From ce8f00538a36807a25571ad84351ed2f1ae7ec17 Mon Sep 17 00:00:00 2001
From: Daniel Burgener <Daniel.Burgener@microsoft.com>
Date: Fri, 1 May 2020 12:22:40 -0400
Subject: [PATCH] Remove the second copy of a permission in instances where the
 exact same permission is repeated twice in a row

Signed-off-by: Daniel Burgener <Daniel.Burgener@microsoft.com>
---
 policy/modules/services/cups.te | 2 +-
 policy/modules/system/udev.te   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/policy/modules/services/cups.te b/policy/modules/services/cups.te
index bdaedf3fe..ae702ee16 100644
--- a/policy/modules/services/cups.te
+++ b/policy/modules/services/cups.te
@@ -109,7 +109,7 @@ ifdef(`enable_mls',`
 # Cups local policy
 #
 
-allow cupsd_t self:capability { chown dac_override dac_override dac_read_search fowner fsetid ipc_lock kill setgid setuid sys_admin sys_rawio sys_resource sys_tty_config };
+allow cupsd_t self:capability { chown dac_override dac_read_search fowner fsetid ipc_lock kill setgid setuid sys_admin sys_rawio sys_resource sys_tty_config };
 dontaudit cupsd_t self:capability { net_admin sys_tty_config };
 allow cupsd_t self:capability2 block_suspend;
 allow cupsd_t self:process { getpgid setpgid setsched signal_perms };
diff --git a/policy/modules/system/udev.te b/policy/modules/system/udev.te
index abd9d304b..fdd441faf 100644
--- a/policy/modules/system/udev.te
+++ b/policy/modules/system/udev.te
@@ -45,7 +45,7 @@ ifdef(`enable_mcs',`
 # udev Local policy
 #
 
-allow udev_t self:capability { chown dac_override dac_read_search fowner fsetid mknod net_admin net_raw setgid setuid sys_admin sys_nice sys_nice sys_ptrace sys_rawio sys_resource };
+allow udev_t self:capability { chown dac_override dac_read_search fowner fsetid mknod net_admin net_raw setgid setuid sys_admin sys_nice sys_ptrace sys_rawio sys_resource };
 dontaudit udev_t self:capability sys_tty_config;
 allow udev_t self:capability2 { wake_alarm block_suspend };
 allow udev_t self:process { transition signal_perms ptrace getsched setsched getsession getpgid setpgid getcap setcap share getattr setfscreate noatsecure siginh rlimitinh dyntransition execmem setkeycreate setsockcreate getrlimit };