;
- class filesystem mount;
')
allow $1 autofs_t:filesystem mount;
@@ -300,7 +289,6 @@ interface(`fs_mount_autofs',`
interface(`fs_remount_autofs',`
gen_require(`
type autofs_t;
- class filesystem remount;
')
allow $1 autofs_t:filesystem remount;
@@ -317,7 +305,6 @@ interface(`fs_remount_autofs',`
interface(`fs_unmount_autofs',`
gen_require(`
type autofs_t;
- class filesystem unmount;
')
allow $1 autofs_t:filesystem mount;
@@ -336,7 +323,6 @@ interface(`fs_unmount_autofs',`
interface(`fs_getattr_autofs',`
gen_require(`
type autofs_t;
- class filesystem getattr;
')
allow $1 autofs_t:filesystem getattr;
@@ -354,7 +340,6 @@ interface(`fs_getattr_autofs',`
interface(`fs_search_auto_mountpoints',`
gen_require(`
type autofs_t;
- class dir { getattr search };
')
allow $1 autofs_t:dir { getattr search };
@@ -412,8 +397,6 @@ interface(`fs_dontaudit_list_auto_mountpoints',`
interface(`fs_register_binary_executable_type',`
gen_require(`
type binfmt_misc_fs_t;
- class dir { getattr search };
- class file { getattr ioctl write };
')
allow $1 binfmt_misc_fs_t:dir { getattr search };
@@ -431,7 +414,6 @@ interface(`fs_register_binary_executable_type',`
interface(`fs_mount_cifs',`
gen_require(`
type cifs_t;
- class filesystem mount;
')
allow $1 cifs_t:filesystem mount;
@@ -449,7 +431,6 @@ interface(`fs_mount_cifs',`
interface(`fs_remount_cifs',`
gen_require(`
type cifs_t;
- class filesystem remount;
')
allow $1 cifs_t:filesystem remount;
@@ -466,7 +447,6 @@ interface(`fs_remount_cifs',`
interface(`fs_unmount_cifs',`
gen_require(`
type cifs_t;
- class filesystem unmount;
')
allow $1 cifs_t:filesystem unmount;
@@ -485,7 +465,6 @@ interface(`fs_unmount_cifs',`
interface(`fs_getattr_cifs',`
gen_require(`
type cifs_t;
- class filesystem getattr;
')
allow $1 cifs_t:filesystem getattr;
@@ -502,7 +481,6 @@ interface(`fs_getattr_cifs',`
interface(`fs_search_cifs',`
gen_require(`
type cifs_t;
- class dir search;
')
allow $1 cifs_t:dir search;
@@ -520,7 +498,6 @@ interface(`fs_search_cifs',`
interface(`fs_list_cifs',`
gen_require(`
type cifs_t;
- class dir r_dir_perms;
')
allow $1 cifs_t:dir r_dir_perms;
@@ -657,8 +634,6 @@ interface(`fs_dontaudit_rw_cifs_files',`
interface(`fs_read_cifs_symlinks',`
gen_require(`
type cifs_t;
- class dir r_dir_perms;
- class lnk_file r_file_perms;
')
allow $1 cifs_t:dir r_dir_perms;
@@ -678,7 +653,6 @@ interface(`fs_read_cifs_symlinks',`
interface(`fs_execute_cifs_files',`
gen_require(`
type cifs_t;
- class dir r_dir_perms;
')
allow $1 cifs_t:dir r_dir_perms;
@@ -732,8 +706,6 @@ interface(`fs_dontaudit_manage_cifs_dirs',`
interface(`fs_manage_cifs_files',`
gen_require(`
type cifs_t;
- class dir rw_dir_perms;
- class file create_file_perms;
')
allow $1 cifs_t:dir rw_dir_perms;
@@ -770,8 +742,6 @@ interface(`fs_dontaudit_manage_cifs_files',`
interface(`fs_manage_cifs_symlinks',`
gen_require(`
type cifs_t;
- class dir rw_dir_perms;
- class lnk_file create_lnk_perms;
')
allow $1 cifs_t:dir rw_dir_perms;
@@ -790,8 +760,6 @@ interface(`fs_manage_cifs_symlinks',`
interface(`fs_manage_cifs_named_pipes',`
gen_require(`
type cifs_t;
- class dir rw_dir_perms;
- class fifo_file create_file_perms;
')
allow $1 cifs_t:dir rw_dir_perms;
@@ -810,8 +778,6 @@ interface(`fs_manage_cifs_named_pipes',`
interface(`fs_manage_cifs_named_sockets',`
gen_require(`
type cifs_t;
- class dir rw_dir_perms;
- class sock_file create_file_perms;
')
allow $1 cifs_t:dir rw_file_perms;
@@ -852,7 +818,6 @@ interface(`fs_manage_cifs_named_sockets',`
interface(`fs_cifs_domtrans',`
gen_require(`
type cifs_t;
- class dir search;
')
allow $1 cifs_t:dir search;
@@ -872,7 +837,6 @@ interface(`fs_cifs_domtrans',`
interface(`fs_mount_dos_fs',`
gen_require(`
type dosfs_t;
- class filesystem mount;
')
allow $1 dosfs_t:filesystem mount;
@@ -891,7 +855,6 @@ interface(`fs_mount_dos_fs',`
interface(`fs_remount_dos_fs',`
gen_require(`
type dosfs_t;
- class filesystem remount;
')
allow $1 dosfs_t:filesystem remount;
@@ -909,7 +872,6 @@ interface(`fs_remount_dos_fs',`
interface(`fs_unmount_dos_fs',`
gen_require(`
type dosfs_t;
- class filesystem unmount;
')
allow $1 dosfs_t:filesystem mount;
@@ -928,7 +890,6 @@ interface(`fs_unmount_dos_fs',`
interface(`fs_getattr_dos_fs',`
gen_require(`
type dosfs_t;
- class filesystem getattr;
')
allow $1 dosfs_t:filesystem getattr;
@@ -946,7 +907,6 @@ interface(`fs_getattr_dos_fs',`
interface(`fs_relabelfrom_dos_fs',`
gen_require(`
type dosfs_t;
- class filesystem relabelfrom;
')
allow $1 dosfs_t:filesystem relabelfrom;
@@ -997,7 +957,6 @@ interface(`fs_search_inotifyfs',`
interface(`fs_mount_iso9660_fs',`
gen_require(`
type iso9660_t;
- class filesystem mount;
')
allow $1 iso9660_t:filesystem mount;
@@ -1016,7 +975,6 @@ interface(`fs_mount_iso9660_fs',`
interface(`fs_remount_iso9660_fs',`
gen_require(`
type iso9660_t;
- class filesystem remount;
')
allow $1 iso9660_t:filesystem remount;
@@ -1034,7 +992,6 @@ interface(`fs_remount_iso9660_fs',`
interface(`fs_unmount_iso9660_fs',`
gen_require(`
type iso9660_t;
- class filesystem unmount;
')
allow $1 iso9660_t:filesystem mount;
@@ -1053,7 +1010,6 @@ interface(`fs_unmount_iso9660_fs',`
interface(`fs_getattr_iso9660_fs',`
gen_require(`
type iso9660_t;
- class filesystem getattr;
')
allow $1 iso9660_t:filesystem getattr;
@@ -1070,7 +1026,6 @@ interface(`fs_getattr_iso9660_fs',`
interface(`fs_mount_nfs',`
gen_require(`
type nfs_t;
- class filesystem mount;
')
allow $1 nfs_t:filesystem mount;
@@ -1088,7 +1043,6 @@ interface(`fs_mount_nfs',`
interface(`fs_remount_nfs',`
gen_require(`
type nfs_t;
- class filesystem remount;
')
allow $1 nfs_t:filesystem remount;
@@ -1105,7 +1059,6 @@ interface(`fs_remount_nfs',`
interface(`fs_unmount_nfs',`
gen_require(`
type nfs_t;
- class filesystem unmount;
')
allow $1 nfs_t:filesystem mount;
@@ -1123,7 +1076,6 @@ interface(`fs_unmount_nfs',`
interface(`fs_getattr_nfs',`
gen_require(`
type nfs_t;
- class filesystem getattr;
')
allow $1 nfs_t:filesystem getattr;
@@ -1140,7 +1092,6 @@ interface(`fs_getattr_nfs',`
interface(`fs_search_nfs',`
gen_require(`
type nfs_t;
- class dir search;
')
allow $1 nfs_t:dir search;
@@ -1190,8 +1141,6 @@ interface(`fs_dontaudit_list_nfs',`
interface(`fs_read_nfs_files',`
gen_require(`
type nfs_t;
- class dir r_dir_perms;
- class file r_file_perms;
')
allow $1 nfs_t:dir r_dir_perms;
@@ -1243,7 +1192,6 @@ interface(`fs_write_nfs_files',`
interface(`fs_execute_nfs_files',`
gen_require(`
type nfs_t;
- class dir r_dir_perms;
')
allow $1 nfs_t:dir r_dir_perms;
@@ -1278,8 +1226,6 @@ interface(`fs_dontaudit_rw_nfs_files',`
interface(`fs_read_nfs_symlinks',`
gen_require(`
type nfs_t;
- class dir r_dir_perms;
- class lnk_file r_file_perms;
')
allow $1 nfs_t:dir r_dir_perms;
@@ -1428,7 +1374,6 @@ interface(`fs_read_rpc_dirs',`
interface(`fs_read_rpc_files',`
gen_require(`
type rpc_pipefs_t;
- class file { read getattr };
')
allow $1 rpc_pipefs_t:file { read getattr };
@@ -1446,7 +1391,6 @@ interface(`fs_read_rpc_files',`
interface(`fs_read_rpc_symlinks',`
gen_require(`
type rpc_pipefs_t;
- class lnk_file { getattr read };
')
allow $1 rpc_pipefs_t:lnk_file { getattr read };
@@ -1464,7 +1408,6 @@ interface(`fs_read_rpc_symlinks',`
interface(`fs_read_rpc_sockets',`
gen_require(`
type rpc_pipefs_t;
- class sock_file { read write };
')
allow $1 rpc_pipefs_t:sock_file { read write };
@@ -1483,7 +1426,6 @@ interface(`fs_read_rpc_sockets',`
interface(`fs_manage_nfs_dirs',`
gen_require(`
type nfs_t;
- class dir create_dir_perms;
')
allow $1 nfs_t:dir create_dir_perms;
@@ -1519,8 +1461,6 @@ interface(`fs_dontaudit_manage_nfs_dirs',`
interface(`fs_manage_nfs_files',`
gen_require(`
type nfs_t;
- class dir rw_dir_perms;
- class file create_file_perms;
')
allow $1 nfs_t:dir rw_dir_perms;
@@ -1557,8 +1497,6 @@ interface(`fs_dontaudit_manage_nfs_files',`
interface(`fs_manage_nfs_symlinks',`
gen_require(`
type nfs_t;
- class dir r_dir_perms;
- class lnk_file create_lnk_perms;
')
allow $1 nfs_t:dir rw_dir_perms;
@@ -1577,8 +1515,6 @@ interface(`fs_manage_nfs_symlinks',`
interface(`fs_manage_nfs_named_pipes',`
gen_require(`
type nfs_t;
- class dir rw_dir_perms;
- class fifo_file create_file_perms;
')
allow $1 nfs_t:dir rw_dir_perms;
@@ -1597,8 +1533,6 @@ interface(`fs_manage_nfs_named_pipes',`
interface(`fs_manage_nfs_named_sockets',`
gen_require(`
type nfs_t;
- class dir rw_dir_perms;
- class sock_file create_file_perms;
')
allow $1 nfs_t:dir rw_dir_perms;
@@ -1639,7 +1573,6 @@ interface(`fs_manage_nfs_named_sockets',`
interface(`fs_nfs_domtrans',`
gen_require(`
type nfs_t;
- class dir search;
')
allow $1 nfs_t:dir search;
@@ -1658,7 +1591,6 @@ interface(`fs_nfs_domtrans',`
