From ceac9371f40992dbc965d092c70d13bc4144beab Mon Sep 17 00:00:00 2001 From: Stefan Schantl Date: Fri, 6 Jan 2012 23:03:49 +0100 Subject: [PATCH] Remove module for livecd. --- policy/modules/apps/livecd.fc | 1 - policy/modules/apps/livecd.if | 126 ------------------------- policy/modules/apps/livecd.te | 55 ----------- policy/modules/roles/unconfineduser.te | 4 - policy/modules/services/cron.te | 4 - policy/modules/system/fstools.te | 4 - policy/modules/system/lvm.te | 4 - policy/modules/system/mount.te | 4 - policy/modules/system/selinuxutil.te | 2 - 9 files changed, 204 deletions(-) delete mode 100644 policy/modules/apps/livecd.fc delete mode 100644 policy/modules/apps/livecd.if delete mode 100644 policy/modules/apps/livecd.te diff --git a/policy/modules/apps/livecd.fc b/policy/modules/apps/livecd.fc deleted file mode 100644 index 34937fcf..00000000 --- a/policy/modules/apps/livecd.fc +++ /dev/null @@ -1 +0,0 @@ -/usr/bin/livecd-creator -- gen_context(system_u:object_r:livecd_exec_t,s0) diff --git a/policy/modules/apps/livecd.if b/policy/modules/apps/livecd.if deleted file mode 100644 index c324f948..00000000 --- a/policy/modules/apps/livecd.if +++ /dev/null @@ -1,126 +0,0 @@ -## Livecd tool for building alternate livecd for different os and policy versions. - -######################################## -## -## Execute a domain transition to run livecd. -## -## -## -## Domain allowed to transition. -## -## -# -interface(`livecd_domtrans',` - gen_require(` - type livecd_t, livecd_exec_t; - ') - - domtrans_pattern($1, livecd_exec_t, livecd_t) -') - -######################################## -## -## Execute livecd in the livecd domain, and -## allow the specified role the livecd domain. -## -## -## -## Domain allowed to transition. -## -## -## -## -## Role allowed access. -## -## -# -interface(`livecd_run',` - gen_require(` - type livecd_t; - type livecd_exec_t; - ') - - livecd_domtrans($1) - role $2 types livecd_t; - role_transition $2 livecd_exec_t system_r; - - seutil_run_setfiles_mac(livecd_t, system_r) - - optional_policy(` - mount_run(livecd_t, $2) - ') -') - -######################################## -## -## Dontaudit read/write to a livecd leaks -## -## -## -## Domain to not audit. -## -## -# -interface(`livecd_dontaudit_leaks',` - gen_require(` - type livecd_t; - ') - - dontaudit $1 livecd_t:unix_dgram_socket { read write }; -') - -######################################## -## -## Read livecd temporary files. -## -## -## -## Domain allowed access. -## -## -# -interface(`livecd_read_tmp_files',` - gen_require(` - type livecd_tmp_t; - ') - - files_search_tmp($1) - read_files_pattern($1, livecd_tmp_t, livecd_tmp_t) -') - -######################################## -## -## Read and write livecd temporary files. -## -## -## -## Domain allowed access. -## -## -# -interface(`livecd_rw_tmp_files',` - gen_require(` - type livecd_tmp_t; - ') - - files_search_tmp($1) - rw_files_pattern($1, livecd_tmp_t, livecd_tmp_t) -') - -######################################## -## -## Allow read and write access to livecd semaphores. -## -## -## -## Domain allowed access. -## -## -# -interface(`livecd_rw_semaphores',` - gen_require(` - type livecd_t; - ') - - allow $1 livecd_t:sem { unix_read unix_write associate read write }; -') diff --git a/policy/modules/apps/livecd.te b/policy/modules/apps/livecd.te deleted file mode 100644 index a3d8afd2..00000000 --- a/policy/modules/apps/livecd.te +++ /dev/null @@ -1,55 +0,0 @@ -policy_module(livecd, 1.0.1) - -######################################## -# -# Declarations -# - -type livecd_t; -type livecd_exec_t; -application_domain(livecd_t, livecd_exec_t) -role system_r types livecd_t; - -type livecd_tmp_t; -files_tmp_file(livecd_tmp_t) - -######################################## -# -# livecd local policy -# - -dontaudit livecd_t self:capability2 mac_admin; - -tunable_policy(`deny_ptrace',`',` - domain_ptrace_all_domains(livecd_t) -') - -domain_interactive_fd(livecd_t) - -manage_dirs_pattern(livecd_t, livecd_tmp_t, livecd_tmp_t) -manage_files_pattern(livecd_t, livecd_tmp_t, livecd_tmp_t) -files_tmp_filetrans(livecd_t, livecd_tmp_t, { dir file }) - -dev_filetrans_all_named_dev(livecd_t) -storage_filetrans_all_named_dev(livecd_t) -term_filetrans_all_named_dev(livecd_t) - -sysnet_filetrans_named_content(livecd_t) - -optional_policy(` - ssh_filetrans_admin_home_content(livecd_t) -') - -optional_policy(` - unconfined_domain_noaudit(livecd_t) -') - -optional_policy(` - hal_dbus_chat(livecd_t) -') - -optional_policy(` - # Allow SELinux aware applications to request rpm_script execution - rpm_transition_script(livecd_t) - rpm_domtrans(livecd_t) -') diff --git a/policy/modules/roles/unconfineduser.te b/policy/modules/roles/unconfineduser.te index dde8e418..794785d5 100644 --- a/policy/modules/roles/unconfineduser.te +++ b/policy/modules/roles/unconfineduser.te @@ -262,10 +262,6 @@ optional_policy(` java_run_unconfined(unconfined_t, unconfined_r) ') -optional_policy(` - livecd_run(unconfined_t, unconfined_r) -') - optional_policy(` lpd_run_checkpc(unconfined_t, unconfined_r) ') diff --git a/policy/modules/services/cron.te b/policy/modules/services/cron.te index a4d25d94..5f0eed89 100644 --- a/policy/modules/services/cron.te +++ b/policy/modules/services/cron.te @@ -551,10 +551,6 @@ optional_policy(` inn_read_config(system_cronjob_t) ') -optional_policy(` - livecd_read_tmp_files(system_cronjob_t) -') - optional_policy(` lpd_list_spool(system_cronjob_t) ') diff --git a/policy/modules/system/fstools.te b/policy/modules/system/fstools.te index 10bc43ce..84854071 100644 --- a/policy/modules/system/fstools.te +++ b/policy/modules/system/fstools.te @@ -185,10 +185,6 @@ optional_policy(` hal_dontaudit_write_log(fsadm_t) ') -optional_policy(` - livecd_rw_tmp_files(fsadm_t) -') - optional_policy(` modutils_read_module_config(fsadm_t) modutils_read_module_deps(fsadm_t) diff --git a/policy/modules/system/lvm.te b/policy/modules/system/lvm.te index 5e4149d0..9244b0a5 100644 --- a/policy/modules/system/lvm.te +++ b/policy/modules/system/lvm.te @@ -363,10 +363,6 @@ optional_policy(` ') ') -optional_policy(` - livecd_rw_semaphores(lvm_t) -') - optional_policy(` modutils_domtrans_insmod(lvm_t) ') diff --git a/policy/modules/system/mount.te b/policy/modules/system/mount.te index aa18423d..4bebf849 100644 --- a/policy/modules/system/mount.te +++ b/policy/modules/system/mount.te @@ -280,10 +280,6 @@ optional_policy(` ') ') -optional_policy(` - livecd_rw_tmp_files(mount_t) -') - # Needed for mount crypt https://bugzilla.redhat.com/show_bug.cgi?id=418711 optional_policy(` lvm_domtrans(mount_t) diff --git a/policy/modules/system/selinuxutil.te b/policy/modules/system/selinuxutil.te index ac8b2141..08d6d176 100644 --- a/policy/modules/system/selinuxutil.te +++ b/policy/modules/system/selinuxutil.te @@ -538,8 +538,6 @@ files_read_all_symlinks(setfiles_t) optional_policy(` files_dontaudit_write_isid_chr_files(setfiles_mac_t) - livecd_dontaudit_leaks(setfiles_mac_t) - livecd_rw_tmp_files(setfiles_mac_t) dev_dontaudit_write_all_chr_files(setfiles_mac_t) ') -- 2.47.3