Remove undeclared identifiers from interfaces

These interfaces are not being called in the policy. corenetwork.if.in:corenet_sctp_bind_generic_port(), corenet_dontaudit_sctp_bind_generic_port(), and corenet_sctp_connect_generic_port() Removed references to undeclared type ephemeral_port_t. corenetwork.if.in:corenet_sctp_recvfrom_unlabeled() Removed references to undeclared type attribute corenet_unlabled_type. devices.if:dev_read_printk() Removed references to undeclared type printk_device_t and marked interface as deprecated because it is now empty. Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2018-04-11 14:55:24 -04:00 · 2018-04-11 14:55:24 -04:00 · b8d528ea62
commit b8d528ea62
parent 90b214c004
2 changed files with 8 additions and 18 deletions
--- a/policy/modules/kernel/corenetwork.if.in
+++ b/policy/modules/kernel/corenetwork.if.in
@ -1519,11 +1519,11 @@ interface(`corenet_udp_send_all_ports',`
 #
 interface(`corenet_sctp_bind_generic_port',`
 	gen_require(`
-		type port_t, unreserved_port_t, ephemeral_port_t;
+		type port_t, unreserved_port_t;
 		attribute defined_port_type;
 	')

-	allow $1 { port_t unreserved_port_t ephemeral_port_t }:sctp_socket name_bind;
+	allow $1 { port_t unreserved_port_t }:sctp_socket name_bind;
 	dontaudit $1 defined_port_type:sctp_socket name_bind;
 ')

@ -1597,10 +1597,10 @@ interface(`corenet_udp_sendrecv_all_ports',`
 #
 interface(`corenet_dontaudit_sctp_bind_generic_port',`
 	gen_require(`
-		type port_t, unreserved_port_t, ephemeral_port_t;
+		type port_t, unreserved_port_t;
 	')

-	dontaudit $1 { port_t unreserved_port_t ephemeral_port_t }:sctp_socket name_bind;
+	dontaudit $1 { port_t unreserved_port_t }:sctp_socket name_bind;
 ')

 ########################################
@ -1671,10 +1671,10 @@ interface(`corenet_udp_bind_all_ports',`
 #
 interface(`corenet_sctp_connect_generic_port',`
 	gen_require(`
-		type port_t, unreserved_port_t,ephemeral_port_t;
+		type port_t, unreserved_port_t;
 	')

-	allow $1 { port_t unreserved_port_t ephemeral_port_t }:sctp_socket name_connect;
+	allow $1 { port_t unreserved_port_t }:sctp_socket name_connect;
 ')

 ########################################
@ -3372,13 +3372,7 @@ interface(`corenet_relabelto_all_server_packets',`
 ## </param>
 #
 interface(`corenet_sctp_recvfrom_unlabeled',`
-	gen_require(`
-		attribute corenet_unlabeled_type;
-	')
-
 	kernel_recvfrom_unlabeled_peer($1)
-
-	typeattribute $1 corenet_unlabeled_type;
 	kernel_sendrecv_unlabeled_association($1)
 ')

--- a/policy/modules/kernel/devices.if
+++ b/policy/modules/kernel/devices.if
@ -3374,18 +3374,14 @@ interface(`dev_rw_printer',`
 ## <summary>
 ##	Read printk devices (e.g., /dev/kmsg /dev/mcelog)
 ## </summary>
-## <param name="domain">
+## <param name="domain" unused="true">
 ##	<summary>
 ##	Domain allowed access.
 ##	</summary>
 ## </param>
 #
 interface(`dev_read_printk',`
-	gen_require(`
-		type device_t, printk_device_t;
-	')
-
-	read_chr_files_pattern($1, device_t, printk_device_t)
+	refpolicywarn(`$0() has been deprecated.')
 ')

 ########################################