interface(`fs_mount_nfsd_fs',`
gen_require(`
type nfsd_fs_t;
- class filesystem mount;
')
allow $1 nfsd_fs_t:filesystem mount;
@@ -1676,7 +1608,6 @@ interface(`fs_mount_nfsd_fs',`
interface(`fs_remount_nfsd_fs',`
gen_require(`
type nfsd_fs_t;
- class filesystem remount;
')
allow $1 nfsd_fs_t:filesystem remount;
@@ -1693,7 +1624,6 @@ interface(`fs_remount_nfsd_fs',`
interface(`fs_unmount_nfsd_fs',`
gen_require(`
type nfsd_fs_t;
- class filesystem unmount;
')
allow $1 nfsd_fs_t:filesystem mount;
@@ -1712,7 +1642,6 @@ interface(`fs_unmount_nfsd_fs',`
interface(`fs_getattr_nfsd_fs',`
gen_require(`
type nfsd_fs_t;
- class filesystem getattr;
')
allow $1 nfsd_fs_t:filesystem getattr;
@@ -1730,7 +1659,6 @@ interface(`fs_getattr_nfsd_fs',`
interface(`fs_search_nfsd_fs',`
gen_require(`
type nfsd_fs_t;
- class dir search;
')
allow $1 nfsd_fs_t:dir search;
@@ -1748,7 +1676,6 @@ interface(`fs_search_nfsd_fs',`
interface(`fs_rw_nfsd_fs',`
gen_require(`
type nfsd_fs_t;
- class file rw_file_perms;
')
allow $1 nfsd_fs_t:file rw_file_perms;
@@ -1765,7 +1692,6 @@ interface(`fs_rw_nfsd_fs',`
interface(`fs_mount_ramfs',`
gen_require(`
type ramfs_t;
- class filesystem mount;
')
allow $1 ramfs_t:filesystem mount;
@@ -1783,7 +1709,6 @@ interface(`fs_mount_ramfs',`
interface(`fs_remount_ramfs',`
gen_require(`
type ramfs_t;
- class filesystem remount;
')
allow $1 ramfs_t:filesystem remount;
@@ -1800,7 +1725,6 @@ interface(`fs_remount_ramfs',`
interface(`fs_unmount_ramfs',`
gen_require(`
type ramfs_t;
- class filesystem unmount;
')
allow $1 ramfs_t:filesystem mount;
@@ -1818,7 +1742,6 @@ interface(`fs_unmount_ramfs',`
interface(`fs_getattr_ramfs',`
gen_require(`
type ramfs_t;
- class filesystem getattr;
')
allow $1 ramfs_t:filesystem getattr;
@@ -1915,7 +1838,6 @@ interface(`fs_write_ramfs_socket',`
interface(`fs_mount_romfs',`
gen_require(`
type romfs_t;
- class filesystem mount;
')
allow $1 romfs_t:filesystem mount;
@@ -1933,7 +1855,6 @@ interface(`fs_mount_romfs',`
interface(`fs_remount_romfs',`
gen_require(`
type romfs_t;
- class filesystem remount;
')
allow $1 romfs_t:filesystem remount;
@@ -1950,7 +1871,6 @@ interface(`fs_remount_romfs',`
interface(`fs_unmount_romfs',`
gen_require(`
type romfs_t;
- class filesystem unmount;
')
allow $1 romfs_t:filesystem mount;
@@ -1969,7 +1889,6 @@ interface(`fs_unmount_romfs',`
interface(`fs_getattr_romfs',`
gen_require(`
type romfs_t;
- class filesystem getattr;
')
allow $1 romfs_t:filesystem getattr;
@@ -1986,7 +1905,6 @@ interface(`fs_getattr_romfs',`
interface(`fs_mount_rpc_pipefs',`
gen_require(`
type rpc_pipefs_t;
- class filesystem mount;
')
allow $1 rpc_pipefs_t:filesystem mount;
@@ -2004,7 +1922,6 @@ interface(`fs_mount_rpc_pipefs',`
interface(`fs_remount_rpc_pipefs',`
gen_require(`
type rpc_pipefs_t;
- class filesystem remount;
')
allow $1 rpc_pipefs_t:filesystem remount;
@@ -2021,7 +1938,6 @@ interface(`fs_remount_rpc_pipefs',`
interface(`fs_unmount_rpc_pipefs',`
gen_require(`
type rpc_pipefs_t;
- class filesystem unmount;
')
allow $1 rpc_pipefs_t:filesystem mount;
@@ -2040,7 +1956,6 @@ interface(`fs_unmount_rpc_pipefs',`
interface(`fs_getattr_rpc_pipefs',`
gen_require(`
type rpc_pipefs_t;
- class filesystem getattr;
')
allow $1 rpc_pipefs_t:filesystem getattr;
@@ -2057,7 +1972,6 @@ interface(`fs_getattr_rpc_pipefs',`
interface(`fs_mount_tmpfs',`
gen_require(`
type tmpfs_t;
- class filesystem mount;
')
allow $1 tmpfs_t:filesystem mount;
@@ -2074,7 +1988,6 @@ interface(`fs_mount_tmpfs',`
interface(`fs_remount_tmpfs',`
gen_require(`
type tmpfs_t;
- class filesystem remount;
')
allow $1 tmpfs_t:filesystem remount;
@@ -2091,7 +2004,6 @@ interface(`fs_remount_tmpfs',`
interface(`fs_unmount_tmpfs',`
gen_require(`
type tmpfs_t;
- class filesystem unmount;
')
allow $1 tmpfs_t:filesystem mount;
@@ -2110,7 +2022,6 @@ interface(`fs_unmount_tmpfs',`
interface(`fs_getattr_tmpfs',`
gen_require(`
type tmpfs_t;
- class filesystem getattr;
')
allow $1 tmpfs_t:filesystem getattr;
@@ -2127,7 +2038,6 @@ interface(`fs_getattr_tmpfs',`
interface(`fs_associate_tmpfs',`
gen_require(`
type tmpfs_t;
- class filesystem associate;
')
allow $1 tmpfs_t:filesystem associate;
@@ -2144,7 +2054,6 @@ interface(`fs_associate_tmpfs',`
interface(`fs_getattr_tmpfs_dir',`
gen_require(`
type tmpfs_t;
- class dir getattr;
')
allow $1 tmpfs_t:dir getattr;
@@ -2161,7 +2070,6 @@ interface(`fs_getattr_tmpfs_dir',`
interface(`fs_setattr_tmpfs_dir',`
gen_require(`
type tmpfs_t;
- class dir setattr;
')
allow $1 tmpfs_t:dir setattr;
@@ -2178,7 +2086,6 @@ interface(`fs_setattr_tmpfs_dir',`
interface(`fs_search_tmpfs',`
gen_require(`
type tmpfs_t;
- class dir search;
')
allow $1 tmpfs_t:dir search;
@@ -2195,7 +2102,6 @@ interface(`fs_search_tmpfs',`
interface(`fs_list_tmpfs',`
gen_require(`
type tmpfs_t;
- class dir r_dir_perms;
')
allow $1 tmpfs_t:dir r_dir_perms;
@@ -2213,7 +2119,6 @@ interface(`fs_list_tmpfs',`
interface(`fs_dontaudit_list_tmpfs',`
gen_require(`
type tmpfs_t;
- class dir r_dir_perms;
')
dontaudit $1 tmpfs_t:dir r_dir_perms;
@@ -2231,7 +2136,6 @@ interface(`fs_dontaudit_list_tmpfs',`
interface(`fs_manage_tmpfs_dirs',`
gen_require(`
type tmpfs_t;
- class dir create_dir_perms;
')
allow $1 tmpfs_t:dir create_dir_perms;
@@ -2244,8 +2148,6 @@ interface(`fs_manage_tmpfs_dirs',`
interface(`fs_filetrans_tmpfs',`
gen_require(`
type tmpfs_t;
- class filesystem associate;
- class dir rw_dir_perms;
')
allow $2 tmpfs_t:filesystem associate;
@@ -2337,8 +2239,6 @@ interface(`fs_read_tmpfs_symlinks',`
interface(`fs_use_tmpfs_chr_dev',`
gen_require(`
type tmpfs_t;
- class dir r_dir_perms;
- class chr_file rw_file_perms;
')
allow $1 tmpfs_t:dir r_dir_perms;
@@ -2356,8 +2256,6 @@ interface(`fs_use_tmpfs_chr_dev',`
interface(`fs_dontaudit_use_tmpfs_chr_dev',`
gen_require(`
type tmpfs_t;
- class dir r_dir_perms;
- class chr_file rw_file_perms;
')
dontaudit $1 tmpfs_t:dir r_dir_perms;
@@ -2375,8 +2273,6 @@ interface(`fs_dontaudit_use_tmpfs_chr_dev',`
interface(`fs_relabel_tmpfs_chr_dev',`
gen_require(`
type tmpfs_t;
- class dir r_dir_perms;
- class chr_file { getattr relabelfrom relabelto };
')
allow $1 tmpfs_t:dir r_dir_perms;
@@ -2394,8 +2290,6 @@ interface(`fs_relabel_tmpfs_chr_dev',`
interface(`fs_use_tmpfs_blk_dev',`
gen_require(`
type tmpfs_t;
- class dir r_dir_perms;
- class blk_file rw_file_perms;
')
allow $1 tmpfs_t:dir r_dir_perms;
@@ -2413,8 +2307,6 @@ interface(`fs_use_tmpfs_blk_dev',`
interface(`fs_relabel_tmpfs_blk_dev',`
gen_require(`
type tmpfs_t;
- class dir r_dir_perms;
- class blk_file { getattr relabelfrom relabelto };
')
allow $1 tmpfs_t:dir r_dir_perms;
@@ -2433,8 +2325,6 @@ interface(`fs_relabel_tmpfs_blk_dev',`
interface(`fs_manage_tmpfs_files',`
gen_require(`
type tmpfs_t;
- class dir rw_dir_perms;
- class file create_file_perms;
')
allow $1 tmpfs_t:dir rw_dir_perms;
@@ -2453,8 +2343,6 @@ interface(`fs_manage_tmpfs_files',`
interface(`fs_manage_tmpfs_symlinks',`
gen_require(`
type tmpfs_t;
- class dir rw_dir_perms;
- class chr_file create_lnk_perms;
')
allow $1 tmpfs_t:dir rw_dir_perms;
@@ -2473,8 +2361,6 @@ interface(`fs_manage_tmpfs_symlinks',`
interface(`fs_manage_tmpfs_sockets',`
gen_require(`
type tmpfs_t;
- class dir rw_dir_perms;
- class sock_file create_file_perms;
')
allow $1 tmpfs_t:dir rw_dir_perms;
@@ -2493,8 +2379,6 @@ interface(`fs_manage_tmpfs_sockets',`
interface(`fs_manage_tmpfs_chr_dev',`
gen_require(`
type tmpfs_t;
- class dir rw_dir_perms;
- class chr_file create_file_perms;
')
allow $1 tmpfs_t:dir rw_dir_perms;
@@ -2513,8 +2397,6 @@ interface(`fs_manage_tmpfs_chr_dev',`
interface(`fs_manage_tmpfs_blk_dev',`
gen_require(`
type tmpfs_t;
- class dir rw_dir_perms;
- class blk_file create_file_perms;
')
allow $1 tmpfs_t:dir rw_dir_perms;
@@ -2532,7 +2414,6 @@ interface(`fs_manage_tmpfs_blk_dev',`
interface(`fs_mount_all_fs',`
gen_require(`
attribute filesystem_type;
- class filesystem mount;
')
allow $1 filesystem_type:filesystem mount;
@@ -2550,7 +2431,6 @@ interface(`fs_mount_all_fs',`
interface(`fs_remount_all_fs',`
gen_require(`
attribute filesystem_type;
- class filesystem remount;
')
allow $1 filesystem_type:filesystem remount;
@@ -2567,7 +2447,6 @@ interface(`fs_remount_all_fs',`
interface(`fs_unmount_all_fs',`
gen_require(`
attribute filesystem_type;
- class filesystem unmount;
')
allow $1 filesystem_type:filesystem unmount;
@@ -2586,7 +2465,6 @@ interface(`fs_unmount_all_fs',`
interface(`fs_getattr_all_fs',`
gen_require(`
attribute filesystem_type;
- class filesystem getattr;
')
allow $1 filesystem_type:filesystem getattr;
@@ -2604,7 +2482,6 @@ interface(`fs_getattr_all_fs',`
interface(`fs_dontaudit_getattr_all_fs',`
