nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Remove undeclared identifiers from interfaces

Browse Source 
These interfaces are not being called in the policy.

corenetwork.if.in:corenet_sctp_bind_generic_port(),
  corenet_dontaudit_sctp_bind_generic_port(), and
  corenet_sctp_connect_generic_port()
  Removed references to undeclared type ephemeral_port_t.

corenetwork.if.in:corenet_sctp_recvfrom_unlabeled()
  Removed references to undeclared type attribute corenet_unlabled_type.

devices.if:dev_read_printk()
  Removed references to undeclared type printk_device_t and marked
  interface as deprecated because it is now empty.

Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
This commit is contained in:
James Carter 2018-04-11 14:55:24 -04:00 committed by Chris PeBenito
parent 90b214c004
commit b8d528ea62
2 changed files with 8 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
policy/modules/kernel/corenetwork.if.in
View File

@ -1519,11 +1519,11 @@ interface(`corenet_udp_send_all_ports',`
# #
interface(`corenet_sctp_bind_generic_port',` interface(`corenet_sctp_bind_generic_port',`
gen_require(` gen_require(`
type port_t, unreserved_port_t, ephemeral_port_t; type port_t, unreserved_port_t;
attribute defined_port_type; attribute defined_port_type;
') ')
allow $1 { port_t unreserved_port_t ephemeral_port_t }:sctp_socket name_bind; allow $1 { port_t unreserved_port_t }:sctp_socket name_bind;
dontaudit $1 defined_port_type:sctp_socket name_bind; dontaudit $1 defined_port_type:sctp_socket name_bind;
') ')
@ -1597,10 +1597,10 @@ interface(`corenet_udp_sendrecv_all_ports',`
# #
interface(`corenet_dontaudit_sctp_bind_generic_port',` interface(`corenet_dontaudit_sctp_bind_generic_port',`
gen_require(` gen_require(`
type port_t, unreserved_port_t, ephemeral_port_t; type port_t, unreserved_port_t;
') ')
dontaudit $1 { port_t unreserved_port_t ephemeral_port_t }:sctp_socket name_bind; dontaudit $1 { port_t unreserved_port_t }:sctp_socket name_bind;
') ')
######################################## ########################################
@ -1671,10 +1671,10 @@ interface(`corenet_udp_bind_all_ports',`
# #
interface(`corenet_sctp_connect_generic_port',` interface(`corenet_sctp_connect_generic_port',`
gen_require(` gen_require(`
type port_t, unreserved_port_t,ephemeral_port_t; type port_t, unreserved_port_t;
') ')
allow $1 { port_t unreserved_port_t ephemeral_port_t }:sctp_socket name_connect; allow $1 { port_t unreserved_port_t }:sctp_socket name_connect;
') ')
######################################## ########################################
@ -3372,13 +3372,7 @@ interface(`corenet_relabelto_all_server_packets',`
## </param> ## </param>
# #
interface(`corenet_sctp_recvfrom_unlabeled',` interface(`corenet_sctp_recvfrom_unlabeled',`
gen_require(`
attribute corenet_unlabeled_type;
')
kernel_recvfrom_unlabeled_peer($1) kernel_recvfrom_unlabeled_peer($1)
typeattribute $1 corenet_unlabeled_type;
kernel_sendrecv_unlabeled_association($1) kernel_sendrecv_unlabeled_association($1)
') ')

8
policy/modules/kernel/devices.if
View File

@ -3374,18 +3374,14 @@ interface(`dev_rw_printer',`
## <summary> ## <summary>
## Read printk devices (e.g., /dev/kmsg /dev/mcelog) ## Read printk devices (e.g., /dev/kmsg /dev/mcelog)
## </summary> ## </summary>
## <param name="domain"> ## <param name="domain" unused="true">
## <summary> ## <summary>
## Domain allowed access. ## Domain allowed access.
## </summary> ## </summary>
## </param> ## </param>
# #
interface(`dev_read_printk',` interface(`dev_read_printk',`
gen_require(` refpolicywarn(`$0() has been deprecated.')
type device_t, printk_device_t;
')
read_chr_files_pattern($1, device_t, printk_device_t)
') ')
######################################## ########################################