From: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Fri, 6 Jan 2012 21:35:32 +0000 (+0100)
Subject: emove module for games.
X-Git-Tag: 001~18
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=024970e67f97d5a523b0967921a9577e7ddc784b;p=people%2Fstevee%2Fselinux-policy.git

emove module for games.
---

diff --git a/policy/modules/apps/games.fc b/policy/modules/apps/games.fc
deleted file mode 100644
index 78dc515e..00000000
--- a/policy/modules/apps/games.fc
+++ /dev/null
@@ -1,66 +0,0 @@
-#
-# /usr
-#
-/usr/lib/games(/.*)? 		gen_context(system_u:object_r:games_exec_t,s0)
-/usr/games/.*		--	gen_context(system_u:object_r:games_exec_t,s0)
-
-#
-# /var
-#
-/var/lib/games(/.*)? 		gen_context(system_u:object_r:games_data_t,s0)
-/var/games(/.*)?		gen_context(system_u:object_r:games_data_t,s0)
-
-ifndef(`distro_debian',`
-/usr/bin/micq		--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/blackjack	--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/gataxx		--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/glines		--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/gnect		--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/gnibbles	--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/gnobots2	--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/gnome-stones	--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/gnomine	--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/gnotravex	--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/gnotski	--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/gtali		--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/iagno		--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/mahjongg	--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/same-gnome	--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/sol		--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/atlantik	--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/kasteroids	--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/katomic	--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/kbackgammon	--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/kbattleship	--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/kblackbox	--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/kbounce	--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/kenolaba	--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/kfouleggs	--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/kgoldrunner	--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/kjumpingcube	--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/klickety	--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/klines		--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/kmahjongg	--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/kmines		--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/kolf		--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/konquest	--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/kpat		--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/kpoker		--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/kreversi	--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/ksame		--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/kshisen	--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/ksirtet	--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/ksmiletris	--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/ksnake		--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/ksokoban	--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/kspaceduel	--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/ktron		--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/ktuberling	--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/kwin4		--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/kwin4proc	--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/lskat		--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/lskatproc	--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/Maelstrom	--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/civclient.*	--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/civserver.*	--	gen_context(system_u:object_r:games_exec_t,s0)
-')dnl end non-Debian section
diff --git a/policy/modules/apps/games.if b/policy/modules/apps/games.if
deleted file mode 100644
index 7ac736d3..00000000
--- a/policy/modules/apps/games.if
+++ /dev/null
@@ -1,51 +0,0 @@
-## <summary>Games</summary>
-
-############################################################
-## <summary>
-##	Role access for games
-## </summary>
-## <param name="role">
-##	<summary>
-##	Role allowed access
-##	</summary>
-## </param>
-## <param name="domain">
-##	<summary>
-##	User domain for the role
-##	</summary>
-## </param>
-#
-interface(`games_role',`
-	gen_require(`
-		type games_t, games_exec_t;
-	')
-
-	role $1 types games_t;
-
-	domtrans_pattern($2, games_exec_t, games_t)
-	allow $2 games_t:unix_stream_socket connectto;
-	allow games_t $2:unix_stream_socket connectto;
-
-	# Allow the user domain to signal/ps.
-	ps_process_pattern($2, games_t)
-	allow $2 games_t:process signal_perms;
-')
-
-########################################
-## <summary>
-##	Allow the specified domain to read/write
-##	games data.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`games_rw_data',`
-	gen_require(`
-		type games_data_t;
-	')
-
-	rw_files_pattern($1, games_data_t, games_data_t)
-')
diff --git a/policy/modules/apps/games.te b/policy/modules/apps/games.te
deleted file mode 100644
index 4b7b7637..00000000
--- a/policy/modules/apps/games.te
+++ /dev/null
@@ -1,181 +0,0 @@
-policy_module(games, 2.1.0)
-
-########################################