gen_require(`
attribute filesystem_type;
- class filesystem getattr;
')
dontaudit $1 filesystem_type:filesystem getattr;
@@ -2621,7 +2498,6 @@ interface(`fs_dontaudit_getattr_all_fs',`
interface(`fs_get_all_fs_quotas',`
gen_require(`
attribute filesystem_type;
- class filesystem quotaget;
')
allow $1 filesystem_type:filesystem quotaget;
@@ -2638,7 +2514,6 @@ interface(`fs_get_all_fs_quotas',`
interface(`fs_set_all_quotas',`
gen_require(`
attribute filesystem_type;
- class filesystem quotamod;
')
allow $1 filesystem_type:filesystem quotamod;
@@ -2705,7 +2580,6 @@ interface(`fs_search_all',`
interface(`fs_list_all',`
gen_require(`
attribute filesystem_type;
- class dir r_dir_perms;
')
allow $1 filesystem_type:dir r_dir_perms;
diff --git a/refpolicy/policy/modules/kernel/kernel.te b/refpolicy/policy/modules/kernel/kernel.te
index 896ecdd..e5f3996 100644
--- a/refpolicy/policy/modules/kernel/kernel.te
+++ b/refpolicy/policy/modules/kernel/kernel.te
@@ -139,8 +139,8 @@ sid any_socket gen_context(system_u:object_r:unlabeled_t,s15:c0.c255)
sid file_labels gen_context(system_u:object_r:unlabeled_t,s0)
sid icmp_socket gen_context(system_u:object_r:unlabeled_t,s15:c0.c255)
sid igmp_packet gen_context(system_u:object_r:unlabeled_t,s15:c0.c255)
-sid init gen_context(system_u:object_r:unlabeled_t,s0)
-sid kmod gen_context(system_u:object_r:unlabeled_t,s15:c0.c255)
+sid init gen_context(system_u:object_r:unlabeled_t,s0)
+sid kmod gen_context(system_u:object_r:unlabeled_t,s15:c0.c255)
sid netmsg gen_context(system_u:object_r:unlabeled_t,s15:c0.c255)
sid policy gen_context(system_u:object_r:unlabeled_t,s15:c0.c255)
sid scmp_packet gen_context(system_u:object_r:unlabeled_t,s15:c0.c255)
diff --git a/refpolicy/policy/modules/kernel/storage.if b/refpolicy/policy/modules/kernel/storage.if
index 5f1f1f8..df6f2b2 100644
--- a/refpolicy/policy/modules/kernel/storage.if
+++ b/refpolicy/policy/modules/kernel/storage.if
@@ -12,7 +12,6 @@
interface(`storage_getattr_fixed_disk',`
gen_require(`
type fixed_disk_device_t;
- class blk_file getattr;
')
dev_list_all_dev_nodes($1)
@@ -31,7 +30,6 @@ interface(`storage_getattr_fixed_disk',`
interface(`storage_dontaudit_getattr_fixed_disk',`
gen_require(`
type fixed_disk_device_t;
- class blk_file getattr;
')
dontaudit $1 fixed_disk_device_t:blk_file getattr;
@@ -49,7 +47,6 @@ interface(`storage_dontaudit_getattr_fixed_disk',`
interface(`storage_setattr_fixed_disk',`
gen_require(`
type fixed_disk_device_t;
- class blk_file setattr;
')
dev_list_all_dev_nodes($1)
@@ -88,7 +85,6 @@ interface(`storage_raw_read_fixed_disk',`
gen_require(`
attribute fixed_disk_raw_read;
type fixed_disk_device_t;
- class blk_file r_file_perms;
')
dev_list_all_dev_nodes($1)
@@ -166,7 +162,6 @@ interface(`storage_create_fixed_disk',`
gen_require(`
attribute fixed_disk_raw_read, fixed_disk_raw_write;
type fixed_disk_device_t;
- class blk_file create_file_perms;
')
allow $1 fixed_disk_device_t:blk_file create_file_perms;
@@ -186,7 +181,6 @@ interface(`storage_manage_fixed_disk',`
gen_require(`
attribute fixed_disk_raw_read, fixed_disk_raw_write;
type fixed_disk_device_t;
- class blk_file create_file_perms;
')
dev_list_all_dev_nodes($1)
@@ -206,7 +200,6 @@ interface(`storage_create_fixed_disk_tmpfs',`
gen_require(`
attribute fixed_disk_raw_read, fixed_disk_raw_write;
type fixed_disk_device_t;
- class blk_file create_file_perms;
')
allow $1 fixed_disk_device_t:blk_file create_file_perms;
@@ -226,7 +219,6 @@ interface(`storage_create_fixed_disk_tmpfs',`
interface(`storage_relabel_fixed_disk',`
gen_require(`
type fixed_disk_device_t;
- class blk_file { relabelfrom relabelto };
')
dev_list_all_dev_nodes($1)
@@ -244,7 +236,6 @@ interface(`storage_relabel_fixed_disk',`
interface(`storage_swapon_fixed_disk',`
gen_require(`
type fixed_disk_device_t;
- class blk_file { getattr swapon };
')
dev_list_all_dev_nodes($1)
@@ -266,7 +257,6 @@ interface(`storage_raw_read_lvm_volume',`
gen_require(`
attribute fixed_disk_raw_read;
type lvm_vg_t;
- class blk_file r_file_perms;
')
dev_list_all_dev_nodes($1)
@@ -289,7 +279,6 @@ interface(`storage_raw_write_lvm_volume',`
gen_require(`
attribute fixed_disk_raw_write;
type lvm_vg_t;
- class blk_file { getattr write ioctl };
')
dev_list_all_dev_nodes($1)
@@ -426,7 +415,6 @@ interface(`storage_dontaudit_rw_scsi_generic',`
interface(`storage_getattr_removable_device',`
gen_require(`
type removable_device_t;
- class blk_file getattr;
')
dev_list_all_dev_nodes($1)
@@ -445,7 +433,6 @@ interface(`storage_getattr_removable_device',`
interface(`storage_dontaudit_getattr_removable_device',`
gen_require(`
type removable_device_t;
- class blk_file getattr;
')
dontaudit $1 removable_device_t:blk_file getattr;
@@ -463,7 +450,6 @@ interface(`storage_dontaudit_getattr_removable_device',`
interface(`storage_dontaudit_read_removable_device',`
gen_require(`
type removable_device_t;
- class blk_file { getattr ioctl read };
')
@@ -482,7 +468,6 @@ interface(`storage_dontaudit_read_removable_device',`
interface(`storage_setattr_removable_device',`
gen_require(`
type removable_device_t;
- class blk_file setattr;
')
dev_list_all_dev_nodes($1)
@@ -501,7 +486,6 @@ interface(`storage_setattr_removable_device',`
interface(`storage_dontaudit_setattr_removable_device',`
gen_require(`
type removable_device_t;
- class blk_file setattr;
')
dontaudit $1 removable_device_t:blk_file setattr;
@@ -522,7 +506,6 @@ interface(`storage_dontaudit_setattr_removable_device',`
interface(`storage_raw_read_removable_device',`
gen_require(`
type removable_device_t;
- class blk_file r_file_perms;
')
dev_list_all_dev_nodes($1)
@@ -560,7 +543,6 @@ interface(`storage_dontaudit_raw_read_removable_device',`
interface(`storage_raw_write_removable_device',`
gen_require(`
type removable_device_t;
- class blk_file { getattr write ioctl };
')
dev_list_all_dev_nodes($1)
diff --git a/refpolicy/policy/modules/kernel/terminal.if b/refpolicy/policy/modules/kernel/terminal.if
index 4380d04..978b5f0 100644
--- a/refpolicy/policy/modules/kernel/terminal.if
+++ b/refpolicy/policy/modules/kernel/terminal.if
@@ -240,7 +240,6 @@ interface(`term_setattr_console',`
interface(`term_dontaudit_getattr_pty_dir',`
gen_require(`
type devpts_t;
- class dir getattr;
')
dontaudit $1 devpts_t:dir getattr;
@@ -293,7 +292,6 @@ interface(`term_dontaudit_search_ptys',`
interface(`term_list_ptys',`
gen_require(`
type devpts_t;
- class dir r_dir_perms;
')
dev_list_all_dev_nodes($1)
@@ -312,7 +310,6 @@ interface(`term_list_ptys',`
interface(`term_dontaudit_list_ptys',`
gen_require(`
type devpts_t;
- class dir { getattr search read };
')
dontaudit $1 devpts_t:dir { getattr search read };
@@ -330,7 +327,6 @@ interface(`term_dontaudit_list_ptys',`
interface(`term_dontaudit_manage_pty_dir',`
gen_require(`
type devpts_t;
- class dir create_dir_perms;
')
dontaudit $1 devpts_t:dir create_dir_perms;
@@ -388,7 +384,6 @@ interface(`term_use_generic_pty',`
interface(`term_dontaudit_use_generic_pty',`
gen_require(`
type devpts_t;
- class chr_file { read write };
')
dontaudit $1 devpts_t:chr_file { read write };
@@ -440,7 +435,6 @@ interface(`term_use_ptmx',`
interface(`term_dontaudit_use_ptmx',`
gen_require(`
type ptmx_t;
- class chr_file { getattr read write };
')
dontaudit $1 ptmx_t:chr_file { getattr read write };
@@ -458,8 +452,6 @@ interface(`term_dontaudit_use_ptmx',`
interface(`term_getattr_all_user_ptys',`
gen_require(`
attribute ptynode;
- class dir r_dir_perms;
- class chr_file getattr;
')
dev_list_all_dev_nodes($1)
@@ -480,7 +472,6 @@ interface(`term_getattr_all_user_ptys',`
interface(`term_dontaudit_getattr_all_user_ptys',`
gen_require(`
attribute ptynode;
- class chr_file getattr;
')
dev_list_all_dev_nodes($1)
@@ -500,8 +491,6 @@ interface(`term_dontaudit_getattr_all_user_ptys',`
interface(`term_setattr_all_user_ptys',`
gen_require(`
attribute ptynode;
- class dir r_dir_perms;
- class chr_file setattr;
')
dev_list_all_dev_nodes($1)
@@ -520,7 +509,6 @@ interface(`term_setattr_all_user_ptys',`
interface(`term_relabelto_all_user_ptys',`
gen_require(`
attribute ptynode;
- class chr_file relabelto;
')
allow $1 ptynode:chr_file relabelto;
@@ -575,7 +563,6 @@ interface(`term_relabel_all_user_ptys',`
gen_require(`
attribute ptynode;
type devpts_t;
- class chr_file { relabelfrom relabelto };
')
dev_list_all_dev_nodes($1)
@@ -595,7 +582,6 @@ interface(`term_relabel_all_user_ptys',`
interface(`term_getattr_unallocated_ttys',`
gen_require(`
type tty_device_t;
- class chr_file getattr;
')
dev_list_all_dev_nodes($1)
@@ -614,7 +600,6 @@ interface(`term_getattr_unallocated_ttys',`
interface(`term_dontaudit_getattr_unallocated_ttys',`
