selinux-refpolicy/policy/modules/kernel
Stephen Smalley 161bda392e access_vectors: Remove unused permissions
Remove unused permission definitions from SELinux.
Many of these were only ever used in pre-mainline
versions of SELinux, prior to Linux 2.6.0.  Some of them
were used in the legacy network or compat_net=1 checks
that were disabled by default in Linux 2.6.18 and
fully removed in Linux 2.6.30.

The corresponding classmap declarations were removed from the
mainline kernel in:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=42a9699a9fa179c0054ea3cf5ad3cc67104a6162

Permissions never used in mainline Linux:
file swapon
filesystem transition
tcp_socket { connectto newconn acceptfrom }
node enforce_dest
unix_stream_socket { newconn acceptfrom }

Legacy network checks, removed in 2.6.30:
socket { recv_msg send_msg }
node { tcp_recv tcp_send udp_recv udp_send rawip_recv rawip_send dccp_recv dccp_send }
netif { tcp_recv tcp_send udp_recv udp_send rawip_recv rawip_send dccp_recv dccp_send }

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2020-01-14 13:41:50 -05:00
..
corecommands.fc fix ifupdown2 executable mislabeled as lib_t 2019-12-10 20:18:00 +01:00
corecommands.if
corecommands.te various: Module version bump. 2019-12-26 11:48:27 -05:00
corenetwork.fc
corenetwork.if.in access_vectors: Remove unused permissions 2020-01-14 13:41:50 -05:00
corenetwork.if.m4 access_vectors: Remove unused permissions 2020-01-14 13:41:50 -05:00
corenetwork.te.in access_vectors: Remove unused permissions 2020-01-14 13:41:50 -05:00
corenetwork.te.m4 Remove old aliases. 2019-09-30 20:02:43 -04:00
devices.fc Fix use of buggy pattern (.*)? 2019-08-29 19:57:05 +02:00
devices.if init: allow systemd to mount over /dev/kmsg and /proc/kmsg 2019-12-22 17:29:58 +01:00
devices.te access_vectors: Remove unused permissions 2020-01-14 13:41:50 -05:00
domain.fc
domain.if
domain.te access_vectors: Remove unused permissions 2020-01-14 13:41:50 -05:00
files.fc Merge pull request #75 from fishilico/fc-escape-single-dot 2019-08-31 06:24:06 -04:00
files.if files: introduce files_dontaudit_read_etc_files 2019-01-23 18:40:57 -05:00
files.te access_vectors: Remove unused permissions 2020-01-14 13:41:50 -05:00
filesystem.fc added bpf_t filesystem label 2019-12-16 20:16:14 +01:00
filesystem.if Fix indent to match the rest of the file (space -> tab) 2019-12-26 12:00:32 -05:00
filesystem.te access_vectors: Remove unused permissions 2020-01-14 13:41:50 -05:00
kernel.fc
kernel.if Label /sys/kernel/ns_last_pid as sysctl_kernel_ns_last_pid_t 2019-04-12 07:52:27 -04:00
kernel.te access_vectors: Remove unused permissions 2020-01-14 13:41:50 -05:00
mcs.fc
mcs.if
mcs.te
metadata.xml
mls.fc
mls.if Remove unused translate permission in context userspace class. 2018-10-13 13:39:18 -04:00
mls.te Bump module versions for release. 2019-02-01 15:03:42 -05:00
selinux.fc
selinux.if grant rpm_t permission to map security_t 2019-07-13 14:00:23 -04:00
selinux.te rpm, selinux, sysadm, init: Module version bump. 2019-07-13 14:07:11 -04:00
storage.fc devices, storage: Add fc entries for mtd char devices and ndctl devices. 2019-07-16 16:38:43 -04:00
storage.if access_vectors: Remove unused permissions 2020-01-14 13:41:50 -05:00
storage.te access_vectors: Remove unused permissions 2020-01-14 13:41:50 -05:00
terminal.fc Move use of user_devpts_t from terminal.fc to userdomain.fc 2018-04-12 18:44:50 -04:00
terminal.if
terminal.te Bump module versions for release. 2018-07-01 11:02:33 -04:00
ubac.fc
ubac.if
ubac.te