Remove module for wm (windowmanager).

diff --git a/policy/modules/apps/wm.fc b/policy/modules/apps/wm.fc
deleted file mode 100644 (file)
index c1d10a1..0000000
--- a/policy/modules/apps/wm.fc
+++ /dev/null
@@ -1,4 +0,0 @@
-/usr/bin/gnome-shell   --      gen_context(system_u:object_r:wm_exec_t,s0)
-/usr/bin/openbox       --      gen_context(system_u:object_r:wm_exec_t,s0)
-/usr/bin/metacity      --      gen_context(system_u:object_r:wm_exec_t,s0)
-/usr/bin/twm           --      gen_context(system_u:object_r:wm_exec_t,s0)

diff --git a/policy/modules/apps/wm.if b/policy/modules/apps/wm.if
deleted file mode 100644 (file)
index 50c1a74..0000000
--- a/policy/modules/apps/wm.if
+++ /dev/null
@@ -1,116 +0,0 @@
-## <summary>X Window Managers</summary>
-
-#######################################
-## <summary>
-##     The role template for the wm module.
-## </summary>
-## <desc>
-##     <p>
-##     This template creates a derived domains which are used
-##     for window manager applications.
-##     </p>
-## </desc>
-## <param name="role_prefix">
-##     <summary>
-##     The prefix of the user domain (e.g., user
-##     is the prefix for user_t).
-##     </summary>
-## </param>
-## <param name="user_role">
-##     <summary>
-##     The role associated with the user domain.
-##     </summary>
-## </param>
-## <param name="user_domain">
-##     <summary>
-##     The type of the user domain.
-##     </summary>
-## </param>
-#
-template(`wm_role_template',`
-       gen_require(`
-               type wm_exec_t;
-               class dbus send_msg;
-       ')
-
-       type $1_wm_t;
-       domain_type($1_wm_t)
-       domain_entry_file($1_wm_t, wm_exec_t)
-       role $2 types $1_wm_t;
-
-       allow $1_wm_t self:fifo_file rw_fifo_file_perms;
-       allow $1_wm_t self:process getsched;
-       allow $1_wm_t self:shm create_shm_perms;
-
-       allow $1_wm_t $3:unix_stream_socket connectto;
-       allow $3 $1_wm_t:unix_stream_socket connectto;
-       allow $3 $1_wm_t:process { signal sigchld signull };
-       allow $1_wm_t $3:process { signull sigkill };
-
-       allow $1_wm_t $3:dbus send_msg;
-       allow $3 $1_wm_t:dbus send_msg;
-
-       domtrans_pattern($3, wm_exec_t, $1_wm_t)
-
-       kernel_read_system_state($1_wm_t)
-
-       corecmd_bin_domtrans($1_wm_t, $3)
-       corecmd_shell_domtrans($1_wm_t, $3)
-
-       dev_read_urand($1_wm_t)
-
-       files_read_etc_files($1_wm_t)
-       files_read_usr_files($1_wm_t)
-
-       fs_getattr_tmpfs($1_wm_t)
-
-       mls_file_read_all_levels($1_wm_t)
-       mls_file_write_all_levels($1_wm_t)
-       mls_xwin_read_all_levels($1_wm_t)
-       mls_xwin_write_all_levels($1_wm_t)
-       mls_fd_use_all_levels($1_wm_t)
-
-       auth_use_nsswitch($1_wm_t)
-
-       application_signull($1_wm_t)
-
-       miscfiles_read_fonts($1_wm_t)
-       miscfiles_read_localization($1_wm_t)
-
-       userdom_manage_home_role($2, $1_wm_t)
-       userdom_manage_tmpfs_role($2, $1_wm_t)
-       userdom_manage_tmp_role($2, $1_wm_t)
-       userdom_exec_user_tmp_files($1_wm_t)
-
-       optional_policy(`
-               dbus_system_bus_client($1_wm_t)
-               dbus_session_bus_client($1_wm_t)
-       ')
-
-       optional_policy(`
-               pulseaudio_stream_connect($1_wm_t)
-       ')
-
-       optional_policy(`
-               xserver_role($2, $1_wm_t)
-               xserver_manage_core_devices($1_wm_t)
-       ')
-')
-
-########################################
-## <summary>
-##     Execute the wm program in the wm domain.
-## </summary>
-## <param name="domain">
-##     <summary>
-##     Domain allowed access.
-##     </summary>
-## </param>
-#
-interface(`wm_exec',`
-       gen_require(`
-               type wm_exec_t;
-       ')
-
-       can_exec($1, wm_exec_t)
-')

diff --git a/policy/modules/apps/wm.te b/policy/modules/apps/wm.te
deleted file mode 100644 (file)
index 03cd479..0000000
--- a/policy/modules/apps/wm.te
+++ /dev/null
@@ -1,9 +0,0 @@
-policy_module(wm, 1.1.1)
-
-########################################
-#
-# Declarations
-#
-
-type wm_exec_t;
-corecmd_executable_file(wm_exec_t)

diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
index 49cd5831903a1f985d09ff3543dee6681ae28f96..2bf72ddec9d4e3d88a21f3eac5080c7c66c0c562 100644 (file)
--- a/policy/modules/services/xserver.te
+++ b/policy/modules/services/xserver.te
@@ -871,10 +871,6 @@ optional_policy(`
     vdagent_stream_connect(xdm_t)
 ')
 
-optional_policy(`
-       wm_exec(xdm_t)
-')
-
 optional_policy(`
        xfs_stream_connect(xdm_t)
 ')

diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index a31341816b2e5048d3eee77ad803b5b0f527f62c..8146289dc501b673e86d286b94baed4dc89b8438 100644 (file)
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -1239,9 +1239,6 @@ optional_policy(`
 optional_policy(`
        # Set device ownerships/modes.
        xserver_setattr_console_pipes(initrc_t)
-
-       # init script wants to check if it needs to update windowmanagerlist
-       xserver_read_xdm_rw_config(initrc_t)
 ')
 
 optional_policy(`

diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
index 481781fe5b2005dfa5473ec66266f116a94bf276..10b54670a6b8785586bd866456e5c960f94f0dcb 100644 (file)
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -1147,10 +1147,6 @@ template(`userdom_restricted_xwindows_user_template',`
        optional_policy(`
                udev_read_db($1_usertype)
         ')
-
-       optional_policy(`
-               wm_role_template($1, $1_r, $1_t)
-       ')
 ')
 
 #######################################