Remove module for wine.

author Stefan Schantl <stefan.schantl@ipfire.org>

Sat, 14 Jan 2012 19:14:36 +0000 (20:14 +0100)

committer Stefan Schantl <stefan.schantl@ipfire.org>

Sat, 14 Jan 2012 19:14:36 +0000 (20:14 +0100)
author Stefan Schantl <stefan.schantl@ipfire.org>
Sat, 14 Jan 2012 19:14:36 +0000 (20:14 +0100)
committer Stefan Schantl <stefan.schantl@ipfire.org>
Sat, 14 Jan 2012 19:14:36 +0000 (20:14 +0100)
diff --git a/policy/modules/apps/wine.fc b/policy/modules/apps/wine.fc

deleted file mode 100644 (file)

index 2666317..0000000
--- a/policy/modules/apps/wine.fc
+++ /dev/null
@@ -1,23 +0,0 @@
-HOME_DIR/cxoffice/bin/wine.+   --      gen_context(system_u:object_r:wine_exec_t,s0)
-
-/opt/cxoffice/bin/wine.*       --      gen_context(system_u:object_r:wine_exec_t,s0)
-
-/opt/google/picasa(/.*)?/Picasa3/.*exe --      gen_context(system_u:object_r:wine_exec_t,s0)
-/opt/google/picasa(/.*)?/bin/msiexec --        gen_context(system_u:object_r:wine_exec_t,s0)
-/opt/google/picasa(/.*)?/bin/notepad --        gen_context(system_u:object_r:wine_exec_t,s0)
-/opt/google/picasa(/.*)?/bin/progman --        gen_context(system_u:object_r:wine_exec_t,s0)
-/opt/google/picasa(/.*)?/bin/regsvr32 -- gen_context(system_u:object_r:wine_exec_t,s0)
-/opt/google/picasa(/.*)?/bin/regedit --        gen_context(system_u:object_r:wine_exec_t,s0)
-/opt/google/picasa(/.*)?/bin/uninstaller -- gen_context(system_u:object_r:wine_exec_t,s0)
-/opt/google/picasa(/.*)?/bin/wdi --    gen_context(system_u:object_r:wine_exec_t,s0)
-/opt/google/picasa(/.*)?/bin/wine.* -- gen_context(system_u:object_r:wine_exec_t,s0)
-/opt/teamviewer(/.*)?/bin/wine.* --    gen_context(system_u:object_r:wine_exec_t,s0)
-
-/opt/picasa/wine/bin/wine.*    --      gen_context(system_u:object_r:wine_exec_t,s0)
-
-/usr/bin/msiexec               --      gen_context(system_u:object_r:wine_exec_t,s0)
-/usr/bin/notepad               --      gen_context(system_u:object_r:wine_exec_t,s0)
-/usr/bin/regsvr32              --      gen_context(system_u:object_r:wine_exec_t,s0)
-/usr/bin/regedit               --      gen_context(system_u:object_r:wine_exec_t,s0)
-/usr/bin/uninstaller           --      gen_context(system_u:object_r:wine_exec_t,s0)
-/usr/bin/wine.*                        --      gen_context(system_u:object_r:wine_exec_t,s0)
diff --git a/policy/modules/apps/wine.if b/policy/modules/apps/wine.if

deleted file mode 100644 (file)

