From: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Sun, 1 Jan 2012 14:44:36 +0000 (+0100)
Subject: Remove module for nsplugin.
X-Git-Tag: 001~24
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=992ed46cbc62ae5bab99f83f4cb948ddf6064bce;p=people%2Fstevee%2Fselinux-policy.git

Remove module for nsplugin.
---

diff --git a/policy/modules/apps/mozilla.fc b/policy/modules/apps/mozilla.fc
index 4c0895ec..65ef6ab5 100644
--- a/policy/modules/apps/mozilla.fc
+++ b/policy/modules/apps/mozilla.fc
@@ -20,11 +20,6 @@ HOME_DIR/\.icedteaplugin(/.*)?		gen_context(system_u:object_r:mozilla_home_t,s0)
 /usr/bin/epiphany		--	gen_context(system_u:object_r:mozilla_exec_t,s0)
 /usr/bin/mozilla-[0-9].*	--	gen_context(system_u:object_r:mozilla_exec_t,s0)
 /usr/bin/mozilla-bin-[0-9].*	--	gen_context(system_u:object_r:mozilla_exec_t,s0)
-ifdef(`distro_redhat',`
-/usr/bin/nspluginscan		--	gen_context(system_u:object_r:mozilla_plugin_exec_t,s0)
-/usr/bin/nspluginviewer		--	gen_context(system_u:object_r:mozilla_plugin_exec_t,s0)
-/usr/lib/nspluginwrapper/npviewer.bin	--	gen_context(system_u:object_r:mozilla_plugin_exec_t,s0)
-')
 
 #
 # /lib
@@ -41,7 +36,3 @@ ifdef(`distro_redhat',`
 /usr/lib/xulrunner[^/]*/plugin-container		--	gen_context(system_u:object_r:mozilla_plugin_exec_t,s0)
 
 /usr/lib/mozilla/plugins-wrapped(/.*)?			gen_context(system_u:object_r:mozilla_plugin_rw_t,s0)
-
-ifdef(`distro_redhat',`
-/usr/lib/nspluginwrapper/plugin-config			--	gen_context(system_u:object_r:mozilla_plugin_config_exec_t,s0)
-')
diff --git a/policy/modules/apps/mozilla.if b/policy/modules/apps/mozilla.if
index ffeec16a..7b4441a9 100644
--- a/policy/modules/apps/mozilla.if
+++ b/policy/modules/apps/mozilla.if
@@ -53,10 +53,6 @@ interface(`mozilla_role',`
 
 	userdom_manage_tmp_role($1, mozilla_t)
 
-	optional_policy(`
-		nsplugin_role($1, mozilla_t)
-	')
-
 	optional_policy(`
 		pulseaudio_role($1, mozilla_t)
 		pulseaudio_filetrans_admin_home_content(mozilla_t)
diff --git a/policy/modules/apps/mozilla.te b/policy/modules/apps/mozilla.te
index 04159dee..a89214c7 100644
--- a/policy/modules/apps/mozilla.te
+++ b/policy/modules/apps/mozilla.te
@@ -545,12 +545,3 @@ domtrans_pattern(mozilla_plugin_config_t, mozilla_plugin_exec_t, mozilla_plugin_
 optional_policy(`
 	xserver_use_user_fonts(mozilla_plugin_config_t)
 ')
-ifdef(`distro_redhat',`
-	typealias mozilla_plugin_t  alias nsplugin_t;
-	typealias mozilla_plugin_exec_t  alias nsplugin_exec_t;
-	typealias mozilla_plugin_rw_t alias nsplugin_rw_t;
-	typealias mozilla_plugin_tmp_t  alias nsplugin_tmp_t;
-	typealias mozilla_home_t alias nsplugin_home_t;
-	typealias mozilla_plugin_config_t  alias nsplugin_config_t;
-	typealias mozilla_plugin_config_exec_t  alias nsplugin_config_exec_t;
-')
diff --git a/policy/modules/apps/nsplugin.fc b/policy/modules/apps/nsplugin.fc
deleted file mode 100644
index 22e6c963..00000000
--- a/policy/modules/apps/nsplugin.fc
+++ /dev/null
@@ -1,11 +0,0 @@
-HOME_DIR/\.adobe(/.*)?			gen_context(system_u:object_r:nsplugin_home_t,s0)
-HOME_DIR/\.macromedia(/.*)?		gen_context(system_u:object_r:nsplugin_home_t,s0)
-HOME_DIR/\.gnash(/.*)?			gen_context(system_u:object_r:nsplugin_home_t,s0)
-HOME_DIR/\.gcjwebplugin(/.*)?		gen_context(system_u:object_r:nsplugin_home_t,s0)
-HOME_DIR/\.icedteaplugin(/.*)?		gen_context(system_u:object_r:nsplugin_home_t,s0)
-
-/usr/bin/nspluginscan	--	gen_context(system_u:object_r:nsplugin_exec_t,s0)
-/usr/bin/nspluginviewer	--	gen_context(system_u:object_r:nsplugin_exec_t,s0)