gen_require(`
type tty_device_t;
- class chr_file getattr;
')
dontaudit $1 tty_device_t:chr_file getattr;
@@ -632,7 +617,6 @@ interface(`term_dontaudit_getattr_unallocated_ttys',`
interface(`term_setattr_unallocated_ttys',`
gen_require(`
type tty_device_t;
- class chr_file setattr;
')
dev_list_all_dev_nodes($1)
@@ -668,7 +652,6 @@ interface(`term_dontaudit_ioctl_unallocated_ttys',`
interface(`term_relabel_unallocated_ttys',`
gen_require(`
type tty_device_t;
- class chr_file { relabelfrom relabelto };
')
dev_list_all_dev_nodes($1)
@@ -688,7 +671,6 @@ interface(`term_reset_tty_labels',`
gen_require(`
attribute ttynode;
type tty_device_t;
- class chr_file { relabelfrom relabelto };
')
dev_list_all_dev_nodes($1)
@@ -707,7 +689,6 @@ interface(`term_reset_tty_labels',`
interface(`term_write_unallocated_ttys',`
gen_require(`
type tty_device_t;
- class chr_file { getattr write };
')
dev_list_all_dev_nodes($1)
@@ -743,7 +724,6 @@ interface(`term_use_unallocated_tty',`
interface(`term_dontaudit_use_unallocated_tty',`
gen_require(`
type tty_device_t;
- class chr_file { read write };
')
dontaudit $1 tty_device_t:chr_file { read write };
@@ -761,7 +741,6 @@ interface(`term_dontaudit_use_unallocated_tty',`
interface(`term_getattr_all_user_ttys',`
gen_require(`
attribute ttynode;
- class chr_file getattr;
')
dev_list_all_dev_nodes($1)
@@ -781,7 +760,6 @@ interface(`term_getattr_all_user_ttys',`
interface(`term_dontaudit_getattr_all_user_ttys',`
gen_require(`
attribute ttynode;
- class chr_file getattr;
')
dev_list_all_dev_nodes($1)
@@ -800,7 +778,6 @@ interface(`term_dontaudit_getattr_all_user_ttys',`
interface(`term_setattr_all_user_ttys',`
gen_require(`
attribute ttynode;
- class chr_file setattr;
')
dev_list_all_dev_nodes($1)
@@ -819,7 +796,6 @@ interface(`term_setattr_all_user_ttys',`
interface(`term_relabel_all_user_ttys',`
gen_require(`
attribute ttynode;
- class chr_file { relabelfrom relabelto };
')
dev_list_all_dev_nodes($1)
@@ -837,7 +813,6 @@ interface(`term_relabel_all_user_ttys',`
interface(`term_write_all_user_ttys',`
gen_require(`
attribute ttynode;
- class chr_file { getattr write };
')
dev_list_all_dev_nodes($1)
@@ -873,7 +848,6 @@ interface(`term_use_all_user_ttys',`
interface(`term_dontaudit_use_all_user_ttys',`
gen_require(`
attribute ttynode;
- class chr_file { read write };
')
dontaudit $1 ttynode:chr_file { read write };
diff --git a/refpolicy/policy/modules/services/arpwatch.if b/refpolicy/policy/modules/services/arpwatch.if
index 2e0dedd..87ef19e 100644
--- a/refpolicy/policy/modules/services/arpwatch.if
+++ b/refpolicy/policy/modules/services/arpwatch.if
@@ -77,7 +77,6 @@ interface(`arpwatch_manage_tmp_files',`
interface(`arpwatch_dontaudit_rw_packet_socket',`
gen_require(`
type arpwatch_t;
- class packet_socket { read write };
')
dontaudit $1 arpwatch_t:packet_socket { read write };
diff --git a/refpolicy/policy/modules/services/cron.if b/refpolicy/policy/modules/services/cron.if
index 477327c..c7a097f 100644
--- a/refpolicy/policy/modules/services/cron.if
+++ b/refpolicy/policy/modules/services/cron.if
@@ -313,9 +313,6 @@ template(`cron_admin_template',`
interface(`cron_system_entry',`
gen_require(`
type crond_t, system_crond_t;
- class fd use;
- class fifo_file rw_file_perms;
- class process sigchld;
')
domain_auto_trans(system_crond_t, $2, $1)
@@ -344,7 +341,6 @@ interface(`cron_system_entry',`
interface(`cron_use_fd',`
gen_require(`
type crond_t;
- class fd use;
')
allow $1 crond_t:fd use;
@@ -361,7 +357,6 @@ interface(`cron_use_fd',`
interface(`cron_sigchld',`
gen_require(`
type crond_t;
- class process sigchld;
')
allow $1 crond_t:process sigchld;
@@ -443,7 +438,6 @@ interface(`cron_crw_tcp_socket',`
interface(`cron_search_spool',`
gen_require(`
type cron_spool_t;
- class dir search;
')
files_search_spool($1)
@@ -499,7 +493,6 @@ interface(`cron_use_system_job_fd',`
interface(`cron_write_system_job_pipe',`
gen_require(`
type system_crond_t;
- class file write;
')
allow $1 system_crond_t:file write;
@@ -532,7 +525,6 @@ interface(`cron_rw_system_job_pipe',`
interface(`cron_read_system_job_tmp_files',`
gen_require(`
type system_crond_tmp_t;
- class file r_file_perms;
')
files_search_tmp($1)
diff --git a/refpolicy/policy/modules/services/dhcp.if b/refpolicy/policy/modules/services/dhcp.if
index 4a40fbc..003671d 100644
--- a/refpolicy/policy/modules/services/dhcp.if
+++ b/refpolicy/policy/modules/services/dhcp.if
@@ -12,7 +12,6 @@
interface(`dhcpd_setattr_state_files',`
gen_require(`
type dhcpd_state_t;
- class file setattr;
')
sysnet_search_dhcp_state($1)
diff --git a/refpolicy/policy/modules/services/dictd.if b/refpolicy/policy/modules/services/dictd.if
index 26f27aa..5fc1baa 100644
--- a/refpolicy/policy/modules/services/dictd.if
+++ b/refpolicy/policy/modules/services/dictd.if
@@ -12,7 +12,6 @@
interface(`dictd_use',`
gen_require(`
type dictd_t;
- class tcp_socket { connectto acceptfrom recvfrom };
')
allow $1 dictd_t:tcp_socket { connectto recvfrom };
diff --git a/refpolicy/policy/modules/services/dovecot.if b/refpolicy/policy/modules/services/dovecot.if
index 49ef250..a14c5b9 100644
--- a/refpolicy/policy/modules/services/dovecot.if
+++ b/refpolicy/policy/modules/services/dovecot.if
@@ -11,9 +11,6 @@
interface(`dovecot_manage_spool',`
gen_require(`
type dovecot_spool_t;
- class dir rw_dir_perms;
- class file create_file_perms;
- class lnk_file create_lnk_perms;
')
allow $1 dovecot_spool_t:dir rw_dir_perms;
diff --git a/refpolicy/policy/modules/services/inetd.if b/refpolicy/policy/modules/services/inetd.if
index 042e679..9c66cb1 100644
--- a/refpolicy/policy/modules/services/inetd.if
+++ b/refpolicy/policy/modules/services/inetd.if
@@ -24,9 +24,6 @@ interface(`inetd_core_service_domain',`
gen_require(`
type inetd_t;
role system_r;
- class fd use;
- class fifo_file rw_file_perms;
- class process { sigchld sigkill };
')
domain_type($1)
@@ -92,7 +89,6 @@ interface(`inetd_tcp_service_domain',`
gen_require(`
type inetd_t;
- class tcp_socket rw_stream_socket_perms;
')
inetd_core_service_domain($1,$2)
@@ -114,7 +110,6 @@ interface(`inetd_tcp_service_domain',`
interface(`inetd_udp_service_domain',`
gen_require(`
type inetd_t;
- class udp_socket rw_socket_perms;
')
inetd_core_service_domain($1,$2)
@@ -136,8 +131,6 @@ interface(`inetd_udp_service_domain',`
interface(`inetd_service_domain',`
gen_require(`
type inetd_t;
- class tcp_socket rw_stream_socket_perms;
- class udp_socket rw_socket_perms;
')
inetd_core_service_domain($1,$2)
@@ -157,7 +150,6 @@ interface(`inetd_service_domain',`
interface(`inetd_use_fd',`
gen_require(`
type inetd_t;
- class fd use;
')
allow $1 inetd_t:fd use;
@@ -174,7 +166,6 @@ interface(`inetd_use_fd',`
interface(`inetd_tcp_connect',`
gen_require(`
type inetd_t;
- class tcp_socket { connectto acceptfrom recvfrom };
')
allow $1 inetd_t:tcp_socket { connectto recvfrom };
@@ -193,9 +184,6 @@ interface(`inetd_tcp_connect',`
interface(`inetd_domtrans_child',`
gen_require(`
type inetd_child_t, inetd_child_exec_t;
- class process sigchld;
- class fd use;
- class fifo_file rw_file_perms;
')
corecmd_search_sbin($1)
diff --git a/refpolicy/policy/modules/services/inn.if b/refpolicy/policy/modules/services/inn.if
index e165690..d1aa502 100644
--- a/refpolicy/policy/modules/services/inn.if
+++ b/refpolicy/policy/modules/services/inn.if
@@ -45,7 +45,6 @@ interface(`inn_exec_config',`
interface(`inn_manage_log',`
gen_require(`
type innd_log_t;
- class file create_file_perms;
')
logging_rw_log_dir($1)
@@ -64,8 +63,6 @@ interface(`inn_manage_log',`
interface(`inn_manage_pid',`
gen_require(`
type innd_var_run_t;
- class dir rw_dir_perms;
- class file create_file_perms;
')
files_search_pids($1)
@@ -85,9 +82,6 @@ interface(`inn_manage_pid',`
interface(`inn_read_config',`
gen_require(`
type innd_etc_t;
- class dir { getattr read search };
- class file { read getattr };
- class lnk_file { getattr read };
')
allow $1 innd_etc_t:dir { getattr read search };
@@ -106,9 +100,6 @@ interface(`inn_read_config',`
interface(`inn_read_news_lib',`
gen_require(`
type innd_var_lib_t;
- class dir { getattr read search };
- class file { read getattr };
- class lnk_file { getattr read };
')
allow $1 innd_var_lib_t:dir { getattr read search };
@@ -127,9 +118,6 @@ interface(`inn_read_news_lib',`
interface(`inn_read_news_spool',`
gen_require(`
type news_spool_t;
- class dir { getattr read search };
- class file { read getattr };
- class lnk_file { getattr read };
')
allow $1 news_spool_t:dir { getattr read search };
@@ -148,7 +136,6 @@ interface(`inn_read_news_spool',`
interface(`inn_sendto_unix_dgram_socket',`
gen_require(`
type innd_t;
