From 666f7cb61dbd832776c1784d182d3c2f01d0e0d3 Mon Sep 17 00:00:00 2001
From: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Fri, 6 Jan 2012 22:43:02 +0100
Subject: [PATCH] Remove module for gift.

---
 policy/modules/apps/gift.fc             |   6 --
 policy/modules/apps/gift.if             |  42 --------
 policy/modules/apps/gift.te             | 126 ------------------------
 policy/modules/kernel/corenetwork.te.in |   1 -
 policy/modules/roles/staff.te           |   4 -
 policy/modules/roles/sysadm.te          |   4 -
 policy/modules/roles/unprivuser.te      |   4 -
 7 files changed, 187 deletions(-)
 delete mode 100644 policy/modules/apps/gift.fc
 delete mode 100644 policy/modules/apps/gift.if
 delete mode 100644 policy/modules/apps/gift.te

diff --git a/policy/modules/apps/gift.fc b/policy/modules/apps/gift.fc
deleted file mode 100644
index df7ced4b..00000000
--- a/policy/modules/apps/gift.fc
+++ /dev/null
@@ -1,6 +0,0 @@
-HOME_DIR/\.giFT(/.*)?			gen_context(system_u:object_r:gift_home_t,s0)
-
-/usr/(local/)?bin/apollon	-- 	gen_context(system_u:object_r:gift_exec_t,s0)
-/usr/(local/)?bin/giftd		--	gen_context(system_u:object_r:giftd_exec_t,s0)
-/usr/(local/)?bin/giftui	-- 	gen_context(system_u:object_r:gift_exec_t,s0)
-/usr/(local/)?bin/giFToxic	--	gen_context(system_u:object_r:gift_exec_t,s0)
diff --git a/policy/modules/apps/gift.if b/policy/modules/apps/gift.if
deleted file mode 100644
index c9b90d3a..00000000
--- a/policy/modules/apps/gift.if
+++ /dev/null
@@ -1,42 +0,0 @@
-## <summary>giFT peer to peer file sharing tool</summary>
-
-############################################################
-## <summary>
-##	Role access for gift
-## </summary>
-## <param name="role">
-##	<summary>
-##	Role allowed access
-##	</summary>
-## </param>
-## <param name="domain">
-##	<summary>
-##	User domain for the role
-##	</summary>
-## </param>
-#
-interface(`gift_role',`
-	gen_require(`
-		type gift_t, gift_exec_t;
-		type giftd_t, giftd_exec_t;
-		type gift_home_t;
-	')
-
-	role $1 types { gift_t giftd_t };
-
-	# transition from user domain
-	domtrans_pattern($2, gift_exec_t, gift_t)
-	domtrans_pattern($2, giftd_exec_t, giftd_t)
-
-	# user managed content
-	manage_dirs_pattern($2, gift_home_t, gift_home_t)
-	manage_files_pattern($2, gift_home_t, gift_home_t)
-	manage_lnk_files_pattern($2, gift_home_t, gift_home_t)
-	relabel_dirs_pattern($2, gift_home_t, gift_home_t)
-	relabel_files_pattern($2, gift_home_t, gift_home_t)
-	relabel_lnk_files_pattern($2, gift_home_t, gift_home_t)
-
-	# Allow the user domain to signal/ps.
-	ps_process_pattern($2, { gift_t giftd_t })
-	allow $2 { gift_t giftd_t }:process signal_perms;
-')
diff --git a/policy/modules/apps/gift.te b/policy/modules/apps/gift.te
deleted file mode 100644
index 5c818321..00000000
--- a/policy/modules/apps/gift.te
+++ /dev/null
@@ -1,126 +0,0 @@
-policy_module(gift, 2.2.0)