-/usr/lib/nspluginwrapper/npviewer.bin	--	gen_context(system_u:object_r:nsplugin_exec_t,s0)
-/usr/lib/nspluginwrapper/plugin-config	--	gen_context(system_u:object_r:nsplugin_config_exec_t,s0)
-/usr/lib/mozilla/plugins-wrapped(/.*)?			gen_context(system_u:object_r:nsplugin_rw_t,s0)
diff --git a/policy/modules/apps/nsplugin.if b/policy/modules/apps/nsplugin.if
deleted file mode 100644
index fce899ab..00000000
--- a/policy/modules/apps/nsplugin.if
+++ /dev/null
@@ -1,472 +0,0 @@
-
-## <summary>policy for nsplugin</summary>
-
-########################################
-## <summary>
-##	Create, read, write, and delete
-##	nsplugin rw files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`nsplugin_manage_rw_files',`
-	gen_require(`
-		type nsplugin_rw_t;
-	')
-
-	allow $1 nsplugin_rw_t:file manage_file_perms;
-	allow $1 nsplugin_rw_t:dir rw_dir_perms;
-')
-
-########################################
-## <summary>
-##	Manage nsplugin rw files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`nsplugin_manage_rw',`
-	gen_require(`
-		type nsplugin_rw_t;
-	')
-
-         manage_dirs_pattern($1, nsplugin_rw_t, nsplugin_rw_t)
-         manage_files_pattern($1, nsplugin_rw_t, nsplugin_rw_t)
-         manage_lnk_files_pattern($1, nsplugin_rw_t, nsplugin_rw_t)
-')
-
-#######################################
-## <summary>
-##	The per role template for the nsplugin module.
-## </summary>
-## <param name="user_role">
-##	<summary>
-##	The role associated with the user domain.
-##	</summary>
-## </param>
-## <param name="user_domain">
-##	<summary>
-##	The type of the user domain.
-##	</summary>
-## </param>
-#
-interface(`nsplugin_role_notrans',`
-	gen_require(`
-		type nsplugin_rw_t;
-		type nsplugin_home_t;
-		type nsplugin_exec_t;
-		type nsplugin_config_exec_t;
-		type nsplugin_t;
-		type nsplugin_config_t;
-		class x_drawable all_x_drawable_perms;
-		class x_resource all_x_resource_perms;
-		class dbus send_msg;
-	')
-
-	role $1 types nsplugin_t;
-	role $1 types nsplugin_config_t;
-
-	allow nsplugin_t $2:process signull;
-	allow nsplugin_t $2:dbus send_msg;
-	allow $2 nsplugin_t:dbus send_msg;
-
-	list_dirs_pattern($2, nsplugin_rw_t, nsplugin_rw_t)
-	read_files_pattern($2, nsplugin_rw_t, nsplugin_rw_t)
-	read_lnk_files_pattern($2, nsplugin_rw_t, nsplugin_rw_t)
-	can_exec($2, nsplugin_rw_t)
-
-	#Leaked File Descriptors
-ifdef(`hide_broken_symptoms', `
-	dontaudit nsplugin_t $2:fifo_file rw_inherited_fifo_file_perms;
-	dontaudit nsplugin_config_t $2:fifo_file rw_inherited_fifo_file_perms;
-')
-	allow nsplugin_t $2:unix_stream_socket connectto;
-	dontaudit nsplugin_t $2:process ptrace;
-	allow nsplugin_t $2:sem rw_sem_perms;
-	allow nsplugin_t $2:shm rw_shm_perms;
-	dontaudit nsplugin_t $2:shm destroy;
-	allow $2 nsplugin_t:sem rw_sem_perms;
-
-	allow $2 nsplugin_t:process { getattr signal_perms };
-	allow $2 nsplugin_t:unix_stream_socket connectto;
-
-	# Connect to pulseaudit server
-	stream_connect_pattern(nsplugin_t, user_home_t, user_home_t, $2)
-	gnome_stream_connect(nsplugin_t, $2)
-
-	userdom_use_inherited_user_terminals(nsplugin_t)
-	userdom_use_inherited_user_terminals(nsplugin_config_t)
-	userdom_dontaudit_setattr_user_home_content_files(nsplugin_t)
-	userdom_manage_tmpfs_role($1, nsplugin_t)
-
-	optional_policy(`
-		pulseaudio_role($1, nsplugin_t)
-	')
-')
-
-#######################################
-## <summary>
-##	Role access for nsplugin
-## </summary>
-## <param name="user_role">
-##	<summary>
-##	The role associated with the user domain.
