]> git.ipfire.org Git - people/stevee/selinux-policy.git/commitdiff
projects / people / stevee / selinux-policy.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: bb9487a)
emove module for games.
authorStefan Schantl <stefan.schantl@ipfire.org>
Fri, 6 Jan 2012 21:35:32 +0000 (22:35 +0100)
committerStefan Schantl <stefan.schantl@ipfire.org>
Fri, 6 Jan 2012 21:35:32 +0000 (22:35 +0100)
policy/modules/apps/games.fc [deleted file] patch | blob | blame | history
policy/modules/apps/games.if [deleted file] patch | blob | blame | history
policy/modules/apps/games.te [deleted file] patch | blob | blame | history
policy/modules/roles/staff.te patch | blob | blame | history
policy/modules/roles/sysadm.te patch | blob | blame | history
policy/modules/roles/unprivuser.te patch | blob | blame | history
policy/modules/system/userdomain.if patch | blob | blame | history

diff --git a/policy/modules/apps/games.fc b/policy/modules/apps/games.fc
deleted file mode 100644 (file)
index 78dc515..0000000
--- a/policy/modules/apps/games.fc
+++ /dev/null
@@ -1,66 +0,0 @@
-#
-# /usr
-#
-/usr/lib/games(/.*)?           gen_context(system_u:object_r:games_exec_t,s0)
-/usr/games/.*          --      gen_context(system_u:object_r:games_exec_t,s0)
-
-#
-# /var
-#
-/var/lib/games(/.*)?           gen_context(system_u:object_r:games_data_t,s0)
-/var/games(/.*)?               gen_context(system_u:object_r:games_data_t,s0)
-
-ifndef(`distro_debian',`
-/usr/bin/micq          --      gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/blackjack     --      gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/gataxx                --      gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/glines                --      gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/gnect         --      gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/gnibbles      --      gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/gnobots2      --      gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/gnome-stones  --      gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/gnomine       --      gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/gnotravex     --      gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/gnotski       --      gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/gtali         --      gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/iagno         --      gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/mahjongg      --      gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/same-gnome    --      gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/sol           --      gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/atlantik      --      gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/kasteroids    --      gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/katomic       --      gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/kbackgammon   --      gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/kbattleship   --      gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/kblackbox     --      gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/kbounce       --      gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/kenolaba      --      gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/kfouleggs     --      gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/kgoldrunner   --      gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/kjumpingcube  --      gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/klickety      --      gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/klines                --      gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/kmahjongg     --      gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/kmines                --      gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/kolf          --      gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/konquest      --      gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/kpat          --      gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/kpoker                --      gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/kreversi      --      gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/ksame         --      gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/kshisen       --      gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/ksirtet       --      gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/ksmiletris    --      gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/ksnake                --      gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/ksokoban      --      gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/kspaceduel    --      gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/ktron         --      gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/ktuberling    --      gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/kwin4         --      gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/kwin4proc     --      gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/lskat         --      gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/lskatproc     --      gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/Maelstrom     --      gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/civclient.*   --      gen_context(system_u:object_r:games_exec_t,s0)
-/usr/bin/civserver.*   --      gen_context(system_u:object_r:games_exec_t,s0)
-')dnl end non-Debian section
diff --git a/policy/modules/apps/games.if b/policy/modules/apps/games.if
deleted file mode 100644 (file)
index 7ac736d..0000000
--- a/policy/modules/apps/games.if
+++ /dev/null
@@ -1,51 +0,0 @@
-## <summary>Games</summary>
-
-############################################################
-## <summary>
-##     Role access for games
-## </summary>
-## <param name="role">
-##     <summary>
-##     Role allowed access
-##     </summary>
-## </param>
-## <param name="domain">
-##     <summary>
-##     User domain for the role
-##     </summary>
-## </param>
-#
-interface(`games_role',`
-       gen_require(`
-               type games_t, games_exec_t;
-       ')
-
-       role $1 types games_t;
-
-       domtrans_pattern($2, games_exec_t, games_t)
-       allow $2 games_t:unix_stream_socket connectto;
-       allow games_t $2:unix_stream_socket connectto;
-
-       # Allow the user domain to signal/ps.
-       ps_process_pattern($2, games_t)
-       allow $2 games_t:process signal_perms;