-
-########################################
-#
-# Declarations
-#
-
-type gift_t;
-type gift_exec_t;
-typealias gift_t alias { user_gift_t staff_gift_t sysadm_gift_t };
-typealias gift_t alias { auditadm_gift_t secadm_gift_t };
-application_domain(gift_t, gift_exec_t)
-ubac_constrained(gift_t)
-
-type gift_home_t;
-typealias gift_home_t alias { user_gift_home_t staff_gift_home_t sysadm_gift_home_t };
-typealias gift_home_t alias { auditadm_gift_home_t secadm_gift_home_t };
-userdom_user_home_content(gift_home_t)
-
-type gift_tmpfs_t;
-typealias gift_tmpfs_t alias { user_gift_tmpfs_t staff_gift_tmpfs_t sysadm_gift_tmpfs_t };
-typealias gift_tmpfs_t alias { auditadm_gift_tmpfs_t secadm_gift_tmpfs_t };
-files_tmpfs_file(gift_tmpfs_t)
-ubac_constrained(gift_tmpfs_t)
-
-type giftd_t;
-type giftd_exec_t;
-typealias giftd_t alias { user_giftd_t staff_giftd_t sysadm_giftd_t };
-typealias giftd_t alias { auditadm_giftd_t secadm_giftd_t };
-application_domain(giftd_t, giftd_exec_t)
-ubac_constrained(giftd_t)
-
-##############################
-#
-# giFT user interface local policy
-#
-
-allow gift_t self:tcp_socket create_socket_perms;
-
-manage_files_pattern(gift_t, gift_tmpfs_t, gift_tmpfs_t)
-manage_lnk_files_pattern(gift_t, gift_tmpfs_t, gift_tmpfs_t)
-manage_fifo_files_pattern(gift_t, gift_tmpfs_t, gift_tmpfs_t)
-manage_sock_files_pattern(gift_t, gift_tmpfs_t, gift_tmpfs_t)
-fs_tmpfs_filetrans(gift_t, gift_tmpfs_t, { dir file lnk_file sock_file fifo_file })
-
-manage_dirs_pattern(gift_t, gift_home_t, gift_home_t)
-manage_files_pattern(gift_t, gift_home_t, gift_home_t)
-manage_lnk_files_pattern(gift_t, gift_home_t, gift_home_t)
-userdom_user_home_dir_filetrans(gift_t, gift_home_t, dir)
-
-# Launch gift daemon
-domtrans_pattern(gift_t, giftd_exec_t, giftd_t)
-
-# Read /proc/meminfo
-kernel_read_system_state(gift_t)
-
-# Connect to gift daemon
-corenet_all_recvfrom_unlabeled(gift_t)
-corenet_all_recvfrom_netlabel(gift_t)
-corenet_tcp_sendrecv_generic_if(gift_t)
-corenet_tcp_sendrecv_generic_node(gift_t)
-corenet_tcp_sendrecv_giftd_port(gift_t)
-corenet_tcp_connect_giftd_port(gift_t)
-corenet_sendrecv_giftd_client_packets(gift_t)
-
-fs_search_auto_mountpoints(gift_t)
-
-sysnet_read_config(gift_t)
-
-# giftui looks in .icons, .themes.
-userdom_dontaudit_read_user_home_content_files(gift_t)
-
-userdom_home_manager(gift_t)
-
-optional_policy(`
-	nscd_socket_use(gift_t)
-')
-
-optional_policy(`
-	xserver_user_x_domain_template(gift, gift_t, gift_tmpfs_t)
-')
-
-##############################
-#
-# giFT server local policy
-#
-
-allow giftd_t self:process { signal setsched };
-allow giftd_t self:unix_stream_socket create_socket_perms;
-allow giftd_t self:tcp_socket create_stream_socket_perms;
-allow giftd_t self:udp_socket create_socket_perms;
-
-manage_dirs_pattern(giftd_t, gift_home_t, gift_home_t)
-manage_files_pattern(giftd_t, gift_home_t, gift_home_t)