- class unix_dgram_socket sendto;
')
allow $1 innd_t:unix_dgram_socket sendto;
diff --git a/refpolicy/policy/modules/services/ldap.if b/refpolicy/policy/modules/services/ldap.if
index 2f3b0ea..d0ee988 100644
--- a/refpolicy/policy/modules/services/ldap.if
+++ b/refpolicy/policy/modules/services/ldap.if
@@ -12,7 +12,6 @@
interface(`ldap_list_db_dir',`
gen_require(`
type slapd_db_t;
- class dir r_dir_perms;
')
allow $1 slapd_db_t:dir r_dir_perms;
@@ -29,7 +28,6 @@ interface(`ldap_list_db_dir',`
interface(`ldap_read_config',`
gen_require(`
type slapd_etc_t;
- class file { getattr read };
')
files_search_etc($1)
diff --git a/refpolicy/policy/modules/services/mta.if b/refpolicy/policy/modules/services/mta.if
index 3ed30bd..a9451c9 100644
--- a/refpolicy/policy/modules/services/mta.if
+++ b/refpolicy/policy/modules/services/mta.if
@@ -492,7 +492,6 @@ interface(`mta_read_config',`
interface(`mta_read_aliases',`
gen_require(`
type etc_aliases_t;
- class file r_file_perms;
')
files_search_etc($1)
@@ -523,7 +522,6 @@ interface(`mta_filetrans_etc_aliases',`
interface(`mta_rw_aliases',`
gen_require(`
type etc_aliases_t;
- class file { rw_file_perms setattr };
')
files_search_etc($1)
@@ -577,7 +575,6 @@ interface(`mta_tcp_connect_all_mailservers',`
interface(`mta_dontaudit_read_spool_symlink',`
gen_require(`
type mail_spool_t;
- class lnk_file read;
')
dontaudit $1 mail_spool_t:lnk_file read;
@@ -590,9 +587,6 @@ interface(`mta_dontaudit_read_spool_symlink',`
interface(`mta_getattr_spool',`
gen_require(`
type mail_spool_t;
- class dir r_dir_perms;
- class file getattr;
- class lnk_file read;
')
files_search_spool($1)
@@ -639,9 +633,6 @@ interface(`mta_filetrans_spool',`
interface(`mta_rw_spool',`
gen_require(`
type mail_spool_t;
- class dir r_dir_perms;
- class lnk_file { getattr read };
- class file { rw_file_perms setattr };
')
files_search_spool($1)
@@ -661,9 +652,6 @@ interface(`mta_rw_spool',`
interface(`mta_append_spool',`
gen_require(`
type mail_spool_t;
- class dir ra_dir_perms;
- class lnk_file { getattr read };
- class file create_file_perms;
')
files_search_spool($1)
@@ -729,8 +717,6 @@ interface(`mta_dontaudit_rw_queue',`
interface(`mta_manage_queue',`
gen_require(`
type mqueue_spool_t;
- class dir rw_dir_perms;
- class file create_file_perms;
')
files_search_spool($1)
diff --git a/refpolicy/policy/modules/services/ntp.if b/refpolicy/policy/modules/services/ntp.if
index a77fef5..d47c47e 100644
--- a/refpolicy/policy/modules/services/ntp.if
+++ b/refpolicy/policy/modules/services/ntp.if
@@ -25,9 +25,6 @@ interface(`ntp_stub',`
interface(`ntp_domtrans',`
gen_require(`
type ntpd_t, ntpd_exec_t;
- class process sigchld;
- class fd use;
- class fifo_file rw_file_perms;
')
corecmd_search_sbin($1)
@@ -50,9 +47,6 @@ interface(`ntp_domtrans',`
interface(`ntp_domtrans_ntpdate',`
gen_require(`
type ntpd_t, ntpdate_exec_t;
- class process sigchld;
- class fd use;
- class fifo_file rw_file_perms;
')
corecmd_search_sbin($1)
diff --git a/refpolicy/policy/modules/services/portmap.if b/refpolicy/policy/modules/services/portmap.if
index ba50160..b0ae4a4 100644
--- a/refpolicy/policy/modules/services/portmap.if
+++ b/refpolicy/policy/modules/services/portmap.if
@@ -11,9 +11,6 @@
interface(`portmap_domtrans_helper',`
gen_require(`
type portmap_helper_t, portmap_helper_exec_t;
- class process sigchld;
- class fd use;
- class fifo_file rw_file_perms;
')
corecmd_search_bin($1)
@@ -44,7 +41,6 @@ interface(`portmap_domtrans_helper',`
interface(`portmap_run_helper',`
gen_require(`
type portmap_t, portmap_helper_t;
- class chr_file { getattr read write ioctl };
')
portmap_domtrans_helper($1)
@@ -71,7 +67,6 @@ interface(`portmap_run_helper',`
interface(`portmap_udp_sendto',`
gen_require(`
type portmap_t;
- class udp_socket { sendto recvfrom };
')
allow $1 portmap_t:udp_socket sendto;
diff --git a/refpolicy/policy/modules/services/rshd.if b/refpolicy/policy/modules/services/rshd.if
index 9538cb0..daee569 100644
--- a/refpolicy/policy/modules/services/rshd.if
+++ b/refpolicy/policy/modules/services/rshd.if
@@ -11,9 +11,6 @@
interface(`rshd_domtrans',`
gen_require(`
type rshd_exec_t, rshd_t;
- class process sigchld;
- class fd use;
- class fifo_file rw_file_perms;
')
files_search_usr($1)
diff --git a/refpolicy/policy/modules/services/zebra.if b/refpolicy/policy/modules/services/zebra.if
index 781cb1e..cc57721 100644
--- a/refpolicy/policy/modules/services/zebra.if
+++ b/refpolicy/policy/modules/services/zebra.if
@@ -11,9 +11,6 @@
interface(`zebra_read_config',`
gen_require(`
type zebra_conf_t;
- class file r_file_perms;
- class dir r_dir_perms;
- class lnk_file r_file_perms;
')
files_search_etc($1)
diff --git a/refpolicy/policy/modules/system/authlogin.if b/refpolicy/policy/modules/system/authlogin.if
index 583b3c9..519a80a 100644
--- a/refpolicy/policy/modules/system/authlogin.if
+++ b/refpolicy/policy/modules/system/authlogin.if
@@ -210,9 +210,6 @@ interface(`auth_login_entry_type',`
interface(`auth_domtrans_login_program',`
gen_require(`
type login_exec_t;
- class process sigchld;
- class fd use;
- class fifo_file rw_file_perms;
')
corecmd_search_bin($1)
@@ -235,10 +232,6 @@ interface(`auth_domtrans_login_program',`
interface(`auth_domtrans_chk_passwd',`
gen_require(`
type system_chkpwd_t, chkpwd_exec_t, shadow_t;
- class process sigchld;
- class udp_socket create_socket_perms;
- class fd use;
- class fifo_file rw_file_perms;
')
corecmd_search_sbin($1)
@@ -286,7 +279,6 @@ interface(`auth_domtrans_chk_passwd',`
interface(`auth_getattr_shadow',`
gen_require(`
type shadow_t;
- class file getattr;
')
files_search_etc($1)
@@ -305,7 +297,6 @@ interface(`auth_getattr_shadow',`
interface(`auth_dontaudit_getattr_shadow',`
gen_require(`
type shadow_t;
- class file getattr;
')
dontaudit $1 shadow_t:file getattr;
@@ -339,7 +330,6 @@ interface(`auth_can_read_shadow_passwords',`
interface(`auth_tunable_read_shadow',`
gen_require(`
type shadow_t;
- class file r_file_perms;
')
files_list_etc($1)
@@ -358,7 +348,6 @@ interface(`auth_tunable_read_shadow',`
interface(`auth_dontaudit_read_shadow',`
gen_require(`
type shadow_t;
- class file r_file_perms;
')
dontaudit $1 shadow_t:file { getattr read };
@@ -376,7 +365,6 @@ interface(`auth_rw_shadow',`
gen_require(`
attribute can_read_shadow_passwords, can_write_shadow_passwords;
type shadow_t;
- class file rw_file_perms;
')
files_list_etc($1)
@@ -392,7 +380,6 @@ interface(`auth_manage_shadow',`
gen_require(`
attribute can_read_shadow_passwords, can_write_shadow_passwords;
type shadow_t;
- class file create_file_perms;
')
allow $1 shadow_t:file create_file_perms;
@@ -452,7 +439,6 @@ interface(`auth_relabel_shadow',`
interface(`auth_append_faillog',`
gen_require(`
type faillog_t;
- class file { getattr append };
')
logging_search_logs($1)
@@ -466,7 +452,6 @@ interface(`auth_append_faillog',`
interface(`auth_rw_faillog',`
gen_require(`
type faillog_t;
- class file rw_file_perms;
')
logging_search_logs($1)
@@ -562,7 +547,6 @@ interface(`auth_domtrans_pam',`
interface(`auth_run_pam',`
gen_require(`
type pam_t;
- class chr_file rw_file_perms;
')
auth_domtrans_pam($1)
@@ -648,8 +632,6 @@ interface(`auth_dontaudit_read_pam_pid',`
interface(`auth_delete_pam_pid',`
gen_require(`
type pam_var_run_t;
- class dir { getattr search read write remove_name };
- class file { getattr unlink };
')
files_search_var($1)
@@ -683,9 +665,6 @@ interface(`auth_manage_pam_pid',`
interface(`auth_domtrans_pam_console',`
gen_require(`
type pam_console_t, pam_console_exec_t;
- class process sigchld;
- class fd use;
- class fifo_file rw_file_perms;
')
domain_auto_trans($1,pam_console_exec_t,pam_console_t)
@@ -736,8 +715,6 @@ interface(`auth_list_pam_console_data',`
interface(`auth_read_pam_console_data',`
gen_require(`
type pam_var_console_t;
- class dir r_dir_perms;
- class file r_file_perms;
')
files_search_var($1)
@@ -753,9 +730,6 @@ interface(`auth_read_pam_console_data',`
interface(`auth_manage_pam_console_data',`
gen_require(`
type pam_var_console_t;
- class dir rw_dir_perms;
- class file create_file_perms;
- class lnk_file create_lnk_perms;
')
files_search_var($1)
@@ -902,9 +876,6 @@ interface(`auth_manage_all_files_except_shadow',`
interface(`auth_domtrans_utempter',`
gen_require(`
type utempter_t, utempter_exec_t;
- class process sigchld;
- class fd use;
- class fifo_file rw_file_perms;
')
domain_auto_trans($1,utempter_exec_t,utempter_t)
@@ -932,7 +903,6 @@ interface(`auth_domtrans_utempter',`
interface(`auth_run_utempter',`
gen_require(`
type utempter_t;
- class chr_file rw_file_perms;
')
auth_domtrans_utempter($1)
@@ -976,7 +946,6 @@ interface(`auth_setattr_login_records',`