-#
-# Declarations
-#
-
-type games_t;
-type games_exec_t;
-typealias games_t alias { user_games_t staff_games_t sysadm_games_t };
-typealias games_t alias { auditadm_games_t secadm_games_t };
-application_domain(games_t, games_exec_t)
-ubac_constrained(games_t)
-
-type games_data_t;
-typealias games_data_t alias { user_games_data_t staff_games_data_t sysadm_games_data_t };
-typealias games_data_t alias { auditadm_games_data_t secadm_games_data_t };
-files_type(games_data_t)
-ubac_constrained(games_data_t)
-
-type games_devpts_t;
-typealias games_devpts_t alias { user_games_devpts_t staff_games_devpts_t sysadm_games_devpts_t };
-typealias games_devpts_t alias { auditadm_games_devpts_t secadm_games_devpts_t };
-term_pty(games_devpts_t)
-ubac_constrained(games_devpts_t)
-
-# games_srv_t is for system operation of games, generic games daemons and
-# games recovery scripts
-type games_srv_t;
-init_system_domain(games_srv_t, games_exec_t)
-
-type games_srv_var_run_t;
-files_pid_file(games_srv_var_run_t)
-
-type games_tmp_t;
-typealias games_tmp_t alias { user_games_tmp_t staff_games_tmp_t sysadm_games_tmp_t };
-typealias games_tmp_t alias { auditadm_games_tmp_t secadm_games_tmp_t };
-files_tmp_file(games_tmp_t)
-ubac_constrained(games_tmp_t)
-
-type games_tmpfs_t;
-typealias games_tmpfs_t alias { user_games_tmpfs_t staff_games_tmpfs_t sysadm_games_tmpfs_t };
-typealias games_tmpfs_t alias { auditadm_games_tmpfs_t secadm_games_tmpfs_t };
-files_tmpfs_file(games_tmpfs_t)
-ubac_constrained(games_tmpfs_t)
-
-########################################
-#
-# Server local policy
-#
-
-dontaudit games_srv_t self:capability sys_tty_config;
-allow games_srv_t self:process signal_perms;
-
-manage_files_pattern(games_srv_t, games_data_t, games_data_t)
-manage_lnk_files_pattern(games_srv_t, games_data_t, games_data_t)
-
-manage_files_pattern(games_srv_t, games_srv_var_run_t, games_srv_var_run_t)
-files_pid_filetrans(games_srv_t, games_srv_var_run_t, file)
-
-can_exec(games_srv_t, games_exec_t)
-
-kernel_read_kernel_sysctls(games_srv_t)
-kernel_list_proc(games_srv_t)
-kernel_read_proc_symlinks(games_srv_t)
-
-dev_read_sysfs(games_srv_t)
-
-fs_getattr_all_fs(games_srv_t)
-fs_search_auto_mountpoints(games_srv_t)
-
-term_dontaudit_use_console(games_srv_t)
-
-domain_use_interactive_fds(games_srv_t)
-
-init_use_fds(games_srv_t)
-init_use_script_ptys(games_srv_t)
-
-logging_send_syslog_msg(games_srv_t)
-
-miscfiles_read_localization(games_srv_t)
-
-userdom_dontaudit_use_unpriv_user_fds(games_srv_t)
-
-userdom_dontaudit_search_user_home_dirs(games_srv_t)
-
-optional_policy(`
-	seutil_sigchld_newrole(games_srv_t)
-')
-
-optional_policy(`
-	udev_read_db(games_srv_t)
-')
-
-########################################
-#
-# Local policy
-#
-
-allow games_t self:sem create_sem_perms;
-allow games_t self:tcp_socket create_stream_socket_perms;
-allow games_t self:udp_socket create_socket_perms;
-
-manage_files_pattern(games_t, games_data_t, games_data_t)
-manage_lnk_files_pattern(games_t, games_data_t, games_data_t)
-
-allow games_t games_devpts_t:chr_file { rw_chr_file_perms setattr };
-term_create_pty(games_t, games_devpts_t)
-
-manage_dirs_pattern(games_t, games_tmp_t, games_tmp_t)
-manage_files_pattern(games_t, games_tmp_t, games_tmp_t)
-files_tmp_filetrans(games_t, games_tmp_t, { file dir })
-
-manage_files_pattern(games_t, games_tmpfs_t, games_tmpfs_t)
-manage_lnk_files_pattern(games_t, games_tmpfs_t, games_tmpfs_t)
-manage_fifo_files_pattern(games_t, games_tmpfs_t, games_tmpfs_t)
-manage_sock_files_pattern(games_t, games_tmpfs_t, games_tmpfs_t)
-fs_tmpfs_filetrans(games_t, games_tmpfs_t, { file lnk_file sock_file fifo_file })
-
-can_exec(games_t, games_exec_t)
-
-kernel_read_system_state(games_t)
-
-corecmd_exec_bin(games_t)
-
-corenet_all_recvfrom_unlabeled(games_t)
-corenet_all_recvfrom_netlabel(games_t)
-corenet_tcp_sendrecv_generic_if(games_t)
-corenet_udp_sendrecv_generic_if(games_t)
-corenet_tcp_sendrecv_generic_node(games_t)
-corenet_udp_sendrecv_generic_node(games_t)
-corenet_tcp_sendrecv_all_ports(games_t)
-corenet_udp_sendrecv_all_ports(games_t)
-corenet_tcp_bind_generic_node(games_t)
-corenet_tcp_bind_generic_port(games_t)
-corenet_tcp_connect_generic_port(games_t)
-corenet_sendrecv_generic_client_packets(games_t)
-corenet_sendrecv_generic_server_packets(games_t)
-
-dev_read_sound(games_t)
-dev_write_sound(games_t)
-dev_read_input(games_t)
-dev_read_mouse(games_t)
-dev_read_urand(games_t)
-
-files_list_var(games_t)
-files_search_var_lib(games_t)
-files_dontaudit_search_var(games_t)
-files_read_etc_files(games_t)
-files_read_usr_files(games_t)
-files_read_var_files(games_t)
-
-init_dontaudit_rw_utmp(games_t)
-
-logging_dontaudit_search_logs(games_t)
-
-miscfiles_read_man_pages(games_t)
-miscfiles_read_localization(games_t)
-
-sysnet_read_config(games_t)
-
-userdom_manage_user_tmp_dirs(games_t)
-userdom_manage_user_tmp_files(games_t)
-userdom_manage_user_tmp_symlinks(games_t)
-userdom_manage_user_tmp_sockets(games_t)
-# Suppress .icons denial until properly implemented
-userdom_dontaudit_read_user_home_content_files(games_t)
-
-tunable_policy(`deny_execmem',`', `
-	allow games_t self:process execmem;
-')
-
-optional_policy(`
-	nscd_socket_use(games_t)
-')
-
-optional_policy(`
-	xserver_user_x_domain_template(games, games_t, games_tmpfs_t)
-	xserver_create_xdm_tmp_sockets(games_t)
-	xserver_read_xdm_lib_files(games_t)
-')
diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te
index dedcb9aa..c6ff590d 100644
--- a/policy/modules/roles/staff.te
+++ b/policy/modules/roles/staff.te
@@ -241,10 +241,6 @@ ifndef(`distro_redhat',`
 		dbus_role_template(staff, staff_r, staff_t)
 	')
 
