NSCD related changes in various policy modules

Use nscd_use instead of nscd_socket_use. This conditionally allows
nscd_shm_use

Remove the nscd_socket_use from ssh_keygen since it was redundant
already allowed by auth_use_nsswitch

Had to make some ssh_keysign_t rules unconditional else
nscd_use(ssh_keysign_t) would not build (nested booleans) but that does
not matter, the only actual domain transition to ssh_keysign_t is
conditional so the other unconditional ssh_keygen_t rules are
conditional in practice

Signed-off-by: Dominick Grift <dominick.grift@gmail.com>

policy/modules/admin/bootloader.te

@@ -203,7 +203,7 @@ optional_policy(`
 ')
 
 optional_policy(`
-	nscd_socket_use(bootloader_t)
+	nscd_use(bootloader_t)
 ')
 
 optional_policy(`

policy/modules/services/ssh.te

@@ -200,21 +200,17 @@ optional_policy(`
 # ssh_keysign_t local policy
 #
 
-tunable_policy(`allow_ssh_keysign',`
+allow ssh_keysign_t self:capability { setgid setuid };
-	allow ssh_keysign_t self:capability { setgid setuid };
+allow ssh_keysign_t self:unix_stream_socket create_socket_perms;
-	allow ssh_keysign_t self:unix_stream_socket create_socket_perms;
 
-	allow ssh_keysign_t sshd_key_t:file { getattr read };
+allow ssh_keysign_t sshd_key_t:file { getattr read };
 
-	dev_read_urand(ssh_keysign_t)
+dev_read_urand(ssh_keysign_t)
 
-	files_read_etc_files(ssh_keysign_t)
+files_read_etc_files(ssh_keysign_t)
-')
 
 optional_policy(`
-	tunable_policy(`allow_ssh_keysign',`
+	nscd_use(ssh_keysign_t)
-		nscd_socket_use(ssh_keysign_t)
-	')
 ')
 
 #################################
@@ -328,10 +324,6 @@ logging_send_syslog_msg(ssh_keygen_t)
 
 userdom_dontaudit_use_unpriv_user_fds(ssh_keygen_t)
 
-optional_policy(`
-	nscd_socket_use(ssh_keygen_t)
-')
-
 optional_policy(`
 	seutil_sigchld_newrole(ssh_keygen_t)
 ')

policy/modules/system/authlogin.te

@@ -397,7 +397,7 @@ ifdef(`distro_ubuntu',`
 ')
 
 optional_policy(`
-	nscd_socket_use(utempter_t)
+	nscd_use(utempter_t)
 ')
 
 optional_policy(`
@@ -447,7 +447,7 @@ optional_policy(`
 ')
 
 optional_policy(`
-	nscd_socket_use(nsswitch_domain)
+	nscd_use(nsswitch_domain)
 ')
 
 optional_policy(`

policy/modules/system/clock.te

@@ -65,7 +65,7 @@ optional_policy(`
 ')
 
 optional_policy(`
-	nscd_socket_use(hwclock_t)
+	nscd_use(hwclock_t)
 ')
 
 optional_policy(`

policy/modules/system/getty.te

@@ -125,7 +125,7 @@ optional_policy(`
 ')
 
 optional_policy(`
-	nscd_socket_use(getty_t)
+	nscd_use(getty_t)
 ')
 
 optional_policy(`

policy/modules/system/hotplug.te

@@ -168,7 +168,7 @@ optional_policy(`
 ')
 
 optional_policy(`
-	nscd_socket_use(hotplug_t)
+	nscd_use(hotplug_t)
 ')
 
 optional_policy(`

policy/modules/system/init.if

@@ -234,7 +234,7 @@ interface(`init_daemon_domain',`
 	')
 
 	optional_policy(`
-		nscd_socket_use($1)
+		nscd_use($1)
 	')
 ')
 

policy/modules/system/init.te

@@ -208,7 +208,7 @@ optional_policy(`
 ')
 
 optional_policy(`
-	nscd_socket_use(init_t)
+	nscd_use(init_t)
 ')
 
 optional_policy(`

policy/modules/system/ipsec.te

@@ -326,7 +326,7 @@ optional_policy(`
 ')
 
 optional_policy(`
-	nscd_socket_use(ipsec_mgmt_t)
+	nscd_use(ipsec_mgmt_t)
 ')
 
 ########################################

policy/modules/system/locallogin.te

@@ -181,7 +181,7 @@ optional_policy(`
 ')
 
 optional_policy(`
-	nscd_socket_use(local_login_t)
+	nscd_use(local_login_t)
 ')
 
 optional_policy(`
@@ -262,5 +262,5 @@ optional_policy(`
 ')
 
 optional_policy(`
-	nscd_socket_use(sulogin_t)
+	nscd_use(sulogin_t)
 ')

policy/modules/system/modutils.te

@@ -205,7 +205,7 @@ optional_policy(`
 ')
 
 optional_policy(`
-	nscd_socket_use(insmod_t)
+	nscd_use(insmod_t)
 ')
 
 optional_policy(`

policy/modules/system/sysnetwork.if

@@ -699,7 +699,7 @@ interface(`sysnet_dns_name_resolve',`
 	')
 
 	optional_policy(`
-		nscd_socket_use($1)
+		nscd_use($1)
 	')
 ')