-##	</summary>
-## </param>
-## <param name="user_domain">
-##	<summary>
-##	The type of the user domain.
-##	</summary>
-## </param>
-#
-interface(`nsplugin_role',`
-	gen_require(`
-		type nsplugin_exec_t;
-		type nsplugin_config_exec_t;
-		type nsplugin_t;
-		type nsplugin_config_t;
-	')
-
-	nsplugin_role_notrans($1, $2)
-
-	domtrans_pattern($2, nsplugin_exec_t, nsplugin_t)
-	domtrans_pattern($2, nsplugin_config_exec_t, nsplugin_config_t)
-
-')
-
-#######################################
-## <summary>
-##	The per role template for the nsplugin module.
-## </summary>
-## <param name="user_domain">
-##	<summary>
-##	The type of the user domain.
-##	</summary>
-## </param>
-#
-interface(`nsplugin_domtrans',`
-	gen_require(`
-		type nsplugin_exec_t;
-		type nsplugin_t;
-	')
-
-	domtrans_pattern($1, nsplugin_exec_t, nsplugin_t)
-	allow $1 nsplugin_t:unix_stream_socket connectto;
-	allow nsplugin_t $1:process signal;
-')
-
-#######################################
-## <summary>
-##	The per role template for the nsplugin module.
-## </summary>
-## <param name="user_domain">
-##	<summary>
-##	The type of the user domain.
-##	</summary>
-## </param>
-#
-interface(`nsplugin_domtrans_config',`
-	gen_require(`
-		type nsplugin_config_exec_t;
-		type nsplugin_config_t;
-	')
-
-	domtrans_pattern($1, nsplugin_config_exec_t, nsplugin_config_t)
-')
-
-########################################
-## <summary>
-##	Search nsplugin rw directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`nsplugin_search_rw_dir',`
-	gen_require(`
-		type nsplugin_rw_t;
-	')
-
-	allow $1 nsplugin_rw_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-##	Read nsplugin rw files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`nsplugin_read_rw_files',`
-	gen_require(`
-		type nsplugin_rw_t;
-	')
-
-	list_dirs_pattern($1, nsplugin_rw_t, nsplugin_rw_t)
-	read_files_pattern($1, nsplugin_rw_t, nsplugin_rw_t)
-	read_lnk_files_pattern($1, nsplugin_rw_t, nsplugin_rw_t)
-')
-
-########################################
-## <summary>
-##	Read nsplugin home files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`nsplugin_read_home',`
-	gen_require(`
-		type nsplugin_home_t;
-	')
-
-	list_dirs_pattern($1, nsplugin_home_t, nsplugin_home_t)
-	read_files_pattern($1, nsplugin_home_t, nsplugin_home_t)
-	read_lnk_files_pattern($1, nsplugin_home_t, nsplugin_home_t)
-')
-
-########################################
-## <summary>
-##	Exec nsplugin rw files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`nsplugin_rw_exec',`
-	gen_require(`
-		type nsplugin_rw_t;
-	')
-
-	can_exec($1, nsplugin_rw_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete
-##	nsplugin home files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`nsplugin_manage_home_files',`
-	gen_require(`
-		type nsplugin_home_t;
-	')
-
-	manage_files_pattern($1, nsplugin_home_t, nsplugin_home_t)
-')
-
-########################################
-## <summary>
-##	manage nnsplugin home dirs.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`nsplugin_manage_home_dirs',`
-	gen_require(`
-		type nsplugin_home_t;
-	')
-
-	manage_dirs_pattern($1, nsplugin_home_t, nsplugin_home_t)
-')
-
-########################################
-## <summary>
-##	Allow attempts to read and write to
-##	nsplugin named pipes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`nsplugin_rw_pipes',`
-	gen_require(`
-		type nsplugin_home_t;
-	')
-
-	allow $1 nsplugin_home_t:fifo_file rw_fifo_file_perms; 
-')
-
-########################################
-## <summary>
-##	Read and write to nsplugin shared memory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`nsplugin_rw_shm',`
-	gen_require(`
-		type nsplugin_t;
-	')
-
-	allow $1 nsplugin_t:shm rw_shm_perms;
-')
-
-#####################################
-## <summary>
-##      Allow read and write access to nsplugin semaphores.
