From 1888d45f5fd8a200db4033587b13b861010fe868 Mon Sep 17 00:00:00 2001
From: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Sat, 14 Jan 2012 20:34:12 +0100
Subject: [PATCH] Remove module for yam.

---
 policy/modules/apps/yam.fc        |   6 --
 policy/modules/apps/yam.if        |  66 -----------------
 policy/modules/apps/yam.te        | 118 ------------------------------
 policy/modules/roles/sysadm.te    |   4 -
 policy/modules/services/apache.te |   4 -
 5 files changed, 198 deletions(-)
 delete mode 100644 policy/modules/apps/yam.fc
 delete mode 100644 policy/modules/apps/yam.if
 delete mode 100644 policy/modules/apps/yam.te

diff --git a/policy/modules/apps/yam.fc b/policy/modules/apps/yam.fc
deleted file mode 100644
index 4ec6edeb..00000000
--- a/policy/modules/apps/yam.fc
+++ /dev/null
@@ -1,6 +0,0 @@
-/etc/yam\.conf		--	gen_context(system_u:object_r:yam_etc_t,s0)
-
-/usr/bin/yam		--	gen_context(system_u:object_r:yam_exec_t,s0)
-
-/var/yam(/.*)?			gen_context(system_u:object_r:yam_content_t,s0)
-/var/www/yam(/.*)?		gen_context(system_u:object_r:yam_content_t,s0)
diff --git a/policy/modules/apps/yam.if b/policy/modules/apps/yam.if
deleted file mode 100644
index 07015a25..00000000
--- a/policy/modules/apps/yam.if
+++ /dev/null
@@ -1,66 +0,0 @@
-## <summary>Yum/Apt Mirroring</summary>
-
-########################################
-## <summary>
-##	Execute yam in the yam domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`yam_domtrans',`
-	gen_require(`
-		type yam_t, yam_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, yam_exec_t, yam_t)
-')
-
-########################################
-## <summary>
-##	Execute yam in the yam domain, and
-##	allow the specified role the yam domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`yam_run',`
-	gen_require(`
-		type yam_t;
-	')
-
-	yam_domtrans($1)
-	role $2 types yam_t;
-')
-
-########################################
-## <summary>
-##	Read yam content.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`yam_read_content',`
-	gen_require(`
-		type yam_content_t;
-	')
-
-	allow $1 yam_content_t:dir list_dir_perms;
-	read_files_pattern($1, yam_content_t, yam_content_t)
-	read_lnk_files_pattern($1, yam_content_t, yam_content_t)
-')
diff --git a/policy/modules/apps/yam.te b/policy/modules/apps/yam.te
deleted file mode 100644
index d95e7208..00000000
--- a/policy/modules/apps/yam.te
+++ /dev/null
@@ -1,118 +0,0 @@
-policy_module(yam, 1.4.0)
-
-########################################
-#
-# Declarations
-#
-
-type yam_t alias yam_crond_t;
-type yam_exec_t;
-application_domain(yam_t, yam_exec_t)
-
-type yam_content_t;
-files_mountpoint(yam_content_t)
-
-type yam_etc_t;
-files_config_file(yam_etc_t)
-
-type yam_tmp_t;
-files_tmp_file(yam_tmp_t)
-
-########################################
-#
-# Local policy
-#
-
-allow yam_t self:capability { chown fowner fsetid dac_override };
-allow yam_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
-allow yam_t self:process execmem;
-allow yam_t self:fd use;
-allow yam_t self:fifo_file rw_fifo_file_perms;
-allow yam_t self:unix_stream_socket { create_stream_socket_perms connectto };
-allow yam_t self:unix_dgram_socket { create_socket_perms sendto };
-allow yam_t self:shm create_shm_perms;