interface(`auth_read_login_records',`
gen_require(`
type wtmp_t;
- class file r_file_perms;
')
logging_search_logs($1)
@@ -990,7 +959,6 @@ interface(`auth_read_login_records',`
interface(`auth_dontaudit_write_login_records',`
gen_require(`
type wtmp_t;
- class file write;
')
dontaudit $1 wtmp_t:file write;
@@ -1035,7 +1003,6 @@ interface(`auth_write_login_records',`
interface(`auth_rw_login_records',`
gen_require(`
type wtmp_t;
- class file rw_file_perms;
')
allow $1 wtmp_t:file rw_file_perms;
@@ -1061,7 +1028,6 @@ interface(`auth_filetrans_login_records',`
interface(`auth_manage_login_records',`
gen_require(`
type wtmp_t;
- class file create_file_perms;
')
logging_rw_log_dir($1)
diff --git a/refpolicy/policy/modules/system/clock.if b/refpolicy/policy/modules/system/clock.if
index 46a3aee..050bb43 100644
--- a/refpolicy/policy/modules/system/clock.if
+++ b/refpolicy/policy/modules/system/clock.if
@@ -11,8 +11,6 @@
interface(`clock_domtrans',`
gen_require(`
type hwclock_t, hwclock_exec_t;
- class fd use;
- class fifo_file rw_file_perms;
')
domain_auto_trans($1,hwclock_exec_t,hwclock_t)
@@ -41,7 +39,6 @@ interface(`clock_domtrans',`
interface(`clock_run',`
gen_require(`
type hwclock_t;
- class chr_file { getattr read write ioctl };
')
clock_domtrans($1)
@@ -76,7 +73,6 @@ interface(`clock_exec',`
interface(`clock_rw_adjtime',`
gen_require(`
type adjtime_t;
- class file rw_file_perms;
')
allow $1 adjtime_t:file rw_file_perms;
diff --git a/refpolicy/policy/modules/system/fstools.if b/refpolicy/policy/modules/system/fstools.if
index f6a52b9..c3e24ba 100644
--- a/refpolicy/policy/modules/system/fstools.if
+++ b/refpolicy/policy/modules/system/fstools.if
@@ -11,8 +11,6 @@
interface(`fstools_domtrans',`
gen_require(`
type fsadm_t, fsadm_exec_t;
- class fd use;
- class fifo_file rw_file_perms;
')
corecmd_search_sbin($1)
@@ -42,7 +40,6 @@ interface(`fstools_domtrans',`
interface(`fstools_run',`
gen_require(`
type fsadm_t;
- class chr_file { getattr read write ioctl };
')
fstools_domtrans($1)
@@ -95,7 +92,6 @@ interface(`fstools_relabelto_entry_files',`
interface(`fstools_manage_entry_files',`
gen_require(`
type fsadm_exec_t;
- class file create_file_perms;
')
allow $1 fsadm_exec_t:file create_file_perms;
diff --git a/refpolicy/policy/modules/system/hostname.if b/refpolicy/policy/modules/system/hostname.if
index a1d2ba1..b6daa3f 100644
--- a/refpolicy/policy/modules/system/hostname.if
+++ b/refpolicy/policy/modules/system/hostname.if
@@ -11,9 +11,6 @@
interface(`hostname_domtrans',`
gen_require(`
type hostname_t, hostname_exec_t;
- class process sigchld;
- class fd use;
- class fifo_file rw_file_perms;
')
corecmd_search_bin($1)
@@ -43,7 +40,6 @@ interface(`hostname_domtrans',`
interface(`hostname_run',`
gen_require(`
type hostname_t;
- class chr_file { getattr read write ioctl };
')
hostname_domtrans($1)
diff --git a/refpolicy/policy/modules/system/hotplug.if b/refpolicy/policy/modules/system/hotplug.if
index 7e10b6a..4971f29 100644
--- a/refpolicy/policy/modules/system/hotplug.if
+++ b/refpolicy/policy/modules/system/hotplug.if
@@ -10,9 +10,6 @@
interface(`hotplug_domtrans',`
gen_require(`
type hotplug_t, hotplug_exec_t;
- class process sigchld;
- class fd use;
- class fifo_file rw_file_perms;
')
corecmd_search_sbin($1)
@@ -44,7 +41,6 @@ interface(`hotplug_exec',`
interface(`hotplug_use_fd',`
gen_require(`
type hotplug_t;
- class fd use;
')
allow $1 hotplug_t:fd use;
@@ -57,7 +53,6 @@ interface(`hotplug_use_fd',`
interface(`hotplug_dontaudit_use_fd',`
gen_require(`
type hotplug_t;
- class fd use;
')
dontaudit $1 hotplug_t:fd use;
@@ -70,7 +65,6 @@ interface(`hotplug_dontaudit_use_fd',`
interface(`hotplug_dontaudit_search_config',`
gen_require(`
type hotplug_etc_t;
- class dir search;
')
dontaudit $1 hotplug_etc_t:dir search;
@@ -87,7 +81,6 @@ interface(`hotplug_dontaudit_search_config',`
interface(`hotplug_getattr_config_dir',`
gen_require(`
type hotplug_etc_t;
- class dir getattr;
')
allow $1 hotplug_etc_t:dir getattr;
@@ -104,7 +97,6 @@ interface(`hotplug_getattr_config_dir',`
interface(`hotplug_search_config',`
gen_require(`
type hotplug_etc_t;
- class dir { getattr search };
')
allow $1 hotplug_etc_t:dir { getattr search };
@@ -121,9 +113,6 @@ interface(`hotplug_search_config',`
interface(`hotplug_read_config',`
gen_require(`
type hotplug_etc_t;
- class file r_file_perms;
- class dir r_dir_perms;
- class lnk_file r_file_perms;
')
files_search_etc($1)
diff --git a/refpolicy/policy/modules/system/init.if b/refpolicy/policy/modules/system/init.if
index cff6c0f..bfb8c09 100644
--- a/refpolicy/policy/modules/system/init.if
+++ b/refpolicy/policy/modules/system/init.if
@@ -15,9 +15,6 @@ interface(`init_domain',`
gen_require(`
type init_t;
role system_r;
- class fd use;
- class fifo_file rw_file_perms;
- class process sigchld;
')
domain_type($1)
@@ -125,9 +122,6 @@ interface(`init_system_domain',`
gen_require(`
type initrc_t;
role system_r;
- class fd use;
- class fifo_file rw_file_perms;
- class process sigchld;
')
domain_type($1)
@@ -150,9 +144,6 @@ interface(`init_system_domain',`
interface(`init_domtrans',`
gen_require(`
type init_t, init_exec_t;
- class process sigchld;
- class fd use;
- class fifo_file rw_file_perms;
')
domain_auto_trans($1,init_exec_t,init_t)
@@ -187,7 +178,6 @@ interface(`init_exec',`
interface(`init_get_process_group',`
gen_require(`
type init_t;
- class process getpgid;
')
allow $1 init_t:process getpgid;
@@ -200,7 +190,6 @@ interface(`init_get_process_group',`
interface(`init_getattr_initctl',`
gen_require(`
type initctl_t;
- class fifo_file getattr;
')
allow $1 initctl_t:fifo_file getattr;
@@ -213,7 +202,6 @@ interface(`init_getattr_initctl',`
interface(`init_dontaudit_getattr_initctl',`
gen_require(`
type initctl_t;
- class fifo_file getattr;
')
dontaudit $1 initctl_t:fifo_file getattr;
@@ -226,7 +214,6 @@ interface(`init_dontaudit_getattr_initctl',`
interface(`init_write_initctl',`
gen_require(`
type initctl_t;
- class fifo_file write;
')
dev_list_all_dev_nodes($1)
@@ -240,7 +227,6 @@ interface(`init_write_initctl',`
interface(`init_use_initctl',`
gen_require(`
type initctl_t;
- class fifo_file rw_file_perms;
')
dev_list_all_dev_nodes($1)
@@ -254,7 +240,6 @@ interface(`init_use_initctl',`
interface(`init_dontaudit_use_initctl',`
gen_require(`
type initctl_t;
- class fifo_file { read write };
')
dontaudit $1 initctl_t:fifo_file { read write };
@@ -271,7 +256,6 @@ interface(`init_dontaudit_use_initctl',`
interface(`init_signull',`
gen_require(`
type init_t;
- class process signull;
')
allow $1 init_t:process signull;
@@ -288,7 +272,6 @@ interface(`init_signull',`
interface(`init_sigchld',`
gen_require(`
type init_t;
- class process sigchld;
')
allow $1 init_t:process sigchld;
@@ -301,7 +284,6 @@ interface(`init_sigchld',`
interface(`init_use_fd',`
gen_require(`
type init_t;
- class fd use;
')
allow $1 init_t:fd use;
@@ -314,7 +296,6 @@ interface(`init_use_fd',`
interface(`init_dontaudit_use_fd',`
gen_require(`
type init_t;
- class fd use;
')
dontaudit $1 init_t:fd use;
@@ -331,7 +312,6 @@ interface(`init_dontaudit_use_fd',`
interface(`init_udp_sendto',`
gen_require(`
type init_t;
- class udp_socket { sendto recvfrom };
')
allow $1 init_t:udp_socket sendto;
@@ -381,7 +361,6 @@ interface(`init_run_daemon',`
gen_require(`
attribute direct_run_init, direct_init, direct_init_entry;
role system_r;
- class chr_file rw_file_perms;
')
typeattribute $1 direct_run_init;
@@ -433,7 +412,6 @@ interface(`init_getattr_script_entry_file',`
interface(`init_read_script',`
gen_require(`
type initrc_exec_t;
- class file { getattr read };
')
files_list_etc($1)
@@ -464,10 +442,6 @@ interface(`init_exec_script',`
interface(`init_read_script_process_state',`
gen_require(`
type initrc_t;
- class dir r_dir_perms;
- class file r_file_perms;
- class lnk_file r_file_perms;
- class process { getattr ptrace };
')
#FIXME: search proc dir
@@ -489,7 +463,6 @@ interface(`init_read_script_process_state',`
interface(`init_use_script_fd',`
gen_require(`
type initrc_t;
- class fd use;
')
allow $1 initrc_t:fd use;
@@ -502,7 +475,6 @@ interface(`init_use_script_fd',`
interface(`init_dontaudit_use_script_fd',`
gen_require(`
type initrc_t;
- class fd use;
')
dontaudit $1 initrc_t:fd use;
@@ -515,7 +487,6 @@ interface(`init_dontaudit_use_script_fd',`
interface(`init_get_script_process_group',`
gen_require(`
type initrc_t;
- class process getpgid;
')
allow $1 initrc_t:process getpgid;
@@ -580,7 +551,6 @@ interface(`init_signull_script',`
interface(`init_rw_script_pipe',`
gen_require(`
type initrc_t;
- class chr_file { read write };
')