-## </summary>
-## <param name="domain">
-##      <summary>
-##      Domain allowed access.
-##      </summary>
-## </param>
-#
-interface(`nsplugin_rw_semaphores',`
-        gen_require(`
-                type nsplugin_t;
-        ')
-
-        allow $1 nsplugin_t:sem rw_sem_perms;
-')
-
-########################################
-## <summary>
-##	Execute nsplugin_exec_t 
-##	in the specified domain.
-## </summary>
-## <desc>
-##	<p>
-##	Execute a nsplugin_exec_t
-##	in the specified domain.  
-##	</p>
-##	<p>
-##	No interprocess communication (signals, pipes,
-##	etc.) is provided by this interface since
-##	the domains are not owned by this module.
-##	</p>
-## </desc>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="target_domain">
-##	<summary>
-##	The type of the new process.
-##	</summary>
-## </param>
-#
-interface(`nsplugin_exec_domtrans',`
-	gen_require(`
-		type nsplugin_exec_t;
-	')
-
-	allow $2 nsplugin_exec_t:file entrypoint;
-	domtrans_pattern($1, nsplugin_exec_t, $2)
-')
-
-########################################
-## <summary>
-##	Send generic signals to user nsplugin processes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`nsplugin_signal',`
-	gen_require(`
-		type nsplugin_t;
-	')
-
-	allow $1 nsplugin_t:process signal;
-')
-
-########################################
-## <summary>
-##	Create objects in a user home directory
-##	with an automatic type transition to
-##	the nsplugin home file type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="object_class">
-##	<summary>
-##	The class of the object to be created.
-##	</summary>
-## </param>
-#
-interface(`nsplugin_user_home_dir_filetrans',`
-	gen_require(`
-		type nsplugin_home_t;
-	')
-
-	userdom_user_home_dir_filetrans($1, nsplugin_home_t, $2)
-')
-
-#######################################
-## <summary>
-##  Create objects in a user home directory
-##  with an automatic type transition to
-##  the nsplugin home file type.
-## </summary>
-## <param name="domain">
-##  <summary>
-##  Domain allowed access.
-##  </summary>
-## </param>
-## <param name="object_class">
-##  <summary>
-##  The class of the object to be created.
