From: Dan Walsh <dwalsh@redhat.com>
Date: Thu, 1 Dec 2011 21:43:42 +0000 (-0500)
Subject: Stop using usertype
X-Git-Tag: 000~54
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a6c4623b7d1925feb0d270a808c2ca424a935845;p=people%2Fstevee%2Fselinux-policy.git

Stop using usertype
---

diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te
index de3c13e8..8ea33852 100644
--- a/policy/modules/roles/staff.te
+++ b/policy/modules/roles/staff.te
@@ -18,21 +18,21 @@ allow staff_t self:process setexec;
 # Local policy
 #
 
-kernel_read_ring_buffer(staff_usertype)
-kernel_getattr_core_if(staff_usertype)
-kernel_getattr_message_if(staff_usertype)
-kernel_read_software_raid_state(staff_usertype)
-kernel_read_fs_sysctls(staff_usertype)
+kernel_read_ring_buffer(staff_t)
+kernel_getattr_core_if(staff_t)
+kernel_getattr_message_if(staff_t)
+kernel_read_software_raid_state(staff_t)
+kernel_read_fs_sysctls(staff_t)
 
-fs_read_hugetlbfs_files(staff_usertype)
+fs_read_hugetlbfs_files(staff_t)
 
-dev_read_cpuid(staff_usertype)
+dev_read_cpuid(staff_t)
 
-domain_read_all_domains_state(staff_usertype)
-domain_getattr_all_domains(staff_usertype)
+domain_read_all_domains_state(staff_t)
+domain_getattr_all_domains(staff_t)
 domain_obj_id_change_exemption(staff_t)
 
-files_read_kernel_modules(staff_usertype)
+files_read_kernel_modules(staff_t)
 
 seutil_read_module_store(staff_t)
 seutil_run_newrole(staff_t, staff_r)
@@ -40,14 +40,14 @@ seutil_run_newrole(staff_t, staff_r)
 storage_read_scsi_generic(staff_t)
 storage_write_scsi_generic(staff_t)
 
-term_use_unallocated_ttys(staff_usertype)
+term_use_unallocated_ttys(staff_t)
 
 auth_domtrans_pam_console(staff_t)
 
 init_dbus_chat(staff_t)
 init_dbus_chat_script(staff_t)
 
-miscfiles_read_hwdata(staff_usertype)
+miscfiles_read_hwdata(staff_t)
 
 ifndef(`enable_mls',`
 	selinux_read_policy(staff_t)
@@ -79,7 +79,7 @@ optional_policy(`
 ')
 
 optional_policy(`
-	chrome_role(staff_r, staff_usertype)
+	chrome_role(staff_r, staff_t)
 ')
 
 optional_policy(`
@@ -119,12 +119,12 @@ optional_policy(`
 ')
 
 optional_policy(`
-	mozilla_run_plugin(staff_usertype, staff_r)
+	mozilla_run_plugin(staff_t, staff_r)
 ')
 
 optional_policy(`
-	modutils_read_module_config(staff_usertype)
-	modutils_read_module_deps(staff_usertype)
+	modutils_read_module_config(staff_t)
+	modutils_read_module_deps(staff_t)
 ')
 
 optional_policy(`
@@ -162,7 +162,7 @@ optional_policy(`
 ')
 
 optional_policy(`
-	rpm_dbus_chat(staff_usertype)
+	rpm_dbus_chat(staff_t)
 ')
 
 optional_policy(`
@@ -201,7 +201,7 @@ optional_policy(`
 #')
 
 optional_policy(`
-	userhelper_console_role_template(staff, staff_r, staff_usertype)
+	userhelper_console_role_template(staff, staff_r, staff_t)
 ')
 
 optional_policy(`
@@ -335,5 +335,5 @@ ifndef(`distro_redhat',`
 ')
 
 tunable_policy(`allow_execmod',`
-	userdom_execmod_user_home_files(staff_usertype)
+	userdom_execmod_user_home_files(staff_t)
 ')
diff --git a/policy/modules/roles/unconfineduser.te b/policy/modules/roles/unconfineduser.te
index 35524d68..05503f39 100644
--- a/policy/modules/roles/unconfineduser.te
+++ b/policy/modules/roles/unconfineduser.te
@@ -41,7 +41,7 @@ userdom_base_user_template(unconfined)
 userdom_manage_home_role(unconfined_r, unconfined_t)
 userdom_manage_tmp_role(unconfined_r, unconfined_t)
 userdom_manage_tmpfs_role(unconfined_r, unconfined_t)
-userdom_unpriv_usertype(unconfined, unconfined_t)
+userdom_unpriv_t(unconfined, unconfined_t)
 