allow $1 initrc_t:fifo_file { read write };
@@ -597,7 +567,6 @@ interface(`init_rw_script_pipe',`
interface(`init_udp_sendto_script',`
gen_require(`
type initrc_t;
- class udp_socket { sendto recvfrom };
')
allow $1 initrc_t:udp_socket sendto;
@@ -711,7 +680,6 @@ interface(`init_dontaudit_use_script_pty',`
interface(`init_read_script_file',`
gen_require(`
type initrc_exec_t;
- class file r_file_perms;
')
files_search_etc($1)
@@ -777,7 +745,6 @@ interface(`init_filetrans_script_tmp',`
interface(`init_getattr_utmp',`
gen_require(`
type initrc_var_run_t;
- class file getattr;
')
allow $1 initrc_var_run_t:file getattr;
@@ -790,7 +757,6 @@ interface(`init_getattr_utmp',`
interface(`init_read_utmp',`
gen_require(`
type initrc_var_run_t;
- class file r_file_perms;
')
files_list_pids($1)
@@ -804,7 +770,6 @@ interface(`init_read_utmp',`
interface(`init_dontaudit_write_utmp',`
gen_require(`
type initrc_var_run_t;
- class file { write lock };
')
dontaudit $1 initrc_var_run_t:file { write lock };
@@ -834,7 +799,6 @@ interface(`init_dontaudit_lock_utmp',`
interface(`init_rw_utmp',`
gen_require(`
type initrc_var_run_t;
- class file rw_file_perms;
')
files_list_pids($1)
@@ -848,7 +812,6 @@ interface(`init_rw_utmp',`
interface(`init_dontaudit_rw_utmp',`
gen_require(`
type initrc_var_run_t;
- class file rw_file_perms;
')
dontaudit $1 initrc_var_run_t:file { getattr read write append };
diff --git a/refpolicy/policy/modules/system/ipsec.if b/refpolicy/policy/modules/system/ipsec.if
index c48f7d3..0294ab2 100644
--- a/refpolicy/policy/modules/system/ipsec.if
+++ b/refpolicy/policy/modules/system/ipsec.if
@@ -11,9 +11,6 @@
interface(`ipsec_domtrans',`
gen_require(`
type ipsec_t, ipsec_exec_t;
- class process sigchld;
- class fd use;
- class fifo_file rw_file_perms;
')
domain_auto_trans($1,ipsec_exec_t,ipsec_t)
@@ -35,9 +32,6 @@ interface(`ipsec_domtrans',`
interface(`ipsec_stream_connect',`
gen_require(`
type ipsec_t, ipsec_var_run_t;
- class dir search;
- class sock_file write;
- class unix_stream_socket connectto;
')
files_search_pids($1)
@@ -57,7 +51,6 @@ interface(`ipsec_stream_connect',`
interface(`ipsec_getattr_key_socket',`
gen_require(`
type ipsec_t;
- class key_socket getattr;
')
allow $1 ipsec_t:key_socket getattr;
@@ -90,7 +83,6 @@ interface(`ipsec_exec_mgmt',`
interface(`ipsec_read_config',`
gen_require(`
type ipsec_conf_file_t;
- class file r_file_perms;
')
files_search_etc($1)
@@ -108,8 +100,6 @@ interface(`ipsec_read_config',`
interface(`ipsec_manage_pid',`
gen_require(`
type ipsec_var_run_t;
- class dir rw_dir_perms;
- class file create_file_perms;
')
files_search_pids($1)
diff --git a/refpolicy/policy/modules/system/libraries.if b/refpolicy/policy/modules/system/libraries.if
index 8863b6a..ba832f8 100644
--- a/refpolicy/policy/modules/system/libraries.if
+++ b/refpolicy/policy/modules/system/libraries.if
@@ -39,7 +39,6 @@ interface(`libs_domtrans_ldconfig',`
interface(`libs_run_ldconfig',`
gen_require(`
type ldconfig_t;
- class chr_file rw_term_perms;
')
libs_domtrans_ldconfig($1)
@@ -59,9 +58,6 @@ interface(`libs_run_ldconfig',`
interface(`libs_use_ld_so',`
gen_require(`
type lib_t, ld_so_t, ld_so_cache_t;
- class dir r_dir_perms;
- class lnk_file r_file_perms;
- class file rx_file_perms;
')
files_list_etc($1)
@@ -84,7 +80,6 @@ interface(`libs_use_ld_so',`
interface(`libs_legacy_use_ld_so',`
gen_require(`
type ld_so_t, ld_so_cache_t;
- class file { execute execmod };
')
libs_use_ld_so($1)
@@ -103,8 +98,6 @@ interface(`libs_legacy_use_ld_so',`
interface(`libs_exec_ld_so',`
gen_require(`
type lib_t, ld_so_t;
- class dir r_dir_perms;
- class lnk_file r_file_perms;
')
allow $1 lib_t:dir r_dir_perms;
@@ -163,7 +156,6 @@ interface(`libs_relabel_ld_so',`
interface(`libs_rw_ld_so_cache',`
gen_require(`
type ld_so_cache_t;
- class file rw_file_perms;
')
files_list_etc($1)
@@ -181,7 +173,6 @@ interface(`libs_rw_ld_so_cache',`
interface(`libs_search_lib',`
gen_require(`
type lib_t;
- class dir search;
')
allow $1 lib_t:dir search;
@@ -199,9 +190,6 @@ interface(`libs_search_lib',`
interface(`libs_read_lib',`
gen_require(`
type lib_t;
- class dir r_dir_perms;
- class lnk_file r_file_perms;
- class file r_file_perms;
')
files_search_usr($1)
@@ -220,8 +208,6 @@ interface(`libs_read_lib',`
interface(`libs_exec_lib_files',`
gen_require(`
type lib_t;
- class dir r_dir_perms;
- class lnk_file r_file_perms;
')
files_search_usr($1)
@@ -280,7 +266,6 @@ interface(`libs_manage_lib_files',`
interface(`libs_relabelto_lib_files',`
gen_require(`
type lib_t;
- class file relabelto;
')
allow $1 lib_t:dir search_dir_perms;
@@ -357,7 +342,6 @@ interface(`libs_use_shared_libs',`
interface(`libs_legacy_use_shared_libs',`
gen_require(`
type shlib_t, textrel_shlib_t;
- class file execmod;
')
libs_use_shared_libs($1)
diff --git a/refpolicy/policy/modules/system/locallogin.if b/refpolicy/policy/modules/system/locallogin.if
index d370d54..8bfaee3 100644
--- a/refpolicy/policy/modules/system/locallogin.if
+++ b/refpolicy/policy/modules/system/locallogin.if
@@ -27,7 +27,6 @@ interface(`locallogin_domtrans',`
interface(`locallogin_use_fd',`
gen_require(`
type local_login_t;
- class fd use;
')
allow $1 local_login_t:fd use;
@@ -44,7 +43,6 @@ interface(`locallogin_use_fd',`
interface(`locallogin_dontaudit_use_fd',`
gen_require(`
type local_login_t;
- class fd use;
')
dontaudit $1 local_login_t:fd use;
@@ -61,7 +59,6 @@ interface(`locallogin_dontaudit_use_fd',`
interface(`locallogin_signull',`
gen_require(`
type local_login_t;
- class process signull;
')
allow $1 local_login_t:process signull;
diff --git a/refpolicy/policy/modules/system/logging.if b/refpolicy/policy/modules/system/logging.if
index bb1f079..106ab76 100644
--- a/refpolicy/policy/modules/system/logging.if
+++ b/refpolicy/policy/modules/system/logging.if
@@ -70,9 +70,6 @@ interface(`logging_domtrans_auditctl',`
interface(`logging_domtrans_syslog',`
gen_require(`
type syslogd_t, syslogd_exec_t;
- class process sigchld;
- class fd use;
- class fifo_file rw_file_perms;
')
corecmd_search_sbin($1)
@@ -91,7 +88,6 @@ interface(`logging_domtrans_syslog',`
interface(`logging_filetrans_log',`
gen_require(`
type var_log_t;
- class dir rw_dir_perms;
')
allow $1 var_log_t:dir rw_dir_perms;
@@ -110,10 +106,6 @@ interface(`logging_filetrans_log',`
interface(`logging_send_syslog_msg',`
gen_require(`
type syslogd_t, devlog_t;
- class lnk_file read;
- class sock_file rw_file_perms;
- class unix_dgram_socket { create_socket_perms sendto };
- class unix_stream_socket { create_socket_perms connectto };
')
allow $1 devlog_t:lnk_file read;
@@ -140,7 +132,6 @@ interface(`logging_send_syslog_msg',`
interface(`logging_read_auditd_config',`
gen_require(`
type auditd_etc_t;
- class file r_file_perms;
')
files_search_etc($1)
@@ -160,7 +151,6 @@ interface(`logging_read_auditd_config',`
interface(`logging_search_logs',`
gen_require(`
type var_log_t;
- class dir search;
')
files_search_var($1)
@@ -195,7 +185,6 @@ interface(`logging_list_logs',`
interface(`logging_rw_log_dir',`
gen_require(`
type var_log_t;
- class dir rw_dir_perms;
')
files_search_var($1)
@@ -209,7 +198,6 @@ interface(`logging_rw_log_dir',`
interface(`logging_dontaudit_getattr_all_logs',`
gen_require(`
attribute logfile;
- class file getattr;
')
dontaudit $1 logfile:file getattr;
@@ -223,8 +211,6 @@ interface(`logging_append_all_logs',`
gen_require(`
attribute logfile;
type var_log_t;
- class dir r_dir_perms;
- class file { getattr append };
')
files_search_var($1)
@@ -240,8 +226,6 @@ interface(`logging_read_all_logs',`
gen_require(`
attribute logfile;
type var_log_t;
- class dir r_dir_perms;
- class file r_file_perms;
')
files_search_var($1)
@@ -262,7 +246,6 @@ interface(`logging_read_all_logs',`
interface(`logging_exec_all_logs',`
gen_require(`
attribute logfile;
- class dir r_dir_perms;
')
files_search_var($1)
@@ -277,8 +260,6 @@ interface(`logging_exec_all_logs',`
interface(`logging_manage_all_logs',`
gen_require(`
attribute logfile;
- class dir rw_dir_perms;
- class file create_file_perms;
')
files_search_var($1)
@@ -294,8 +275,6 @@ interface(`logging_manage_all_logs',`
interface(`logging_read_generic_logs',`
gen_require(`
type var_log_t;
- class dir r_dir_perms;
- class file r_file_perms;
')
files_search_var($1)
@@ -310,8 +289,6 @@ interface(`logging_read_generic_logs',`
interface(`logging_write_generic_logs',`
gen_require(`
type var_log_t;
- class dir r_dir_perms;
- class file { getattr write };
')
files_search_var($1)
@@ -330,8 +307,6 @@ interface(`logging_write_generic_logs',`
interface(`logging_rw_generic_logs',`
gen_require(`
type var_log_t;
- class dir r_dir_perms;
- class file rw_file_perms;