-##  </summary>
-## </param>
-#
-interface(`nsplugin_user_home_filetrans',`
-    gen_require(`
-        type nsplugin_home_t;
-    ')
-
-    userdom_user_home_content_filetrans($1, nsplugin_home_t, $2)
-')
-
-########################################
-## <summary>
-##	Send signull signal to nsplugin
-##	processes.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`nsplugin_signull',`
-	gen_require(`
-		type nsplugin_t;
-	')
-
-	allow $1 nsplugin_t:process signull;
-')
diff --git a/policy/modules/apps/nsplugin.te b/policy/modules/apps/nsplugin.te
deleted file mode 100644
index eeb59558..00000000
--- a/policy/modules/apps/nsplugin.te
+++ /dev/null
@@ -1,328 +0,0 @@
-policy_module(nsplugin, 1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-## <desc>
-## <p>
-## Allow nsplugin code to execmem/execstack
-## </p>
-## </desc>
-gen_tunable(allow_nsplugin_execmem, false)
-
-## <desc>
-## <p>
-## Allow nsplugin code to connect to unreserved ports
-## </p>
-## </desc>
-gen_tunable(nsplugin_can_network, true)
-
-type nsplugin_exec_t;
-application_executable_file(nsplugin_exec_t)
-
-type nsplugin_config_exec_t;
-application_executable_file(nsplugin_config_exec_t)
-
-type nsplugin_rw_t;
-files_poly_member(nsplugin_rw_t)
-files_type(nsplugin_rw_t)
-
-type nsplugin_tmp_t;
-files_tmp_file(nsplugin_tmp_t)
-
-type nsplugin_home_t;
-files_poly_member(nsplugin_home_t)
-userdom_user_home_content(nsplugin_home_t)
-typealias nsplugin_home_t alias user_nsplugin_home_t;
-
-type nsplugin_t;
-application_domain(nsplugin_t, nsplugin_exec_t)
-
-type nsplugin_config_t;
-domain_type(nsplugin_config_t)
-domain_entry_file(nsplugin_config_t, nsplugin_config_exec_t)
-
-application_executable_file(nsplugin_exec_t)
-application_executable_file(nsplugin_config_exec_t)
-
-
-########################################
-#
-# nsplugin local policy
-#
-dontaudit nsplugin_t self:capability { sys_nice sys_tty_config };
-allow nsplugin_t self:fifo_file rw_file_perms;
-allow nsplugin_t self:process { setpgid getsched setsched signal_perms };
-
-allow nsplugin_t self:sem create_sem_perms;
-allow nsplugin_t self:shm create_shm_perms;
-allow nsplugin_t self:msgq create_msgq_perms;
-allow nsplugin_t self:netlink_kobject_uevent_socket create_socket_perms;
-allow nsplugin_t self:unix_stream_socket { connectto create_stream_socket_perms };
-allow nsplugin_t self:unix_dgram_socket { sendto create_socket_perms };
-allow nsplugin_t self:tcp_socket create_stream_socket_perms;
-allow nsplugin_t nsplugin_rw_t:dir list_dir_perms;
-read_lnk_files_pattern(nsplugin_t, nsplugin_rw_t, nsplugin_rw_t)
-read_files_pattern(nsplugin_t, nsplugin_rw_t, nsplugin_rw_t)
-
-tunable_policy(`allow_nsplugin_execmem',`
-	allow nsplugin_t self:process { execstack execmem };
-	allow nsplugin_config_t self:process { execstack execmem };
-')
-	
-tunable_policy(`nsplugin_can_network',`
-	corenet_tcp_connect_all_unreserved_ports(nsplugin_t)
-	corenet_tcp_connect_all_ephemeral_ports(nsplugin_t)
-')
-
-manage_dirs_pattern(nsplugin_t, nsplugin_home_t, nsplugin_home_t)
-exec_files_pattern(nsplugin_t, nsplugin_home_t, nsplugin_home_t)
-manage_files_pattern(nsplugin_t, nsplugin_home_t, nsplugin_home_t)
-manage_fifo_files_pattern(nsplugin_t, nsplugin_home_t, nsplugin_home_t)
-manage_sock_files_pattern(nsplugin_t, nsplugin_home_t, nsplugin_home_t)
