selinux-refpolicy/policy/modules/apps
Christian Göttsche 4b05e1e9c3 SELint userspace class tweaks
SELint version 1.5 emits issues for missing or unused declarations of
userspace classes:

    init.te:            270: (W): No explicit declaration for userspace class system.  You should access it via interface call or use a require block. (W-001)
    init.te:            312: (W): No explicit declaration for userspace class service.  You should access it via interface call or use a require block. (W-001)
    init.te:           1116: (W): No explicit declaration for userspace class system.  You should access it via interface call or use a require block. (W-001)
    init.te:           1124: (W): No explicit declaration for userspace class service.  You should access it via interface call or use a require block. (W-001)
    init.te:           1132: (W): No explicit declaration for userspace class service.  You should access it via interface call or use a require block. (W-001)
    init.te:           1136: (W): No explicit declaration for userspace class service.  You should access it via interface call or use a require block. (W-001)
    init.te:           1137: (W): No explicit declaration for userspace class service.  You should access it via interface call or use a require block. (W-001)
    unconfined.te:       64: (W): No explicit declaration for userspace class system.  You should access it via interface call or use a require block. (W-001)
    systemd.te:        1250: (W): No explicit declaration for userspace class dbus.  You should access it via interface call or use a require block. (W-001)
    systemd.te:        1377: (W): No explicit declaration for userspace class dbus.  You should access it via interface call or use a require block. (W-001)
    devicekit.te:        56: (W): No explicit declaration for userspace class dbus.  You should access it via interface call or use a require block. (W-001)
    devicekit.te:       157: (W): No explicit declaration for userspace class dbus.  You should access it via interface call or use a require block. (W-001)
    devicekit.te:       297: (W): No explicit declaration for userspace class dbus.  You should access it via interface call or use a require block. (W-001)
    kernel.te:          566: (W): No explicit declaration for userspace class system.  You should access it via interface call or use a require block. (W-001)
    chromium.if:        139: (W): Class dbus is listed in require block but not used in interface (W-003)
    init.if:           1192: (W): Class system is used in interface but not required (W-002)
    init.if:           1210: (W): Class system is used in interface but not required (W-002)
    init.if:           1228: (W): Class system is used in interface but not required (W-002)
    init.if:           1246: (W): Class system is used in interface but not required (W-002)
    init.if:           1264: (W): Class system is used in interface but not required (W-002)
    init.if:           1282: (W): Class system is used in interface but not required (W-002)
    init.if:           1300: (W): Class system is used in interface but not required (W-002)
    init.if:           1318: (W): Class system is used in interface but not required (W-002)
    init.if:           1393: (W): Class bpf is listed in require block but is not a userspace class (W-003)
    unconfined.if:       34: (W): Class service is listed in require block but not used in interface (W-003)
    systemd.if:         144: (W): Class system is used in interface but not required (W-002)
    systemd.if:         159: (W): Class service is used in interface but not required (W-002)
    systemd.if:         160: (W): Class service is used in interface but not required (W-002)
    systemd.if:         413: (W): Class system is used in interface but not required (W-002)
    systemd.if:         437: (W): Class system is used in interface but not required (W-002)
    systemd.if:         461: (W): Class system is used in interface but not required (W-002)
    postgresql.if:       31: (W): Class db_database is listed in require block but not used in interface (W-003)
    postgresql.if:       37: (W): Class db_language is listed in require block but not used in interface (W-003)
    postgresql.if:      465: (W): Class db_database is listed in require block but not used in interface (W-003)
    postgresql.if:      471: (W): Class db_language is listed in require block but not used in interface (W-003)
    xserver.if:         370: (W): Class x_property is listed in require block but not used in interface (W-003)
    Found the following issue counts:
    W-001: 14
    W-002: 14
    W-003: 8

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
2024-01-10 17:02:41 +01:00
..