')
files_search_var($1)
@@ -351,8 +326,6 @@ interface(`logging_rw_generic_logs',`
interface(`logging_manage_generic_logs',`
gen_require(`
type var_log_t;
- class dir rw_dir_perms;
- class file create_file_perms;
')
files_search_var($1)
diff --git a/refpolicy/policy/modules/system/mount.if b/refpolicy/policy/modules/system/mount.if
index 6d55b2f..56a6740 100644
--- a/refpolicy/policy/modules/system/mount.if
+++ b/refpolicy/policy/modules/system/mount.if
@@ -11,9 +11,6 @@
interface(`mount_domtrans',`
gen_require(`
type mount_t, mount_exec_t;
- class process sigchld;
- class fd use;
- class fifo_file rw_file_perms;
')
domain_auto_trans($1,mount_exec_t,mount_t)
@@ -43,7 +40,6 @@ interface(`mount_domtrans',`
interface(`mount_run',`
gen_require(`
type mount_t;
- class chr_file rw_file_perms;
')
mount_domtrans($1)
@@ -81,7 +77,6 @@ interface(`mount_exec',`
interface(`mount_use_fd',`
gen_require(`
type mount_t;
- class fd use;
')
allow $1 mount_t:fd use;
@@ -99,7 +94,6 @@ interface(`mount_use_fd',`
interface(`mount_send_nfs_client_request',`
gen_require(`
type mount_t;
- class udp_socket rw_socket_perms;
')
allow $1 mount_t:udp_socket rw_socket_perms;
diff --git a/refpolicy/policy/modules/system/raid.if b/refpolicy/policy/modules/system/raid.if
index 1981606..cfbcff9 100644
--- a/refpolicy/policy/modules/system/raid.if
+++ b/refpolicy/policy/modules/system/raid.if
@@ -11,9 +11,6 @@
interface(`raid_domtrans_mdadm',`
gen_require(`
type mdadm_t, mdadm_exec_t;
- class process sigchld;
- class fd use;
- class fifo_file rw_file_perms;
')
corecmd_search_sbin($1)
@@ -44,7 +41,6 @@ interface(`raid_domtrans_mdadm',`
interface(`raid_manage_mdadm_pid',`
gen_require(`
type mdadm_var_run_t;
- class file create_file_perms;
')
# FIXME: maybe should have a type_transition. not
diff --git a/refpolicy/policy/modules/system/selinuxutil.if b/refpolicy/policy/modules/system/selinuxutil.if
index a4a2f45..e78929b 100644
--- a/refpolicy/policy/modules/system/selinuxutil.if
+++ b/refpolicy/policy/modules/system/selinuxutil.if
@@ -11,9 +11,6 @@
interface(`seutil_domtrans_checkpol',`
gen_require(`
type checkpolicy_t, checkpolicy_exec_t;
- class process sigchld;
- class fd use;
- class fifo_file rw_file_perms;
')
files_search_usr($1)
@@ -45,7 +42,6 @@ interface(`seutil_domtrans_checkpol',`
interface(`seutil_run_checkpol',`
gen_require(`
type checkpolicy_t;
- class chr_file rw_term_perms;
')
seutil_domtrans_checkpol($1)
@@ -78,9 +74,6 @@ interface(`seutil_exec_checkpol',`
interface(`seutil_domtrans_loadpol',`
gen_require(`
type load_policy_t, load_policy_exec_t;
- class process sigchld;
- class fd use;
- class fifo_file rw_file_perms;
')
corecmd_search_sbin($1)
@@ -112,7 +105,6 @@ interface(`seutil_domtrans_loadpol',`
interface(`seutil_run_loadpol',`
gen_require(`
type load_policy_t;
- class chr_file rw_term_perms;
')
seutil_domtrans_loadpol($1)
@@ -140,7 +132,6 @@ interface(`seutil_exec_loadpol',`
interface(`seutil_read_loadpol',`
gen_require(`
type load_policy_exec_t;
- class file r_file_perms;
')
corecmd_search_sbin($1)
@@ -158,9 +149,6 @@ interface(`seutil_read_loadpol',`
interface(`seutil_domtrans_newrole',`
gen_require(`
type newrole_t, newrole_exec_t;
- class process sigchld;
- class fd use;
- class fifo_file rw_file_perms;
')
files_search_usr($1)
@@ -192,7 +180,6 @@ interface(`seutil_domtrans_newrole',`
interface(`seutil_run_newrole',`
gen_require(`
type newrole_t;
- class chr_file rw_term_perms;
')
seutil_domtrans_newrole($1)
@@ -226,7 +213,6 @@ interface(`seutil_exec_newrole',`
interface(`seutil_dontaudit_signal_newrole',`
gen_require(`
type newrole_t;
- class process signal;
')
dontaudit $1 newrole_t:process signal;
@@ -239,7 +225,6 @@ interface(`seutil_dontaudit_signal_newrole',`
interface(`seutil_sigchld_newrole',`
gen_require(`
type newrole_t;
- class process sigchld;
')
allow $1 newrole_t:process sigchld;
@@ -252,7 +237,6 @@ interface(`seutil_sigchld_newrole',`
interface(`seutil_use_newrole_fd',`
gen_require(`
type newrole_t;
- class fd use;
')
allow $1 newrole_t:fd use;
@@ -269,9 +253,6 @@ interface(`seutil_use_newrole_fd',`
interface(`seutil_domtrans_restorecon',`
gen_require(`
type restorecon_t, restorecon_exec_t;
- class process sigchld;
- class fd use;
- class fifo_file rw_file_perms;
')
corecmd_search_sbin($1)
@@ -302,7 +283,6 @@ interface(`seutil_domtrans_restorecon',`
interface(`seutil_run_restorecon',`
gen_require(`
type restorecon_t;
- class chr_file rw_term_perms;
')
seutil_domtrans_restorecon($1)
@@ -334,9 +314,6 @@ interface(`seutil_exec_restorecon',`
interface(`seutil_domtrans_runinit',`
gen_require(`
type run_init_t, run_init_exec_t;
- class process sigchld;
- class fd use;
- class fifo_file rw_file_perms;
')
files_search_usr($1)
@@ -384,7 +361,6 @@ interface(`seutil_run_runinit',`
interface(`seutil_use_runinit_fd',`
gen_require(`
type run_init_t;
- class fd use;
')
allow $1 run_init_t:fd use;
@@ -401,9 +377,6 @@ interface(`seutil_use_runinit_fd',`
interface(`seutil_domtrans_setfiles',`
gen_require(`
type setfiles_t, setfiles_exec_t;
- class process sigchld;
- class fd use;
- class fifo_file rw_file_perms;
')
files_search_usr($1)
@@ -435,7 +408,6 @@ interface(`seutil_domtrans_setfiles',`
interface(`seutil_run_setfiles',`
gen_require(`
type setfiles_t;
- class chr_file rw_term_perms;
')
seutil_domtrans_setfiles($1)
@@ -469,7 +441,6 @@ interface(`seutil_exec_setfiles',`
interface(`seutil_dontaudit_search_config',`
gen_require(`
type selinux_config_t;
- class dir search;
')
dontaudit $1 selinux_config_t:dir search;
@@ -519,7 +490,6 @@ interface(`seutil_read_config',`
interface(`seutil_search_default_contexts',`
gen_require(`
type selinux_config_t, default_context_t;
- class dir search;
')
files_search_etc($1)
@@ -566,8 +536,6 @@ interface(`seutil_read_file_contexts',`
interface(`seutil_read_binary_pol',`
gen_require(`
type selinux_config_t, policy_config_t;
- class dir r_dir_perms;
- class file r_file_perms;
')
files_search_etc($1)
@@ -584,8 +552,6 @@ interface(`seutil_create_binary_pol',`
gen_require(`
# attribute can_write_binary_policy;
type selinux_config_t, policy_config_t;
- class dir ra_dir_perms;
- class file { getattr create write };
')
files_search_etc($1)
@@ -607,7 +573,6 @@ interface(`seutil_relabelto_binary_pol',`
gen_require(`
attribute can_relabelto_binary_policy;
type policy_config_t;
- class file relabelto;
')
allow $1 policy_config_t:file relabelto;
@@ -622,8 +587,6 @@ interface(`seutil_manage_binary_pol',`
gen_require(`
attribute can_write_binary_policy;
type selinux_config_t, policy_config_t;
- class dir rw_dir_perms;
- class file create_file_perms;
')
files_search_etc($1)
@@ -640,8 +603,6 @@ interface(`seutil_manage_binary_pol',`
interface(`seutil_read_src_pol',`
gen_require(`
type selinux_config_t, policy_src_t;
- class dir r_dir_perms;
- class file r_file_perms;
')
files_search_etc($1)
@@ -657,8 +618,6 @@ interface(`seutil_read_src_pol',`
interface(`seutil_manage_src_pol',`
gen_require(`
type selinux_config_t, policy_src_t;
- class dir create_dir_perms;
- class file create_file_perms;
')
files_search_etc($1)
diff --git a/refpolicy/policy/modules/system/unconfined.if b/refpolicy/policy/modules/system/unconfined.if
index fdb3987..b330404 100644
--- a/refpolicy/policy/modules/system/unconfined.if
+++ b/refpolicy/policy/modules/system/unconfined.if
@@ -112,9 +112,6 @@ template(`unconfined_domain_template',`
interface(`unconfined_domtrans',`
gen_require(`
type unconfined_t, unconfined_exec_t;
- class process sigchld;
- class fd use;
- class fifo_file rw_file_perms;
')
domain_auto_trans($1,unconfined_exec_t,unconfined_t)
@@ -142,7 +139,6 @@ interface(`unconfined_domtrans',`
interface(`unconfined_run',`
gen_require(`
type unconfined_t;
- class chr_file rw_term_perms;
')
unconfined_domtrans($1)
@@ -177,7 +173,6 @@ interface(`unconfined_shell_domtrans',`
interface(`unconfined_use_fd',`
gen_require(`
type unconfined_t;
- class fd use;
')
allow $1 unconfined_t:fd use;
@@ -194,7 +189,6 @@ interface(`unconfined_use_fd',`
interface(`unconfined_sigchld',`
gen_require(`
type unconfined_t;
- class process sigchld;
')
allow $1 unconfined_t:process sigchld;
@@ -259,7 +253,6 @@ interface(`unconfined_dontaudit_read_pipe',`
interface(`unconfined_rw_pipe',`
gen_require(`
type unconfined_t;
- class fifo_file rw_file_perms;
')
allow $1 unconfined_t:fifo_file rw_file_perms;
@@ -287,7 +280,6 @@ interface(`unconfined_rw_pipe',`
interface(`unconfined_dontaudit_rw_tcp_socket',`
gen_require(`
type unconfined_t;
- class tcp_socket { read write };
')
dontaudit $1 unconfined_t:tcp_socket { read write };
More information about the scm-commits
mailing list