Merge pull request #274 from bauen1/remove-dead-weight

policy/modules/apps/ada.fc

@@ -1,5 +0,0 @@
-/usr/bin/gnatbind	--	gen_context(system_u:object_r:ada_exec_t,s0)
-/usr/bin/gnatls	--	gen_context(system_u:object_r:ada_exec_t,s0)
-/usr/bin/gnatmake	--	gen_context(system_u:object_r:ada_exec_t,s0)
-
-/usr/libexec/gcc(/.*)?/gnat1	--	gen_context(system_u:object_r:ada_exec_t,s0)

policy/modules/apps/ada.if

@@ -1,45 +0,0 @@
-## <summary>GNAT Ada95 compiler.</summary>
-
-########################################
-## <summary>
-##	Execute the ada program in the ada domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`ada_domtrans',`
-	gen_require(`
-		type ada_t, ada_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, ada_exec_t, ada_t)
-')
-
-########################################
-## <summary>
-##	Execute ada in the ada domain, and
-##	allow the specified role the ada domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-#
-interface(`ada_run',`
-	gen_require(`
-		attribute_role ada_roles;
-	')
-
-	ada_domtrans($1)
-	roleattribute $2 ada_roles;
-')

policy/modules/apps/ada.te

@@ -1,27 +0,0 @@
-policy_module(ada, 1.5.0)
-
-########################################
-#
-# Declarations
-#
-
-attribute_role ada_roles;
-roleattribute system_r ada_roles;
-
-type ada_t;
-type ada_exec_t;
-application_domain(ada_t, ada_exec_t)
-role ada_roles types ada_t;
-
-########################################
-#
-# Local policy
-#
-
-allow ada_t self:process { execstack execmem };
-
-userdom_use_user_terminals(ada_t)
-
-optional_policy(`
-	unconfined_domain(ada_t)
-')

policy/modules/system/unconfined.fc

@@ -2,11 +2,17 @@
 # e.g.:
 # /usr/local/bin/appsrv		--	gen_context(system_u:object_r:unconfined_exec_t,s0)
 # For the time being until someone writes a sane policy, we need initrc to transition to unconfined_t
+/usr/bin/gnatbind		--	gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
+/usr/bin/gnatls			--	gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
+/usr/bin/gnatmake		--	gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
+
 /usr/bin/valgrind 		--	gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
 /usr/bin/vncserver		--	gen_context(system_u:object_r:unconfined_exec_t,s0)
 
 /usr/lib/ia32el/ia32x_loader 	--	gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
 
+/usr/libexec/gcc(/.*)?/gnat1	--	gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
+
 /usr/local/RealPlayer/realplay\.bin --	gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
 
 ifdef(`distro_debian',`

policy/modules/system/unconfined.te

@@ -16,8 +16,8 @@ userdom_manage_tmpfs_role(unconfined_r, unconfined_t)
 type unconfined_exec_t;
 init_system_domain(unconfined_t, unconfined_exec_t)
 
-type unconfined_execmem_t;
+type unconfined_execmem_t alias ada_t;
-type unconfined_execmem_exec_t;
+type unconfined_execmem_exec_t alias ada_exec_t;
 init_system_domain(unconfined_execmem_t, unconfined_execmem_exec_t)
 role unconfined_r types unconfined_execmem_t;
 
@@ -69,10 +69,6 @@ ifdef(`init_systemd',`
 	')
 ')
 
-optional_policy(`
-	ada_domtrans(unconfined_t)
-')
-
 optional_policy(`
 	apache_run_helper(unconfined_t, unconfined_r)
 	apache_role(unconfined_r, unconfined_t)