index 00a98f1..0000000
--- a/policy/modules/apps/wine.if
+++ /dev/null
@@ -1,186 +0,0 @@
-## <summary>Wine Is Not an Emulator.  Run Windows programs in Linux.</summary>
-
-#######################################
-## <summary>
-##     The per role template for the wine module.
-## </summary>
-## <desc>
-##     <p>
-##     This template creates a derived domains which are used
-##     for wine applications.
-##     </p>
-## </desc>
-## <param name="userdomain_prefix">
-##     <summary>
-##     The prefix of the user domain (e.g., user
-##     is the prefix for user_t).
-##     </summary>
-## </param>
-## <param name="user_domain">
-##     <summary>
-##     The type of the user domain.
-##     </summary>
-## </param>
-## <param name="user_role">
-##     <summary>
-##     The role associated with the user domain.
-##     </summary>
-## </param>
-#
-template(`wine_role',`
-       gen_require(`
-               type wine_t;
-               type wine_home_t;
-               type wine_exec_t;
-       ')
-
-       role $1 types wine_t;
-
-       domain_auto_trans($2, wine_exec_t, wine_t)
-       # Unrestricted inheritance from the caller.
-       allow $2 wine_t:process { noatsecure siginh rlimitinh };
-       allow wine_t $2:fd use;
-       allow wine_t $2:process { sigchld signull };
-       allow wine_t $2:unix_stream_socket connectto;
-
-       # Allow the user domain to signal/ps.
-       ps_process_pattern($2, wine_t)
-       allow $2 wine_t:process signal_perms;
-
-       allow $2 wine_t:fd use;
-       allow $2 wine_t:shm { associate getattr  unix_read unix_write };
-       allow $2 wine_t:unix_stream_socket connectto;
-
-       # X access, Home files
-       manage_dirs_pattern($2, wine_home_t, wine_home_t)
-       manage_files_pattern($2, wine_home_t, wine_home_t)
-       manage_lnk_files_pattern($2, wine_home_t, wine_home_t)
-       relabel_dirs_pattern($2, wine_home_t, wine_home_t)
-       relabel_files_pattern($2, wine_home_t, wine_home_t)
-       relabel_lnk_files_pattern($2, wine_home_t, wine_home_t)
-')
-
-#######################################
-## <summary>
-##     The role template for the wine module.
-## </summary>
-## <desc>
-##     <p>
-##     This template creates a derived domains which are used
-##     for wine applications.
-##     </p>
-## </desc>
-## <param name="role_prefix">
-##     <summary>
-##     The prefix of the user domain (e.g., user
-##     is the prefix for user_t).
-##     </summary>
-## </param>
-## <param name="user_role">
-##     <summary>
-##     The role associated with the user domain.
-##     </summary>
-## </param>
-## <param name="user_domain">
-##     <summary>
-##     The type of the user domain.
-##     </summary>
-## </param>
-#
-template(`wine_role_template',`
-       gen_require(`
-               type wine_t;
-               type wine_exec_t;
-       ')
-
-       type $1_wine_t;
-       domain_type($1_wine_t)
-       domain_entry_file($1_wine_t, wine_exec_t)
-       ubac_constrained($1_wine_t)
-       role $2 types $1_wine_t;
-
-       allow $1_wine_t self:process { execmem execstack };
-       allow $3 $1_wine_t:process { getattr noatsecure signal_perms };
-       domtrans_pattern($3, wine_exec_t, $1_wine_t)
-       corecmd_bin_domtrans($1_wine_t, $1_t)
-
-       userdom_unpriv_usertype($1, $1_wine_t)
-       userdom_manage_tmpfs_role($2, $1_wine_t)
-
-       domain_mmap_low($1_wine_t)
-
-       tunable_policy(`wine_mmap_zero_ignore',`
-               dontaudit $1_wine_t self:memprotect mmap_zero;
-       ')
-
-       tunable_policy(`wine_mmap_zero_ignore',`
-               dontaudit $1_wine_t self:memprotect mmap_zero;
-       ')
-
-       optional_policy(`
-               xserver_role($1_r, $1_wine_t)
-       ')
-')
-
-########################################
-## <summary>
-##     Execute the wine program in the wine domain.
-## </summary>
-## <param name="domain">
-##     <summary>
-##     Domain allowed to transition.
-##     </summary>
-## </param>
-#
-interface(`wine_domtrans',`
-       gen_require(`
-               type wine_t, wine_exec_t;
-       ')
-
-       corecmd_search_bin($1)
-       domtrans_pattern($1, wine_exec_t, wine_t)
-')
-
-########################################
-## <summary>
-##     Execute wine in the wine domain, and
-##     allow the specified role the wine domain.
-## </summary>
-## <param name="domain">
-##     <summary>
-##     Domain allowed to transition.
-##     </summary>
-## </param>
-## <param name="role">
-##     <summary>
-##     Role allowed access.
-##     </summary>
-## </param>
-#
-interface(`wine_run',`
-       gen_require(`
-               type wine_t;
-       ')
-
-       wine_domtrans($1)
-       role $2 types wine_t;
-')
-
-########################################
-## <summary>
-##     Read and write wine Shared
-##     memory segments.
-## </summary>
-## <param name="domain">
-##     <summary>
-##     Domain allowed access.
-##     </summary>
-## </param>
-#
-interface(`wine_rw_shm',`
-       gen_require(`
-               type wine_t;
-       ')
-
-       allow $1 wine_t:shm rw_shm_perms;
-')
diff --git a/policy/modules/apps/wine.te b/policy/modules/apps/wine.te

deleted file mode 100644 (file)

index e3de8fa..0000000
--- a/policy/modules/apps/wine.te
+++ /dev/null
@@ -1,64 +0,0 @@
-policy_module(wine, 1.8.1)
-
-########################################
-#
-# Declarations
-#
-
-## <desc>
-## <p>
-##     Ignore wine mmap_zero errors.
-## </p>
-## </desc>
-gen_tunable(wine_mmap_zero_ignore, false)
-
-type wine_t;
-type wine_exec_t;
-application_domain(wine_t, wine_exec_t)
-ubac_constrained(wine_t)
-role system_r types wine_t;
-
-type wine_tmp_t;
-files_tmp_file(wine_tmp_t)
-ubac_constrained(wine_tmp_t)
-
-########################################
-#
-# Local policy
-#
-
-allow wine_t self:process { execstack execmem execheap };
-allow wine_t self:fifo_file manage_fifo_file_perms;
-
-can_exec(wine_t, wine_exec_t)
-
-manage_dirs_pattern(wine_t, wine_tmp_t, wine_tmp_t)
-manage_files_pattern(wine_t, wine_tmp_t, wine_tmp_t)
-files_tmp_filetrans(wine_t, wine_tmp_t, { file dir })
-
-domain_mmap_low(wine_t)
-
-files_execmod_all_files(wine_t)
-
-userdom_use_inherited_user_terminals(wine_t)
-
-tunable_policy(`wine_mmap_zero_ignore',`
-       dontaudit wine_t self:memprotect mmap_zero;
-')
-
-optional_policy(`
-       hal_dbus_chat(wine_t)
-')
-
-optional_policy(`
-       policykit_dbus_chat(wine_t)
-')
-
-optional_policy(`
-       unconfined_domain(wine_t)
-')
-
-optional_policy(`
-       xserver_read_xdm_pid(wine_t)
-       xserver_rw_shm(wine_t)
-')
diff --git a/policy/modules/roles/unconfineduser.te b/policy/modules/roles/unconfineduser.te