-manage_lnk_files_pattern(nsplugin_t, nsplugin_home_t, nsplugin_home_t)
-userdom_user_home_dir_filetrans(nsplugin_t, nsplugin_home_t, {file dir})
-userdom_user_home_content_filetrans(nsplugin_t, nsplugin_home_t, {file dir})
-userdom_dontaudit_getattr_user_home_content(nsplugin_t)
-userdom_dontaudit_search_user_bin_dirs(nsplugin_t)
-userdom_dontaudit_write_user_home_content_files(nsplugin_t)
-userdom_dontaudit_search_admin_dir(nsplugin_t)
-
-corecmd_exec_bin(nsplugin_t)
-corecmd_exec_shell(nsplugin_t)
-
-corenet_all_recvfrom_unlabeled(nsplugin_t)
-corenet_all_recvfrom_netlabel(nsplugin_t)
-corenet_tcp_connect_flash_port(nsplugin_t)
-corenet_tcp_connect_streaming_port(nsplugin_t)
-corenet_tcp_connect_pulseaudio_port(nsplugin_t)
-corenet_tcp_connect_http_port(nsplugin_t)
-corenet_tcp_connect_http_cache_port(nsplugin_t)
-corenet_tcp_connect_squid_port(nsplugin_t)
-corenet_tcp_sendrecv_generic_if(nsplugin_t)
-corenet_tcp_sendrecv_generic_node(nsplugin_t)
-corenet_tcp_connect_ipp_port(nsplugin_t)
-corenet_tcp_connect_speech_port(nsplugin_t)
-
-domain_dontaudit_read_all_domains_state(nsplugin_t)
-
-dev_read_urand(nsplugin_t)
-dev_read_rand(nsplugin_t)
-dev_read_sound(nsplugin_t)
-dev_write_sound(nsplugin_t)
-dev_read_video_dev(nsplugin_t)
-dev_write_video_dev(nsplugin_t)
-dev_getattr_dri_dev(nsplugin_t)
-dev_getattr_mouse_dev(nsplugin_t)
-dev_rwx_zero(nsplugin_t)
-dev_read_sysfs(nsplugin_t)
-dev_dontaudit_getattr_all(nsplugin_t)
-
-kernel_read_kernel_sysctls(nsplugin_t)
-kernel_read_system_state(nsplugin_t)
-kernel_read_network_state(nsplugin_t)
-
-files_dontaudit_getattr_lost_found_dirs(nsplugin_t)
-files_dontaudit_list_home(nsplugin_t)
-files_read_etc_files(nsplugin_t)
-files_read_usr_files(nsplugin_t)
-files_read_config_files(nsplugin_t)
-
-fs_getattr_tmpfs(nsplugin_t)
-fs_getattr_xattr_fs(nsplugin_t)
-fs_search_auto_mountpoints(nsplugin_t)
-fs_rw_anon_inodefs_files(nsplugin_t)
-fs_list_inotifyfs(nsplugin_t)
-fs_dontaudit_list_fusefs(nsplugin_t)
-
-storage_dontaudit_getattr_fixed_disk_dev(nsplugin_t)
-storage_dontaudit_getattr_removable_dev(nsplugin_t)
-
-term_dontaudit_getattr_all_ptys(nsplugin_t)
-term_dontaudit_getattr_all_ttys(nsplugin_t)
-
-auth_use_nsswitch(nsplugin_t)
-
-libs_exec_ld_so(nsplugin_t)
-
-miscfiles_read_localization(nsplugin_t)
-miscfiles_read_fonts(nsplugin_t)
-miscfiles_dontaudit_write_fonts(nsplugin_t)
-miscfiles_setattr_fonts_cache_dirs(nsplugin_t)
-
-userdom_manage_user_tmp_dirs(nsplugin_t)
-userdom_manage_user_tmp_files(nsplugin_t)
-userdom_manage_user_tmp_sockets(nsplugin_t)
-userdom_tmp_filetrans_user_tmp(nsplugin_t, { file dir sock_file })
-userdom_rw_semaphores(nsplugin_t)
-userdom_dontaudit_rw_user_tmp_pipes(nsplugin_t)
-
-userdom_read_user_home_content_symlinks(nsplugin_t)
-userdom_read_user_home_content_files(nsplugin_t)
-userdom_read_user_tmp_files(nsplugin_t)
-userdom_write_user_tmp_sockets(nsplugin_t)
-userdom_dontaudit_append_user_home_content_files(nsplugin_t)
-userdom_read_home_audio_files(nsplugin_t)
-
-optional_policy(`
-	alsa_read_rw_config(nsplugin_t)
-	alsa_read_home_files(nsplugin_t)
-')
-
-optional_policy(`
-	chrome_dontaudit_sandbox_leaks(nsplugin_t)
-')
-
-optional_policy(`
-	cups_stream_connect(nsplugin_t)
-')
-
-optional_policy(`
