From: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Sat, 14 Jan 2012 18:45:32 +0000 (+0100)
Subject: Remove module for thumb.
X-Git-Tag: 001~9
X-Git-Url: http://git.ipfire.org/?p=people%2Fstevee%2Fselinux-policy.git;a=commitdiff_plain;h=f5fe855dd86a1a5395d174f2e7e1c379595f618d

Remove module for thumb.
---

diff --git a/policy/modules/apps/thumb.fc b/policy/modules/apps/thumb.fc
deleted file mode 100644
index a4be7588..00000000
--- a/policy/modules/apps/thumb.fc
+++ /dev/null
@@ -1,4 +0,0 @@
-
-/usr/bin/evince-thumbnailer		--	gen_context(system_u:object_r:thumb_exec_t,s0)
-/usr/bin/gnome-thumbnail-font		--	gen_context(system_u:object_r:thumb_exec_t,s0)
-/usr/bin/totem-video-thumbnailer	--	gen_context(system_u:object_r:thumb_exec_t,s0)
diff --git a/policy/modules/apps/thumb.if b/policy/modules/apps/thumb.if
deleted file mode 100644
index 5554dc9f..00000000
--- a/policy/modules/apps/thumb.if
+++ /dev/null
@@ -1,84 +0,0 @@
-
-## <summary>policy for thumb</summary>
-
-
-########################################
-## <summary>
-##	Transition to thumb.
-## </summary>
-## <param name="domain">
-## <summary>
-##	Domain allowed to transition.
-## </summary>
-## </param>
-#
-interface(`thumb_domtrans',`
-	gen_require(`
-		type thumb_t, thumb_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, thumb_exec_t, thumb_t)
-')
-
-
-########################################
-## <summary>
-##	Execute thumb in the thumb domain, and
-##	allow the specified role the thumb domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	The role to be allowed the thumb domain.
-##	</summary>
-## </param>
-#
-interface(`thumb_run',`
-	gen_require(`
-		type thumb_t;
-	')
-
-	thumb_domtrans($1)
-	role $2 types thumb_t;
-
-	allow $1 thumb_t:process signal;
-')
-
-########################################
-## <summary>
-##	Role access for thumb
-## </summary>
-## <param name="role">
-##	<summary>
-##	Role allowed access
-##	</summary>
-## </param>
-## <param name="domain">
-##	<summary>
-##	User domain for the role
-##	</summary>
-## </param>
-#
-interface(`thumb_role',`
-	gen_require(`
-		type thumb_t;
-		class dbus send_msg;
-	')
-
-	role $1 types thumb_t;
-
-	thumb_domtrans($2)
-
-	ps_process_pattern($2, thumb_t)
-	allow $2 thumb_t:process signal;
-	allow thumb_t $2:unix_stream_socket connectto;
-
-	allow $2 thumb_t:dbus send_msg;
-	allow thumb_t $2:dbus send_msg;
-')
-
diff --git a/policy/modules/apps/thumb.te b/policy/modules/apps/thumb.te
deleted file mode 100644
index b23b488e..00000000
--- a/policy/modules/apps/thumb.te
+++ /dev/null
@@ -1,82 +0,0 @@
-policy_module(thumb, 1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-type thumb_t;
-type thumb_exec_t;
-application_domain(thumb_t, thumb_exec_t)
-ubac_constrained(thumb_t)
-
-type thumb_tmp_t;
-files_tmp_file(thumb_tmp_t)
-ubac_constrained(thumb_tmp_t)
-
-########################################
-#
-# thumb local policy
-#
-
-allow thumb_t self:process { setsched signal setrlimit };
-
-tunable_policy(`deny_execmem',`',`
-	allow thumb_t self:process execmem;
-')
-
-allow thumb_t self:fifo_file manage_fifo_file_perms;
-allow thumb_t self:unix_stream_socket create_stream_socket_perms;
-allow thumb_t self:netlink_route_socket r_netlink_socket_perms;
-allow thumb_t self:udp_socket create_socket_perms;
-allow thumb_t self:tcp_socket create_socket_perms;
-
-manage_files_pattern(thumb_t, thumb_tmp_t, thumb_tmp_t)
-manage_dirs_pattern(thumb_t, thumb_tmp_t, thumb_tmp_t)
-exec_files_pattern(thumb_t, thumb_tmp_t, thumb_tmp_t)
-files_tmp_filetrans(thumb_t, thumb_tmp_t, { file dir })
-userdom_user_tmp_filetrans(thumb_t, thumb_tmp_t, { file dir })
-
-kernel_read_system_state(thumb_t)
-
-domain_use_interactive_fds(thumb_t)
-
-corecmd_exec_bin(thumb_t)
-
-dev_read_sysfs(thumb_t)
-
-domain_use_interactive_fds(thumb_t)
-
-files_read_etc_files(thumb_t)
-files_read_usr_files(thumb_t)
-
-auth_use_nsswitch(thumb_t)
-
-miscfiles_read_fonts(thumb_t)
-miscfiles_read_localization(thumb_t)
-
-sysnet_read_config(thumb_t)
-
-userdom_read_user_tmp_files(thumb_t)
-userdom_read_user_home_content_files(thumb_t)
-userdom_write_user_tmp_files(thumb_t)
-userdom_read_home_audio_files(thumb_t)
-
-userdom_use_inherited_user_ptys(thumb_t)
-
-xserver_read_xdm_home_files(thumb_t)
-xserver_append_xdm_home_files(thumb_t)
-xserver_dontaudit_read_xdm_pid(thumb_t)
-xserver_stream_connect(thumb_t)
-
-optional_policy(`
-	dbus_dontaudit_stream_connect_session_bus(thumb_t)
-	dbus_dontaudit_chat_session_bus(thumb_t)
-')
-
-optional_policy(`
-	# .config
-	gnome_dontaudit_search_config(thumb_t)
-	gnome_read_generic_data_home_files(thumb_t)
-	gnome_manage_gstreamer_home_files(thumb_t)
-') 
diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
index ba1b5ecb..db35b2e9 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -835,10 +835,6 @@ template(`userdom_common_user_template',`
 	optional_policy(`
 		slrnpull_search_spool($1_usertype)
 	')
-
-	optional_policy(`
-		thumb_role($1_r, $1_usertype)
-	')
 ')
 
 #######################################