remove disable_trans booleans

diff --git a/Changelog b/Changelog
index c5c12187254599a9baf4470c089ed87d69ef5a17..6c6c60903c99ccb05550482b9a2d65e71c46f156 100644 (file)
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,4 @@
+- Remove disable_trans booleans.
 - Output different header sets for kernel and userland from flask headers.
 - Marked the pax class as deprecated, changed it to userland so
   it will be removed from the kernel.

diff --git a/policy/modules/services/inetd.if b/policy/modules/services/inetd.if
index fe24a58558a427f00d24e6837807a1f0fa1a8e6b..b5e88d59c2eb4f5389d9dbbdf2fd9f7facfb925b 100644 (file)
--- a/policy/modules/services/inetd.if
+++ b/policy/modules/services/inetd.if
@@ -35,32 +35,9 @@ interface(`inetd_core_service_domain',`
 
        role system_r types $1;
 
-       ifdef(`targeted_policy',`
-               # this regex is a hack, since it assumes there is a
-               # _t at the end of the domain type.  If there is no _t
-               # at the end of the type, it returns empty!
-               ifdef(`__define_'regexp($1, `\(\w+\)_t', `\1_disable_trans'),`',`
-                       bool regexp($1, `\(\w+\)_t', `\1_disable_trans') false;
-                       define(`__define_'regexp($1, `\(\w+\)_t', `\1_disable_trans'))
-               ')
-               if(regexp($1, `\(\w+\)_t', `\1_disable_trans') ) {
-#                      can_exec(inetd_t,$2)
-                       # cjp: this must be wrong
-                       gen_require(`
-                               type initrc_t, unconfined_t;
-                       ')
-                       can_exec({ unconfined_t initrc_t },$2)
-               } else {
-                       domtrans_pattern(inetd_t,$2,$1)
-                       dontaudit inetd_t $1:process { noatsecure siginh rlimitinh };
-                       allow inetd_t $1:process sigkill;
-               }
-       ',`
-               domtrans_pattern(inetd_t,$2,$1)
-               dontaudit inetd_t $1:process { noatsecure siginh rlimitinh };
-
-               allow inetd_t $1:process sigkill;
-       ')
+       domtrans_pattern(inetd_t,$2,$1)
+
+       allow inetd_t $1:process sigkill;
 ')
 
 ########################################

diff --git a/policy/modules/services/inetd.te b/policy/modules/services/inetd.te
index a5ba36a366c180dccdc72fa0038d1e6bd9a63199..d3846aff94cf82091d6c1563730a9fe893101299 100644 (file)
--- a/policy/modules/services/inetd.te
+++ b/policy/modules/services/inetd.te
@@ -1,5 +1,5 @@
 
-policy_module(inetd,1.2.2)
+policy_module(inetd,1.2.3)
 
 ########################################
 #

diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if
index 0e60c026fdc0b02f5effc492107f047f69c77ab8..59a38e4aad5bd51ca3bf43754fee1444094e9fa1 100644 (file)
--- a/policy/modules/system/init.if
+++ b/policy/modules/system/init.if
@@ -105,6 +105,8 @@ interface(`init_daemon_domain',`
 
        role system_r types $1;
 
+       domtrans_pattern(initrc_t,$2,$1)
+
        # daemons started from init will
        # inherit fds from init for the console
        init_dontaudit_use_fds($1)
@@ -130,25 +132,6 @@ interface(`init_daemon_domain',`
                ')
        ')
 
-       ifdef(`targeted_policy',`
-               # this regex is a hack, since it assumes there is a
-               # _t at the end of the domain type.  If there is no _t
-               # at the end of the type, it returns empty!
-               ifdef(`__define_'regexp($1, `\(\w+\)_t', `\1_disable_trans'),`',`
-                       bool regexp($1, `\(\w+\)_t', `\1_disable_trans') false;
-                       define(`__define_'regexp($1, `\(\w+\)_t', `\1_disable_trans'))
-               ')
-               if(regexp($1, `\(\w+\)_t', `\1_disable_trans') ) {
-                       can_exec(initrc_t,$2)
-                       can_exec(direct_run_init,$2)
-               } else {
-                       domtrans_pattern(initrc_t,$2,$1)
-                       allow initrc_t $1:process { noatsecure siginh rlimitinh };
-               }
-       ',`
-               domtrans_pattern(initrc_t,$2,$1)
-       ')
-
        optional_policy(`
                nscd_socket_use($1)
        ')

diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index 9220d4c31e44180194fe78411e07758ff56d81ac..c5ee4d9dc9f8299c02fef76e899754b680ef2536 100644 (file)
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -1,5 +1,5 @@
 
-policy_module(init,1.5.3)
+policy_module(init,1.5.4)
 
 gen_require(`
        class passwd rootok;