Remove module for thumb.

diff --git a/policy/modules/apps/thumb.fc b/policy/modules/apps/thumb.fc
deleted file mode 100644 (file)
index a4be758..0000000
--- a/policy/modules/apps/thumb.fc
+++ /dev/null
@@ -1,4 +0,0 @@
-
-/usr/bin/evince-thumbnailer            --      gen_context(system_u:object_r:thumb_exec_t,s0)
-/usr/bin/gnome-thumbnail-font          --      gen_context(system_u:object_r:thumb_exec_t,s0)
-/usr/bin/totem-video-thumbnailer       --      gen_context(system_u:object_r:thumb_exec_t,s0)

diff --git a/policy/modules/apps/thumb.if b/policy/modules/apps/thumb.if
deleted file mode 100644 (file)
index 5554dc9..0000000
--- a/policy/modules/apps/thumb.if
+++ /dev/null
@@ -1,84 +0,0 @@
-
-## <summary>policy for thumb</summary>
-
-
-########################################
-## <summary>
-##     Transition to thumb.
-## </summary>
-## <param name="domain">
-## <summary>
-##     Domain allowed to transition.
-## </summary>
-## </param>
-#
-interface(`thumb_domtrans',`
-       gen_require(`
-               type thumb_t, thumb_exec_t;
-       ')
-
-       corecmd_search_bin($1)
-       domtrans_pattern($1, thumb_exec_t, thumb_t)
-')
-
-
-########################################
-## <summary>
-##     Execute thumb in the thumb domain, and
-##     allow the specified role the thumb domain.
-## </summary>
-## <param name="domain">
-##     <summary>
-##     Domain allowed to transition
-##     </summary>
-## </param>
-## <param name="role">
-##     <summary>
-##     The role to be allowed the thumb domain.
-##     </summary>
-## </param>
-#
-interface(`thumb_run',`
-       gen_require(`
-               type thumb_t;
-       ')
-
-       thumb_domtrans($1)
-       role $2 types thumb_t;
-
-       allow $1 thumb_t:process signal;
-')
-
-########################################
-## <summary>
-##     Role access for thumb
-## </summary>
-## <param name="role">
-##     <summary>
-##     Role allowed access
-##     </summary>
-## </param>
-## <param name="domain">
-##     <summary>
-##     User domain for the role
-##     </summary>
-## </param>
-#
-interface(`thumb_role',`
-       gen_require(`
-               type thumb_t;
-               class dbus send_msg;
-       ')
-
-       role $1 types thumb_t;
-
-       thumb_domtrans($2)
-
-       ps_process_pattern($2, thumb_t)
-       allow $2 thumb_t:process signal;
-       allow thumb_t $2:unix_stream_socket connectto;
-
-       allow $2 thumb_t:dbus send_msg;
-       allow thumb_t $2:dbus send_msg;
-')
-

diff --git a/policy/modules/apps/thumb.te b/policy/modules/apps/thumb.te
deleted file mode 100644 (file)
index b23b488..0000000
--- a/policy/modules/apps/thumb.te
+++ /dev/null
@@ -1,82 +0,0 @@
-policy_module(thumb, 1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-type thumb_t;
-type thumb_exec_t;
-application_domain(thumb_t, thumb_exec_t)
-ubac_constrained(thumb_t)
-
-type thumb_tmp_t;
-files_tmp_file(thumb_tmp_t)
-ubac_constrained(thumb_tmp_t)
-
-########################################
-#
-# thumb local policy
-#
-
-allow thumb_t self:process { setsched signal setrlimit };
-
-tunable_policy(`deny_execmem',`',`
-       allow thumb_t self:process execmem;
-')
-
-allow thumb_t self:fifo_file manage_fifo_file_perms;
-allow thumb_t self:unix_stream_socket create_stream_socket_perms;
-allow thumb_t self:netlink_route_socket r_netlink_socket_perms;
-allow thumb_t self:udp_socket create_socket_perms;
-allow thumb_t self:tcp_socket create_socket_perms;
-
-manage_files_pattern(thumb_t, thumb_tmp_t, thumb_tmp_t)
-manage_dirs_pattern(thumb_t, thumb_tmp_t, thumb_tmp_t)
-exec_files_pattern(thumb_t, thumb_tmp_t, thumb_tmp_t)
-files_tmp_filetrans(thumb_t, thumb_tmp_t, { file dir })
-userdom_user_tmp_filetrans(thumb_t, thumb_tmp_t, { file dir })
-
-kernel_read_system_state(thumb_t)
-
-domain_use_interactive_fds(thumb_t)
-
-corecmd_exec_bin(thumb_t)
-
-dev_read_sysfs(thumb_t)
-
-domain_use_interactive_fds(thumb_t)
-
-files_read_etc_files(thumb_t)
-files_read_usr_files(thumb_t)
-
-auth_use_nsswitch(thumb_t)
-
-miscfiles_read_fonts(thumb_t)
-miscfiles_read_localization(thumb_t)
-
-sysnet_read_config(thumb_t)
-
-userdom_read_user_tmp_files(thumb_t)
-userdom_read_user_home_content_files(thumb_t)
-userdom_write_user_tmp_files(thumb_t)
-userdom_read_home_audio_files(thumb_t)
-
-userdom_use_inherited_user_ptys(thumb_t)
-
-xserver_read_xdm_home_files(thumb_t)
-xserver_append_xdm_home_files(thumb_t)
-xserver_dontaudit_read_xdm_pid(thumb_t)
-xserver_stream_connect(thumb_t)
-
-optional_policy(`
-       dbus_dontaudit_stream_connect_session_bus(thumb_t)
-       dbus_dontaudit_chat_session_bus(thumb_t)
-')
-
-optional_policy(`
-       # .config
-       gnome_dontaudit_search_config(thumb_t)
-       gnome_read_generic_data_home_files(thumb_t)
-       gnome_manage_gstreamer_home_files(thumb_t)
-') 

diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
index ba1b5ecb780461c15d311f89fd2eaa5f81594850..db35b2e9b93284ed366bfa5068b010d7eadd63ea 100644 (file)
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -835,10 +835,6 @@ template(`userdom_common_user_template',`
        optional_policy(`
                slrnpull_search_spool($1_usertype)
        ')
        optional_policy(`
                slrnpull_search_spool($1_usertype)
        ')

-
-       optional_policy(`
-               thumb_role($1_r, $1_usertype)
-       ')

 ')
 
 #######################################
 ')
 
 #######################################