index 226a9b540c59bcf5206d2ccdd0202e25165262a4..60577c702339bba460fed1819759b4871f84deac 100644 (file)
--- a/policy/modules/roles/unconfineduser.te
+++ b/policy/modules/roles/unconfineduser.te
@@ -328,10 +328,6 @@ optional_policy(`
         webalizer_run(unconfined_t, unconfined_r)
  ')
  
-optional_policy(`
-       wine_run(unconfined_t, unconfined_r)
-')
-
  optional_policy(`
         xserver_run(unconfined_t, unconfined_r)
         xserver_manage_home_fonts(unconfined_t)
diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te

index 91fc3eee94d4f475f89788c156f8389a4af8f1b0..49cd5831903a1f985d09ff3543dee6681ae28f96 100644 (file)
--- a/policy/modules/services/xserver.te
+++ b/policy/modules/services/xserver.te
@@ -1147,10 +1147,6 @@ optional_policy(`
         userhelper_search_config(xserver_t)
  ')
  
-optional_policy(`
-       wine_rw_shm(xserver_t)
-')
-
  optional_policy(`
         xfs_stream_connect(xserver_t)
  ')
diff --git a/policy/modules/system/libraries.fc b/policy/modules/system/libraries.fc

index a957a6c0ee0d8adff5ad247d906b822cacd9315e..b110540cc6c5c8ac9e60294e946d8246f2b3bee8 100644 (file)
--- a/policy/modules/system/libraries.fc
+++ b/policy/modules/system/libraries.fc
@@ -89,7 +89,6 @@ ifdef(`distro_redhat',`
  /opt/Adobe/Reader.?/Reader/intellinux/plug_ins/.*\.api -- gen_context(system_u:object_r:textrel_shlib_t,s0)
  /opt/Adobe/Reader.?/Reader/intellinux/SPPlugins/.*\.ap[il] -- gen_context(system_u:object_r:lib_t,s0)
  /opt/cisco-vpnclient/lib/libvpnapi\.so --      gen_context(system_u:object_r:textrel_shlib_t,s0)
-/opt/cx.*/lib/wine/.+\.so              --      gen_context(system_u:object_r:textrel_shlib_t,s0)
  /opt/f-secure/fspms/libexec/librapi\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
  /opt/ibm/java.*/jre/.+\.jar            --      gen_context(system_u:object_r:lib_t,s0)
  /opt/ibm/java.*/jre/.+\.so(\.[^/]*)*   --      gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -159,7 +158,6 @@ ifdef(`distro_redhat',`
  /usr/lib/xorg/modules/glesx\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
  
  /usr/(local/)?.*\.so(\.[^/]*)*         --      gen_context(system_u:object_r:lib_t,s0)
-/usr/(local/)?lib/wine/.+\.so  --      gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/(local/)?lib/(sse2/)?libfame-.*\.so.*     --      gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/NX/lib/libXcomp\.so.*             --      gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/NX/lib/libjpeg\.so.*              --      gen_context(system_u:object_r:textrel_shlib_t,s0)
diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if

index db35b2e9b93284ed366bfa5068b010d7eadd63ea..481781fe5b2005dfa5473ec66266f116a94bf276 100644 (file)
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -1261,10 +1261,6 @@ template(`userdom_unpriv_user_template', `
                 mount_read_pid_files($1_t)
         ')
  
-       optional_policy(`
-               wine_role_template($1, $1_r, $1_t)
-       ')
-
         optional_policy(`
                 postfix_run_postdrop($1_t, $1_r)
                 postfix_search_spool($1_t)
author	Stefan Schantl <stefan.schantl@ipfire.org>
	Sat, 14 Jan 2012 19:14:36 +0000 (20:14 +0100)
committer	Stefan Schantl <stefan.schantl@ipfire.org>
	Sat, 14 Jan 2012 19:14:36 +0000 (20:14 +0100)
policy/modules/apps/wine.fc	[deleted file]	patch \| blob \| blame \| history
policy/modules/apps/wine.if	[deleted file]	patch \| blob \| blame \| history
policy/modules/apps/wine.te	[deleted file]	patch \| blob \| blame \| history
policy/modules/roles/unconfineduser.te		patch \| blob \| blame \| history
policy/modules/services/xserver.te		patch \| blob \| blame \| history
policy/modules/system/libraries.fc		patch \| blob \| blame \| history
policy/modules/system/userdomain.if		patch \| blob \| blame \| history