Colord does not need to connect to network

diff --git a/policy/modules/services/colord.te b/policy/modules/services/colord.te
index 2f9b1bc6685b7bf144184277cd8bbf053fda5c07..be3683b9849f86650953e35fadb168627d685e6c 100644 (file)
--- a/policy/modules/services/colord.te
+++ b/policy/modules/services/colord.te
@@ -5,13 +5,6 @@ policy_module(colord, 1.0.0)
 # Declarations
 #
 
-## <desc>
-##  <p>
-##  Allow colord domain to connect to the network using TCP.
-##  </p>
-## </desc>
-gen_tunable(colord_can_network_connect, false)
-
 type colord_t;
 type colord_exec_t;
 dbus_system_domain(colord_t, colord_exec_t)
@@ -102,10 +95,6 @@ userdom_rw_user_tmpfs_files(colord_t)
 
 userdom_home_reader(colord_t)
 
-tunable_policy(`colord_can_network_connect',`
-    corenet_tcp_connect_all_ports(colord_t)
-')
-
 tunable_policy(`use_nfs_home_dirs',`
        fs_getattr_nfs(colord_t)
        fs_read_nfs_files(colord_t)