 type unconfined_exec_t;
 init_system_domain(unconfined_t, unconfined_exec_t)
@@ -106,7 +106,7 @@ tunable_policy(`allow_execstack',`
 ')
 
 tunable_policy(`allow_execmod',`
-	userdom_execmod_user_home_files(unconfined_usertype)
+	userdom_execmod_user_home_files(unconfined_t)
 ')
 
 tunable_policy(`unconfined_login',`
@@ -118,55 +118,55 @@ tunable_policy(`unconfined_login',`
 
 optional_policy(`
 	gen_require(`
-		attribute unconfined_usertype;
+		attribute unconfined_t;
 	')
 
 	optional_policy(`
-		abrt_dbus_chat(unconfined_usertype)
-		abrt_run_helper(unconfined_usertype, unconfined_r)
+		abrt_dbus_chat(unconfined_t)
+		abrt_run_helper(unconfined_t, unconfined_r)
 	')
 
 	optional_policy(`
-		avahi_dbus_chat(unconfined_usertype)
+		avahi_dbus_chat(unconfined_t)
 	')
 
 	optional_policy(`
-		blueman_dbus_chat(unconfined_usertype)
+		blueman_dbus_chat(unconfined_t)
 	')
 
 	optional_policy(`
-		certmonger_dbus_chat(unconfined_usertype)
+		certmonger_dbus_chat(unconfined_t)
 	')
 
 	optional_policy(`
-		devicekit_dbus_chat(unconfined_usertype)
-		devicekit_dbus_chat_disk(unconfined_usertype)
-		devicekit_dbus_chat_power(unconfined_usertype)
+		devicekit_dbus_chat(unconfined_t)
+		devicekit_dbus_chat_disk(unconfined_t)
+		devicekit_dbus_chat_power(unconfined_t)
 	')
 
 	optional_policy(`
-		hal_dbus_chat(unconfined_usertype)
+		hal_dbus_chat(unconfined_t)
 	')
 
 	optional_policy(`
-		networkmanager_dbus_chat(unconfined_usertype)
+		networkmanager_dbus_chat(unconfined_t)
 	')
 
 	optional_policy(`
-		policykit_role(unconfined_r, unconfined_usertype)
+		policykit_role(unconfined_r, unconfined_t)
 	')
 
 	optional_policy(`
-		rtkit_scheduled(unconfined_usertype)
+		rtkit_scheduled(unconfined_t)
 	')
 
 	optional_policy(`
-		setroubleshoot_dbus_chat(unconfined_usertype)
+		setroubleshoot_dbus_chat(unconfined_t)
 		setroubleshoot_dbus_chat_fixit(unconfined_t)
 	')
 
 	optional_policy(`
-		sandbox_transition(unconfined_usertype, unconfined_r)
+		sandbox_transition(unconfined_t, unconfined_r)
 	')
 
 	optional_policy(`
@@ -178,9 +178,9 @@ optional_policy(`
 			type user_tmpfs_t;
 		')
 	
-		xserver_rw_session(unconfined_usertype, user_tmpfs_t)
-		xserver_run_xauth(unconfined_usertype, unconfined_r)
-		xserver_dbus_chat_xdm(unconfined_usertype)
+		xserver_rw_session(unconfined_t, user_tmpfs_t)
+		xserver_run_xauth(unconfined_t, unconfined_r)
+		xserver_dbus_chat_xdm(unconfined_t)
 	')
 ')
 
@@ -202,10 +202,10 @@ optional_policy(`
 ')
 
 optional_policy(`
-	chrome_role_notrans(unconfined_r, unconfined_usertype)
+	chrome_role_notrans(unconfined_r, unconfined_t)
 
 	tunable_policy(`unconfined_chrome_sandbox_transition',`
-		chrome_domtrans_sandbox(unconfined_usertype)
+		chrome_domtrans_sandbox(unconfined_t)
 	')
 ')
 
@@ -220,39 +220,39 @@ optional_policy(`
 		')
 	')
 