-')
-
-########################################
-## <summary>
-##     Allow the specified domain to read/write
-##     games data.
-## </summary>
-## <param name="domain">
-##     <summary>
-##     Domain allowed access.
-##     </summary>
-## </param>
-#
-interface(`games_rw_data',`
-       gen_require(`
-               type games_data_t;
-       ')
-
-       rw_files_pattern($1, games_data_t, games_data_t)
-')
diff --git a/policy/modules/apps/games.te b/policy/modules/apps/games.te
deleted file mode 100644 (file)
index 4b7b763..0000000
--- a/policy/modules/apps/games.te
+++ /dev/null
@@ -1,181 +0,0 @@
-policy_module(games, 2.1.0)
-
-########################################
-#
-# Declarations
-#
-
-type games_t;
-type games_exec_t;
-typealias games_t alias { user_games_t staff_games_t sysadm_games_t };
-typealias games_t alias { auditadm_games_t secadm_games_t };
-application_domain(games_t, games_exec_t)
-ubac_constrained(games_t)
-
-type games_data_t;
-typealias games_data_t alias { user_games_data_t staff_games_data_t sysadm_games_data_t };
-typealias games_data_t alias { auditadm_games_data_t secadm_games_data_t };
-files_type(games_data_t)
-ubac_constrained(games_data_t)
-
-type games_devpts_t;
-typealias games_devpts_t alias { user_games_devpts_t staff_games_devpts_t sysadm_games_devpts_t };
-typealias games_devpts_t alias { auditadm_games_devpts_t secadm_games_devpts_t };
-term_pty(games_devpts_t)
-ubac_constrained(games_devpts_t)
-
-# games_srv_t is for system operation of games, generic games daemons and
-# games recovery scripts
-type games_srv_t;
-init_system_domain(games_srv_t, games_exec_t)
-
-type games_srv_var_run_t;
-files_pid_file(games_srv_var_run_t)
-
-type games_tmp_t;
-typealias games_tmp_t alias { user_games_tmp_t staff_games_tmp_t sysadm_games_tmp_t };
-typealias games_tmp_t alias { auditadm_games_tmp_t secadm_games_tmp_t };
-files_tmp_file(games_tmp_t)
-ubac_constrained(games_tmp_t)
-
-type games_tmpfs_t;
-typealias games_tmpfs_t alias { user_games_tmpfs_t staff_games_tmpfs_t sysadm_games_tmpfs_t };
-typealias games_tmpfs_t alias { auditadm_games_tmpfs_t secadm_games_tmpfs_t };
-files_tmpfs_file(games_tmpfs_t)
-ubac_constrained(games_tmpfs_t)
-
-########################################
-#
-# Server local policy
-#
-
-dontaudit games_srv_t self:capability sys_tty_config;
-allow games_srv_t self:process signal_perms;
-
-manage_files_pattern(games_srv_t, games_data_t, games_data_t)
-manage_lnk_files_pattern(games_srv_t, games_data_t, games_data_t)
-
-manage_files_pattern(games_srv_t, games_srv_var_run_t, games_srv_var_run_t)
-files_pid_filetrans(games_srv_t, games_srv_var_run_t, file)
-
-can_exec(games_srv_t, games_exec_t)
-
-kernel_read_kernel_sysctls(games_srv_t)
-kernel_list_proc(games_srv_t)
-kernel_read_proc_symlinks(games_srv_t)
-
-dev_read_sysfs(games_srv_t)
-
-fs_getattr_all_fs(games_srv_t)
-fs_search_auto_mountpoints(games_srv_t)
-
-term_dontaudit_use_console(games_srv_t)
-
-domain_use_interactive_fds(games_srv_t)
-
-init_use_fds(games_srv_t)
-init_use_script_ptys(games_srv_t)
-
-logging_send_syslog_msg(games_srv_t)
-
-miscfiles_read_localization(games_srv_t)
-
-userdom_dontaudit_use_unpriv_user_fds(games_srv_t)
-
-userdom_dontaudit_search_user_home_dirs(games_srv_t)
-
-optional_policy(`
-       seutil_sigchld_newrole(games_srv_t)
-')
-
-optional_policy(`
-       udev_read_db(games_srv_t)
-')
-
-########################################
-#
-# Local policy
-#
-
-allow games_t self:sem create_sem_perms;
-allow games_t self:tcp_socket create_stream_socket_perms;
-allow games_t self:udp_socket create_socket_perms;
-
-manage_files_pattern(games_t, games_data_t, games_data_t)
-manage_lnk_files_pattern(games_t, games_data_t, games_data_t)
-
-allow games_t games_devpts_t:chr_file { rw_chr_file_perms setattr };
-term_create_pty(games_t, games_devpts_t)
-
-manage_dirs_pattern(games_t, games_tmp_t, games_tmp_t)
-manage_files_pattern(games_t, games_tmp_t, games_tmp_t)
-files_tmp_filetrans(games_t, games_tmp_t, { file dir })
-
-manage_files_pattern(games_t, games_tmpfs_t, games_tmpfs_t)
-manage_lnk_files_pattern(games_t, games_tmpfs_t, games_tmpfs_t)
-manage_fifo_files_pattern(games_t, games_tmpfs_t, games_tmpfs_t)
-manage_sock_files_pattern(games_t, games_tmpfs_t, games_tmpfs_t)
-fs_tmpfs_filetrans(games_t, games_tmpfs_t, { file lnk_file sock_file fifo_file })
-
-can_exec(games_t, games_exec_t)
-
-kernel_read_system_state(games_t)
-
-corecmd_exec_bin(games_t)
-
-corenet_all_recvfrom_unlabeled(games_t)
-corenet_all_recvfrom_netlabel(games_t)
-corenet_tcp_sendrecv_generic_if(games_t)
-corenet_udp_sendrecv_generic_if(games_t)
-corenet_tcp_sendrecv_generic_node(games_t)
-corenet_udp_sendrecv_generic_node(games_t)
-corenet_tcp_sendrecv_all_ports(games_t)
-corenet_udp_sendrecv_all_ports(games_t)
-corenet_tcp_bind_generic_node(games_t)
-corenet_tcp_bind_generic_port(games_t)
-corenet_tcp_connect_generic_port(games_t)
-corenet_sendrecv_generic_client_packets(games_t)
-corenet_sendrecv_generic_server_packets(games_t)
-
-dev_read_sound(games_t)
-dev_write_sound(games_t)
-dev_read_input(games_t)
-dev_read_mouse(games_t)
-dev_read_urand(games_t)
-
-files_list_var(games_t)
-files_search_var_lib(games_t)
-files_dontaudit_search_var(games_t)
-files_read_etc_files(games_t)
-files_read_usr_files(games_t)
-files_read_var_files(games_t)
-
-init_dontaudit_rw_utmp(games_t)
-
-logging_dontaudit_search_logs(games_t)
-
-miscfiles_read_man_pages(games_t)
-miscfiles_read_localization(games_t)
-
-sysnet_read_config(games_t)
-
-userdom_manage_user_tmp_dirs(games_t)
-userdom_manage_user_tmp_files(games_t)
-userdom_manage_user_tmp_symlinks(games_t)
-userdom_manage_user_tmp_sockets(games_t)
-# Suppress .icons denial until properly implemented
-userdom_dontaudit_read_user_home_content_files(games_t)
-
-tunable_policy(`deny_execmem',`', `
-       allow games_t self:process execmem;
-')
-
-optional_policy(`
-       nscd_socket_use(games_t)
-')
-
-optional_policy(`
-       xserver_user_x_domain_template(games, games_t, games_tmpfs_t)
-       xserver_create_xdm_tmp_sockets(games_t)
-       xserver_read_xdm_lib_files(games_t)
-')
diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te
index dedcb9aaefa62279c9b7ffd7706efa75aa62a9e5..c6ff590dd4c0e762dfd9317dc2b6a32d0d418803 100644 (file)
--- a/policy/modules/roles/staff.te
+++ b/policy/modules/roles/staff.te
@@ -241,10 +241,6 @@ ifndef(`distro_redhat',`
                dbus_role_template(staff, staff_r, staff_t)
        ')
 