-	dbus_session_bus_client(nsplugin_t)
-	dbus_connect_session_bus(nsplugin_t)
-	dbus_system_bus_client(nsplugin_t)
-')
-
-optional_policy(`
-	gnome_exec_gconf(nsplugin_t)
-	gnome_manage_config(nsplugin_t)
-	gnome_read_gconf_home_files(nsplugin_t)
-	gnome_read_usr_config(nsplugin_t)
-')
-
-optional_policy(`
-	gpm_getattr_gpmctl(nsplugin_t)
-')
-
-optional_policy(`
-	mozilla_exec_user_home_files(nsplugin_t)
-	mozilla_read_user_home_files(nsplugin_t)
-	mozilla_write_user_home_files(nsplugin_t)
-	mozilla_plugin_delete_tmpfs_files(nsplugin_t)
-')
-
-optional_policy(`
-	mplayer_exec(nsplugin_t)
-	mplayer_read_user_home_files(nsplugin_t)
-')
-
-optional_policy(`
-	sandbox_read_tmpfs_files(nsplugin_t)
-')
-
-optional_policy(`
-	gen_require(`
-		type user_tmpfs_t;
-	')
-	xserver_user_x_domain_template(nsplugin, nsplugin_t, user_tmpfs_t)
-	xserver_rw_shm(nsplugin_t)
-	xserver_read_xdm_pid(nsplugin_t)
-	xserver_read_xdm_tmp_files(nsplugin_t)
-	xserver_read_user_xauth(nsplugin_t)
-	xserver_read_user_iceauth(nsplugin_t)
-	xserver_use_user_fonts(nsplugin_t)
-	xserver_rw_inherited_user_fonts(nsplugin_t)
-')
-
-########################################
-#
-# nsplugin_config local policy
-#
-
-allow nsplugin_config_t self:capability { dac_override dac_read_search sys_nice setuid setgid };
-allow nsplugin_config_t self:process { setsched signal_perms getsched execmem };
-#execing pulseaudio
-dontaudit nsplugin_t self:process { getcap setcap };
-
-allow nsplugin_config_t self:fifo_file rw_file_perms;
-allow nsplugin_config_t self:unix_stream_socket create_stream_socket_perms;
-
-dev_search_sysfs(nsplugin_config_t)
-dev_read_urand(nsplugin_config_t)
-dev_dontaudit_read_rand(nsplugin_config_t)
-dev_dontaudit_rw_dri(nsplugin_config_t)
-
-fs_search_auto_mountpoints(nsplugin_config_t)
-fs_list_inotifyfs(nsplugin_config_t)
-
-can_exec(nsplugin_config_t, nsplugin_rw_t)
-manage_dirs_pattern(nsplugin_config_t, nsplugin_rw_t, nsplugin_rw_t)
-manage_files_pattern(nsplugin_config_t, nsplugin_rw_t, nsplugin_rw_t)
-manage_lnk_files_pattern(nsplugin_config_t, nsplugin_rw_t, nsplugin_rw_t)
-
-manage_dirs_pattern(nsplugin_config_t, nsplugin_home_t, nsplugin_home_t)
-manage_files_pattern(nsplugin_config_t, nsplugin_home_t, nsplugin_home_t)
-manage_lnk_files_pattern(nsplugin_config_t, nsplugin_home_t, nsplugin_home_t)
-
-corecmd_exec_bin(nsplugin_config_t)
-corecmd_exec_shell(nsplugin_config_t)
-
-kernel_read_system_state(nsplugin_config_t)
-kernel_request_load_module(nsplugin_config_t)
-
-domain_use_interactive_fds(nsplugin_config_t)
-
-files_read_etc_files(nsplugin_config_t)
-files_read_usr_files(nsplugin_config_t)
-files_dontaudit_search_home(nsplugin_config_t)
-files_list_tmp(nsplugin_config_t)
-
-auth_use_nsswitch(nsplugin_config_t)
-
-miscfiles_read_localization(nsplugin_config_t)
-miscfiles_read_fonts(nsplugin_config_t)
-
-userdom_search_user_home_content(nsplugin_config_t)
-userdom_read_user_home_content_symlinks(nsplugin_config_t)
-userdom_read_user_home_content_files(nsplugin_config_t)
-userdom_dontaudit_search_admin_dir(nsplugin_config_t)
-
-tunable_policy(`use_nfs_home_dirs',`
-	fs_getattr_nfs(nsplugin_t)
-	fs_manage_nfs_dirs(nsplugin_t)
-	fs_manage_nfs_files(nsplugin_t)
-	fs_manage_nfs_symlinks(nsplugin_t)
-	fs_manage_nfs_named_pipes(nsplugin_t)