-manage_lnk_files_pattern(giftd_t, gift_home_t, gift_home_t)
-userdom_user_home_dir_filetrans(giftd_t, gift_home_t, dir)
-
-kernel_read_system_state(giftd_t)
-kernel_read_kernel_sysctls(giftd_t)
-
-# Serve content on various p2p networks. Ports can be random.
-corenet_all_recvfrom_unlabeled(giftd_t)
-corenet_all_recvfrom_netlabel(giftd_t)
-corenet_tcp_sendrecv_generic_if(giftd_t)
-corenet_udp_sendrecv_generic_if(giftd_t)
-corenet_tcp_sendrecv_generic_node(giftd_t)
-corenet_udp_sendrecv_generic_node(giftd_t)
-corenet_tcp_sendrecv_all_ports(giftd_t)
-corenet_udp_sendrecv_all_ports(giftd_t)
-corenet_tcp_bind_generic_node(giftd_t)
-corenet_udp_bind_generic_node(giftd_t)
-corenet_tcp_bind_all_ports(giftd_t)
-corenet_udp_bind_all_ports(giftd_t)
-corenet_tcp_connect_all_ports(giftd_t)
-corenet_sendrecv_all_client_packets(giftd_t)
-
-files_read_usr_files(giftd_t)
-# Read /etc/mtab
-files_read_etc_runtime_files(giftd_t)
-
-miscfiles_read_localization(giftd_t)
-
-sysnet_read_config(giftd_t)
-
-userdom_use_inherited_user_terminals(giftd_t)
-userdom_home_manager(gitd_t)
diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in
index 630e5e27..4e979e4d 100644
--- a/policy/modules/kernel/corenetwork.te.in
+++ b/policy/modules/kernel/corenetwork.te.in
@@ -146,7 +146,6 @@ network_port(fprot, tcp,10200,s0)
 network_port(ftp, tcp,21,s0, tcp,990,s0, udp,990,s0)
 network_port(ftp_data, tcp,20,s0)
 network_port(gatekeeper, udp,1718,s0, udp,1719,s0, tcp,1721,s0, tcp,7000,s0)
-network_port(giftd, tcp,1213,s0)
 network_port(git, tcp,9418,s0, udp,9418,s0)
 network_port(glance_registry, tcp,9191,s0, udp,9191,s0)
 network_port(gopher, tcp,70,s0, udp,70,s0)
diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te
index c6ff590d..effb7e56 100644
--- a/policy/modules/roles/staff.te
+++ b/policy/modules/roles/staff.te
@@ -241,10 +241,6 @@ ifndef(`distro_redhat',`
 		dbus_role_template(staff, staff_r, staff_t)
 	')
 
-	optional_policy(`
-		gift_role(staff_r, staff_t)
-	')
-
 	optional_policy(`
 		gpg_role(staff_r, staff_t)
 	')
diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
index 25da2e3c..d0d45d96 100644
--- a/policy/modules/roles/sysadm.te
+++ b/policy/modules/roles/sysadm.te
@@ -502,10 +502,6 @@ ifndef(`distro_redhat',`
 		dbus_role_template(sysadm, sysadm_r, sysadm_t)
 	')
 
-	optional_policy(`
-		gift_role(sysadm_r, sysadm_t)
-	')
-
 	optional_policy(`
 		gnome_role(sysadm_r, sysadm_t)
 		gnome_filetrans_admin_home_content(sysadm_t)
diff --git a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te
index c3552915..4625e2de 100644
--- a/policy/modules/roles/unprivuser.te
+++ b/policy/modules/roles/unprivuser.te
@@ -127,10 +127,6 @@ ifndef(`distro_redhat',`
 		dbus_role_template(user, user_r, user_t)
 	')
 
-	optional_policy(`
-		gift_role(user_r, user_t)
-	')
-
 	optional_policy(`
 		gpg_role(user_r, user_t)
 	')
-- 
2.47.3