-	init_dbus_chat(unconfined_usertype)
-	init_dbus_chat_script(unconfined_usertype)
+	init_dbus_chat(unconfined_t)
+	init_dbus_chat_script(unconfined_t)
 
 	dbus_stub(unconfined_t)
 
 	optional_policy(`
-		bluetooth_dbus_chat(unconfined_usertype)
+		bluetooth_dbus_chat(unconfined_t)
 	')
 
 	optional_policy(`
-		consolekit_dbus_chat(unconfined_usertype)
+		consolekit_dbus_chat(unconfined_t)
 	')
 
 	optional_policy(`
-		cups_dbus_chat_config(unconfined_usertype)
+		cups_dbus_chat_config(unconfined_t)
 	')
 
 	optional_policy(`
-		fprintd_dbus_chat(unconfined_usertype)
+		fprintd_dbus_chat(unconfined_t)
 	')
 
 	optional_policy(`
-		gnomeclock_dbus_chat(unconfined_usertype)
-		gnome_dbus_chat_gconfdefault(unconfined_usertype)
+		gnomeclock_dbus_chat(unconfined_t)
+		gnome_dbus_chat_gconfdefault(unconfined_t)
 		gnome_command_domtrans_gkeyringd(unconfined_dbusd_t,unconfined_t)
 	')
 
 	optional_policy(`
-		ipsec_mgmt_dbus_chat(unconfined_usertype)
+		ipsec_mgmt_dbus_chat(unconfined_t)
 	')
 
 	optional_policy(`
-		kerneloops_dbus_chat(unconfined_usertype)
+		kerneloops_dbus_chat(unconfined_t)
 	')
 
 	optional_policy(`
@@ -260,16 +260,16 @@ optional_policy(`
     ')
 
 	optional_policy(`
-		oddjob_dbus_chat(unconfined_usertype)
+		oddjob_dbus_chat(unconfined_t)
 	')
 
 	optional_policy(`
-		vpn_dbus_chat(unconfined_usertype)
+		vpn_dbus_chat(unconfined_t)
 	')
 ')
 
 optional_policy(`
-	firewallgui_dbus_chat(unconfined_usertype)
+	firewallgui_dbus_chat(unconfined_t)
 ')
 
 optional_policy(`
@@ -308,7 +308,7 @@ optional_policy(`
 	mozilla_role_plugin(unconfined_r)
 
 	tunable_policy(`unconfined_mozilla_plugin_transition', `
-			mozilla_domtrans_plugin(unconfined_usertype)
+			mozilla_domtrans_plugin(unconfined_t)
 	')
 ')
 
diff --git a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te
index 454e6273..77967bd3 100644
--- a/policy/modules/roles/unprivuser.te
+++ b/policy/modules/roles/unprivuser.te
@@ -13,13 +13,13 @@ role user_r;
 userdom_unpriv_user_template(user)
 
 fs_exec_noxattr(user_t)
-fs_read_hugetlbfs_files(user_usertype)
+fs_read_hugetlbfs_files(user_t)
 
 storage_read_scsi_generic(user_t)
 storage_write_scsi_generic(user_t)
 
 tunable_policy(`allow_execmod',`
-	userdom_execmod_user_home_files(user_usertype)
+	userdom_execmod_user_home_files(user_t)
 ')
 
 optional_policy(`
@@ -39,7 +39,7 @@ optional_policy(`
 ')
 
 optional_policy(`
-	chrome_role(user_r, user_usertype)
+	chrome_role(user_r, user_t)
 ')
 
 optional_policy(`
@@ -56,7 +56,7 @@ optional_policy(`
 ')
 
 optional_policy(`
-	mozilla_run_plugin(user_usertype, user_r)
+	mozilla_run_plugin(user_t, user_r)
 ')
 
 optional_policy(`
diff --git a/policy/modules/roles/xguest.te b/policy/modules/roles/xguest.te
index 0258e247..9b6536a7 100644
--- a/policy/modules/roles/xguest.te
+++ b/policy/modules/roles/xguest.te
@@ -93,7 +93,7 @@ optional_policy(`
 
 
 optional_policy(`
-	chrome_role(xguest_r, xguest_usertype)
+	chrome_role(xguest_r, xguest_t)
 ')
 
 optional_policy(`
@@ -113,12 +113,12 @@ optional_policy(`
 ')
 
 optional_policy(`
-	mozilla_run_plugin(xguest_usertype, xguest_r)
+	mozilla_run_plugin(xguest_t, xguest_r)
 ')
 
 optional_policy(`
-	pcscd_read_pub_files(xguest_usertype)
-	pcscd_stream_connect(xguest_usertype)
+	pcscd_read_pub_files(xguest_t)
+	pcscd_stream_connect(xguest_t)
 ')
 
 optional_policy(`
@@ -127,42 +127,42 @@ optional_policy(`
 
 optional_policy(`
 	tunable_policy(`xguest_connect_network',`
-		kernel_read_network_state(xguest_usertype)
+		kernel_read_network_state(xguest_t)
 