-	fs_manage_nfs_dirs(nsplugin_config_t)
-	fs_manage_nfs_files(nsplugin_config_t)
-	fs_manage_nfs_named_pipes(nsplugin_config_t)
-	fs_manage_nfs_symlinks(nsplugin_config_t)
-')
-
-tunable_policy(`use_samba_home_dirs',`
-	fs_getattr_cifs(nsplugin_t)
-	fs_manage_cifs_dirs(nsplugin_t)
-	fs_manage_cifs_files(nsplugin_t)
-	fs_manage_cifs_symlinks(nsplugin_t)
-	fs_manage_cifs_named_pipes(nsplugin_t)
-	fs_manage_cifs_dirs(nsplugin_config_t)
-	fs_manage_cifs_files(nsplugin_config_t)
-	fs_manage_cifs_named_pipes(nsplugin_config_t)
-	fs_manage_cifs_symlinks(nsplugin_config_t)
-')
-
-domtrans_pattern(nsplugin_config_t, nsplugin_exec_t, nsplugin_t)
-
-optional_policy(`
-	xserver_use_user_fonts(nsplugin_config_t)
-')
-
-optional_policy(`
-	mozilla_read_user_home_files(nsplugin_config_t)
-	mozilla_write_user_home_files(nsplugin_config_t)
-')
-
-application_signull(nsplugin_t)
-
-optional_policy(`
-	devicekit_dbus_chat_power(nsplugin_t)
-')
-
-optional_policy(`
-	pulseaudio_exec(nsplugin_t)
-	pulseaudio_stream_connect(nsplugin_t)
-	pulseaudio_manage_home_files(nsplugin_t)
-	pulseaudio_setattr_home_dir(nsplugin_t)
-')
diff --git a/policy/modules/apps/sandbox.te b/policy/modules/apps/sandbox.te
index 76dbb45f..ed77fcc5 100644
--- a/policy/modules/apps/sandbox.te
+++ b/policy/modules/apps/sandbox.te
@@ -354,10 +354,6 @@ optional_policy(`
 	hal_dbus_chat(sandbox_x_client_t)
 ')
 
-optional_policy(`
-	nsplugin_read_rw_files(sandbox_x_client_t)
-')
-
 ########################################
 #
 # sandbox_web_client_t local policy
@@ -451,12 +447,6 @@ optional_policy(`
 	chrome_domtrans_sandbox(sandbox_web_type)
 ')
 
-optional_policy(`
-	nsplugin_manage_rw(sandbox_web_type)
-	nsplugin_read_rw_files(sandbox_web_type)
-	nsplugin_rw_exec(sandbox_web_type)
-')
-
 optional_policy(`
 	pulseaudio_stream_connect(sandbox_web_type)
 	allow sandbox_web_type self:netlink_kobject_uevent_socket create_socket_perms;
diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc
index ab97becf..81fb8f1d 100644
--- a/policy/modules/kernel/corecommands.fc
+++ b/policy/modules/kernel/corecommands.fc
@@ -226,7 +226,6 @@ ifdef(`distro_gentoo',`
 /usr/lib/nagios/plugins(/.*)?	gen_context(system_u:object_r:bin_t,s0)
 /usr/lib/netsaint/plugins(/.*)?	gen_context(system_u:object_r:bin_t,s0)
 /usr/lib/news/bin(/.*)?		gen_context(system_u:object_r:bin_t,s0)
-/usr/lib/nspluginwrapper/np.*		gen_context(system_u:object_r:bin_t,s0)
 /usr/lib/portage/bin(/.*)?		gen_context(system_u:object_r:bin_t,s0)
 /usr/lib/pm-utils(/.*)?			gen_context(system_u:object_r:bin_t,s0)
 /usr/lib/readahead(/.*)?			gen_context(system_u:object_r:bin_t,s0)
diff --git a/policy/modules/system/libraries.fc b/policy/modules/system/libraries.fc
index 39aace99..5bb501eb 100644
--- a/policy/modules/system/libraries.fc
+++ b/policy/modules/system/libraries.fc
@@ -353,8 +353,6 @@ ifdef(`distro_suse',`
 /opt/google/.*\.so.*    --     gen_context(system_u:object_r:textrel_shlib_t,s0)
 /opt/google/chrome/.*\.so.*    --     gen_context(system_u:object_r:textrel_shlib_t,s0)
 
-/usr/lib/nspluginwrapper/np.*\.so	-- gen_context(system_u:object_r:lib_t,s0)
-
 /usr/lib/oracle/.*/lib/libnnz.*\.so --	gen_context(system_u:object_r:textrel_shlib_t,s0)
 /usr/lib/oracle/.*/lib/libclntsh\.so(\.[^/]*)*	gen_context(system_u:object_r:textrel_shlib_t,s0)