awstats.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
awstats.if Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
awstats.te Drop module versioning. 2022-01-06 09:19:13 -05:00
calamaris.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
calamaris.if Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
calamaris.te Drop module versioning. 2022-01-06 09:19:13 -05:00
cdrecord.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
cdrecord.if cdrecord, roles: use user exec domain attribute 2021-10-13 19:07:34 -04:00
cdrecord.te Drop module versioning. 2022-01-06 09:19:13 -05:00
chromium.fc chromium/libraries: move lib_t filecontext to defining module 2020-05-12 20:09:44 +02:00
chromium.if SELint userspace class tweaks 2024-01-10 17:02:41 +01:00
chromium.te chromium: allow chromium-naclhelper to create user namespaces 2023-05-25 16:58:06 -04:00
cpufreqselector.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
cpufreqselector.if Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
cpufreqselector.te Drop module versioning. 2022-01-06 09:19:13 -05:00
cryfs.fc Add policy for CryFS, encfs and gocryptfs 2019-12-22 18:03:53 +01:00
cryfs.if cryfs, roles: use user exec domain attribute 2021-10-13 19:07:34 -04:00
cryfs.te domain: move kernel_read_crypto_sysctls to a common location 2022-09-14 17:03:04 -04:00
evolution.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
evolution.if evolution, roles: use user exec domain attribute 2021-10-13 19:07:34 -04:00
evolution.te Add missing permissions to execute binary files for 2023-09-05 21:27:05 +02:00
games.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
games.if games, roles: use user exec domain attribute 2021-10-13 19:07:34 -04:00
games.te Drop module versioning. 2022-01-06 09:19:13 -05:00
gitosis.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
gitosis.if policy: interfaces: doc: indent param blocks consistently 2021-07-02 12:19:25 +03:00
gitosis.te Drop module versioning. 2022-01-06 09:19:13 -05:00
gnome.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
gnome.if gnome, roles: use user exec domain attribute 2021-10-13 19:07:34 -04:00
gnome.te Update the gnome module so that the gconf daemon is 2023-09-12 22:50:32 +02:00
gpg.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
gpg.if Add new gpg interfaces for gpg_agent execution and to avoid 2023-09-14 18:38:17 +02:00
gpg.te Merge pull request #730 from gtrentalancia/gpg_fixes2_pr 2023-11-14 11:04:40 -05:00
irc.fc irc: add WeeChat policy 2019-09-06 19:16:24 +02:00
irc.if irc, roles: use user exec domain attribute 2021-10-13 19:07:34 -04:00
irc.te domain: move kernel_read_crypto_sysctls to a common location 2022-09-14 17:03:04 -04:00
java.fc java: remove unnecessary parentheses in pattern 2019-09-01 16:06:32 +02:00
java.if java, roles: use user exec domain attribute 2021-10-13 19:07:34 -04:00
java.te Drop module versioning. 2022-01-06 09:19:13 -05:00
libmtp.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
libmtp.if libmtp, roles: use user exec domain attribute 2021-10-13 19:07:34 -04:00
libmtp.te Drop module versioning. 2022-01-06 09:19:13 -05:00
lightsquid.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
lightsquid.if Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
lightsquid.te Drop module versioning. 2022-01-06 09:19:13 -05:00
livecd.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
livecd.if policy: interfaces: doc: indent param blocks consistently 2021-07-02 12:19:25 +03:00
livecd.te Drop module versioning. 2022-01-06 09:19:13 -05:00
loadkeys.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
loadkeys.if Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
loadkeys.te loadkeys: do not audit attempts to get attributes for all directories 2023-09-20 14:44:45 +08:00
man2html.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
man2html.if Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
man2html.te Drop module versioning. 2022-01-06 09:19:13 -05:00
mandb.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
mandb.if Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
mandb.te mandb: permit to read inherited cron files 2023-01-17 07:28:19 +01:00
metadata.xml remove extra level of directory 2006-07-12 20:32:27 +00:00
mono.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
mono.if mono: use user exec domain attribute 2021-10-13 19:08:42 -04:00
mono.te Drop module versioning. 2022-01-06 09:19:13 -05:00
mozilla.fc Remove unescaped single dot from the policy 2019-08-27 23:38:09 +02:00
mozilla.if mozilla, roles: use user exec domain attribute 2021-10-13 19:07:34 -04:00
mozilla.te mozilla: Allow user namespace creation. 2023-03-02 15:59:49 -05:00
mplayer.fc mplayer:vlc paths 2023-04-05 17:07:43 +00:00
mplayer.if mplayer, roles: use user exec domain attribute 2021-10-13 19:07:34 -04:00
mplayer.te Add permissions to read device sysctls to mplayer. 2023-09-07 22:34:19 +02:00
