From: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Sat, 14 Jan 2012 19:20:58 +0000 (+0100)
Subject: Remove module for wm (windowmanager).
X-Git-Tag: 001~4
X-Git-Url: http://git.ipfire.org/?p=people%2Fstevee%2Fselinux-policy.git;a=commitdiff_plain;h=e61b06ba72f9eb92179f5682c64f171cca49436a

Remove module for wm (windowmanager).
---

diff --git a/policy/modules/apps/wm.fc b/policy/modules/apps/wm.fc
deleted file mode 100644
index c1d10a11..00000000
--- a/policy/modules/apps/wm.fc
+++ /dev/null
@@ -1,4 +0,0 @@
-/usr/bin/gnome-shell	--	gen_context(system_u:object_r:wm_exec_t,s0)
-/usr/bin/openbox	--	gen_context(system_u:object_r:wm_exec_t,s0)
-/usr/bin/metacity	--	gen_context(system_u:object_r:wm_exec_t,s0)
-/usr/bin/twm		--	gen_context(system_u:object_r:wm_exec_t,s0)
diff --git a/policy/modules/apps/wm.if b/policy/modules/apps/wm.if
deleted file mode 100644
index 50c1a748..00000000
--- a/policy/modules/apps/wm.if
+++ /dev/null
@@ -1,116 +0,0 @@
-## <summary>X Window Managers</summary>
-
-#######################################
-## <summary>
-##	The role template for the wm module.
-## </summary>
-## <desc>
-##	<p>
-##	This template creates a derived domains which are used
-##	for window manager applications.
-##	</p>
-## </desc>
-## <param name="role_prefix">
-##	<summary>
-##	The prefix of the user domain (e.g., user
-##	is the prefix for user_t).
-##	</summary>
-## </param>
-## <param name="user_role">
-##	<summary>
-##	The role associated with the user domain.
-##	</summary>
-## </param>
-## <param name="user_domain">
-##	<summary>
-##	The type of the user domain.
-##	</summary>
-## </param>
-#
-template(`wm_role_template',`
-	gen_require(`
-		type wm_exec_t;
-		class dbus send_msg;
-	')
-
-	type $1_wm_t;
-	domain_type($1_wm_t)
-	domain_entry_file($1_wm_t, wm_exec_t)
-	role $2 types $1_wm_t;
-
-	allow $1_wm_t self:fifo_file rw_fifo_file_perms;
-	allow $1_wm_t self:process getsched;
-	allow $1_wm_t self:shm create_shm_perms;
-
-	allow $1_wm_t $3:unix_stream_socket connectto;
-	allow $3 $1_wm_t:unix_stream_socket connectto;
-	allow $3 $1_wm_t:process { signal sigchld signull };
-	allow $1_wm_t $3:process { signull sigkill };
-
-	allow $1_wm_t $3:dbus send_msg;
-	allow $3 $1_wm_t:dbus send_msg;
-
-	domtrans_pattern($3, wm_exec_t, $1_wm_t)
-
-	kernel_read_system_state($1_wm_t)
-
-	corecmd_bin_domtrans($1_wm_t, $3)
-	corecmd_shell_domtrans($1_wm_t, $3)
-
-	dev_read_urand($1_wm_t)
-
-	files_read_etc_files($1_wm_t)
-	files_read_usr_files($1_wm_t)
-
-	fs_getattr_tmpfs($1_wm_t)
-
-	mls_file_read_all_levels($1_wm_t)
-	mls_file_write_all_levels($1_wm_t)
-	mls_xwin_read_all_levels($1_wm_t)
-	mls_xwin_write_all_levels($1_wm_t)
-	mls_fd_use_all_levels($1_wm_t)
-
-	auth_use_nsswitch($1_wm_t)
-
-	application_signull($1_wm_t)
-
-	miscfiles_read_fonts($1_wm_t)
-	miscfiles_read_localization($1_wm_t)
-
-	userdom_manage_home_role($2, $1_wm_t)
-	userdom_manage_tmpfs_role($2, $1_wm_t)
-	userdom_manage_tmp_role($2, $1_wm_t)
-	userdom_exec_user_tmp_files($1_wm_t)
-
-	optional_policy(`
-		dbus_system_bus_client($1_wm_t)
-		dbus_session_bus_client($1_wm_t)
-	')
-
-	optional_policy(`
-		pulseaudio_stream_connect($1_wm_t)
-	')
-
-	optional_policy(`
-		xserver_role($2, $1_wm_t)
-		xserver_manage_core_devices($1_wm_t)
-	')
-')
-
-########################################
-## <summary>
-##	Execute the wm program in the wm domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`wm_exec',`
-	gen_require(`
-		type wm_exec_t;
-	')
-
-	can_exec($1, wm_exec_t)
-')
diff --git a/policy/modules/apps/wm.te b/policy/modules/apps/wm.te
deleted file mode 100644
index 03cd479f..00000000
--- a/policy/modules/apps/wm.te
+++ /dev/null
@@ -1,9 +0,0 @@
-policy_module(wm, 1.1.1)
-
-########################################
-#
-# Declarations
-#
-
-type wm_exec_t;
-corecmd_executable_file(wm_exec_t)
diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
index 49cd5831..2bf72dde 100644
--- a/policy/modules/services/xserver.te
+++ b/policy/modules/services/xserver.te
@@ -871,10 +871,6 @@ optional_policy(`
     vdagent_stream_connect(xdm_t)
 ')
 
-optional_policy(`
-	wm_exec(xdm_t)
-')
-
 optional_policy(`
 	xfs_stream_connect(xdm_t)
 ')
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index a3134181..8146289d 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -1239,9 +1239,6 @@ optional_policy(`
 optional_policy(`
 	# Set device ownerships/modes.
 	xserver_setattr_console_pipes(initrc_t)
-
-	# init script wants to check if it needs to update windowmanagerlist
-	xserver_read_xdm_rw_config(initrc_t)
 ')
 
 optional_policy(`
diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
index 481781fe..10b54670 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -1147,10 +1147,6 @@ template(`userdom_restricted_xwindows_user_template',`
 	optional_policy(`
 		udev_read_db($1_usertype)
         ')
-
-	optional_policy(`
-		wm_role_template($1, $1_r, $1_t)
-	')
 ')
 
 #######################################