 		networkmanager_dbus_chat(xguest_t)
 		networkmanager_read_lib_files(xguest_t)
-		corenet_tcp_connect_pulseaudio_port(xguest_usertype)
-		corenet_all_recvfrom_unlabeled(xguest_usertype)
-		corenet_all_recvfrom_netlabel(xguest_usertype)
-		corenet_tcp_sendrecv_generic_if(xguest_usertype)
-		corenet_raw_sendrecv_generic_if(xguest_usertype)
-		corenet_tcp_sendrecv_generic_node(xguest_usertype)
-		corenet_raw_sendrecv_generic_node(xguest_usertype)
-		corenet_tcp_sendrecv_http_port(xguest_usertype)
-		corenet_tcp_sendrecv_http_cache_port(xguest_usertype)
-		corenet_tcp_sendrecv_squid_port(xguest_usertype)
-		corenet_tcp_sendrecv_ftp_port(xguest_usertype)
-		corenet_tcp_sendrecv_ipp_port(xguest_usertype)
-		corenet_tcp_connect_http_port(xguest_usertype)
-		corenet_tcp_connect_http_cache_port(xguest_usertype)
-		corenet_tcp_connect_squid_port(xguest_usertype)
-		corenet_tcp_connect_flash_port(xguest_usertype)
-		corenet_tcp_connect_ftp_port(xguest_usertype)
-		corenet_tcp_connect_ipp_port(xguest_usertype)
-		corenet_tcp_connect_generic_port(xguest_usertype)
-		corenet_tcp_connect_soundd_port(xguest_usertype)
-		corenet_sendrecv_http_client_packets(xguest_usertype)
-		corenet_sendrecv_http_cache_client_packets(xguest_usertype)
-		corenet_sendrecv_squid_client_packets(xguest_usertype)
-		corenet_sendrecv_ftp_client_packets(xguest_usertype)
-		corenet_sendrecv_ipp_client_packets(xguest_usertype)
-		corenet_sendrecv_generic_client_packets(xguest_usertype)
+		corenet_tcp_connect_pulseaudio_port(xguest_t)
+		corenet_all_recvfrom_unlabeled(xguest_t)
+		corenet_all_recvfrom_netlabel(xguest_t)
+		corenet_tcp_sendrecv_generic_if(xguest_t)
+		corenet_raw_sendrecv_generic_if(xguest_t)
+		corenet_tcp_sendrecv_generic_node(xguest_t)
+		corenet_raw_sendrecv_generic_node(xguest_t)
+		corenet_tcp_sendrecv_http_port(xguest_t)
+		corenet_tcp_sendrecv_http_cache_port(xguest_t)
+		corenet_tcp_sendrecv_squid_port(xguest_t)
+		corenet_tcp_sendrecv_ftp_port(xguest_t)
+		corenet_tcp_sendrecv_ipp_port(xguest_t)
+		corenet_tcp_connect_http_port(xguest_t)
+		corenet_tcp_connect_http_cache_port(xguest_t)
+		corenet_tcp_connect_squid_port(xguest_t)
+		corenet_tcp_connect_flash_port(xguest_t)
+		corenet_tcp_connect_ftp_port(xguest_t)
+		corenet_tcp_connect_ipp_port(xguest_t)
+		corenet_tcp_connect_generic_port(xguest_t)
+		corenet_tcp_connect_soundd_port(xguest_t)
+		corenet_sendrecv_http_client_packets(xguest_t)
+		corenet_sendrecv_http_cache_client_packets(xguest_t)
+		corenet_sendrecv_squid_client_packets(xguest_t)
+		corenet_sendrecv_ftp_client_packets(xguest_t)
+		corenet_sendrecv_ipp_client_packets(xguest_t)
+		corenet_sendrecv_generic_client_packets(xguest_t)
 		# Should not need other ports
-		corenet_dontaudit_tcp_sendrecv_generic_port(xguest_usertype)
-		corenet_dontaudit_tcp_bind_generic_port(xguest_usertype)
-		corenet_tcp_connect_speech_port(xguest_usertype)
-		corenet_tcp_sendrecv_transproxy_port(xguest_usertype)
-		corenet_tcp_connect_transproxy_port(xguest_usertype)
+		corenet_dontaudit_tcp_sendrecv_generic_port(xguest_t)
+		corenet_dontaudit_tcp_bind_generic_port(xguest_t)
+		corenet_tcp_connect_speech_port(xguest_t)
+		corenet_tcp_sendrecv_transproxy_port(xguest_t)
+		corenet_tcp_connect_transproxy_port(xguest_t)
 	')
 
 	#optional_policy(`