From fb62d68c9135b7c88d16512a42698eabab4cc4e5 Mon Sep 17 00:00:00 2001
From: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Sat, 21 Jan 2012 21:21:17 +0100
Subject: [PATCH] Remove module for backup.

---
 policy/modules/admin/backup.fc | 13 ------
 policy/modules/admin/backup.if | 45 ------------------
 policy/modules/admin/backup.te | 85 ----------------------------------
 policy/modules/roles/sysadm.te |  4 --
 4 files changed, 147 deletions(-)
 delete mode 100644 policy/modules/admin/backup.fc
 delete mode 100644 policy/modules/admin/backup.if
 delete mode 100644 policy/modules/admin/backup.te

diff --git a/policy/modules/admin/backup.fc b/policy/modules/admin/backup.fc
deleted file mode 100644
index 223b7f20..00000000
--- a/policy/modules/admin/backup.fc
+++ /dev/null
@@ -1,13 +0,0 @@
-# backup
-# label programs that do backups to other files on disk (IE a cron job that
-# calls tar) in backup_exec_t and label the directory for storing them as
-# backup_store_t, Debian uses /var/backups
-
-#/usr/local/bin/backup-script	--	gen_context(system_u:object_r:backup_exec_t,s0)
-
-ifdef(`distro_debian',`
-/etc/cron.daily/aptitude	--	gen_context(system_u:object_r:backup_exec_t,s0)
-/etc/cron.daily/standard	--	gen_context(system_u:object_r:backup_exec_t,s0)
-')
-
-/var/backups(/.*)?			gen_context(system_u:object_r:backup_store_t,s0)
diff --git a/policy/modules/admin/backup.if b/policy/modules/admin/backup.if
deleted file mode 100644
index 1017b7aa..00000000
--- a/policy/modules/admin/backup.if
+++ /dev/null
@@ -1,45 +0,0 @@
-## <summary>System backup scripts</summary>
-
-########################################
-## <summary>
-##	Execute backup in the backup domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`backup_domtrans',`
-	gen_require(`
-		type backup_t, backup_exec_t;
-	')
-
-	domtrans_pattern($1, backup_exec_t, backup_t)
-')
-
-########################################
-## <summary>
-##	Execute backup in the backup domain, and
-##	allow the specified role the backup domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`backup_run',`
-	gen_require(`
-		type backup_t;
-	')
-
-	backup_domtrans($1)
-	role $2 types backup_t;
-')
diff --git a/policy/modules/admin/backup.te b/policy/modules/admin/backup.te
deleted file mode 100644
index af95b7ae..00000000
--- a/policy/modules/admin/backup.te
+++ /dev/null
@@ -1,85 +0,0 @@
-policy_module(backup, 1.5.0)
-
-########################################
-#
-# Declarations
-#
-
-type backup_t;
-type backup_exec_t;
-domain_type(backup_t)
-domain_entry_file(backup_t, backup_exec_t)
-role system_r types backup_t;
-
-type backup_store_t;
-files_type(backup_store_t)
-
-########################################
-#
-# Local policy
-#
-
-allow backup_t self:capability dac_override;
-allow backup_t self:process signal;
-allow backup_t self:fifo_file rw_fifo_file_perms;
-allow backup_t self:tcp_socket create_socket_perms;
-allow backup_t self:udp_socket create_socket_perms;
-
-allow backup_t backup_store_t:file setattr;
-manage_files_pattern(backup_t, backup_store_t, backup_store_t)
-rw_files_pattern(backup_t, backup_store_t, backup_store_t)
-read_lnk_files_pattern(backup_t, backup_store_t, backup_store_t)
-
-kernel_read_system_state(backup_t)
-kernel_read_kernel_sysctls(backup_t)
-
-corecmd_exec_bin(backup_t)
-corecmd_exec_shell(backup_t)
-
-corenet_all_recvfrom_unlabeled(backup_t)
-corenet_all_recvfrom_netlabel(backup_t)
-corenet_tcp_sendrecv_generic_if(backup_t)
-corenet_udp_sendrecv_generic_if(backup_t)
-corenet_raw_sendrecv_generic_if(backup_t)
-corenet_tcp_sendrecv_generic_node(backup_t)
-corenet_udp_sendrecv_generic_node(backup_t)
-corenet_raw_sendrecv_generic_node(backup_t)
-corenet_tcp_sendrecv_all_ports(backup_t)
-corenet_udp_sendrecv_all_ports(backup_t)
-corenet_tcp_connect_all_ports(backup_t)
-corenet_sendrecv_all_client_packets(backup_t)
-
-dev_getattr_all_blk_files(backup_t)
-dev_getattr_all_chr_files(backup_t)
-# for SSP
-dev_read_urand(backup_t)
-
-domain_use_interactive_fds(backup_t)
-
-files_read_all_files(backup_t)
-files_read_all_symlinks(backup_t)
-files_getattr_all_pipes(backup_t)
-files_getattr_all_sockets(backup_t)
-
-fs_getattr_xattr_fs(backup_t)
-fs_list_all(backup_t)
-
-auth_read_shadow(backup_t)
-
-logging_send_syslog_msg(backup_t)
-
-sysnet_read_config(backup_t)
-
-userdom_use_inherited_user_terminals(backup_t)
-
-optional_policy(`
-	cron_system_entry(backup_t, backup_exec_t)
-')
-
-optional_policy(`
-	hostname_exec(backup_t)
-')
-
-optional_policy(`
-	nis_use_ypbind(backup_t)
-')
diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
index 615a74e8..ad25549f 100644
--- a/policy/modules/roles/sysadm.te
+++ b/policy/modules/roles/sysadm.te
@@ -111,10 +111,6 @@ optional_policy(`
 	auditadm_role_change(sysadm_r)
 ')
 
-optional_policy(`
-	backup_run(sysadm_t, sysadm_r)
-')
-
 optional_policy(`
 	bind_run_ndc(sysadm_t, sysadm_r)
 ')
-- 
2.39.2