nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
161bda392e
selinux-refpolicy/policy/modules/system
History
Stephen Smalley 161bda392e access_vectors: Remove unused permissions 
Remove unused permission definitions from SELinux.
Many of these were only ever used in pre-mainline
versions of SELinux, prior to Linux 2.6.0.  Some of them
were used in the legacy network or compat_net=1 checks
that were disabled by default in Linux 2.6.18 and
fully removed in Linux 2.6.30.

The corresponding classmap declarations were removed from the
mainline kernel in:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=42a9699a9fa179c0054ea3cf5ad3cc67104a6162

Permissions never used in mainline Linux:
file swapon
filesystem transition
tcp_socket { connectto newconn acceptfrom }
node enforce_dest
unix_stream_socket { newconn acceptfrom }

Legacy network checks, removed in 2.6.30:
socket { recv_msg send_msg }
node { tcp_recv tcp_send udp_recv udp_send rawip_recv rawip_send dccp_recv dccp_send }
netif { tcp_recv tcp_send udp_recv udp_send rawip_recv rawip_send dccp_recv dccp_send }

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2020-01-14 13:41:50 -05:00
..
application.fc
application.if
application.te
authlogin.fc Rename *_var_run_t types to *_runtime_t. 2019-09-30 20:02:43 -04:00
authlogin.if Rename *_var_run_t types to *_runtime_t. 2019-09-30 20:02:43 -04:00
authlogin.te various: Module version bump. 2019-09-30 20:39:31 -04:00
clock.fc
clock.if
clock.te
daemontools.fc
daemontools.if
daemontools.te
fstools.fc
fstools.if
fstools.te access_vectors: Remove unused permissions 2020-01-14 13:41:50 -05:00
getty.fc
getty.if
getty.te
hostname.fc
hostname.if
hostname.te
hotplug.fc Rename *_var_run_t types to *_runtime_t. 2019-09-30 20:02:43 -04:00
hotplug.if Rename *_var_run_t types to *_runtime_t. 2019-09-30 20:02:43 -04:00
hotplug.te access_vectors: Remove unused permissions 2020-01-14 13:41:50 -05:00
init.fc Rename *_var_run_t types to *_runtime_t. 2019-09-30 20:02:43 -04:00
init.if unconfined: Fix systemd --user rule. 2019-11-22 16:39:35 -05:00
init.te access_vectors: Remove unused permissions 2020-01-14 13:41:50 -05:00
ipsec.fc Rename *_var_run_t types to *_runtime_t. 2019-09-30 20:02:43 -04:00
ipsec.if Rename *_var_run_t types to *_runtime_t. 2019-09-30 20:02:43 -04:00
ipsec.te access_vectors: Remove unused permissions 2020-01-14 13:41:50 -05:00
iptables.fc
iptables.if
iptables.te
iscsi.fc Rename *_var_run_t types to *_runtime_t. 2019-09-30 20:02:43 -04:00
iscsi.if Rename *_var_run_t types to *_runtime_t. 2019-09-30 20:02:43 -04:00
iscsi.te access_vectors: Remove unused permissions 2020-01-14 13:41:50 -05:00
libraries.fc libraries: fix some misspellings in patterns 2019-09-01 15:47:57 +02:00
libraries.if
libraries.te various: Module version bump. 2019-09-03 19:47:12 -04:00
locallogin.fc
locallogin.if
locallogin.te various: Module version bump. 2019-09-07 16:58:51 -04:00
logging.fc Rename *_var_run_t types to *_runtime_t. 2019-09-30 20:02:43 -04:00
logging.if Rename *_var_run_t types to *_runtime_t. 2019-09-30 20:02:43 -04:00
logging.te access_vectors: Remove unused permissions 2020-01-14 13:41:50 -05:00
lvm.fc Rename *_var_run_t types to *_runtime_t. 2019-09-30 20:02:43 -04:00
lvm.if Rename *_var_run_t types to *_runtime_t. 2019-09-30 20:02:43 -04:00
lvm.te access_vectors: Remove unused permissions 2020-01-14 13:41:50 -05:00
metadata.xml
miscfiles.fc Remove unescaped single dot from the policy 2019-08-27 23:38:09 +02:00
miscfiles.if
miscfiles.te Various: Module version bump. 2019-08-31 06:55:57 -04:00
modutils.fc Remove unescaped single dot from the policy 2019-08-27 23:38:09 +02:00
modutils.if
modutils.te various: Module version bump. 2019-09-30 20:39:31 -04:00
mount.fc
mount.if mount: allow callers of mount to search /usr/bin 2019-12-22 16:54:51 +01:00
mount.te access_vectors: Remove unused permissions 2020-01-14 13:41:50 -05:00
netlabel.fc
netlabel.if
netlabel.te
pcmcia.fc Rename *_var_run_t types to *_runtime_t. 2019-09-30 20:02:43 -04:00
pcmcia.if Rename *_var_run_t types to *_runtime_t. 2019-09-30 20:02:43 -04:00
pcmcia.te various: Module version bump. 2019-09-30 20:39:31 -04:00
raid.fc Rename *_var_run_t types to *_runtime_t. 2019-09-30 20:02:43 -04:00
raid.if Rename *_var_run_t types to *_runtime_t. 2019-09-30 20:02:43 -04:00
raid.te various: Module version bump. 2019-09-30 20:39:31 -04:00
selinuxutil.fc
selinuxutil.if fix: sudo can't determine default type for sysadm_r 2019-12-09 21:13:23 +01:00
selinuxutil.te various: Module version bump. 2019-12-26 11:48:27 -05:00
setrans.fc Rename *_var_run_t types to *_runtime_t. 2019-09-30 20:02:43 -04:00
setrans.if Rename *_var_run_t types to *_runtime_t. 2019-09-30 20:02:43 -04:00
setrans.te various: Module version bump. 2019-09-30 20:39:31 -04:00
sysnetwork.fc Rename *_var_run_t types to *_runtime_t. 2019-09-30 20:02:43 -04:00
sysnetwork.if access_vectors: Remove unused permissions 2020-01-14 13:41:50 -05:00
sysnetwork.te access_vectors: Remove unused permissions 2020-01-14 13:41:50 -05:00
systemd.fc Rename *_var_run_t types to *_runtime_t. 2019-09-30 20:02:43 -04:00
systemd.if Merge pull request #112 from fishilico/systemd-sd-executor-use 2019-09-30 20:43:01 -04:00
systemd.te systemd, userdomain: Module version bump. 2020-01-11 10:29:49 -05:00
udev.fc Rename *_var_run_t types to *_runtime_t. 2019-09-30 20:02:43 -04:00
udev.if Rename *_var_run_t types to *_runtime_t. 2019-09-30 20:02:43 -04:00
udev.te various: Module version bump. 2019-12-26 12:21:07 -05:00
unconfined.fc
unconfined.if unconfined: Add namespaced capabilities. 2019-11-15 11:13:58 -05:00
unconfined.te unconfined: Module version bump. 2019-12-02 08:47:19 -05:00
userdomain.fc
userdomain.if access_vectors: Remove unused permissions 2020-01-14 13:41:50 -05:00
userdomain.te systemd, userdomain: Module version bump. 2020-01-11 10:29:49 -05:00
xdg.fc
xdg.if
xdg.te
xen.fc Rename *_var_run_t types to *_runtime_t. 2019-09-30 20:02:43 -04:00
xen.if Rename *_var_run_t types to *_runtime_t. 2019-09-30 20:02:43 -04:00
xen.te access_vectors: Remove unused permissions 2020-01-14 13:41:50 -05:00