-       optional_policy(`
-               games_role(staff_r, staff_t)
-       ')
-
        optional_policy(`
                gift_role(staff_r, staff_t)
        ')
diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
index f6ec2973bd5908de1b1612d3525fe7088466d6ea..25da2e3c585b95ef01e724ce0d6b7e6c7194adb6 100644 (file)
--- a/policy/modules/roles/sysadm.te
+++ b/policy/modules/roles/sysadm.te
@@ -502,10 +502,6 @@ ifndef(`distro_redhat',`
                dbus_role_template(sysadm, sysadm_r, sysadm_t)
        ')
 
-       optional_policy(`
-               games_role(sysadm_r, sysadm_t)
-       ')
-
        optional_policy(`
                gift_role(sysadm_r, sysadm_t)
        ')
diff --git a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te
index 21379abb926e9a6903f25ad63ec7bc48ad7a82e4..c3552915b575cf87c33ba623339f56ada3fa1539 100644 (file)
--- a/policy/modules/roles/unprivuser.te
+++ b/policy/modules/roles/unprivuser.te
@@ -127,10 +127,6 @@ ifndef(`distro_redhat',`
                dbus_role_template(user, user_r, user_t)
        ')
 
-       optional_policy(`
-               games_role(user_r, user_t)
-       ')
-
        optional_policy(`
                gift_role(user_r, user_t)
        ')
diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
index 30fc645162e7583973bdb59c5fd2919b8679acb0..c20830f08248859f54c446316159b6f369d1abc8 100644 (file)
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -1250,10 +1250,6 @@ template(`userdom_unpriv_user_template', `
                cron_role($1_r, $1_t)
        ')
 
-       optional_policy(`
-               games_rw_data($1_usertype)
-       ')
-
        optional_policy(`
                gpg_role($1_r, $1_usertype)
        ')
The IPFire selinux policy.