-allow yam_t self:sem create_sem_perms;
-allow yam_t self:msgq create_msgq_perms;
-allow yam_t self:msg { send receive };
-allow yam_t self:tcp_socket create_socket_perms;
-
-# Update the content being managed by yam.
-manage_dirs_pattern(yam_t, yam_content_t, yam_content_t)
-manage_files_pattern(yam_t, yam_content_t, yam_content_t)
-manage_lnk_files_pattern(yam_t, yam_content_t, yam_content_t)
-
-allow yam_t yam_etc_t:file read_file_perms;
-files_search_etc(yam_t)
-
-manage_files_pattern(yam_t, yam_tmp_t, yam_tmp_t)
-manage_dirs_pattern(yam_t, yam_tmp_t, yam_tmp_t)
-files_tmp_filetrans(yam_t, yam_tmp_t, { file dir })
-
-kernel_read_kernel_sysctls(yam_t)
-kernel_read_proc_symlinks(yam_t)
-# Python works fine without reading /proc/meminfo
-kernel_dontaudit_read_system_state(yam_t)
-
-corecmd_exec_shell(yam_t)
-corecmd_exec_bin(yam_t)
-
-# Rsync and lftp need to network.  They also set files attributes to
-# match whats on the remote server.
-corenet_all_recvfrom_unlabeled(yam_t)
-corenet_all_recvfrom_netlabel(yam_t)
-corenet_tcp_sendrecv_generic_if(yam_t)
-corenet_tcp_sendrecv_generic_node(yam_t)
-corenet_tcp_sendrecv_all_ports(yam_t)
-corenet_tcp_connect_http_port(yam_t)
-corenet_tcp_connect_rsync_port(yam_t)
-corenet_sendrecv_http_client_packets(yam_t)
-corenet_sendrecv_rsync_client_packets(yam_t)
-
-# mktemp
-dev_read_urand(yam_t)
-
-files_read_etc_files(yam_t)
-files_read_etc_runtime_files(yam_t)
-# /usr/share/createrepo/genpkgmetadata.py:
-files_exec_usr_files(yam_t)
-# Programs invoked to build package lists need various permissions.
-# genpkglist creates tmp files in /var/cache/apt/genpkglist
-files_rw_var_files(yam_t)
-
-fs_search_auto_mountpoints(yam_t)
-# Content can also be on ISO image files.
-fs_read_iso9660_files(yam_t)
-
-auth_use_nsswitch(yam_t)
-
-logging_send_syslog_msg(yam_t)
-
-miscfiles_read_localization(yam_t)
-
-seutil_read_config(yam_t)
-
-sysnet_dns_name_resolve(yam_t)
-sysnet_read_config(yam_t)
-
-userdom_use_inherited_user_terminals(yam_t)
-userdom_use_unpriv_users_fds(yam_t)
-# Reading dotfiles...
-# cjp: ?
-userdom_search_user_home_dirs(yam_t)
-
-# The whole point of this program is to make updates available on a
-# local web server.  Need to go through /var to get to /var/yam
-# Go through /var/www to get to /var/www/yam
-apache_search_sys_content(yam_t)
-
-optional_policy(`
-	cron_system_entry(yam_t, yam_exec_t)
-')
-
-optional_policy(`
-	mount_domtrans(yam_t)
-')
-
-optional_policy(`
-	rsync_exec(yam_t)
-')
diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
index ff7b2ff8..d6b4ce70 100644
--- a/policy/modules/roles/sysadm.te
+++ b/policy/modules/roles/sysadm.te
@@ -474,10 +474,6 @@ optional_policy(`
 	xserver_role(sysadm_r, sysadm_t)
 ')
 
-optional_policy(`
-	yam_run(sysadm_t, sysadm_r)
-')
-
 optional_policy(`
 	zebra_stream_connect(sysadm_t)
 ')
diff --git a/policy/modules/services/apache.te b/policy/modules/services/apache.te
index e589d33c..58b48b1b 100644
--- a/policy/modules/services/apache.te
+++ b/policy/modules/services/apache.te
@@ -865,10 +865,6 @@ optional_policy(`
 	udev_read_db(httpd_t)
 ')
 
-optional_policy(`
-	yam_read_content(httpd_t)
-')
-
 optional_policy(`
 	zarafa_manage_lib_files(httpd_t)
 	zarafa_stream_connect_server(httpd_t)
-- 
2.39.2