Changed non-contrib policy to use the new non_auth_file_type interfaces

Replaced calls to interfaces allowing access to all files except auth_file_type files with calls to interfaces allowing access to non_auth_file_type files. Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2025-03-20 01:56:40 +00:00 · 2012-04-25 10:25:49 -04:00 · 2012-04-25 10:25:49 -04:00 · 624e73955d
commit 624e73955d
parent 8959338324
5 changed files with 12 additions and 12 deletions
--- a/policy/modules/kernel/kernel.te
+++ b/policy/modules/kernel/kernel.te
@ -343,9 +343,9 @@ optional_policy(`
 		fs_read_noxattr_fs_files(kernel_t)
 		fs_read_noxattr_fs_symlinks(kernel_t)

-		auth_read_all_dirs_except_auth_files(kernel_t)
-		auth_read_all_files_except_auth_files(kernel_t)
-		auth_read_all_symlinks_except_auth_files(kernel_t)
+		files_list_non_auth_dirs(kernel_t)
+		files_read_non_auth_files(kernel_t)
+		files_read_non_auth_symlinks(kernel_t)
 	')

 	tunable_policy(`nfs_export_all_rw',`
@ -354,7 +354,7 @@ optional_policy(`
 		fs_read_noxattr_fs_files(kernel_t)
 		fs_read_noxattr_fs_symlinks(kernel_t)

-		auth_manage_all_files_except_auth_files(kernel_t)
+		files_manage_non_auth_files(kernel_t)
 	')
 ')

--- a/policy/modules/roles/secadm.te
+++ b/policy/modules/roles/secadm.te
@ -30,7 +30,7 @@ mls_file_upgrade(secadm_t)
 mls_file_downgrade(secadm_t)

 auth_role(secadm_r, secadm_t)
-auth_relabel_all_files_except_auth_files(secadm_t)
+files_relabel_non_auth_files(secadm_t)
 auth_relabel_shadow(secadm_t)

 init_exec(secadm_t)
--- a/policy/modules/system/mount.te
+++ b/policy/modules/system/mount.te
@ -147,8 +147,8 @@ ifdef(`distro_ubuntu',`
 ')

 tunable_policy(`allow_mount_anyfile',`
-	auth_read_all_dirs_except_auth_files(mount_t)
-	auth_read_all_files_except_auth_files(mount_t)
+	files_list_non_auth_dirs(mount_t)
+	files_read_non_auth_files(mount_t)
 	files_mounton_non_security(mount_t)
 ')

--- a/policy/modules/system/selinuxutil.te
+++ b/policy/modules/system/selinuxutil.te
@ -339,8 +339,8 @@ selinux_compute_create_context(restorecond_t)
 selinux_compute_relabel_context(restorecond_t)
 selinux_compute_user_contexts(restorecond_t)

-auth_relabel_all_files_except_auth_files(restorecond_t )
-auth_read_all_files_except_auth_files(restorecond_t)
+files_relabel_non_auth_files(restorecond_t )
+files_read_non_auth_files(restorecond_t)
 auth_use_nsswitch(restorecond_t)

 locallogin_dontaudit_use_fds(restorecond_t)
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@ -1134,9 +1134,9 @@ template(`userdom_admin_user_template',`

 	auth_getattr_shadow($1_t)
 	# Manage almost all files
-	auth_manage_all_files_except_auth_files($1_t)
+	files_manage_non_auth_files($1_t)
 	# Relabel almost all files
-	auth_relabel_all_files_except_auth_files($1_t)
+	files_relabel_non_auth_files($1_t)

 	init_telinit($1_t)

@ -1224,7 +1224,7 @@ template(`userdom_security_admin_template',`
 	selinux_set_all_booleans($1)
 	selinux_set_parameters($1)

-	auth_relabel_all_files_except_auth_files($1)
+	files_relabel_non_auth_files($1)
 	auth_relabel_shadow($1)

 	init_exec($1)