From ed7870e77ba73e6fbb9b0e25e35309293e030440 Mon Sep 17 00:00:00 2001 From: Stefan Schantl Date: Fri, 6 Jan 2012 23:22:49 +0100 Subject: [PATCH] Remove module for mono. --- policy/modules/admin/rpm.te | 4 - policy/modules/apps/mono.fc | 1 - policy/modules/apps/mono.if | 138 ---------------------------- policy/modules/apps/mono.te | 52 ----------- policy/modules/services/cron.te | 5 - policy/modules/services/xserver.te | 4 - policy/modules/system/init.te | 4 - policy/modules/system/userdomain.fc | 1 - 8 files changed, 209 deletions(-) delete mode 100644 policy/modules/apps/mono.fc delete mode 100644 policy/modules/apps/mono.if delete mode 100644 policy/modules/apps/mono.te diff --git a/policy/modules/admin/rpm.te b/policy/modules/admin/rpm.te index a485d760..83983df8 100644 --- a/policy/modules/admin/rpm.te +++ b/policy/modules/admin/rpm.te @@ -423,10 +423,6 @@ optional_policy(` optional_policy(` java_domtrans_unconfined(rpm_script_t) ') - - optional_policy(` - mono_domtrans(rpm_script_t) - ') ') optional_policy(` diff --git a/policy/modules/apps/mono.fc b/policy/modules/apps/mono.fc deleted file mode 100644 index b01bc913..00000000 --- a/policy/modules/apps/mono.fc +++ /dev/null @@ -1 +0,0 @@ -/usr/bin/mono.* -- gen_context(system_u:object_r:mono_exec_t,s0) diff --git a/policy/modules/apps/mono.if b/policy/modules/apps/mono.if deleted file mode 100644 index 7b08e138..00000000 --- a/policy/modules/apps/mono.if +++ /dev/null @@ -1,138 +0,0 @@ -## Run .NET server and client applications on Linux. - -####################################### -## -## The role template for the mono module. -## -## -##

-## This template creates a derived domains which are used -## for mono applications. -##

-##
-## -## -## The prefix of the user domain (e.g., user -## is the prefix for user_t). -## -## -## -## -## The role associated with the user domain. -## -## -## -## -## The type of the user domain. -## -## -# -template(`mono_role_template',` - gen_require(` - type mono_exec_t; - ') - - type $1_mono_t; - domain_type($1_mono_t) - domain_entry_file($1_mono_t, mono_exec_t) - role $2 types $1_mono_t; - - domain_interactive_fd($1_mono_t) - application_type($1_mono_t) - - allow $1_mono_t self:process { ptrace signal getsched execheap execmem execstack }; - - allow $3 $1_mono_t:process { getattr ptrace noatsecure signal_perms }; - - domtrans_pattern($3, mono_exec_t, $1_mono_t) - - fs_dontaudit_rw_tmpfs_files($1_mono_t) - corecmd_bin_domtrans($1_mono_t, $1_t) - - userdom_manage_user_tmpfs_files($1_mono_t) - - optional_policy(` - xserver_role($1_r, $1_mono_t) - ') -') - -######################################## -## -## Execute the mono program in the mono domain. -## -## -## -## Domain allowed to transition. -## -## -# -interface(`mono_domtrans',` - gen_require(` - type mono_t, mono_exec_t; - ') - - corecmd_search_bin($1) - domtrans_pattern($1, mono_exec_t, mono_t) -') - -######################################## -## -## Execute mono in the mono domain, and -## allow the specified role the mono domain. -## -## -## -## Domain allowed to transition. -## -## -## -## -## Role allowed access. -## -## -# -interface(`mono_run',` - gen_require(` - type mono_t; - ') - - mono_domtrans($1) - role $2 types mono_t; -') - -######################################## -## -## Execute the mono program in the caller domain. -## -## -## -## Domain allowed