openoffice.fc Fix use of buggy pattern (.*)? 2019-08-29 19:57:05 +02:00
openoffice.if openoffice, roles: use user exec domain attribute 2021-10-13 19:07:34 -04:00
openoffice.te Merge pull request #713 from gtrentalancia/openoffice_fixes_pr2 2023-10-02 08:57:04 -04:00
pulseaudio.fc Rename *_var_run_t types to *_runtime_t. 2019-09-30 20:02:43 -04:00
pulseaudio.if various: use mmap_manage_file_perms 2022-12-12 10:36:11 -05:00
pulseaudio.te some misc userdomain fixes 2023-09-20 12:40:59 +10:00
qemu.fc Rename *_var_run_t types to *_runtime_t. 2019-09-30 20:02:43 -04:00
qemu.if This patch removes deprecated interfaces that were deprecated in the 20210203 2022-12-12 10:32:09 -05:00
qemu.te domain: move kernel_read_crypto_sysctls to a common location 2022-09-14 17:03:04 -04:00
rssh.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
rssh.if rssh, roles: use user exec domain attribute 2021-10-13 19:07:34 -04:00
rssh.te Drop module versioning. 2022-01-06 09:19:13 -05:00
screen.fc apps/screen.fc: Added fcontext for tmux xdg directory. 2021-01-29 14:56:29 +00:00
screen.if screen: add interface to dontaudit runtime sock file 2022-09-13 14:24:21 -04:00
screen.te Drop module versioning. 2022-01-06 09:19:13 -05:00
seunshare.fc Support systems with a single /usr/bin directory 2017-04-15 20:49:07 +02:00
seunshare.if Make hide_broken_symptoms unconditional. 2022-02-16 12:04:21 -05:00
seunshare.te Make hide_broken_symptoms unconditional. 2022-02-16 12:04:21 -05:00
sigrok.fc Add sigrok contrib module 2019-01-03 20:51:18 -05:00
sigrok.if sigrok: Remove extra comments. 2019-01-03 20:52:26 -05:00
sigrok.te Drop module versioning. 2022-01-06 09:19:13 -05:00
slocate.fc Rename *_var_run_t types to *_runtime_t. 2019-09-30 20:02:43 -04:00
slocate.if Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
slocate.te Drop module versioning. 2022-01-06 09:19:13 -05:00
syncthing.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
syncthing.if syncthing, roles: use user exec domain attribute 2021-10-13 19:07:24 -04:00
syncthing.te Drop module versioning. 2022-01-06 09:19:13 -05:00
telepathy.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
telepathy.if telepathy, roles: use user exec domain attribute 2021-10-13 19:07:34 -04:00
telepathy.te Drop module versioning. 2022-01-06 09:19:13 -05:00
thunderbird.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
thunderbird.if thunderbird, roles: use user exec domain attribute 2021-10-13 19:07:34 -04:00
thunderbird.te Drop module versioning. 2022-01-06 09:19:13 -05:00
tvtime.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
tvtime.if tvtime, roles: use user exec domain attribute 2021-10-13 19:07:34 -04:00
tvtime.te Drop module versioning. 2022-01-06 09:19:13 -05:00
uml.fc Rename *_var_run_t types to *_runtime_t. 2019-09-30 20:02:43 -04:00
uml.if uml, roles: use user exec domain attribute 2021-10-13 19:07:34 -04:00
uml.te Drop module versioning. 2022-01-06 09:19:13 -05:00
userhelper.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
userhelper.if userhelper, roles: use user exec domain attribute 2021-10-13 19:07:34 -04:00
userhelper.te Drop module versioning. 2022-01-06 09:19:13 -05:00
usernetctl.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
usernetctl.if Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
usernetctl.te Drop module versioning. 2022-01-06 09:19:13 -05:00
vlock.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
vlock.if Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
vlock.te Drop module versioning. 2022-01-06 09:19:13 -05:00
vmware.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
vmware.if vmware, roles: use user exec domain attribute 2021-10-13 19:07:34 -04:00
vmware.te various: remove various mcs ranged transitions 2022-01-06 20:58:28 -05:00
webalizer.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
webalizer.if Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
webalizer.te Drop module versioning. 2022-01-06 09:19:13 -05:00
wine.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
wine.if wine: fix roleattribute statement 2021-11-16 12:11:59 -05:00
wine.te Drop module versioning. 2022-01-06 09:19:13 -05:00
wireshark.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
wireshark.if wireshark, roles: use user exec domain attribute 2021-10-13 19:07:34 -04:00
wireshark.te Drop module versioning. 2022-01-06 09:19:13 -05:00
wm.fc wm: add KWin 2020-04-24 16:19:51 +03:00
wm.if Merge pull request #641 from gtrentalancia/mix_fixes_pr 2023-09-06 08:46:40 -04:00
wm.te Drop module versioning. 2022-01-06 09:19:13 -05:00
xscreensaver.fc Update the xscreensaver module in order to work with 2023-09-05 21:56:04 +02:00
xscreensaver.if Update the xscreensaver module in order to work with 2023-09-05 21:56:04 +02:00
xscreensaver.te Update the xscreensaver module in order to work with 2023-09-05 21:56:04 +02:00