From: Miroslav Grepl <mgrepl@redhat.com>
Date: Wed, 30 Nov 2011 13:00:01 +0000 (+0100)
Subject: Colord does not need to connect to network
X-Git-Tag: 000~49^2~6
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=0c55c46db0d1c02b872ea92464127bbaa66dbfad;p=people%2Fstevee%2Fselinux-policy.git

Colord does not need to connect to network
---

diff --git a/policy/modules/services/colord.te b/policy/modules/services/colord.te
index 2f9b1bc6..be3683b9 100644
--- a/policy/modules/services/colord.te
+++ b/policy/modules/services/colord.te
@@ -5,13 +5,6 @@ policy_module(colord, 1.0.0)
 # Declarations
 #
 
-## <desc>
-##  <p>
-##  Allow colord domain to connect to the network using TCP.
-##  </p>
-## </desc>
-gen_tunable(colord_can_network_connect, false)
-
 type colord_t;
 type colord_exec_t;
 dbus_system_domain(colord_t, colord_exec_t)
@@ -102,10 +95,6 @@ userdom_rw_user_tmpfs_files(colord_t)
 
 userdom_home_reader(colord_t)
 
-tunable_policy(`colord_can_network_connect',`
-    corenet_tcp_connect_all_ports(colord_t)
-')
-
 tunable_policy(`use_nfs_home_dirs',`
 	fs_getattr_nfs(colord_t)
 	fs_read_nfs_files(colord_t)