-	optional_policy(`
-		games_role(staff_r, staff_t)
-	')
-
 	optional_policy(`
 		gift_role(staff_r, staff_t)
 	')
diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
index f6ec2973..25da2e3c 100644
--- a/policy/modules/roles/sysadm.te
+++ b/policy/modules/roles/sysadm.te
@@ -502,10 +502,6 @@ ifndef(`distro_redhat',`
 		dbus_role_template(sysadm, sysadm_r, sysadm_t)
 	')
 
-	optional_policy(`
-		games_role(sysadm_r, sysadm_t)
-	')
-
 	optional_policy(`
 		gift_role(sysadm_r, sysadm_t)
 	')
diff --git a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te
index 21379abb..c3552915 100644
--- a/policy/modules/roles/unprivuser.te
+++ b/policy/modules/roles/unprivuser.te
@@ -127,10 +127,6 @@ ifndef(`distro_redhat',`
 		dbus_role_template(user, user_r, user_t)
 	')
 
-	optional_policy(`
-		games_role(user_r, user_t)
-	')
-
 	optional_policy(`
 		gift_role(user_r, user_t)
 	')
diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
index 30fc6451..c20830f0 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -1250,10 +1250,6 @@ template(`userdom_unpriv_user_template', `
 		cron_role($1_r, $1_t)
 	')
 
-	optional_policy(`
-		games_rw_data($1_usertype)
-	')
-
 	optional_policy(`
 		gpg_role($1_r, $1_usertype)
 	')