access. -## -## -# -interface(`mono_exec',` - gen_require(` - type mono_exec_t; - ') - - corecmd_search_bin($1) - can_exec($1, mono_exec_t) -') - -######################################## -## -## Read and write to mono shared memory. -## -## -## -## Domain allowed access. -## -## -# -interface(`mono_rw_shm',` - gen_require(` - type mono_t; - ') - - allow $1 mono_t:shm rw_shm_perms; -') diff --git a/policy/modules/apps/mono.te b/policy/modules/apps/mono.te deleted file mode 100644 index dff0f127..00000000 --- a/policy/modules/apps/mono.te +++ /dev/null @@ -1,52 +0,0 @@ -policy_module(mono, 1.8.0) - -######################################## -# -# Declarations -# - -type mono_t; -type mono_exec_t; -application_type(mono_t) -init_system_domain(mono_t, mono_exec_t) - -######################################## -# -# Local policy -# - -allow mono_t self:process { ptrace signal getsched execheap execmem execstack }; - -init_dbus_chat_script(mono_t) - -userdom_user_home_dir_filetrans_user_home_content(mono_t, { dir file lnk_file fifo_file sock_file }) - -optional_policy(` - avahi_dbus_chat(mono_t) -') - -optional_policy(` - cups_dbus_chat(mono_t) -') - -optional_policy(` - hal_dbus_chat(mono_t) -') - -optional_policy(` - networkmanager_dbus_chat(mono_t) -') - -optional_policy(` - rpm_dbus_chat(mono_t) -') - -optional_policy(` - unconfined_domain(mono_t) - unconfined_dbus_chat(mono_t) - unconfined_dbus_connect(mono_t) -') - -optional_policy(` - xserver_rw_shm(mono_t) -') diff --git a/policy/modules/services/cron.te b/policy/modules/services/cron.te index 5f0eed89..205952a2 100644 --- a/policy/modules/services/cron.te +++ b/policy/modules/services/cron.te @@ -713,11 +713,6 @@ tunable_policy(`fcron_crond',` allow crond_t user_cron_spool_t:file manage_file_perms; ') -# need a per-role version of this: -#optional_policy(` -# mono_domtrans(cronjob_t) -#') - optional_policy(` nis_use_ypbind(cronjob_t) ') diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te index c497adef..91fc3eee 100644 --- a/policy/modules/services/xserver.te +++ b/policy/modules/services/xserver.te @@ -1204,10 +1204,6 @@ optional_policy(` ') ') -optional_policy(` - mono_rw_shm(xserver_t) -') - optional_policy(` rhgb_rw_shm(xserver_t) rhgb_rw_tmpfs_files(xserver_t) diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te index ddc71430..a3134181 100644 --- a/policy/modules/system/init.te +++ b/policy/modules/system/init.te @@ -1207,10 +1207,6 @@ optional_policy(` unconfined_dontaudit_rw_pipes(daemon) ') - optional_policy(` - mono_domtrans(initrc_t) - ') - # Allow SELinux aware applications to request rpm_script_t execution rpm_transition_script(initrc_t) diff --git a/policy/modules/system/userdomain.fc b/policy/modules/system/userdomain.fc index ce61aed7..ec851899 100644 --- a/policy/modules/system/userdomain.fc +++ b/policy/modules/system/userdomain.fc @@ -6,7 +6,6 @@ HOME_DIR/.+ gen_context(system_u:object_r:user_home_t,s0) /root/\.cert(/.*)? gen_context(system_u:object_r:home_cert_t,s0) /root/\.debug(/.*)? <> /dev/shm/pulse-shm.* gen_context(system_u:object_r:user_tmpfs_t,s0) -/dev/shm/mono.* gen_context(system_u:object_r:user_tmpfs_t,s0) HOME_DIR/bin(/.*)? gen_context(system_u:object_r:home_bin_t,s0) HOME_DIR/\.local/bin(/.*)? gen_context(system_u:object_r:home_bin_t,s0) HOME_DIR/Audio(/.*)? gen_context(system_u:object_r:audio_home_t,s0) -- 2.47.3